Microsoft Says It Never Meant To Knock Cryptome Offline

CWmike writes "Microsoft withdrew on Thursday its demand that Cryptome.org yank the 'Microsoft Global Criminal Spy Guide' document from the site, and said it had never intended for the whistleblower's domain to be knocked off the Web. 'In this case, we did not ask that this site be taken down, only that Microsoft copyrighted content be removed,' said a Microsoft spokeswoman. 'We are requesting to have the site restored and are no longer seeking the document's removal.' The document, a 17-page guide to law enforcement on how to obtain information about users of Microsoft's online services, including its Windows Live Hotmail, the Xbox Live gaming network and its Windows Live SkyDrive storage service, was published by John Young, who runs Cryptome.org, on Feb. 20. Earlier this week, Microsoft demanded that Young remove the document from his site, citing the Digital Millennium Copyright Act. When Young refused, his Internet provider shut down the site, and Network Solutions, the registrar of Young's domain, put a 'legal lock' on the domain name. The last prevented him from transferring the URL to another ISP. Computerworld blogger Preston Gralla dug into the document today in his 'Leaked Microsoft intelligence document: Here's what Microsoft will reveal to police about you' post."

Openness

[sopssa]

While I completely agree that using DMCA to pull of the site is an asshole move, the documents also gave reassurance about privacy policies used in those services, mainly that MS isn't logging chat between people in Messenger and that when you move the email from their servers to your local computer email box, it isn't kept on MS servers. While in contrast, in my understating, for example Google keeps even deleted email somewhere in their networked file system for many many months.

I actually like to see more of these from different companies. Most interestingly, Facebook has a lot personal data. And what about Google? Yahoo?

If anything, such openness is good for MS in this case (even while they don't seem to agree to it, until now that it's leaked).

Re:Openness

[moco]

The site is back up. Facebook's equivalent document is already there http://cryptome.org/isp-spy/facebook-spy.pdf

Re:Openness

[megamerican]

I should have added that Yahoo had tried taking down their lawful spying guide but wasn't as "successful" as Microsoft. I say "successful" because Microsoft claims they only wanted to take down the document and not the website. However, it resulted in the takedown of the website and thus generated much more interest in the document and had the opposite effect of what they wanted.

Thankfully for us most corporations and governments don't realize this. If MS had done nothing the majority of people would have never read this because most people don't visit cryptome or other whistleblowing websites on a regular basis.

Re:Openness

[TubeSteak]

While in contrast, in my understating, for example Google keeps even deleted email somewhere in their networked file system for many many months.

All MS said is that law enforcement can't have e-mail that isn't active in your account.
That isn't the same thing as "we delete everything".
I'm not sure any large e-mail provider can promise that your deleted e-mails are instantly deleted from all backups/mirrors.

Re:Openness

[wealthychef]

Thankfully for us most corporations and governments don't realize this. If MS had done nothing the majority of people would have never read this because most people don't visit cryptome or other whistleblowing websites on a regular basis.

I'm not sure it's that they don't realize it. I think it's more complicated than that. First of all, corporations and governments don't "realize" anything, as they are not alive. Anthropomorphizing them leads to errors in analyzing and responding to their actions. "Punishing" them or getting angry at them is a mistake, as they have no feelings.
What is probably happening is that individuals within the corporation responsible for hunting down violations of copyright are not particularly tuned in to the idea of freedom of information for some reason. The only counter-valence to this would be if there were other individuals reviewing their actions who ARE sensitive to that issue or at least the politics of that issue.
This reminds me of the interplay between risk managers and floor traders in large banks, or engineers and managers in large companies, or lots of other examples.

Oh COOL: Tracking stolen xboxen...

[nweaver]

One thing thats implied is that if the police say "this X-Box, SN#ABC, was stolen on this date", Microsoft will return the subsequent connection history for that xbox!

Speaking as someone who had my house broken into and my Wii stolen (I had no xbox at the time), this would have been very cool to have, since Nintendo would do F-all when asked.

