Last week, in preparation for Data Privacy Day 2013, Microsoft released a privacy trends study and Privacy in Action video series. The very next day on Jan 24, an open letter to Skype and Microsoft, signed by 45 organizations and 61 individuals concerned about online privacy, was sent to Skype Division President Tony Bates, Microsoft Chief Privacy Officer Brendon Lynch and Microsoft General Counsel Brad Smith. It called upon on "Skype to release a regularly updated Transparency Report."
Microsoft's own survey for Data Privacy Day showed that people want and need more control of their personal information. As Microsoft's top Privacy Officer, Lynch wrote, "We already know our customers want and expect strong privacy protections to be built into our products, devices and services, and for companies to be responsible stewards of consumers' data. We've been focused on this area for more than 10 years as part of Trustworthy Computing at Microsoft. Our activities this Data Privacy Day are just the latest examples of how we take our privacy responsibilities seriously and put people first."
Yet the open letter calls for Microsoft to be even more "trustworthy" by releasing regularly updated Transparency Reports that include:
- Quantitative data regarding the release of Skype user information to third parties, disaggregated by the country of origin of the request, including the number of requests made by governments, the type of data requested, the proportion of requests with which it complied - and the basis for rejecting those requests it does not comply with.
- Specific details of all user data Microsoft and Skype currently collects, and retention policies.
- Skype's best understanding of what user data third-parties, including network providers or potential malicious attackers, may be able to intercept or retain.
- Documentation regarding the current operational relationship between Skype with TOM Online in China and other third-party licensed users of Skype technology, including Skype's understanding of the surveillance and censorship capabilities that users may be subject to as a result of using these alternatives.
- Skype's interpretation of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA), its policies related to the disclosure of call metadata in response to subpoenas and National Security Letters (NSLs), and more generally, the policies and guidelines for employees followed when Skype receives and responds to requests for user data from law enforcement and intelligence agencies in the United States and elsewhere.
After Microsoft acquired Skype, we looked at a Microsoft patent called "Legal Intercept" meant for monitoring and recording VoIP communications. During the summer of 2012, when Microsoft refused to reply with a simple "yes" or "no" to questions about its "ability to tap Skype phone calls," the EFF advised that "if you want to make secure calls, don't use Skype." Then Skype denied reports that claimed "changes to its architecture would make calls and messages easier to monitor by law enforcement." In November, patent wars sprung up over wiretapping VoIP and surveillance backdoors into Internet chats. California-based VoIP-Pal claimed it had filed a surveillance patent that is meant to "allow government agencies to 'silently record' VoIP communications" two years before Microsoft's VoIP eavesdropping patent. VoIP-Pal claimed that "there are substantial similarities" between the two patents.
Sign up for CIO Asia eNewsletters.