Wickham's musings from Chalke

 
Skype has been sold to eBay for $4.1 billion (not million, billion). Skype has been a fringe operator, Europe-based and able to forge its own path without regard to what governments may want it to do (Niklas Zennström never enters the USA because he suspects he would be arrested because of the internet file-sharing software Kazaa he developed that was used primarily to download music without paying royalties). eBay on the other hand, as a huge operator in the USA, has allowed itself to be pressurised to do the bidding of the US federal authorities in regard to privacy of members’ details and give an astonishing amount of detail, probably more than the security services expected.

I found the following here and here:

I'm nearly speechless after reading Sullivan's comments. Think about what he's saying: if eBay receives a fax on official letterhead (not that that would ever be faked, oh no) - just a simple fax, mind you, just a fax, unaccompanied by a court order - it will gladly fork over the following info about you, or any other eBay user:

- Full name
- User ID
- Email address
- Street address
- State
- City
- ZIP code
- Phone number
- Country
- Company
- Password
- Secondary phone number
- Gender
- Shipping information (including name, street address, city, state, ZIP)
- Bidding history on an item
- Items for sale
- Feedback left about the user
- Bidding history
- Prices paid for items
- Feedback rating
- Chat room and bulletin board posts

I'm a Skype fan, especially with Spontania4IM video and Skype will be offering their video next month but now Skype has been bought by eBay and no one is quite sure what privacy will be invaded. Already Skype have put in their EULA a clause about complying with USA Authority regulations, ie a backdoor to coding so security forces can snoop on conversations.

See also this especially one of the replies below which refers to a search on eBay for passwords in ebay and paypal which are made up of female names and found thousands of accounts!

The reason for posting these links was not because I feel threatened by lack of privacy in any special way, but we all know there are crooks in the FBI and bent coppers here in the UK.

If the security services can get hold of passwords or listen to conversations to trap terrorists, that's fine, but the crooks will be tempted to misuse the information. They could change a delivery address and order something with someone else's credit card or just be vindictive to someone who is legally annoying the security services like a human rights activist or a barrister who defends enemies of the state by ordering items with the person's credit card, creating havoc.

According to one of the above links, it isn’t just the security services which can access members’ details. Private detectives might also glean information useful to their client.

In the early years of the internet we were advised never to use our real names or display our email addresses (basically to avoid being pestered) and it seemed a good idea that sites should store encrypted email addresses so that to contact a person you click on their username and the computer sends an email without the sender knowing what it is; but that privacy seems non-existent with eBay.

To my mind the reports on eBay suggest they have gone too far in helping the security services and Skype is now forced to do the same.

See also this requirement for backdoors in VOIP software in USA: here:

An extract from the above:

August 05, 2005

FCC Issues Rule Allowing FBI to Dictate Wiretap-Friendly Design for Internet Services

Tech Mandates Force Companies to Build Backdoors into Broadband, VoIP

Washington, DC - Today the Federal Communications Commission (FCC) issued a release announcing its new rule expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA). The ruling is a reinterpretation of the scope of CALEA and will force Internet broadband providers and certain Voice-over-IP (VoIP) providers to build backdoors into their networks that make it easier for law enforcement to wiretap them. The Electronic Frontier Foundation (EFF) has argued against this expansion of CALEA in several rounds of comments to the FCC on its proposed rule.

CALEA, a law passed in the early 1990s, mandated that all telephone providers build tappability into their networks, but expressly ruled out information services like broadband. Under the new ruling from the FCC, this tappability now extends to Internet broadband providers as well.

Practically, what this means is that the government will be asking broadband providers - as well as companies that manufacture devices used for broadband communications – to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements.

It isn't the tappability that is the problem (it already exists with landline calls) but the disclosure of passwords and credit card details that allows misuse by whoever has access to them.