Microsoft Says It Never Meant To Knock Cryptome Offline

CWmike writes "Microsoft withdrew on Thursday its demand that Cryptome.org yank the 'Microsoft Global Criminal Spy Guide' document from the site, and said it had never intended for the whistleblower's domain to be knocked off the Web. 'In this case, we did not ask that this site be taken down, only that Microsoft copyrighted content be removed,' said a Microsoft spokeswoman. 'We are requesting to have the site restored and are no longer seeking the document's removal.' The document, a 17-page guide to law enforcement on how to obtain information about users of Microsoft's online services, including its Windows Live Hotmail, the Xbox Live gaming network and its Windows Live SkyDrive storage service, was published by John Young, who runs Cryptome.org, on Feb. 20. Earlier this week, Microsoft demanded that Young remove the document from his site, citing the Digital Millennium Copyright Act. When Young refused, his Internet provider shut down the site, and Network Solutions, the registrar of Young's domain, put a 'legal lock' on the domain name. The last prevented him from transferring the URL to another ISP. Computerworld blogger Preston Gralla dug into the document today in his 'Leaked Microsoft intelligence document: Here's what Microsoft will reveal to police about you' post."

Openness

[sopssa]

While I completely agree that using DMCA to pull of the site is an asshole move, the documents also gave reassurance about privacy policies used in those services, mainly that MS isn't logging chat between people in Messenger and that when you move the email from their servers to your local computer email box, it isn't kept on MS servers. While in contrast, in my understating, for example Google keeps even deleted email somewhere in their networked file system for many many months.

I actually like to see more of these from different companies. Most interestingly, Facebook has a lot personal data. And what about Google? Yahoo?

If anything, such openness is good for MS in this case (even while they don't seem to agree to it, until now that it's leaked).

Re:Openness

[moco]

The site is back up. Facebook's equivalent document is already there http://cryptome.org/isp-spy/facebook-spy.pdf

Re:Openness

[megamerican]

I should have added that Yahoo had tried taking down their lawful spying guide but wasn't as "successful" as Microsoft. I say "successful" because Microsoft claims they only wanted to take down the document and not the website. However, it resulted in the takedown of the website and thus generated much more interest in the document and had the opposite effect of what they wanted.

Thankfully for us most corporations and governments don't realize this. If MS had done nothing the majority of people would have never read this because most people don't visit cryptome or other whistleblowing websites on a regular basis.

Re:Openness

[Fluffeh]

http://cryptome.org/ is back up and has dozens of different companies similar documents from the likes of yahoo, facebook, paypal, myspace, aol, skype, et al.

Since coming back online he has made all of those available at the top of his website because of the interest generated from his temporary censorship.

Hello, Ms Streisand, is that you? I have Mike Masnick on the phone. He says it's important.

If you don't get it click here and join those that do.

Re:Openness

If anything, such openness is good for MS in this case (even while they don't seem to agree to it, until now that it's leaked).

The Microsoft documents got leaked (by who? hmmmm), they look pretty favorable and make Google + associated sites look bad ... but they were leaked out on a nowhere site so didn't get good publicity. Lo and behold, Microsoft throws a DMCA takedown notice and the Streisand effect turns the leak into a flood.

But I'm probably just a paranoid conspiracy theorist. The leak coming almost immediately after MS & Yahoo got such great publicity for their privacy policies is most likely a co-incidence. And I'm sure that out of the thousands of employees at MS, there's not a single one who would be smart enough to come up with this marketing ploy... Right?

Re:Openness

[TubeSteak]

While in contrast, in my understating, for example Google keeps even deleted email somewhere in their networked file system for many many months.

All MS said is that law enforcement can't have e-mail that isn't active in your account.
That isn't the same thing as "we delete everything".
I'm not sure any large e-mail provider can promise that your deleted e-mails are instantly deleted from all backups/mirrors.

Re:Openness

[wealthychef]

Thankfully for us most corporations and governments don't realize this. If MS had done nothing the majority of people would have never read this because most people don't visit cryptome or other whistleblowing websites on a regular basis.

I'm not sure it's that they don't realize it. I think it's more complicated than that. First of all, corporations and governments don't "realize" anything, as they are not alive. Anthropomorphizing them leads to errors in analyzing and responding to their actions. "Punishing" them or getting angry at them is a mistake, as they have no feelings.
What is probably happening is that individuals within the corporation responsible for hunting down violations of copyright are not particularly tuned in to the idea of freedom of information for some reason. The only counter-valence to this would be if there were other individuals reviewing their actions who ARE sensitive to that issue or at least the politics of that issue.
This reminds me of the interplay between risk managers and floor traders in large banks, or engineers and managers in large companies, or lots of other examples.

