Slashdot Mirror
"Lawful Spying" Price Lists Leaked
ogaraf writes "Wired has a story about how the site Cryptome.org leaked the price lists for 'lawful spying' activities of Yahoo and other companies, and subsequently received a DMCA takedown notice from Yahoo. The documents, however, are still posted online, and in them you can learn, for instance, that IP logs last for one year, but the original IPs used to create accounts have been kept since 1999. The contents of your Yahoo account are bought for $30 to $40 by law enforcement agencies."
I like the part where Yahoo complains that the leaking of the document could "shock" its users and damage its reputation. Shoulda thought of that earlier, huh?
If you actually read the documents (I know, that's too hard), you'll see that this is a list of information Yahoo! can provide in compliance of subpoenas, search warrants and court orders.
Oooh, if the cops get a search warrant, they can look at your Yahoo! friends list. It's the end of liberty as we know it!
According to the U.S. Constitution (I got this from wikipedia), the purpose of copyright is "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."
The problem seems to be that the actual legislation covers creative works that were never intended to be shared with the public. Such documents, like the ones in question, are within the scope of copyright law but not the spirit.
But as far as I know, courts have been unwilling to strike down current copyright laws just because they're less than perfectly efficient in achieving the Constitution's justification for them.
It's a good thing it's already been archived on WikiLeaks http://wikileaks.org/wiki/Yahoo_compliance_guide_for_law_enforcement%2C_23_Dec_2008
- Aetheral Research -
... or other confidential markings in this document, I don't feel there is any reason not to public disclose this document all or in part. In fact, I will do that just now...
For email:
"Yahoo! retains a user’s incoming mail as long as the user chooses to store such messages in their mail folders and
the user’s email account remains active. Yahoo! retains a user’s sent mail only if the user sets their email account
options to save sent mail and has not subsequently deleted specific messages."
For messenger:
"For Yahoo! Chat and all forms of Messenger, Yahoo! has log information regarding the use of the services. Yahoo!
maintains a “Friends List” for users of Yahoo! Messenger and can determine from its logs the time and date that a
user logged into Messenger or Chat (in the prior 45-60 days) and the IP address used. Yahoo! also can retrieve
from its Chat and Messenger logs the names of the chat rooms that the user accessed and the Yahoo! IDs of the
other people with whom a user communicated through Messenger during the prior 45-60 days. In order to search
these logs, a Yahoo! ID and a specific time frame, preferably no more than three days, must be provided."
For flickr:
"If provided with a Yahoo! ID, Flickr URL, or Flickr NSID, Yahoo! has the ability to produce subscriber information for
the account-holder. As long as the Flickr account is active, Yahoo! has the ability to produce content in the account
– with associated upload IP addresses and date and time – as well as the email and Groups information for the
account."
For groups:
"Yahoo! maintains information about Group moderators, as well as an activity log for each Group. The Group activity
log is a transactional log that indicates when members have subscribed or unsubscribed from the Group, posted or
deleted files or polls, or other similar events. Not all Group activities are logged, however. For example, the reading
of messages or downloading of files or photos is not logged.
Although the Group Message archive maintains messages sent to Group members, the message archive does not
contain any attachments to the messages. Yahoo! does not maintain those attachments in any form.
For current Groups, Yahoo! retains information relating to the moderator, members, and the active contents of the
Files, Photos, and Messages sections. If a Group has been deactivated or deleted, information about the Group
may be preserved for approximately 30 days, after which the information may be deleted."
For geocities and other premium web services:
"For web-hosting
and domains, Yahoo! will have basic Yahoo! registration information about the user who posted the page. Yahoo!
also will have the active files that the user has uploaded to the website, including the date on which the files were
uploaded, and the domain-based email that is available to the user. Deleted email is not available."
And here is how much it costs:
" Basic subscriber records: approx. $20 for the first ID, $10 per ID thereafter
Basic Group Information (including information about moderators): approx. $20 for a group with a
single moderator
Contents of subscriber accounts, including email: approx. $30-$40 per user
Contents of Groups: approx. $40 - $80 per group"
If you get 1000 requests a month from various law enforcement agencies across the country, that's an awful lot of man hours to dedicate to these requests. If you have a fee in place to cover costs in the first place, it ensures that a surge in requests doesn't drain the budget of the department in charge of sorting them out.
Aside from the numerous instances documented in older Slashdot stories, the EFF has a nice list http://www.eff.org/wp/unsafe-harbors-abusive-dmca-subpoenas-and-takedown-demands of examples where a corporation's lawyers sent DMCA takedown letters alleging infringement by content they later admitted they do not own.
