Project Chess helped NSA snoop on your Skype communications

Before Microsoft owned Skype, way back in 2008 when Skype was an eBay subsidiary, it began Project Chess, a “secret program” for spying on users communications. Anonymous sources told the New York Times that Project Chess was setup “to explore the legal and technical issues in making Skype calls readily available to intelligence agencies and law enforcement officials.” 

The New York Times explained:

Project Chess, which has never been previously disclosed, was small, limited to fewer than a dozen people inside Skype, and was developed as the company had sometimes contentious talks with the government over legal issues, said one of the people briefed on the project. The project began about five years ago, before most of the company was sold by its parent, eBay, to outside investors in 2009. Microsoft acquired Skype in an $8.5 billion deal that was completed in October 2011.

A Skype executive denied last year in a blog post that recent changes in the way Skype operated were made at the behest of Microsoft to make snooping easier for law enforcement. It appears, however, that Skype figured out how to cooperate with the intelligence community before Microsoft took over the company.

Documents show that Skype joined the PRISM program on Feb. 6, 2011. Slate added that “the disclosures about PRISM and Project Chess appear to flagrantly discredit Microsoft’s Skype eavesdropping denials.” Last year, Skype’s Mark Gillett “accused journalists who questioned Skype’s eavesdropping ability of misleading Skype users about its ‘approach to user security and privacy'”—but that “now looks like a serious case of hypocrisy.”

Some people inside Microsoft called the NSA’s desire to suck up communications “Hoovering—not after the vacuum cleaner, but after J. Edgar Hoover, the first FBI director, who gathered dirt on countless Americans,” reported The Associated Press. That worldwide mass-vacuuming of data was confirmed by NSA whistleblower Edward Snowden before leaving Hong Kong for Moscow. He said, “We hack network backbones— like huge internet routers, basically – that give us access to the communications of hundreds of thousands of computers without having to hack every single one.”

The AP added:

Deep in the oceans, hundreds of cables carry much of the world’s phone and Internet traffic. Since at least the early 1970s, the NSA has been tapping foreign cables. It doesn’t need permission. That’s its job.

…

Tapping into those cables allows the NSA access to monitor emails, telephone calls, video chats, websites, bank transactions and more. It takes powerful computers to decrypt, store and analyze all this information, but the information is all there, zipping by at the speed of light.

Security and privacy expert Bruce Schneier advised, “You have to assume everything is being collected” no matter what government or companies say about spying on communications. “Everyone is playing word games. No one is telling the truth.”

I’ve previously touched on the fact that the more you encrypt, the more the government breaks into your cloud. But now The Guardian published “top secret” government documents about how the NSA targets people using online anonymity services like Tor and users that encrypt e-mails and instant messages. Even if the data is “inadvertently acquired domestic communications,” FISA court-approved policies allow the NSA to keep the data from US citizens and residents for up to five years. Data collection and interception is supposed to stop once NSA analysts have determined the target is within the US, but if you choose to protect your privacy by using anonymity software that can alter your physical location, then you “will not be treated as a United States person, unless such person can be positively identified as such, or the nature or circumstances of the person’s communications give rise to a reasonable belief that such person is a United States person.”

When talking about the tech giants, Christopher Soghoian, ACLU’s senior policy analyst studying technological surveillance, told The Guardian, “It’s a weird symbiotic relationship. It’s not that Facebook and Google are trying to build a surveillance system but they effectively have. If they wanted to, Google and Facebook could use technology to tackle the issue, anonymizing and deleting their customers’ information. But that information is how they make their money, so that is never going to happen.”

Like this? Here’s more posts:

• America: Less land of the free, more home of the mass-surveilled
• Journalist threatened, warned not to write about face-recognition at Statue of Liberty
• Microsoft woos businesses with Windows 8.1 BYOD features
• NSA whistleblower Snowden: Even innocent Americans are ‘being watched and recorded’
• It’s hitting the fan: Anger mounts over PRISM, NSA spying scandals
• Reporters threatened with CFAA, labeled hackers for finding security hole
• Former FBI agent: All phone calls recorded, no digital communication secure
• Schools scan students’ irises, then notify parents of opt out choice afterward
• Rule of 7 applied to domestic surveillance

Follow me on Twitter @PrivacyFanatic