Forgot your password?
typodupeerror
Privacy Yahoo! Your Rights Online

"Lawful Spying" Price Lists Leaked 245

Posted by Soulskill
from the reading-your-terrible-manga-poetry-on-the-cheap dept.
ogaraf writes "Wired has a story about how the site Cryptome.org leaked the price lists for 'lawful spying' activities of Yahoo and other companies, and subsequently received a DMCA takedown notice from Yahoo. The documents, however, are still posted online, and in them you can learn, for instance, that IP logs last for one year, but the original IPs used to create accounts have been kept since 1999. The contents of your Yahoo account are bought for $30 to $40 by law enforcement agencies."
This discussion has been archived. No new comments can be posted.

"Lawful Spying" Price Lists Leaked

Comments Filter:
  • by DoofusOfDeath (636671) on Sunday December 06, 2009 @01:51PM (#30344784)

    How can a document be both confidential and copyrighted?

    According to the U.S. Constitution (I got this from wikipedia [wikipedia.org]), the purpose of copyright is "To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries."

    The problem seems to be that the actual legislation covers creative works that were never intended to be shared with the public. Such documents, like the ones in question, are within the scope of copyright law but not the spirit.

    But as far as I know, courts have been unwilling to strike down current copyright laws just because they're less than perfectly efficient in achieving the Constitution's justification for them.

  • by rdunnell (313839) * on Sunday December 06, 2009 @01:51PM (#30344788)

    If you read it, you'll see that it's basically an explanation of what information they do and do not have, how their various properties work and what information they store, and how much it will cost an agency to have certain information requests addressed. It doesn't represent some sort of sinister pipeline of information directly from their users' keyboards to the "evil government." If anything it's useful to everyone because it shows exactly what they do and don't save, and it might act as a deterrent for the casual or clueless investigator who watches too much CSI and thinks sending a request off will instantly pinpoint the bad guy by backtracking his DNS through the GPS IP address of his netbook's MAC module or whatever.

  • Wikileaks (Score:5, Informative)

    by yamamushi (903955) <yamamushi@nOSpAM.gmail.com> on Sunday December 06, 2009 @01:52PM (#30344792) Homepage
    It's a good thing it's already been archived on WikiLeaks http://wikileaks.org/wiki/Yahoo_compliance_guide_for_law_enforcement%2C_23_Dec_2008 [wikileaks.org]
  • by Anonymous Coward on Sunday December 06, 2009 @01:55PM (#30344828)

    ... or other confidential markings in this document, I don't feel there is any reason not to public disclose this document all or in part. In fact, I will do that just now...

    For email:
    "Yahoo! retains a user’s incoming mail as long as the user chooses to store such messages in their mail folders and
    the user’s email account remains active. Yahoo! retains a user’s sent mail only if the user sets their email account
    options to save sent mail and has not subsequently deleted specific messages."

    For messenger:
    "For Yahoo! Chat and all forms of Messenger, Yahoo! has log information regarding the use of the services. Yahoo!
    maintains a “Friends List” for users of Yahoo! Messenger and can determine from its logs the time and date that a
    user logged into Messenger or Chat (in the prior 45-60 days) and the IP address used. Yahoo! also can retrieve
    from its Chat and Messenger logs the names of the chat rooms that the user accessed and the Yahoo! IDs of the
    other people with whom a user communicated through Messenger during the prior 45-60 days. In order to search
    these logs, a Yahoo! ID and a specific time frame, preferably no more than three days, must be provided."

    For flickr:
    "If provided with a Yahoo! ID, Flickr URL, or Flickr NSID, Yahoo! has the ability to produce subscriber information for
    the account-holder. As long as the Flickr account is active, Yahoo! has the ability to produce content in the account
    – with associated upload IP addresses and date and time – as well as the email and Groups information for the
    account."

    For groups:
    "Yahoo! maintains information about Group moderators, as well as an activity log for each Group. The Group activity
    log is a transactional log that indicates when members have subscribed or unsubscribed from the Group, posted or
    deleted files or polls, or other similar events. Not all Group activities are logged, however. For example, the reading
    of messages or downloading of files or photos is not logged.
    Although the Group Message archive maintains messages sent to Group members, the message archive does not
    contain any attachments to the messages. Yahoo! does not maintain those attachments in any form.
    For current Groups, Yahoo! retains information relating to the moderator, members, and the active contents of the
    Files, Photos, and Messages sections. If a Group has been deactivated or deleted, information about the Group
    may be preserved for approximately 30 days, after which the information may be deleted."

