I am pleased to announce our release of a major investigative report, Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform, written by Nart Villeneuve, Psiphon Fellow, the Citizen Lab, at the Munk Centre for International Studies, the University of Toronto.
The full report can be downloaded here.
John Markoff of the New York Times has just released a story about the report, which will appear in tomorrow’s paper, but can be found online here.
Major Findings of this report are as follows:
- The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.
- These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
- The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.
- Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.
As my colleague Rafal Rohozinski and I say in the foreword to the report, “If there was any doubt that your electronic communications – even secure chat – can leave a trace, Breaching Trust will put that case to rest. This is a wake up call to everyone who has ever put their (blind) faith in the assurances offered up by network intermediaries like Skype. Declarations and privacy policies are no substitute for the type of due diligence that the research put forth here represents.”
Published in Canadian Business
What is the greatest challenge currently facing Citizen Lab and what are you doing about it?
“In the dot-com heyday of the ’90s and early 2000s…there was a myth that the Internet can’t be controlled,” says Ronald Deibert, a researcher at the University of Toronto’s Citizen Lab. “There was some mysterious, magical property associated with it that will route around censorship.” The most exhaustive study yet of Internet censorship—Access Denied: The Practice and Policy of Global Internet Filtering, published this month by the MIT Press—pretty much disproves that notion.
I am pleased to announce that we have finished the Citizen Lab’s latest output, Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide and also available for download here
This guide, which is intended for the non-technical user, provides tips and strategies on how to by-pass content filters worldwide. It is now in English but we are busy making translations into multiple languages. Stay tuned!
Many thanks to the Citizen Lab’s team that worked on this project, especially Jane Gowan, Nart Villeneuve, Julian Wolfson, Francois Cadieux, Sarah Boland and James Tay.
There have been a couple of news items concerning research at the Citizen Lab.
The first is a news item from WIRED News concerning the ongoing activities of the OpenNet Initiative. We have recently completed testing in nearly 40 countries worldwide (not the 50 the magazine claims) and our researchers gathered at Berkman Center for Internet & Society to begin to pull together the analysis of the results. We’ll be reporting soon on all of the countries in a major volume, coming probably early next year.
The second is a Macleans magazine article on our upcoming release of our psiphon censorship circumvention software at the December 1st Protect the Net event. There appears to be no online version of the article, but I’ve posted a low resolution PDF here for academic archiving purposes only.
There has been a few news items recently concerning some of our projects at the Citizen Lab. The BBC’s The World had a report on developments in Iranian censorship of the Internet, giving special attention to our soon-to-be-released (December 1st) software project, psiphon. The interview was with the Citizen Lab’s director of technical research, Nart Villeneuve. You can listen to it here.
Yesterday there was a good piece in the Globe and Mail about the Citizen Lab’s latest software project, called Psiphon. Psiphon is a circumvention technology that works through social networks of trust. Psiphon is funded by a generous grant from the Open Society Institute, and benefits from our collaborative relationships with the OpenNet Initiative and the InfoWar Monitor.