At this point only a District Attorney would prima facie "be fairly confident [the subject of a DMCA takedown letter from Yahoo] is a Yahoo document."
Yahoo wrote in its objection letter that if its pricing information were disclosed to Soghoian, he would use it “to ’shame’ Yahoo! and other companies — and to ’shock’ their customers.”
It's hard to shame someone who doesn't already feel that they have something to be ashamed of. I guess we know Yahoo understands it's behavior to be shameful but continues to do it.
A confidential internal memo detailing plans for building a new type of engine could "promote the Progress of Science"; ergo, it deserves copyright protection. It also details trade secrets that could damage the company it belongs to; ergo, it deserves to be treated as confidential. Using this example, I'm having a hard time understanding your complaint.
God invented whiskey so the Irish would not rule the world.
What makes it sinister isn't so much what it says, but that it's supposed to be secret in the first place, and the takedown notice now that it has been divulged. I prefer to know what my rights are in the first place, thankyouverymuch. There's this idea that we can't let people know the rules of the game, since bad guys would then exploit them. Admittedly there is some truth to this; look at how corporations freeload by playing games with the tax codes. But what is the alternative? A lawless state where everybody lives with the vague threat of "stay in line or something bad might happen."
Right, and ooh, a subpoena is SO hard to issue! No judge need be involved; prosecutors get to write them themselves -- motivated, perhaps, by nothing more than a hunch.
There's a huge difference between a warrant and a subpoena.
$META_SIG_JOKE
This just shows why you should always go with the car analogy.
Here's a few good reasons that "nothing to hide" is a crock of crap:
1. The government is run by humans, which almost by the definition of the word are inherently fallible.
2. The government, also by definition, has the power to disrupt your life/put you in jail/confiscate your goods,
3. The above two combine to form a chilling effect upon your rights being exercised as you see fit.
4. Just as with quantum mechanics, the government cannot snoop without causing side effects in what they're snooping on.
So plenty of people have a darn good reason to not want government nosiness even IF they are not breaking the law.
If a copyright notice is optional, then some means to know whether the document is genuinely copyrighted PRIOR to its dissemination would be needed for others to know that it is in fact copyrighted. It could be that copyrighting the document was overlooked, and has only been corrected after the fact. If they did copyright it prior to dissemination, then there has to be at least something to show this.
Michael Gershberg appears to be claiming, if Cryptome's copy of the letter is accurate, that the document is in fact copyrighted. So how is it that he knows this to be the case? Does he see some instrumental proof that the document is copyrighted? Was he just personally told that the document is copyrighted? He should support his claim by providing a notarized copy of the instrumental proof, or swear out a claim citing who told him that it was copyrighted, in order to be convincing. Otherwise, he is not very convincing at all.
The lack of a copyright notice always gives the APPEARANCE of not being copyrighted. How can anyone know otherwise unless there is some alternative proof. WHERE'S THE PROOF?
now we need to go OSS in diesel cars
It's not that Yahoo occasionally complies with the authorities. It is that they have a pricing scheme for it.
Think that one through. If there were no price list posted for the information, then any fool in a bureaucracy can request it and get it. However, government bureaus being what they are, if you put so much as a $50 price tag on the information, you may be requiring said bureaucrat to jump through many hoops and have their actions questioned and tracked. This tiny fee will likely annoy them and stop a very large proportion of inquiries.
A friend of mine (a army colonel in Logistics) said that in government, it's often easier to spend a billion dollars than it is to spend fifty.
I salute Yahoo's putting at least a speed-bump in the way. It's something.
Do not mock my vision of impractical footwear
"Nothing to hide" is not an argument at all. Based on your response, you'd probably find this interesting reading:
'I've Got Nothing to Hide' and Other Misunderstandings of Privacy -- Daniel J. Solove
Cheers
My grandmother used anecdotal evidence all the time, and she lived to be 120 years old.
most people use Dynamic IPs, so they can subpoena the IPs but they will get a lot of "false positives" to track down the owner of those Yahoo IDs. Most people do not have the same ISP they had in 1999 due to the great dial-up to broadband rush after the Dotcom bubble burst. You'll have grandmothers and teenagers be accused of stuff that some random stranger that shared a dynamic IP address with them did.
Thanks to the Patriot Act, the police, NSA, FBI etc can get the information without a search warrant. The Democrats lead by Obama had promised to remove the Patriot Act as soon as they took office, but why it is still a law, I'll never know. But then many of them voted to pass it when Bush was President anyway. Both the Democrats and Republicans are corrupt in that way.
By the way Yahoo uses web beacons to track web site usage and most users don't know how to opt out of that. I've opted out of it several times already.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.