Slashdot Mirror
"Lawful Spying" Price Lists Leaked
ogaraf writes "Wired has a story about how the site Cryptome.org leaked the price lists for 'lawful spying' activities of Yahoo and other companies, and subsequently received a DMCA takedown notice from Yahoo. The documents, however, are still posted online, and in them you can learn, for instance, that IP logs last for one year, but the original IPs used to create accounts have been kept since 1999. The contents of your Yahoo account are bought for $30 to $40 by law enforcement agencies."
I like the part where Yahoo complains that the leaking of the document could "shock" its users and damage its reputation. Shoulda thought of that earlier, huh?
Time for paid services with explicit privacy protection. There is a good business case for this, I think, but will require thoughtful way to market to the masses. Any ideas?
Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
If you actually read the documents (I know, that's too hard), you'll see that this is a list of information Yahoo! can provide in compliance of subpoenas, search warrants and court orders.
Oooh, if the cops get a search warrant, they can look at your Yahoo! friends list. It's the end of liberty as we know it!
How can a document be both confidential and copyrighted?
"Lawyer claims intellectual property rights on method to suck and blow at same time."
If you read it, you'll see that it's basically an explanation of what information they do and do not have, how their various properties work and what information they store, and how much it will cost an agency to have certain information requests addressed. It doesn't represent some sort of sinister pipeline of information directly from their users' keyboards to the "evil government." If anything it's useful to everyone because it shows exactly what they do and don't save, and it might act as a deterrent for the casual or clueless investigator who watches too much CSI and thinks sending a request off will instantly pinpoint the bad guy by backtracking his DNS through the GPS IP address of his netbook's MAC module or whatever.
It's a good thing it's already been archived on WikiLeaks http://wikileaks.org/wiki/Yahoo_compliance_guide_for_law_enforcement%2C_23_Dec_2008
- Aetheral Research -
... or other confidential markings in this document, I don't feel there is any reason not to public disclose this document all or in part. In fact, I will do that just now...
For email:
"Yahoo! retains a user’s incoming mail as long as the user chooses to store such messages in their mail folders and
the user’s email account remains active. Yahoo! retains a user’s sent mail only if the user sets their email account
options to save sent mail and has not subsequently deleted specific messages."
For messenger:
"For Yahoo! Chat and all forms of Messenger, Yahoo! has log information regarding the use of the services. Yahoo!
maintains a “Friends List” for users of Yahoo! Messenger and can determine from its logs the time and date that a
user logged into Messenger or Chat (in the prior 45-60 days) and the IP address used. Yahoo! also can retrieve
from its Chat and Messenger logs the names of the chat rooms that the user accessed and the Yahoo! IDs of the
other people with whom a user communicated through Messenger during the prior 45-60 days. In order to search
these logs, a Yahoo! ID and a specific time frame, preferably no more than three days, must be provided."
For flickr:
"If provided with a Yahoo! ID, Flickr URL, or Flickr NSID, Yahoo! has the ability to produce subscriber information for
the account-holder. As long as the Flickr account is active, Yahoo! has the ability to produce content in the account
– with associated upload IP addresses and date and time – as well as the email and Groups information for the
account."
For groups:
"Yahoo! maintains information about Group moderators, as well as an activity log for each Group. The Group activity
log is a transactional log that indicates when members have subscribed or unsubscribed from the Group, posted or
deleted files or polls, or other similar events. Not all Group activities are logged, however. For example, the reading
of messages or downloading of files or photos is not logged.
Although the Group Message archive maintains messages sent to Group members, the message archive does not
contain any attachments to the messages. Yahoo! does not maintain those attachments in any form.
For current Groups, Yahoo! retains information relating to the moderator, members, and the active contents of the
Files, Photos, and Messages sections. If a Group has been deactivated or deleted, information about the Group
may be preserved for approximately 30 days, after which the information may be deleted."
For geocities and other premium web services:
"For web-hosting
and domains, Yahoo! will have basic Yahoo! registration information about the user who posted the page. Yahoo!
also will have the active files that the user has uploaded to the website, including the date on which the files were
uploaded, and the domain-based email that is available to the user. Deleted email is not available."
And here is how much it costs:
" Basic subscriber records: approx. $20 for the first ID, $10 per ID thereafter
Basic Group Information (including information about moderators): approx. $20 for a group with a
single moderator
Contents of subscriber accounts, including email: approx. $30-$40 per user
Contents of Groups: approx. $40 - $80 per group"
If you get 1000 requests a month from various law enforcement agencies across the country, that's an awful lot of man hours to dedicate to these requests. If you have a fee in place to cover costs in the first place, it ensures that a surge in requests doesn't drain the budget of the department in charge of sorting them out.
We the people is a law enforcement agency.
We the People ought to be enforcing the Common Law, but ... hey, who's on Idol tonight?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
In the US, the people are the final authority on what is right and wrong, Constitutional or not.
