On June 28, the House of Representatives announced that it had enabled its public WiFi network for the use of Voice over IP services Skype and ooVoo to communicate and hold teleconferences.
Chairman on the Committee of House Administration, Dan Lungren, and House Technology Operations Team Chairman, Jason Chaffetz, issued a joint announcement stating that they “are pleased to announce that, after working with Republican leaders and various House stakeholders, members and staff can now use popular video teleconferencing services within the House network to communicate with constituents.”
Popular video chat and instant messaging tool Skype has seen numerous security breaches in the past. In 2008, TOM-Skype, Skype’s Chinese branch, was shown to have been logging and recording user messages filtered for possibly subversive content for the Chinese Communist Party (CCP), which was pulling and using the logs to monitor possible dissidents.
In some cases, users who had regularly mentioned words or phrases that are flagged by the system may have been targeted for constant monitoring according to a joint report published by ONI Asia and the Information Welfare Monitor.
In the report, author Nart Villeneuve, CTO of internet content delivery corporation Psiphon Inc., described that the recorded logs, stored on publicly accessible Chinese servers, contained information that could allow anyone to break into user profiles and access sensitive and detailed personal information.
In another incident in 2008, a security hole was discovered in Skype that allowed attackers to access, write, and change code in the computer systems of users who had been using certain versions of the program for Windows. Similar holes had been discovered throughout the prior year also.
Skype announced in April that it had been brought to their attention that a vulnerability in their Skype Video app for Android-powered cell phones could be exploited to allow attackers to access large caches of personal information including date of birth, email address, and phone numbers. According to an article on androidpolice.com, the vulnerability affected more than 10 million users and was discovered simply by taking the app apart.
And again in May, ethical hacker group Pure Hacking notified Skype that it had found another vulnerability in its Mac OSX platform that allowed the group or anyone with knowledge of the hole to send malware or malicious packages to Mac users and disable their Skype clients or attack other resources for long periods of time.
While most, if not all of these security issues have been fixed, there may be numerous other vulnerabilities and security holes unknown to Skype or the general public.
According to an article on the Hill, the Congressional network security team did collaborate with engineers from Skype and ooVoo in order to “[negotiate] modified license agreements with Skype and ooVoo to maintain the necessary level of information technology security within the network.”
The agreements primarily consisted of rules and regulations congressmen are required to follow in order to conduct in safe usage of the tools and to be excused of any liability in the case of a breach.However, the question remains whether or not any safeguards have been put in place in order to ensure that Congressional communications and information privacy are not compromised through technical vulnerabilities.
The office of Rep. Chaffetz did not return any calls upon requests for more detailed information on any security measures being implemented.