    For geocities and other premium web services:
    "For web-hosting
    and domains, Yahoo! will have basic Yahoo! registration information about the user who posted the page. Yahoo!
    also will have the active files that the user has uploaded to the website, including the date on which the files were
    uploaded, and the domain-based email that is available to the user. Deleted email is not available."

    And here is how much it costs:
    " Basic subscriber records: approx. $20 for the first ID, $10 per ID thereafter
        Basic Group Information (including information about moderators): approx. $20 for a group with a
        single moderator
        Contents of subscriber accounts, including email: approx. $30-$40 per user
        Contents of Groups: approx. $40 - $80 per group"

  • by Anonymous Coward on Sunday December 06, 2009 @02:15PM (#30345020)

    You are allowed to charge to comply with a search warrant?

    If you fall under 18 U.S.C. 2706, yes.

  • by Grygus (1143095) on Sunday December 06, 2009 @02:23PM (#30345068)
    Yes. [cornell.edu]
  • by Anonymous Coward on Sunday December 06, 2009 @02:33PM (#30345144)

    Aside from the numerous instances documented in older Slashdot stories, the EFF has a nice list http://www.eff.org/wp/unsafe-harbors-abusive-dmca-subpoenas-and-takedown-demands [eff.org] of examples where a corporation's lawyers sent DMCA takedown letters alleging infringement by content they later admitted they do not own.

    At this point only a District Attorney would prima facie "be fairly confident [the subject of a DMCA takedown letter from Yahoo] is a Yahoo document."

  • by Antique Geekmeister (740220) on Sunday December 06, 2009 @02:45PM (#30345232)

    Now go re-read them, especially this clause:

    > Requests for Airfone call record information via Subpoenas, Search Warrants,
    Court Orders, Summons, and National Security Letters

    Do you see that "National Security Letters" part? That's for the Patriot Act, which requires no court order whatsoeve and for which revealing to anyone that you've received such a notice is illegal. There is, so far, no required judicial oversight for such orders: it's an amazing loophole for unscrupulous federal agencies, including those which have no business in domestic investigations such as the NSA, to use. And since companies such as AT&T have repeatedly demonstrated their willingness to cooperate with law enforcement in secret, warrant-free wiretaps with their whistleblower exposed secret fiber-optic taps on core network trunks, rest assured that you have _no_ way of assuring that these monitoring tools haven't been misued.

    It's nice to see the pricelist, though, so we have an idea of just how cheap and easy and wholesale such orders are.

  • by eclectro (227083) on Sunday December 06, 2009 @03:09PM (#30345456)

    like the ones in question, are within the scope of copyright law but not the spirit.

    No. This is a list if facts, and as such not copyrightable [wikipedia.org]. Things like phone book numbers, lists of addresses, dates, and price lists (as this is) are not copyrightable. But it also should be remembered that we have the most pro-corporation government in history, and this could change if there was enough congressional interest - as both the Copyright Term Extension Act and the DMCA shows even though there is little or no public benefit in doing so.

  • by Smallpond (221300) on Sunday December 06, 2009 @03:11PM (#30345470) Homepage Journal

    Good point. Maybe you should have linked to regulatory capture [wikipedia.org] so the mods would have a clue what you were talking about. We know the telecoms and government are in each others pockets, but Yahoo?

    If we allow corporations as legal persons they should be subject to dissolution for certain abuses. That should satisfy both pro-civil rights liberals and pro-death penalty conservatives.

  • by colourmyeyes (1028804) on Sunday December 06, 2009 @04:02PM (#30345814)
    "Nothing to hide" is not an argument at all. Based on your response, you'd probably find this interesting reading:

    'I've Got Nothing to Hide' and Other Misunderstandings of Privacy -- Daniel J. Solove [ssrn.com]

    Cheers
  • by Anonymous Coward on Sunday December 06, 2009 @05:10PM (#30346366)

    A confidential internal memo was never published and shouldn't get copyright protection - copyright is intended to protect creative works (books, music, etc) where the value of the work is the work itself. Patent law is intended to protect inventions. The catch with patent law is that the inventor is required to make public the details of their invention in order to get a temporary monopoly on production of the device. A mysterious black box that produced energy by a means not known to anyone but it's manufacturers does not 'promote the Progress of Science' - science is progressed by making discoveries public. An internal, confidential business memo about an invention does not meet the spirit of either classification.

  • Ooops. (Score:1, Informative)

    by Anonymous Coward on Sunday December 06, 2009 @06:28PM (#30347042)

    You can delete your Yahoo! account here:

    https://edit.yahoo.com/config/delete_user

    I did.

The biggest mistake you can make is to believe that you are working for someone else.

Working...