In my opinion, Marbury v. Madison was a terrible ruling, and the beginning of the American decline. Without that ruling, it would have been up to the people to police Congress, and the level of apathy we see today would have never been attained.
Learn about Photography Basics.
Aside from the numerous instances documented in older Slashdot stories, the EFF has a nice list http://www.eff.org/wp/unsafe-harbors-abusive-dmca-subpoenas-and-takedown-demands of examples where a corporation's lawyers sent DMCA takedown letters alleging infringement by content they later admitted they do not own.
At this point only a District Attorney would prima facie "be fairly confident [the subject of a DMCA takedown letter from Yahoo] is a Yahoo document."
Yahoo wrote in its objection letter that if its pricing information were disclosed to Soghoian, he would use it “to ’shame’ Yahoo! and other companies — and to ’shock’ their customers.”
It's hard to shame someone who doesn't already feel that they have something to be ashamed of. I guess we know Yahoo understands it's behavior to be shameful but continues to do it.
This link has been deleted.....
Right, and ooh, a subpoena is SO hard to issue! No judge need be involved; prosecutors get to write them themselves -- motivated, perhaps, by nothing more than a hunch.
There's a huge difference between a warrant and a subpoena.
$META_SIG_JOKE
This just shows why you should always go with the car analogy.
If a copyright notice is optional, then some means to know whether the document is genuinely copyrighted PRIOR to its dissemination would be needed for others to know that it is in fact copyrighted. It could be that copyrighting the document was overlooked, and has only been corrected after the fact. If they did copyright it prior to dissemination, then there has to be at least something to show this.
Michael Gershberg appears to be claiming, if Cryptome's copy of the letter is accurate, that the document is in fact copyrighted. So how is it that he knows this to be the case? Does he see some instrumental proof that the document is copyrighted? Was he just personally told that the document is copyrighted? He should support his claim by providing a notarized copy of the instrumental proof, or swear out a claim citing who told him that it was copyrighted, in order to be convincing. Otherwise, he is not very convincing at all.
The lack of a copyright notice always gives the APPEARANCE of not being copyrighted. How can anyone know otherwise unless there is some alternative proof. WHERE'S THE PROOF?
now we need to go OSS in diesel cars
The law is available here. It's a requirement for law enforcement requesting information, not the organizations providing it (except that the amount is "mutually agreed by the governmental entity and the person or entity providing the information").
So, the guide is a means for law enforcement to interact with Yahoo (and the law) in a standard, easier way. Does it make it more likely that investigators would ask Yahoo for documents if Yahoo makes it easy, as opposed to cooperating as little as possible? Probably. But Yahoo has no reason not to cooperate.
It's not that Yahoo occasionally complies with the authorities. It is that they have a pricing scheme for it.
Think that one through. If there were no price list posted for the information, then any fool in a bureaucracy can request it and get it. However, government bureaus being what they are, if you put so much as a $50 price tag on the information, you may be requiring said bureaucrat to jump through many hoops and have their actions questioned and tracked. This tiny fee will likely annoy them and stop a very large proportion of inquiries.
A friend of mine (a army colonel in Logistics) said that in government, it's often easier to spend a billion dollars than it is to spend fifty.
I salute Yahoo's putting at least a speed-bump in the way. It's something.
Do not mock my vision of impractical footwear
It also assures that some LEA can't carry out a vendetta by flooding them with 1000000 requests a day.
I do wonder how a surge of requests would be handled by a department that has a fixed staff. Would there be a backlog and delay? Could they have an "expedite" fee?
now we need to go OSS in diesel cars
If I copyright all my emails shouldn't I get a taste when the spooks read my email?
most people use Dynamic IPs, so they can subpoena the IPs but they will get a lot of "false positives" to track down the owner of those Yahoo IDs. Most people do not have the same ISP they had in 1999 due to the great dial-up to broadband rush after the Dotcom bubble burst. You'll have grandmothers and teenagers be accused of stuff that some random stranger that shared a dynamic IP address with them did.
Thanks to the Patriot Act, the police, NSA, FBI etc can get the information without a search warrant. The Democrats lead by Obama had promised to remove the Patriot Act as soon as they took office, but why it is still a law, I'll never know. But then many of them voted to pass it when Bush was President anyway. Both the Democrats and Republicans are corrupt in that way.
By the way Yahoo uses web beacons to track web site usage and most users don't know how to opt out of that. I've opted out of it several times already.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
It appears to be an intractable, maybe fatal flaw in our system.
That's because you see it as a system, rather than choice, what we choose to do, what we collectively decide society should be. All power is lost at that moment we accept that as truth, and people become passive victims of the sharks that know how to exploit any system.
It's not sustainable for the longer term though. Either your country goes bankrupt, or faces similar fates in the hand of the criminal lyers that have held you in chains for so long, and you again realize you can choose. Or you decide to start believing in change and support those who have integrity and wish the best for the nation (ie. a true president with the best intentions, rather than just corporate and religious-fundamental interests).
Well put post btw. But things are not that hopeless as you put it!
http://www.debunkingskeptics.com/