March 1, 2010
You might have seen this coming. Seems like no sooner than the US Supreme Court gave corporations the right to flood our already fucked-up political system with money than one megacorp manages to get the plug pulled on a whistle blowing site. The site, Cryptome, was taken offline for a while because they released a “secret’ document earlier last week that shows how a company retains data regarding a user’s activities online… and how law enforcement can obtain that data. The corporate target: None other than Microsoft itself.
(Wired) For instance, Xbox Live records every IP address you ever use to login and stores them for perpetuity. While that’s going to be creepy for some, there’s an upside if your house gets robbed, according to the document: “If your investigation involves a stolen Xbox console, if the console serial number or Xbox LIVE user gamertag is provided and the console has been connected to the Internet, IP connection records may be available.”
Microsoft retains only the last 10 login records for Windows Live ID. As for your instant messages, it tells police that it keeps no record of what anyone says over Microsoft Messenger – though it will turn over who is on your buddy list.
And if you like to use Microsoft’s social networking products — like its old-school Group mailing list or its Facebook-like Spaces product, be aware that it’s very social when it comes to law enforcement or court subpoenas.
As Microsoft tells potential subpoenaees, “when you are looking for information on a specific incident like a photo posting or message posting, please request all group content and logs. We cannot retrieve single incident data.” The same holds for Spaces — if you are interested in a single picture, just request the entire thing. Call it Subpoena 2.0.
Helping Hands. Naturally, Cryptome wouldn’t bow to MS’s DMCA “takedown” notice, not when even governments couldn’t rattle them. Unfortunately, Cryptome’s registrar, Network Solutions, apparently got nervous and took them offline and locked their domain. Apparently, Microsoft only wanted the “infringing” file to taken offline, not the whole site. They withdrew their takedown notice and Network Solutions restored access to Cryptome. On Cryptome’s sites there are emails that show the progress of the fight from the issuance of the takedown notice to the restoration of Cryptome.
The file, The Microsoft® Online Services Global Criminal Compliance Handbook, is still available on Cryptome’s sites, as well as WikiLeaks, and even readable online through Wired’s article. Better download while you still can.
Borgs will be Borgs. Those familiar with the history of the net know of Microsoft’s often strong-arm tactics to become the dominant player in operating systems and the Internet. Very rarely does one hear of them backtracking, but the potential bad press that could have (and probably may still) occur may have been enough for them to reconsider. MS still has not apologized for the shuttering, and may continue using the DMCA to keep such documents “offline” in future cases. As Wired’s Ryan Singel wrote:
Cox Communications, which runs the nation’s third largest ISP, has long made its law enforcement subpoena page — including prices — public.
But Microsoft, Google, Facebook and Yahoo do not follow that example, even though all of them want their users to trust them with their most sensitive data and communications. Nor do any of them publish the most basic statistics on how often law enforcement comes knocking with subpoenas and warrants.
In fact, the simplest lesson here is that none of the pixels published over this incident would have been necessary if Microsoft had just published this document in the first place, which few people would have ever bothered to go read. Instead, these companies prefer to worry about the sensitivities of corporate-ass-covering lawyers and law enforcement agencies instead of putting their users and transparency first.