By Andrew Beale
— Thanks to researchers at the University of New Mexico, the world knows which words to avoid during Skype sessions with China.
Jeffrey Knockel, who’s pursuing a doctorate in computer engineering, uncovered keywords that activate surveillance of TOM-Skype, the Chinese version of the popular Skype program. The surveillance is conducted not only on users inside China, but also on foreign users making Skype calls into the country.
Knockel and his advisor, Assistant Professor Jed Crandall, worked together on another project involving surveillance in China, uncovering censorship-triggering keywords in the Chinese chat program Sina UC.
Crandall said the implications of their research are far-reaching. Skype, for example, is owned by Microsoft, and the company’s apparent willingness to secretly surveil and censor clients in China raises questions about their practices in other countries. “Not just speaking about Microsoft, but for any particular company, it’s easy to say they have different privacy standards for different countries because different countries have different laws,” Crandall said.
Knockel told the Compass that his analysis of TOM-Skype grew out of a class project. “My adviser recommended this to me based on previous work by Nart Villeneuve, who in 2008 discovered that TOM-Skype was doing surveillance. What he was not able to discover, though, was the keywords that are triggering that surveillance,” Knockel said.
A complete list of the keywords Knockel hit upon is available on UNM’s Computer Science Department website, along with translations and a brief explanation of the significance of certain phrases. For example, the Chinese characters for “Liu Si,” or “64,”—reportedly a reference to the Tiananmen Square protests of June 4, 1989—trigger TOM-Skype censorship.
Another word that draws the attention of censors is more recognizable in the English-speaking world—a common epithet beginning with the letter F. The word turned out to be instrumental in Knockel’s early research, allowing him to crack the encrypted keyword list by figuring out the code that corresponds to the F-word. Once he knew how the computer program translated the F-word into an encrypted code, Knockel was able to decipher codes for other keywords that trigger censorship and surveillance in TOM-Skype.
Surveillance is often hard to detect, because it’s done on the servers hosting the website—meaning only people with access to those servers can analyze them to find out if they’re doing surveillance, Crandall said. For this reason, he and Knockel were only able to discover censorship efforts in Sina UC, and still don’t know if the chat program does surveillance in addition to censorship.
They were able to discover the surveillance mechanism in Skype because most information is hosted on the computers of people using Skype rather than on a central server. “Really the only one we know is doing surveillance is TOM-Skype, and the only reason we were able to detect that is because there’s no central server in Skype. There’s nowhere else they could do the surveillance, other than on your own computer,” Crandall said. He added that because of the way software is commonly used in the U.S., “the surveillance would be happening on the server side, so we would never be able to detect it.”
It’s not inconceivable that the U.S. government is doing surveillance on computer programs such as Skype. Secret government programs for wiretapping American citizens without a warrant were exposed under Bush and have continued under Obama.
And a Wired magazine cover story last year focused on a “spy center” being built in Utah by the National Security Agency with the goal of monitoring millions of electronic communications, including ones sent and received by citizens within the U.S. “Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches,” the magazine reported.
Crandall said proposed copyright laws like the Stop Online Piracy Act, defeated last year thanks to a wave of internet activism, can have wide-reaching effects on Internet freedom and privacy far beyond their nominal goal of protecting copyrighted material. “There’s a history of this, of abusing copyright law to silence free expression,” he said, citing the commonplace filtering and scrubbing of copyrighted material on sites like YouTube and Twitter.
He also pointed to a report by the Electronic Frontier Foundation on abuses of the Digital Millennium Copyright Act as evidence of the profound effects of copyright laws on freedom of speech, even for law-abiding citizens. Knockel said his research team hasn’t uncovered any evidence of Skype-spying by the U.S. government. But, he added, they also haven’t looked for it.
Crandall said one take-away message from their research is that open-source software is always preferable to closed-source commercial software because anyone with a little technical know-how can analyze what the software does and how it works. “If Skype were open-source software, then it would be easy. Someone could take the source code and look through it and see what it’s doing,” Crandall said. “But closed-source software, for one thing, it’s very difficult. You have to be, you know, extremely talented like Jeff is, and you have to have some special tools to do it.”
Knockel and Crandall are working with the University of Toronto’s Citizen Lab to build a website dedicated to providing information about TOM-Skype surveillance. Crandall said they’ll also continue researching Internet censorship to get a clearer look at the bigger, global picture of online surveillance.
Knockel seems unconcerned that the Chinese government may take an interest in his work. “I’m not so worried, actually,” he said. “I have tentative plans for a trip to China in May that I’m looking forward to,” he said. “So I guess one litmus test is, am I granted a visa or not? And I think the worst that they would do is deny me a visa.”