Since it was purchased by Microsoft in 2011, Skype has been extremely evasive on the issue of government surveillance. Now, a string of leaked secret details from the National Security Agency reveal why.
On Thursday, the Guardian published the latest in a series of scoops about the scope of the NSA’s spying programs, based on documents disclosed by former contractor Edward Snowden. The report outlines how Microsoft secretly worked with the NSA to help the agency tap into its email and chat services, including Outlook.com and Hotmail. Notably, the Guardian also cites documents showing that work began on integrating Skype into the NSA’s Internet surveillance program PRISM in November 2010, several months before Microsoft purchased the service from U.S. private equity firms. By February 2011, the NSA was able to monitor Skype audio calls. In addition, by July last year, the NSA reportedly boasted that a new capability had tripled the amount of Skype video calls being collected through PRISM.
These details compound recent revelations about Skype’s cooperation with the U.S. government. Last month, the Post reported that the NSA has a “User’s Guide for PRISM Skype Collection” that outlines how it can eavesdrop on Skype “when one end of the call is a conventional telephone and for any combination of ‘audio, video, chat, and file transfers’ when Skype users connect by computer alone.” About two weeks later, the New York Times reported that, five years ago, before Microsoft acquired Skype, Skype initiated an internal program called “Project Chess” to explore how it could make Skype calls readily available to the government.
Below, you can find a timeline of everything we now know—both Skype’s public statements and the newly released details about behind-the-scenes dealings with the NSA. The secret dealings are indicated with brackets, and the results are striking.
June 2008: Skype, while owned by eBay, goes on record saying it can’t help law enforcement agencies eavesdrop on users’ conversations because of its “peer-to-peer architecture and encryption techniques.”
[Unknown month, 2008: Secretly, Skype initiates an internal program called “Project Chess” to explore how it could make Skype calls readily available to intelligence agencies and law enforcement officials, according to the New York Times.]
September 2009: Skype is purchased by an investor group including two U.S. private equity firms Silver Lake and Andreessen Horowitz in partnership with the Canada Pension Plan Investment Board.
[November 2010: Work begins on integrating Skype into the NSA’s PRISM surveillance program, according to the Guardian.]
[Feb. 4, 2011: Skype is served with a directive to comply with NSA surveillance signed by the U.S. attorney general, according to the Guardian.]
[Feb. 6, 2011: Skype joins the PRISM program and the NSA begins spying on Skype calls. The agency reports that “feedback indicated that a collected Skype call was very clear and the metadata looked complete,” according to the Guardian and the Washington Post.]
May 2011: Microsoft announces it is purchasing Skype for $8.5 billion.
June 2011: Microsoft obtains a patent for “legal intercept” technology designed to be used with services like Skype to “silently copy” communications.
[July 2012: The NSA boasts that a new capability has tripled the amount of Skype video calls being collected through PRISM, according to the Guardian.]
July 20, 2012: Skype refuses to answer repeated questions about whether it can or cannot comply with government surveillance.
July 26, 2012: Skype’s Mark Gillett writes a blog post dismissing media reports about Skype eavesdropping, which he says “we believe are inaccurate.”
March 2013: Microsoft publishes a transparency report claiming that it handed over the content of zero Skype communications in 2012. The company also claims that “Skype continues to operate under Luxembourg law.”
June/July 2013: The Guardian, the Washington Post, and the New York Times expose the extent of Skype’s collaboration with the U.S. government on surveillance.
All of these details provide significant insight into how the NSA is able to monitor Skype video and audio chats, shedding light on the likely reason why the company refused to answer questions last year about its eavesdropping capabilities. In 2008, Skype was happy to go on record saying that it could not monitor chats due to its encryption, but that policy clearly changed after the PRISM cooperation began in 2011.
In addition, the documents revealed by Snowden call into question false public statements made by Microsoft regarding Skype and its security. The standout example of this is the claim in its transparency report that it handed over the content of zero Skype communications in 2012. But the company also deceptively stated in its transparency report that calls made between Skype-Skype users were encrypted peer-to-peer, as I noted last month, implying that they did not pass through Microsoft’s central servers and could not be eavesdropped on. Indeed, prior to the disclosure of the secret NSA documents, Skype’s Mark Gillett even had the audacity to accuse journalists raising questions about its eavesdropping capabilities (including me) of misleading Skype users about “our approach to user security and privacy.”
Microsoft said in an emailed statement that it “does not provide any government with blanket or direct access to SkyDrive, Outlook.com, Skype or any Microsoft product.” But it should be clear now that users should not consider Skype a secure means of communication. Making an international call by Skype is still probably a moderately safer bet than making an international call by an unencrypted landline or mobile phone. But activists, journalists, and others who want to ensure that their communications remain confidential should not take a gamble with Skype or any other Microsoft service—and should instead turn to a more secure alternative.