Would you trust Skype with your vote?

I've been wracking my brain for the defining Skype moments of 2008. It comes down to Skype's identity. The marketing, psychology, defining oneself sense; not the login, badge sense. Brand marketers may talk of lovemarks, but trust comes before love. We trust Coke products to be Coke-like in taste, feel, fragrance, color, and packaging, for example. We trust products not to hurt or endanger us (unless you're into that kind of thing). We trust brands to keep their promises. The people of Estonia trust their electronic voting systems with the fate of their nation. In a country that recently survived cyberwar, that's a lot of trust. Estonia conducts elections online.  Building on successes in 2005 and 2007 they recently approved voting with mobile phones by 2011. The Estonian National Electoral Committee (VVK) will provide SIM chips to Estonian voters for free. The special chips from AS Sertifitseerimiskeskus (SK) will authenticate voters and keep vote transmissions secret using public key encryption. Would you trust Skype's technology and Skype's business with your vote? If you asked me in 2007, I'd have said yes. Skype's brand promises privacy and safety. Outside security experts applauded Skype's authentication, strong encryption, and ability to bypass most obstacles. Skype is an eBay company (though few people know this) and borrows some of our trust of eBay and PayPal. I'm unsure now, as 2009 starts. Skype's technology is strong but incomplete. Skype's encryption is end-to-end, from Skype client to Skype client. Nobody can listen in. So the weak points are the end points: a user's PC or Skype-enabled device and the gateway to the the voting system. Secure those end points and you'd have a pretty secure system. That's not the whole story, though. We learned in 2008 that Skype shared a copy of their desktop source code with the TOM-Skype joint venture in China. That includes Skype's authentication (proving who you are) and encryption (foiling eavesdroppers) code. We don't know how many people, including TOM-Skype former employees, contractors, and members of Chinese security services, have access to that code. (Hypothetically, if I offer a $1000 bounty, would someone sell me a copy?) Many people have the means to interfere with an election conducted through Skype. Given time, we know a way finds itself in the hands of those with a will.  Speaking of intent, let's return to the joint venture. Skype's founding executives traded code for access to China. China is now Skype's largest market. The new executive team tightened up operational security, minimizing unauthorized access to log files, surveillance, and source code. Despite Skype's 2008 policy review, the original deal stands: TOM-Skype gets a copy of Skype's source code with each major release, TOM-Skype modifies the Skype software to comply with China's government agencies, TOM-Skype shares data collected with users with Chinese agencies, TOM-Skype does not disclose that privacy breach to customer before or after sharing.  Skyper's talking with a TOM-Skype users are surveilled like TOM-Skype users This is the arrangement we know of. We don't know if Skype agreed to similar arrangements with, for example, EU law enforcement or USA intelligence agencies. Landline and mobile phone companies have long given keys to their networks to law enforcement and communications intelligence agencies. We're accustomed to the rule of law applying to our phones. We hope, we assume, we believe, perhaps naïvely, that our phone company keeps our secrets. It is sad to let go of those illusions regarding Skype. So this goes back to Skype's brand promise of privacy and security. Do you trust Skype?  Would you trust Skype's corporation with your vote? With your country? With your liberty and freedom? I'm less certain.

View article...