Re:Oh COOL: Tracking stolen xboxen...

[dangitman]

my Wii stolen (I had no xbox at the time)

So... you eventually got a sex change and replaced your wii with a box?

Who gave Network Solutions a badge?

[TwineLogic]

That Network Solutions, Inc. placed a "legal lock" on his domain name strikes me as NSI appointing themselves sheriff.

We don't need totalitarian internet authorities who "enforce the law" for Microsoft's civil complaints.

I suggest we all boycott Network Solutions, Inc. over their treatment of cryptome.org. I will do so.

Re:Who gave Network Solutions a badge?

[dch24]

No, if cryptome.org is hosted at Network Solutions (it was, IIRC), Network Solutions should disable or block the hosting.

Commandeering the domain name (a.k.a. "legal lock") is neither protected by the DMCA nor permitted by ICANN.

John Young may be able to sue Network Solutions on this basis.

Re:Who gave Network Solutions a badge?

[laughingcoyote]

Permission is not required in the instance of fair use. In this case, he was distributing something that was technically copyrighted, but is not in itself a commercial product, and was clearly distributed for the purpose of commentary, criticism, and public interest. Fair use is ultimately only determined by a court case, but those are all strong factors in favor of it.

Fun to hate on MS but...

[slimjim8094]

I'm no fan of Microsoft, but I think they've handled this whole situation correctly.

There's no indication that the document in question was *not* copyright by Microsoft. In this case, the correct legal action is a DMCA, same as if you had a movie up on your site. NetSol is just being a dick, as usual - it's not their responsibility to screw with the domain over the dispute between 2 third-parties unless legally required to (I don't think that's the case here).

In any case, when Microsoft saw how this was about to go all Streisand on them, they decided correctly that it wasn't worth the fight.

I believe them when they said they didn't intend to take Cryptome down. Looks like it was just NetSol being... proactive. So really the only thing they'd be at fault for was sending a DMCA, which is clearly within their rights. They probably have underlings scouring the web and sending DMCAs - so they were probably not delibrately targeted. When it had unintended consequences, they withdrew it.

I don't think MS is at fault here. I actually think they acted quite exemplary.

Re:Fun to hate on MS but...

[malloc]

I don't think MS is at fault here.

Perhaps not at fault (though when PR says "we didn't do anything" you never know if there was a nudge, nudge, "if you want our business I think you know what we want" message to NetSol). Regardless, NetSol sure is at fault!

 

I actually think they acted quite exemplary.

Whoah! You're saying that it is exemplary for a company to actively hide from users the steps it will go through to give personally identifying information about those users to law enforcement? This is only "exemplary" as an example of what not to do. One of John Young's points was that there isn't a legitimate reason to hide this information from users; many other companies do not hide this information, and neither should Microsoft.

Hell is getting cold`

[e2d2]

Okay wtf is going on lately. MS actually admitting mistakes left and right, trying to play nice. Did I miss the memo?

That's the DMCA for you...

[LostCluster]

The chain of events is nothing newsworthy. 1. Microsoft claims copyright on its internal guide. 2. Microsoft sends DMCA takedown letter... site refuses. 3. Microsoft sends DMCA takedown to server provider, server provider must take on the liability or take down the whole server, server provider decides to down site. What's newsworthy is that Microsoft is now saying "sorry" and letting the document stay up now. If you didn't know there was a law enforcement back door in everything Microsoft does, well, here's your proof.

Re:That's the DMCA for you...

[RightSaidFred99]

If you didn't know there was a law enforcement back door in everything Microsoft does, well, here's your proof.

Who didn't know that? Seriously who doesn't understand that the legal system has provisions to force _any_ company to release _any_ data they have about you?

Re:That's the DMCA for you...

