Advocates Call for Greater VoIP Monitoring Transparency
January 30, 2013
By Mae Kowalke
, TMCnet Contributor
Voice-over-IP (VoIP) brings many benefits, but the ease with which calls can potentially be monitored and recorded is not always one of those benefits.
For example, last year, there was considerable concern that Microsoft (News - Alert) was potentially eavesdropping on Skype calls or letting law enforcement eavesdrop on them. When crossing international borders, there’s also the concern that countries who aggressively monitor and mediate communication, such as mainland China, might be compelling firms such as Microsoft to allow monitoring, recording or eavesdropping – or at the very least look the other way.
In the days of analogue communication, monitoring calls was a lot harder; there wasn’t the sophisticated recording and analysis software there is today to make sense of the monitoring. So while VoIP calls can be encrypted in a way that calls could never be protected before, there’s also more room for nefarious behavior, especially at the provider level.
Which is why some individuals and companies are starting to demand much greater VoIP monitoring transparency.
Last week, 45 organizations and 61 individuals concerned with online privacy wrote an open letter to Skype division president Tony Bates (News - Alert) and Microsoft chief privacy officer Brendon Lynch asking for regular reports on how Skype data is collected and used.
The letter called for Skype and Microsoft to answer five key questions that reveal what kind of monitoring is being pursued on the Skype network.
First, it asked that quantitative data be shared regarding the release of Skype user information to third parties, disaggregated by the country of origin of the request, including the number of requests made by governments and noting why it rejects certain requests.
Second, the letter asked for specific details of all user data Microsoft and Skype currently collects, as well as retention policies.
Third, those signing the letter wanted to know Skype's best understanding of what user data third parties, including network providers or potential malicious attackers, may be able to intercept or retain.
The letter wanted documentation regarding the current operational relationship between Skype with TOM Online (News - Alert) in China as well as other third-party licensed users of Skype technology, including Skype's understanding of the surveillance and censorship capabilities that users may be subject to as a result of using these alternatives.
Finally, those signing the letter requested Skype's interpretation of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA) and its policies related to the disclosure of call metadata in response to subpoenas and National Security Letters (NSLs). More generally, it also requested the policies and guidelines for employees followed when Skype receives and responds to requests for user data from law enforcement and intelligence agencies in the U.S. and elsewhere.
Of course, Skype is not alone in the need to reveal its monitoring practices, but after the brouhaha regarding the possibility of eavesdropping and its dominance in the over-the-top VoIP segment, Skype is particularly targeted.
Other firms, such as Google (News - Alert), have been better about sharing monitoring practices.
With concern growing over monitoring practices, more firms may soon need to work on better transparency.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO Miami 2013, happening now in Miami, Florida. Stay in touch with everything happening at ITEXPO (News - Alert). Follow us on Twitter.
Edited by Allison Boccamazzo