China's version of Skype spies on text chats

The revelation is of interest not only to rights groups that monitor Internet censorship. The discovery also probably intrigues law enforcement and intelligence agencies in other countries, because they have been bothered by the growing use of Skype, which claims 338 million users across the world.

By its very nature, Skype is difficult to wiretap. Skype routes calls and chats between computers over the Internet, avoiding traditional phone networks. And the contents are supposedly encrypted, raising concerns in law enforcement that Skype could enable criminals to communicate without fear of eavesdropping.

The FBI has argued for applying U.S. wiretapping law to Internet phone calls. The bureau got a favorable court ruling in 2006, but it's not clear whether it applies to systems such as Skype that skip telephone networks.

In the other camp, privacy advocates and security experts are concerned that Skype, though presented by the company as a secure channel of communication, has some kind of "back door" that allows eavesdropping. Whether "Skypetapping" is already going on in the U.S. and Europe is a matter that the company has equivocated on for years.

"For a couple of years, maybe more, people have had the suspicion . . . that Skype pretends to be secure but actually isn't," said Bruce Schneier, the chief security technology officer of BT Group, the British telecom carrier.

"The Chinese eavesdropping on Skype text messages only adds to the PR problems, the image problems, that Skype has among those who care about security," Schneier added.

On Wednesday, Nart Villeneuve at the University of Toronto revealed that a Chinese version of Skype's application was being used for wholesale surveillance of text messages.

The software is distributed by Skype's Chinese partner, Tom Online Inc. Skype acknowledged in 2006 that this version looks for certain sensitive words in text chats and blocks those messages from reaching their destination.

What Villeneuve found was that the Tom-Skype program also passes the messages caught by the filter to a cluster of servers on Tom's network. Because of poor security on those servers, he was able to retrieve more than 1 million stored messages. The filter appears to look for words including "Tibet," "democracy" and "milk powder" -- China is in the throes of a food scandal involving tainted milk.