[ashridah]

Calling this a 'back door' is a bit disengenuous. That's data that Microsoft has collected about you, through your use of their services. If a law enforcement agency has the appropriate request (supoena or warrant, etc), then it's either "provide a way for them to collect it, in such a way that protects every other user of the service from undue scrutiny" or "let them walk in and take the servers, and screw everyone"

You're making a big mistake if you think that law enforcement agents won't do the latter if you refuse to give them the former.

All Service Providers Should Have A Clear Policy

[EXTomar]

This stuff shouldn't be shocking to anyone: By law, they will reveal certain things about online services when requested. The problem should be that they don't want you to know what they are forced to give up which seems to be the wrong stance. These services should be function like a bank safety deposit box: Although private, it isn't legally sacrosanct and will be opened by third parties for inspection in certain circumstances.

If nothing else, all of these online services to have a general policy about this as well. If I suddenly croak, who gets access to stuff I stored out there online? Putting the password and other access information in a vault somewhere isn't reliable or sane. I may even state it in my will that I want my immediate family to take ownership of all of my online information but I have no idea how to compel Microsoft or Google or whatever to release these accounts to someone else. This seems like one of those areas all service providers should be better at defining instead of hiding the detail from us in the legalese of the EULA.

Wait wait wait.

[twidarkling]

I think you're on the wrong site. I mean that was a well-reasoned, even-keeled reply in a Microsoft article. Are you sure you're supposed to be on slashdot?

In any event, I agree. I don't approve of the DMCA as it currently exists, but it certainly wasn't being abused in this instance, and Microsoft withdrew it quickly after Cryptome was knocked off. *shrug* Story's pretty much over.

Analysis of Statement

[dcollins]

"'In this case, we did not ask that this site be taken down, only that Microsoft copyrighted content be removed,' said a Microsoft spokeswoman."

This is total, exquisite bullshit. The fact is, a DMCA request in this case triggers a site takedown if the owner disagrees with taking down the material.

Did MS verbally utter the request, "Will you please take down the site?" No, they didn't.

Did they press a bright green legal button labelled, "Push here to initiate site takedown process"? Yes, they did.

NetSol Far Overstepped the Legal Requirements

[billstewart]

The DMCA requires that if an alleged copyright owner alleges that specific material on a site infringes their copyright, the web hosting provider needs to disable access to that specific material, unless notified by the user that he disputes the allegations of the alleged copyright owner, and there are some detailed timelines for the actions. It doesn't require that the web hosting provider disable the whole website, or that the domain name registrar prevent the domain owner from changing the IP addresses for the website, or that either the web hosting provider or domain name registrar erase all backups, destroy the hardware with thermite, shoot the user's dog, or nuke the city from orbit.

Unless I'm misreading the correspondence that was posted on Cryptome's backup site, Microsoft asked Young's web hosting provider, Network Solutions, to disable access to one specific file under the DMCA, and Network Solutions, as the hosting provider, decided on their own to disable the entire cryptome website, and their evil twin, Network Solutions the DNS Registrar, decided on their own to place a lock on the domain name. I don't know if Netsol-the-registrar's contract with ICANN lets them do that, but I'd be surprised -this isn't a trademark dispute about the name cryptome, it's a copyright dispute about material on the site.

The DMCA deadlines haven't expired yet, so Network Solution's Other Evil Twin, Cthulhu Inc, have not yet completed the aforementioned other activities and slunk back in to the ocean, but it's possible they'll do it anyway just for fun.

You missed what's incorrect & newsworthy about

[billstewart]

MS wants to suppress one file, JY refuses, MS sends DMCA letter to Netsol requesting taking down the one file. That's mildly newsworthy because it's cryptome and MS, but that's not the big event. Netsol took down the whole site, not just the one file, which is especially newsworthy because of the importance of cryptome and because it exceeds their requirements, and then Netsol the Registrar locked the domain name, which isn't at all required, and is newsworthy because they're locking domain names for non-domain-related reasons.

And MS is saying "sorry" not only because JY asserted his rights to dispute the DMCA takedown and thousands of people yelled at MS, but because MS is getting blamed for Netsol's overkill overreaction.