It's the kind of notoriety that comes with a $2.6 bn
buyout. Since Luxembourg-based Internet telephone startup Skype Technologies was
gobbled up by online marketplace eBay Inc for that princely sum in September,
Skype has added 12 million more users, for a total of 66 million-and has
attracted a boatload of closer scrutiny.
Most troublesome are questions about whether Skype's
technology is safe to use inside corporations. The company's popular software
lets people make free calls over the Internet from one PC to another. But in
recent days consultants have begun warning companies that employees who use the
software in the office could be poking holes in the security systems designed to
defend against hackers and other intruders. On November 10, Info-Tech Research
Group in London, Ont, issued a report under the headline "Ban corporate
Skype usage immediately" that cited a litany of potential security risks.
Tom Newton, a product manager at Smooth-Wall, a maker of corporate firewalls in
Leeds, England, says: "We advise customers to keep it off their
networks."
What makes Skype a potential risk is the very thing that
makes it so appealing to millions of users: It's a breeze to set up. Unlike
more complex and expensive Internet phone offerings from the likes of Cisco
Systems and Avaya, Skype can be downloaded and installed by any employee, beyond
the control of info-tech managers. What's more, Skype is designed to burrow
past firewalls while leaving little trace of its presence. The software works
like a charm, but the hole created for phone conversations could be exploited to
swipe data or release viruses. There have been no reports of attacks that take
advantage of Skype technology. Yet the company itself concedes its product may
not be right for some organizations. Michael Jackson, Skype's director of
operations, strongly defends the software's safety and data encryption, but he
acknowledges it lacks features such as the ability to log and monitor phone
calls. Avoiding Skype may thus be "the right thing to do," Jackson
says, for companies facing stringent compliance requirements under the
Sarbanes-Oxley standards now necessary at publicly held US companies.
Campus Pariah
Some organizations are clamping down. Pharmaceutical giant Novartis in Basel,
Switzerland, doesn't let employees use Skype. Neither do Goldman Sachs and
German chemicals giant Degussa. A growing number of schools ban the technology,
including Oxford University, the University of Texas, and the University of
Minnesota. In September the French government recommended research personnel at
universities and government labs avoid using Skype.
Does this mean eBay paid a fortune for a lemon? Not at all.
Individuals who pay for their own phone calls are fanatical about the
technology. So are smallbusiness owners who watch every dime and don't much
worry about security.
Skype is working hard to close up potential vulnerabilities.
Earlier this year the company hired independent security expert Tom Berson to
conduct a fourmonth audit of the technology. Two problems found during the
examination were fixed in October. Berson rated Skype secure and reliable.
Companies with the most stringent standards will probably steer clear of the
service. But as long as hackers don't manage to concoct a Skype attack,
everybody else should be able to enjoy lots of free Internet gabbing without
anxiety.
By Andy Reinhardt With Robert D Hof and Ben Elgin in San
Mateo, Calif