Slashdot Mirror
Cryptome in Hot Water Again
garg0yle writes to tell us that Cryptome appears to have stepped in it again with a recent leaked document concerning Microsoft's "Global Criminal Compliance Handbook." "Microsoft has demanded that Cryptome take down the guide — on the grounds that it constitutes a 'copyrighted [work] published by Microsoft.' Yesterday, at 5pm, Cryptome editor John Young received a notice from his site’s host, Network Solutions, bearing a stiff ultimatum: citing the Digital Millennium Copyright Act (DMCA), Network Solutions told him that unless he takes the 'copyrighted material' down, they will 'disable [his] website' on Thursday, February 25, 2010. So far, Young refuses to budge." In a gesture of goodwill, Wikileaks has offered to host Cryptome via their twitter feed.
Looks like DNS has already gone...
"http://file.wikileaks.org/files/" + "microsoft-spy.pdf"
Just, you know, in case?
Support FSF: Stop thinking with your wallet, and think with your imagination. (cc/non-commercial)
Wikileaks may not be mirroring Cryptome.org in its entirety yet, but they are hosting the "offending" material. Download and redistribute!
http://cryptomeorg.siteprotect.net/
$25 will get you 2 DVDs with 54,000+ articles, spanning June 1996 to February 2010, mailed anywhere in the world.
Learning HOW to think is more important than learning WHAT to think.
The mirror-site cryptome put up is http://cryptomeorg.siteprotect.net/ ..."
However, they took the offending document down and wrote "for the MS Spy Guide send email to
A mirror of the site is now up, with partial content available and the rest being transferred.
Having just skimmed the doc, I don't see why anyone would care. The information available to law enforcement is actually less than I had expected.
MD5: f688c4406d3a3fb76f72248630fea270
I don't understand why it's supposedly confidential - there's nothing sensitive in it whatsoever, it seems to match up perfectly with their privacy policies, and even confirms that (for example) they do not log the content of Messenger conversations.
I am amazed that after all this time, all those secret and quasi-secret documents published, cryptome was finally destroyed by this, however. What Wikileaks does today was to a large extent pioneered by John Young. But it appears copyright has finally trumped free speech in the US - the astute will note that in fact, Netsol's response is, though pigheaded, in perfect compliance with the DMCA 512(g)(2) counter-notification proposal (in the actual DMCA as enacted in the US, counter-notifications cannot take effect immediately, it must stay down for 10 days!).
I hope John Young's creation comes back, hopefully unstoppable, but it is a crushing blow for a long-standing privacy and free speech campaigner that he may have to move the servers out-of-jurisdiction to actually exercise that free speech.
I just want to make sure I fully understand the situation. This is something written by MS and being hosted in its entirety by someone else without permission, right? So their claim is legally correct and everything, isn't it?
Written by MS: Yes
Hosted by someone else w/o permission: Yes
Legally correct claim: ???
The newsworthiness of the document makes for a very strong defense against any copyright claim and that's the rebuttal Cryptome made in the DMCA reply.
[Fuck Beta]
o0t!
Not meant for hiding secrets, but definitely meant for preventing illegally made copies of a work. This is exactly what copyright is for, whether you like Microsoft or not.
"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life
Keep in mind that this probably was a legal copy of the work. As has been mentioned elsewhere, Microsoft's work is newsworthy. There is a fair use for such things.
Of course being hosted in the United States is one problem if you want to be an indiscriminate whistle-blower, but an even more serious problem is picking a registrar hosted in the United States. Not only are you and your server host accountable to the DMCA, but so is the company that has the permanent on-off switch to your site's name. When I registered domain names that I thought might ever contain the slightest bit of content that could get me in hot water via the DMCA, I made sure to register my domain names through a registrar which hosts much more notable sites with content in contravention of DMCA. So, I ran a whois on the most notable site I could think of which completely disrespects copyrights (ThePirateBay), and registered my domain names at Key-Systems, http://dd24.net/ being their consumer-facing site. They might be a bit more of an expense (being that I incur a foreign transaction fee with every registration/renewal), but I think the peace of mind in knowing you won't be losing your domain name due to copyright disputes is very worth it.
Maybe you haven't looked at their site lately (I wouldn't blame you); NetSol has been providing hosting for years: http://www.networksolutions.com/web-hosting/index.jsp
I just read the document and it's really kinda reassuring. They lay out exactly what they require in order to disclose exactly what information, and they don't say anything without a subpoena (gets you name/address/email older than 180 days). Anything more interesting than that requires a court order (for address book/friend list/email to-from) or a search warrant (new email).
