[liberationtech] Microsoft Releases 2012 Law Enforcement Requests Report

Nadim Kobeissi nadim at nadim.cc
Fri Mar 22 09:08:42 PDT 2013 

Regarding SSL, hasn't Skype claimed in the past that the conversations are
encrypted client-to-client, as in, even from Microsoft or Skype itself?

If I'm right and my memory serves well, then it's striking that they only
mentioned SSL in this report.


NK


On Fri, Mar 22, 2013 at 11:49 AM, Cynthia Wong <wongc at hrw.org> wrote:

> RU and CN are a glaring absence, which will skew the overall compliance
> rates.
>
> In previous iterations of Google's report, they declined to report numbers
> from China because of concerns that the government would designate that
> data a state secret (heavily punishable).  However, given that the Skype
> data reports on both China and Russia, that doesn't seem to be the
> justification here?
>
>
> //
> Cynthia M. Wong
> Senior Researcher on the Internet
> Business & Human Rights Division
> Human Rights Watch
>
>
>
> -----Original Message-----
> From: liberationtech-bounces at lists.stanford.edu [mailto:
> liberationtech-bounces at lists.stanford.edu] On Behalf Of Eric S Johnson
> Sent: Thursday, March 21, 2013 9:49 PM
> To: 'liberationtech'
> Subject: Re: [liberationtech] Microsoft Releases 2012 Law Enforcement
> Requests Report
>
> > I wrote to them and asked these questions, as well as a few others.
> >
> > What other questions should we pose to them, I wonder?
>
> Why are RU and CN (most glaringly) absent from the first chart enumerating
> the number (and type) of requests by country? It's hard to believe those
> countries' security services have no interest in (non-Skype) Microsoft data.
> Is MS defining those countries as having no legal standing to request MS
> data, and therefore any requests from them would be rejected out-of-hand?
>
> "We provide SSL encryption for Microsoft services and Skype-Skype calls on
> our full client (for full function computers) are encrypted on a
> peer-to-peer basis; however, no communication method is 100% secure. For
> example ... users of the Skype thin client (used on smartphones, tablets
> and other hand-held devices) route communications over a wireless or mobile
> provider network."
>         --Is the implication that the Skype clients used on smartphones
> don't provide the same end-to-end encrypted-by-session-specific-keys level
> of security that the Skype for Windows client does?
>
> "Skype received 4,713 requests from law enforcement. ... Skype produced no
> content in response to these requests."
>         --It's hard to believe that LEAs never validly requested a record
> of a Skype user's IM sessions. Perhaps LEAs don't know those data exist?
>
> Best,
> Eric
>
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> --
> Too many emails? Unsubscribe, change to digest, or change password by
> emailing moderator at companys at stanford.edu or changing your settings at
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20130322/a70511bb/attachment.html>

More information about the liberationtech mailing list