Oh COOL: Tracking stolen xboxen...

[nweaver]

One thing thats implied is that if the police say "this X-Box, SN#ABC, was stolen on this date", Microsoft will return the subsequent connection history for that xbox!

Speaking as someone who had my house broken into and my Wii stolen (I had no xbox at the time), this would have been very cool to have, since Nintendo would do F-all when asked.

Re:Oh COOL: Tracking stolen xboxen...

[dangitman]

my Wii stolen (I had no xbox at the time)

So... you eventually got a sex change and replaced your wii with a box?

Who gave Network Solutions a badge?

[TwineLogic]

That Network Solutions, Inc. placed a "legal lock" on his domain name strikes me as NSI appointing themselves sheriff.

We don't need totalitarian internet authorities who "enforce the law" for Microsoft's civil complaints.

I suggest we all boycott Network Solutions, Inc. over their treatment of cryptome.org. I will do so.

Re:Who gave Network Solutions a badge?

[dch24]

No, if cryptome.org is hosted at Network Solutions (it was, IIRC), Network Solutions should disable or block the hosting.

Commandeering the domain name (a.k.a. "legal lock") is neither protected by the DMCA nor permitted by ICANN.

John Young may be able to sue Network Solutions on this basis.

Re:Who gave Network Solutions a badge?

[sopssa]

Still makes me wonder why the guy got both domain and hosting from the same place. There has been countless of cases with such issues before, either for the host locking domain too (like here) or giving trouble if you want to move hosting elsewhere but keep the domain. Network Solutions, like GoDaddy's, main business is domain registration anyway, not hosting.

Get the domain from a reputable registrar and then hosting from reputable hosting company.

Re:Who gave Network Solutions a badge?

[dch24]

However, the domain was effectively disabled - recovery through transferring the domain name was disabled by the Legal Lock.

It is not like John Young was in a dispute over the domain ownership. The Legal Lock was put in place incorrectly IMO.

Re:Who gave Network Solutions a badge?

[bugnuts]

It's either [disable the site], or be liable themselves for any infringement.

You are incorrect, in my non-lawyer's opinion from what I know of the DMCA.

The owner of cryptome.org sent a DMCA counter-claim, under penalty of perjury. This means he acknowledges the accusation and bears the responsibility. NSol cannot be held responsible, and is granted immunity from prosecution by the DMCA. MS cannot file another DMCA claim at this point; they can only take him to court.

Re:Who gave Network Solutions a badge?

[laughingcoyote]

Permission is not required in the instance of fair use. In this case, he was distributing something that was technically copyrighted, but is not in itself a commercial product, and was clearly distributed for the purpose of commentary, criticism, and public interest. Fair use is ultimately only determined by a court case, but those are all strong factors in favor of it.

Fun to hate on MS but...

[slimjim8094]

I'm no fan of Microsoft, but I think they've handled this whole situation correctly.

There's no indication that the document in question was *not* copyright by Microsoft. In this case, the correct legal action is a DMCA, same as if you had a movie up on your site. NetSol is just being a dick, as usual - it's not their responsibility to screw with the domain over the dispute between 2 third-parties unless legally required to (I don't think that's the case here).

In any case, when Microsoft saw how this was about to go all Streisand on them, they decided correctly that it wasn't worth the fight.

I believe them when they said they didn't intend to take Cryptome down. Looks like it was just NetSol being... proactive. So really the only thing they'd be at fault for was sending a DMCA, which is clearly within their rights. They probably have underlings scouring the web and sending DMCAs - so they were probably not delibrately targeted. When it had unintended consequences, they withdrew it.

I don't think MS is at fault here. I actually think they acted quite exemplary.

Re:Fun to hate on MS but...

[malloc]

I don't think MS is at fault here.

Perhaps not at fault (though when PR says "we didn't do anything" you never know if there was a nudge, nudge, "if you want our business I think you know what we want" message to NetSol). Regardless, NetSol sure is at fault!

 

I actually think they acted quite exemplary.

