NEW YORK — A Canadian researcher has discovered that a Chinese version of EBay Inc.'s Skype communications software snoops on text chats that contain certain keywords, including "democracy."
The revelation is of interest not only to rights groups that monitor Internet censorship. The discovery also probably intrigues law enforcement and intelligence agencies in other countries, because they have been bothered by the growing use of Skype, which claims 338 million users across the world.
By its very nature, Skype is difficult to wiretap. Skype routes calls and chats between computers over the Internet, avoiding traditional phone networks. And the contents are supposedly encrypted, raising concerns in law enforcement that Skype could enable criminals to communicate without fear of eavesdropping.
The FBI has argued for applying U.S. wiretapping law to Internet phone calls. The bureau got a favorable court ruling in 2006, but it's not clear whether it applies to systems such as Skype that skip telephone networks.
In the other camp, privacy advocates and security experts are concerned that Skype, though presented by the company as a secure channel of communication, has some kind of "back door" that allows eavesdropping. Whether "Skypetapping" is already going on in the U.S. and Europe is a matter that the company has equivocated on for years.
"For a couple of years, maybe more, people have had the suspicion . . . that Skype pretends to be secure but actually isn't," said Bruce Schneier, the chief security technology officer of BT Group, the British telecom carrier.
"The Chinese eavesdropping on Skype text messages only adds to the PR problems, the image problems, that Skype has among those who care about security," Schneier added.
On Wednesday, Nart Villeneuve at the University of Toronto revealed that a Chinese version of Skype's application was being used for wholesale surveillance of text messages.
The software is distributed by Skype's Chinese partner, Tom Online Inc. Skype acknowledged in 2006 that this version looks for certain sensitive words in text chats and blocks those messages from reaching their destination.
What Villeneuve found was that the Tom-Skype program also passes the messages caught by the filter to a cluster of servers on Tom's network. Because of poor security on those servers, he was able to retrieve more than 1 million stored messages. The filter appears to look for words including "Tibet," "democracy" and "milk powder" -- China is in the throes of a food scandal involving tainted milk.
This directly contradicts a blog posting on Skype's website that says that the software discards the filtered messages and neither displays nor transmits them anywhere.
A Skype spokeswoman was not available for comment Thursday. Skype has given contradictory statements on the eavesdropping issue.
It has told the Associated Press that it "cooperates fully with all lawful requests from relevant authorities." But when asked by CNET's News.com in June whether it could accommodate a wiretapping request, it said it could not because of the way its system works: Skype calls are encrypted, and only the two computers at each end have the keys to decrypt them.
Yet both Schneier and Simson Garfinkel, an associate of the School of Engineering and Applied Sciences at Harvard University who has studied Skype's security, believe it would be easy for the company to listen in on conversations.
"I can think of five or six different ways to eavesdrop on Skype. It's not that hard if you are the Skype company and want to provide legal access to law enforcement," Garfinkel said.
It's unclear whether Skype has an obligation to help law enforcement under U.S. law. Peter Swire, who served as the Clinton administration's privacy czar for two years and is a professor of law at Ohio State University, said that although he knew of no U.S. court ruling that had required Skype to comply with wiretapping requests, it was conceivable the company was voluntarily cooperating with law enforcement.
Skype told News.com that it had not received a subpoena or court order to perform eavesdropping. Yet German technology site Heise Online reported in July that Austrian officials said they were able to listen to Skype conversations. The relative quietness of the law enforcement community on the issue in recent years could be the result of such cooperation.
The FBI did not return a call for comment Thursday.