Skype: Surveillance “Security Flaw” Fixed

Everyone can rest at ease: Skype says it’s helped fix a “security flaw” within a user messaging surveillance system. The system, though, seemingly still exists.

It’s mainly in China, if that makes you feel any better. A report (PDF), by public interest group Information Warfare Monitor (affiliated with Citizen Lab), found Skype’s China-based service — called Tom-Skype — had been scanning messages for key terms such as “Taiwan independence” and other politically charged phrases. Messages with those terms were being snagged and stored along with the users’ personal information, the group says.

The problem? They were being stored on insecure servers, IWM says, and the key needed to decrypt the data was being stored there, too — so practically anyone could get into them. And we’re not talking small numbers, either: The group found more than 166,000 censored messages from 44,000 different users. The report suggests the Chinese government may somehow be involved with the process.

A Skype statement today indicated the security issue — which it said was related to the Tom servers, not its own — had been resolved. The statement also suggested that the “vast majority” of Skype users outside of China were not affected.

Sure makes you wonder what those messages are/were being used for…