Plus, they detail exactly what they do and don't keep - for example, they don't have messenger logs.
Frankly, I thought they had more info than that. They really keep very little info aside from what they need to actually deliver the service.
YMMV due to the Patriot act, etc - but I don't see why MSFT would lie in a confidential document
I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
The provider must take down the content within a certain time of receiving a notice. After they receive a counter-notice, the content stays down for 10-14 days, during which the original notifier must file a lawsuit. If they don't, the content goes back up.
Before taking anything down Network Solutions suggested that Cryptome file a counter notice, and pointed out to them how to do it. They pointed out that if Cryptome took down the one file for the 10-14 days, they would not have to take down the rest of the site. Cryptome sent a counter notice which specifically indicated they would not be taking down the file. Upon receipt, Network Solutions took down the site, as they clearly explained they would be required to by law.
I'm not much of a fan of Network Solutions generally, but in this situation, they are not the bad guy. They are impartially following the law. Their letter even goes so far as to helpfully lay out Cryptomes choices. Cryptome made their choice to stand on principle and force the system to shut the whole site down. I assume Cryptome figured the resulting publicity would do more for their fight than taking down the file and keeping their site up, and I also assume they are right.
I'm not aware of any fair use rulings that have ever allowed for the broad publication of a complete copyrighted work.
His justification appears to be that although Microsoft is required to comply with the law, they should publish exactly how they comply so that people are more capably of avoiding the governmental eavesdropping.
Basically he's arguing that while complying on the surface, Microsoft should be helping subvert the law at the same time, which would likely land Microsoft in some pretty serious legal trouble.
The public has a right to know what the law allows the government to do. It doesn't have a right to know the specific implementation.
Such back doors do often result in some security risks, however, believe it or not you don't have a right to do penetration testing on someone else's system, even if you use that system.
Yes, Microsoft's claim is legally valid. No, newsworthiness is not one of the fair use criteria, so Cryptome has no leg to stand on.
The document is mainly facts. Facts themselves can't be copyrighted (if they could, you wouldn't be able to learn the scores of sporting events without paying). As such, it would be possible to create a new work containing all of the facts that are available in this document and publish that. Attempts to take down your work would be very easy to defend against. In truth, showing that a new document created using only facts that are now public is very similar to the original work, one could make an argument that a copyright claim is of little merit.
Such a document could look like this:
Microsoft has online services that retain data on user's connections and the contents of their communications, and that data is available to law enforcement.
Increasing quantities of information will be disclosed depending on whether law enforcement provides Microsoft with a subpoena, court order, or search warrant. This information appears to be available through a handy web interface to the agency requesting the information. Microsoft doesn't clearly state the procedure or availability for non-law enforcement agencies (such as those bringing civil suit) to receive their retained information through court actions.
For Email services (hotmail, msn, live), information retained by Microsoft (and the legal instrument to receive it):
Duration and scope of retention of email information by Microsoft:
Similar information is retained for instant messaging, windows live spaces, msn groups, windows live domain administrator, online file storage services, and even the xbox live service, although this author is to lazy to detail them.
Notice: The above work (30 minutes of artistic time needed), is protected under copyright of this poster, even though no notice of Copyright is required after 1989, and even though this work is entirely a list of facts regarding how Microsoft retains data and discloses it to authorities.
Since I asked the question in the GP, I looked up what I believe is the applicable part of the US Code. 17 U.S.C. Sec. 512 states that a service provider will not be liable for taking down material in response to a copyright infringement notice as long as (among other things) the provider
So now we know.
"You call it a new way of thinking; I call it regression to ignorance!" -- Operation Ivy
So, does this manual that Cryptome put up reveal any dark secrets, or is the complaint justified here? I wouldn't bet either way without reading it.
No, it outlines the procedures for getting data about hotmail and live users from Microsoft, it shows examples of what data is provided, what each piece of data means etc. It also tells what information is stored and how long and which type of warrant/court order is required for certain types of information. An interesting read, but nothing that shocked me so far (I didn't read all of it yet).
On the other hand, I can't really see why MS goes out of it's way to prevent this document from being public. It's the kind of documentation they could just as well publish on their own website, everything in there is, as far as I can see, simply the result of what's in the law. If you have a problem with that, complain to the ones that made the law...
The only thing in there which MS probably doesn't want to be published are a few phone numbers and email addresses and frankly those should have been redacted out.