Whoah! You're saying that it is exemplary for a company to actively hide from users the steps it will go through to give personally identifying information about those users to law enforcement? This is only "exemplary" as an example of what not to do. One of John Young's points was that there isn't a legitimate reason to hide this information from users; many other companies do not hide this information, and neither should Microsoft.

"legal lock" is way more than taking down the site

[drDugan]

DMCA takedowns follow a very clear an explicit process on what providers have
to do and how... as I understand it, "locking out" the domain at the registrar
level is far beyond both the spirit and the letter of the law.

Hell is getting cold`

[e2d2]

Okay wtf is going on lately. MS actually admitting mistakes left and right, trying to play nice. Did I miss the memo?

Re:Hell is getting cold`

[ColdWetDog]

Did I miss the memo?

It's because of global warming. Really.

Re:Hell is getting cold`

Microsoft finally has the competition it needs in areas outside of their "core business PC" market to make them need to have a decent image.

Specifically they want to be competitive in search, social networking, on-line gaming and other areas that kinda-sorta require the trust of their end users. If your end users don't trust you, and they have options, they'll just go somewhere else. This story was making it look like Microsoft had something to hide with this law enforcement guide (which it actually doesn't look like they did - it seems like a straight-forward "here's what you need to provide if the cops come with a court order" document) and it was making it look like Microsoft was incompetent (Streisand effect). Neither of which engender "trust" in the public.

Microsoft is already fighting an uphill battle on the trust issue - years of being the biggest monopolistic bully on the block has a tendency to erode trust in your company and make people root for a David to knock you down a peg or three. People have been rooting against Microsoft for decades and while it seems like for a good long time MS just didn't care what other people thought about them, it's beginning to look like they're realizing that they NEED to care what people think of them. For real this time, and not just through a stupid marketing campaign.

Re:Hell is getting cold`

[dave562]

That would be sweet.

Now more likely you just have a really active imagination. Your conspiracy theory is lacking a couple of key motivators. You forgot the part where the NSA was secretly wiretapping the internet connections of a bunch of "internet activists" (be sure to throw in some corresponding, FBI supported real world physical surveillance). Their unConstitutional surveillance measures revealed the danger of the extent of their "real" (in your story) activities were about to be revealed. They made a phone call, and in a back room some guy flipped the magic influence coin. This time it came up heads, Microsoft instead of tails, Google (both are owned by the NSA you know). They sent Jack Bauer out to gather up the appropriate Microsoft personnel and "do whatever it takes" (because that's what Jack Bauer does) to make sure that they first leak, then retract the doctored version of the document regarding their evil menu of law enforcement options.

That's the DMCA for you...

[LostCluster]

The chain of events is nothing newsworthy. 1. Microsoft claims copyright on its internal guide. 2. Microsoft sends DMCA takedown letter... site refuses. 3. Microsoft sends DMCA takedown to server provider, server provider must take on the liability or take down the whole server, server provider decides to down site. What's newsworthy is that Microsoft is now saying "sorry" and letting the document stay up now. If you didn't know there was a law enforcement back door in everything Microsoft does, well, here's your proof.

Re:That's the DMCA for you...

[RightSaidFred99]

If you didn't know there was a law enforcement back door in everything Microsoft does, well, here's your proof.

Who didn't know that? Seriously who doesn't understand that the legal system has provisions to force _any_ company to release _any_ data they have about you?

Re:That's the DMCA for you...

[ashridah]

Calling this a 'back door' is a bit disengenuous. That's data that Microsoft has collected about you, through your use of their services. If a law enforcement agency has the appropriate request (supoena or warrant, etc), then it's either "provide a way for them to collect it, in such a way that protects every other user of the service from undue scrutiny" or "let them walk in and take the servers, and screw everyone"

You're making a big mistake if you think that law enforcement agents won't do the latter if you refuse to give them the former.

All Service Providers Should Have A Clear Policy

[EXTomar]

This stuff shouldn't be shocking to anyone: By law, they will reveal certain things about online services when requested. The problem should be that they don't want you to know what they are forced to give up which seems to be the wrong stance. These services should be function like a bank safety deposit box: Although private, it isn't legally sacrosanct and will be opened by third parties for inspection in certain circumstances.

If nothing else, all of these online services to have a general policy about this as well. If I suddenly croak, who gets access to stuff I stored out there online? Putting the password and other access information in a vault somewhere isn't reliable or sane. I may even state it in my will that I want my immediate family to take ownership of all of my online information but I have no idea how to compel Microsoft or Google or whatever to release these accounts to someone else. This seems like one of those areas all service providers should be better at defining instead of hiding the detail from us in the legalese of the EULA.

