A police file has recently revealed that, during a police investigation into the Anonymous-sanctioned cyberattacks on PayPal, the Dutch police has received personal data on a young Dutchman through an IT firm which, in its turn, received the data from Skype apparently in an illegal way.
In the file called Operation Talang, the Dutch police had information on two people that allegedly played a part in the attacks on websites belonging to Mastercard, VISA and Paypal by hacker collective Anonymous, following the blocking of donations to Wikileaks in 2011.
Joep Gommers, senior director of global research at the Dutch IT security firm iSIGHT Partners, who was hired by PayPal to investigate the attacks, found out the pseudonym of a 16-year-old boy who apparently was involved in the attacks and contacted Skype to ask for the suspect's account data. According to the police file, Skype handed over, voluntarily and without any court order, the suspect's personal information, such as his user name, real name, e-mail addresses and home address.
"You would imagine that subscriber data aren't simply handed over. They have to be provided when the police has a valid demand or court order, but not in any other case. (...) You can also wonder whether police can use that information if it was acquired this way," said Gerrit-Jan Zwenne, a professor of Law and Information Society in Leiden and a lawyer at Bird & Bird in The Hague.
Skype spokesman reaffirmed that the company was taking privacy very seriously and there would be an investigation in the matter. "It is our policy not to provide customer data unless we are served with valid request from legal authorities, or when legally required to do so, or in the event of a threat to physical safety."