Over 100 Internet advocates, journalists and other organization members penned an open letter to Microsoft today, urging the Redmond software giant to be more transparent with its Skype software.

In the letter addressed to Skype Division President Tony Bates, Microsoft Chief Privacy Officer Brendon Lynch and Microsoft General Counsel Brad Smith, the concerned advocates want Microsoft to release Skype “transparency reports” twice a year, much like Google, Twitter and Sonic.net do.

“It is unfortunate that these users, and those who advise them on best security practices, work in the face of persistently unclear and confusing statements about the confidentiality of Skype conversations, and in particular the access that governments and other third parties have to Skype user data and communications,” reads the letter.

SkypeThe letter acknowledges that Microsoft’s acquisition of Skype last year may have made some questions “temporarily difficult to authoritatively answer.”

“However, we believe that from the time of the original announcement of a merger in October 2011, and on the eve of Microsoft’s integration of Skype into many of its key software and services, the time has come for Microsoft to publicly document Skype’s security and privacy practices,” the letter continued.

Advocates want Microsoft to be transparent with its released user information to third parties, as well what kind of access the government has to conversations. Here’s exactly what they want in the transparency reports:

  1. Quantitative data regarding the release of Skype user information to third parties, disaggregated by the country of origin of the request, including the number of requests made by governments, the type of data requested, the proportion of requests with which it complied — and the basis for rejecting those requests it does not comply with.
  2. Specific details of all user data Microsoft and Skype currently collects, and retention policies.
  3. Skype’s best understanding of what user data third-parties, including network providers or potential malicious attackers, may be able to intercept or retain.
  4. Documentation regarding the current operational relationship between Skype with TOM Online in China and other third-party licensed users of Skype technology, including Skype’s understanding of the surveillance and censorship capabilities that users may be subject to as a result of using these alternatives.
  5. Skype’s interpretation of its responsibilities under the Communications Assistance for Law Enforcement Act (CALEA), its policies related to the disclosure of call metadata in response to subpoenas and National Security Letters (NSLs), and more generally, the policies and guidelines for employees followed when Skype receives and responds to requests for user data from law enforcement and intelligence agencies in the United States and elsewhere.

Microsoft acquired Skype in May 2011, and the deal was finalized five months later for $8.5 billion.

Previously on GeekWire: Microsoft warns Messenger users: Skype deadline coming

Comments

  • Jenny

    Google started this thing with reporting compliance activity, a couple of left coast companies have jumped aboard. But it’s not any major trend.

    A Skype report would perhaps be an interesting read if Microsoft elects to produce one, but I wouldn’t hold my breath. Bottom line, if you are on some sort of government watchlist, you shouldn’t need any report to know that Skype is not the service for you, not anymore.

  • Daniel

    Get real folks, compliance with government data demands is how the whole world works, not just internet services. Skype is not somehow exempt either. How much more can it be spelled out?

    If you are some sort of dissident type, there is a possibility for privacy if you use the internet mainly for IP connectivity, research and install some decentralized chat software with decent encryption. If you’ve got it really bad you can even hide the encryption different ways, dodge the spooks and beat the censors.

    Okay not everybody is some kind of mega geek but the internet has been public for close to 20 years now, many people have grown up with it. But instead of more people developing some network competence exactly the opposite is happening.

    Not every single thing on the internet is done through google chrome with some microsoft or google server on the other end, there are such things as different protocols besides http.

  • guest

    #2 seems reasonable enough. The rest, not so much. Is this group approaching others, like Apple, to do likewise?

Job Listings on GeekWork