Know the real hype about Skype!

Skype software provides voice and video connections over the Internet as an alternative to regular phone calls as well as file-transfer and instant messaging services. Skype is widely used at the university, particularly as a video conference solution for international collaboration. And while it is inexpensive and easy to use, there are some significant privacy and security issues concerning its use. The Office of Information Technology does not officially support Skype for university use, but wants to inform you of these issues.

The personal (free) version of Skype has serious privacy issues. Skype’s privacy policy gives Skype the rights to use your personally identifiable information (PII) including specifically your Skype user name, full name, address, telephone numbers, gender, date of birth, language, contact list, Internet IP addresses, cookies, banking and payment information and information about your interaction with Skype. Be careful what options you allow in your Skype profile to avoid giving other Skype users unintentional access to your PII. The privacy policy specifically allows for Skype’s marketing, promotional and legal use of your PII. The Skype business license (available for a fee) does not reference the privacy policy and may provide better protection for your PII.

The use of Skype also creates some technical security concerns. Skype does encrypt all transmitted communications data, which is a plus. However, it encrypts the data using a proprietary algorithm, which means that university security personnel can’t see the data being transferred into or out of computers by the Skype programs in those cases when they are allowed to under the university’s Computer Use Regulation and Computer Use Policy. An example of that would be for data leakage protection (such as when sensitive data like a social security number is suspected of being transmitted), or in response to an eDiscovery request by the university’s legal department. Other technical security concerns could include programs downloaded to Skype on your computer with an undisclosed purpose and personal or sensitive information being uploaded to Skype or other destinations on the Internet. As well, Skype ads are transmitted without encryption and can be hijacked and replaced with malicious data, which may infect the receiver’s computer.

If Skype is left running in the background, it can automatically be elevated to a “Supernode” and mediate communications between other Skype users. Several universities have banned the use of Skype on the grounds that Supernodes use excessive network and computing resources. To prevent background Supernodes from running on your computer, fully exit Skype after active use by right clicking the Skype icon by the clock in the bottom right of the screen and clicking “exit.”

The university “unified communications” project is investigating alternatives for personal communications across the Internet and at the university. This will hopefully enable very inexpensive international phone calls, videoconferencing and file transfers that will be fully tailored to the university requirements, including privacy and security.