Wait wait wait.

[twidarkling]

I think you're on the wrong site. I mean that was a well-reasoned, even-keeled reply in a Microsoft article. Are you sure you're supposed to be on slashdot?

In any event, I agree. I don't approve of the DMCA as it currently exists, but it certainly wasn't being abused in this instance, and Microsoft withdrew it quickly after Cryptome was knocked off. *shrug* Story's pretty much over.

Re:Wait wait wait.

[FlyingBishop]

It seems pretty clear to me that some lawyer at Microsoft screwed up. I do not think that this was a justified use of the DMCA. Just because Microsoft quickly withdrew it does not make the original action proper. The DMCA is for preventing the copying of things that a company offers for sale.

This document, I would say, is more of a trade secret than a work you can seriously copyright.

Analysis of Statement

[dcollins]

"'In this case, we did not ask that this site be taken down, only that Microsoft copyrighted content be removed,' said a Microsoft spokeswoman."

This is total, exquisite bullshit. The fact is, a DMCA request in this case triggers a site takedown if the owner disagrees with taking down the material.

Did MS verbally utter the request, "Will you please take down the site?" No, they didn't.

Did they press a bright green legal button labelled, "Push here to initiate site takedown process"? Yes, they did.

Re:Analysis of Statement

[urulokion]

DMCA takedown provisions don't say take down the entire site. The DCMA ways to deny access to the contested content. In this case it was ONE file on a very large web site.

They way a take down is supposed to work is this.
1) Copyright holder sends DCMA take down notice to the hosting company.
2) Hosting company to get a legal safe habor must deny access to the material specified in the take down notice.
3) The party that posted the material can file a counter-notice to the service provider.
4) The server provider then must restore access to the contested material within a period of 10-14 business days.
5) During that 10-14 period allowed the copyright to go to a court and request a Temporary Restraining Order to keep the contented material offline. And then file a lawsuit against the party which posted the material online.

The idea is allow the material to removed quickly from the Internet by the copyright holders to theoretically reduced the damage. And the take down period for the copyright holder to get the restaining order to keep the material offline. And the counter-notice is to notify the hosting provide to say "I'm in the right, put that material back up." And the hosting provider is off the hook from any copyright liability.

NetSol Far Overstepped the Legal Requirements

[billstewart]

The DMCA requires that if an alleged copyright owner alleges that specific material on a site infringes their copyright, the web hosting provider needs to disable access to that specific material, unless notified by the user that he disputes the allegations of the alleged copyright owner, and there are some detailed timelines for the actions. It doesn't require that the web hosting provider disable the whole website, or that the domain name registrar prevent the domain owner from changing the IP addresses for the website, or that either the web hosting provider or domain name registrar erase all backups, destroy the hardware with thermite, shoot the user's dog, or nuke the city from orbit.

Unless I'm misreading the correspondence that was posted on Cryptome's backup site, Microsoft asked Young's web hosting provider, Network Solutions, to disable access to one specific file under the DMCA, and Network Solutions, as the hosting provider, decided on their own to disable the entire cryptome website, and their evil twin, Network Solutions the DNS Registrar, decided on their own to place a lock on the domain name. I don't know if Netsol-the-registrar's contract with ICANN lets them do that, but I'd be surprised -this isn't a trademark dispute about the name cryptome, it's a copyright dispute about material on the site.

The DMCA deadlines haven't expired yet, so Network Solution's Other Evil Twin, Cthulhu Inc, have not yet completed the aforementioned other activities and slunk back in to the ocean, but it's possible they'll do it anyway just for fun.

You missed what's incorrect & newsworthy about

[billstewart]

MS wants to suppress one file, JY refuses, MS sends DMCA letter to Netsol requesting taking down the one file. That's mildly newsworthy because it's cryptome and MS, but that's not the big event. Netsol took down the whole site, not just the one file, which is especially newsworthy because of the importance of cryptome and because it exceeds their requirements, and then Netsol the Registrar locked the domain name, which isn't at all required, and is newsworthy because they're locking domain names for non-domain-related reasons.

And MS is saying "sorry" not only because JY asserted his rights to dispute the DMCA takedown and thousands of people yelled at MS, but because MS is getting blamed for Netsol's overkill overreaction.