Cryptome in Hot Water Again 241
garg0yle writes to tell us that Cryptome appears to have stepped in it again with a recent leaked document concerning Microsoft's "Global Criminal Compliance Handbook." "Microsoft has demanded that Cryptome take down the guide — on the grounds that it constitutes a 'copyrighted [work] published by Microsoft.' Yesterday, at 5pm, Cryptome editor John Young received a notice from his site’s host, Network Solutions, bearing a stiff ultimatum: citing the Digital Millennium Copyright Act (DMCA), Network Solutions told him that unless he takes the 'copyrighted material' down, they will 'disable [his] website' on Thursday, February 25, 2010. So far, Young refuses to budge." In a gesture of goodwill, Wikileaks has offered to host Cryptome via their twitter feed.
Already gone? (Score:5, Informative)
Looks like DNS has already gone...
Re:Already gone? (Score:4, Informative)
According to the take down notice and response from Network Solutions, they do this for 10-14 days because cryptome.org refuses to take down the "offending" document. If there's no legal response to the DMCA Counterclaim from Microsoft (response being the filing of litigation) in the next 14 days, cryptome.org will be released back into the wild.
Re:Already gone? (Score:5, Informative)
The document is already available via wikileaks [wikileaks.org].
Re:Mirror of the offending document? (Score:3, Informative)
"http://file.wikileaks.org/files/" + "microsoft-spy.pdf"
Just, you know, in case?
Wikileaks mirror (Score:5, Informative)
Wikileaks [wikileaks.org] may not be mirroring Cryptome.org in its entirety yet, but they are hosting the "offending" material [wikileaks.org]. Download and redistribute!
Mirror and Donation Link Here (Score:5, Informative)
http://cryptomeorg.siteprotect.net/ [siteprotect.net]
$25 will get you 2 DVDs with 54,000+ articles, spanning June 1996 to February 2010, mailed anywhere in the world.
Re:Mirror of the offending document? (Score:2, Informative)
The mirror-site cryptome put up is http://cryptomeorg.siteprotect.net/ [siteprotect.net] ..."
However, they took the offending document down and wrote "for the MS Spy Guide send email to
new mirror (Score:5, Informative)
A mirror of the site is now up [siteprotect.net], with partial content available and the rest being transferred.
Re:Wikileaks mirror (Score:1, Informative)
Re:Already gone? (Score:3, Informative)
Young says there is a “NetSol ‘Legal Lock’ on the domain name to prevent it being transferred to another ISP until the “dispute” is settled; All Cryptome pages other than the home page now generate a 404 message.”
It astonishes me that anyone still uses Network Solutions. Their extensive list of blocks for transferring domain services (read: anytime you'd actually want to, you're prevented) is mind-boggling.
I had several domains with them back when they were the only game in town, and every transfer has been a nightmare that usually involves paying for another year of service before a transfer is approved.
Re:Wikileaks mirror (Score:3, Informative)
Why do you think I put the word in quotes? :-P
Move on...nothing to see here... (Score:2, Informative)
Re:Mirror of the offending document? (Score:1, Informative)
MD5: f688c4406d3a3fb76f72248630fea270
I don't understand why it's supposedly confidential - there's nothing sensitive in it whatsoever, it seems to match up perfectly with their privacy policies, and even confirms that (for example) they do not log the content of Messenger conversations.
I am amazed that after all this time, all those secret and quasi-secret documents published, cryptome was finally destroyed by this, however. What Wikileaks does today was to a large extent pioneered by John Young. But it appears copyright has finally trumped free speech in the US - the astute will note that in fact, Netsol's response is, though pigheaded, in perfect compliance with the DMCA 512(g)(2) counter-notification proposal (in the actual DMCA as enacted in the US, counter-notifications cannot take effect immediately, it must stay down for 10 days!).
I hope John Young's creation comes back, hopefully unstoppable, but it is a crushing blow for a long-standing privacy and free speech campaigner that he may have to move the servers out-of-jurisdiction to actually exercise that free speech.
Re:Wikileaks mirror (Score:3, Informative)
Re:But it *is* copyrighted, right? (Score:5, Informative)
I just want to make sure I fully understand the situation. This is something written by MS and being hosted in its entirety by someone else without permission, right? So their claim is legally correct and everything, isn't it?
Written by MS: Yes
Hosted by someone else w/o permission: Yes
Legally correct claim: ???
The newsworthiness of the document makes for a very strong defense against any copyright claim and that's the rebuttal Cryptome made in the DMCA reply.
Re:Already gone? (Score:4, Informative)
and every transfer has been a nightmare that usually involves paying for another year of service before a transfer is approved.
GoDaddy does that, but they treat it like an early renewal; that is, they take the existing expiration date, and add a year to it. So technically you're paying when you do the transfer, but you're also adding a year to the expiration date, so really you're just paying ahead of time.
Could that have been the case?
Or... did you mean Network Solutions charged you to let you transfer the domain away from them? Because that would be utterly absurd.
Re:Move on...nothing to see here... (Score:5, Informative)
Local logs on their machines? MSN may not log at the main server, but many clients certainly log locally.
Re:Down already (Score:3, Informative)
Not meant for hiding secrets, but definitely meant for preventing illegally made copies of a work. This is exactly what copyright is for, whether you like Microsoft or not.
Re:Down already (Score:3, Informative)
Pick the right registrar (Score:2, Informative)
Re:Network Solutions as Judge, Jury, and Execution (Score:3, Informative)
Maybe you haven't looked at their site lately (I wouldn't blame you); NetSol has been providing hosting for years: http://www.networksolutions.com/web-hosting/index.jsp [networksolutions.com]
Actually somewhat reassuring (Score:5, Informative)
I just read the document and it's really kinda reassuring. They lay out exactly what they require in order to disclose exactly what information, and they don't say anything without a subpoena (gets you name/address/email older than 180 days). Anything more interesting than that requires a court order (for address book/friend list/email to-from) or a search warrant (new email).
Plus, they detail exactly what they do and don't keep - for example, they don't have messenger logs.
Frankly, I thought they had more info than that. They really keep very little info aside from what they need to actually deliver the service.
YMMV due to the Patriot act, etc - but I don't see why MSFT would lie in a confidential document
Re:Already gone? (Score:5, Informative)
Agreed. It astonishes me even more, however, that an organization like this would do so, and doubly so that anyone in their right minds doing anything more than a personal vanity site would use the same provider for both hosting and domain name registration. That's just asking for a hard-to-fix DMCA shutdown of the site, loss of the site due to the ISP going bankrupt, loss of the domain due to any number of billing disagreements with the ISP that are unrelated to the domain name registration, etc.
AFAIK, the DMCA does *not* provide for locking the domain registration of a claimed-infringing site, only providing for the takedown of the content. However, if your ISP decides it is easier to kill your DNS and lock the domain to prevent transferring it than to muck with your server account, you're stuck. Why? Because you are using the same provider for hosting and (massively overpriced) domain name registration. Don't DO that.
If I were one of these folks, I'd register my domain in a neutral country. For example, you can register .com domains with Gandi.net in France or with NameForName in Russia, or... well, here's a list [icann.org] of ICANN-accredited registrars, most of which support the .com registry. Find one in a country that has as few ACTA-like agreements with the U.S. as possible. Even with the exchange rates as bad as they are, those two I mentioned still charge less than half what NetSol charges for a domain name, with the added security of making it much harder to attack the domain itself with a mere DMCA takedown notice.
Re:Didn't think this is how the DMCA works (Score:5, Informative)
The provider must take down the content within a certain time of receiving a notice. After they receive a counter-notice, the content stays down for 10-14 days, during which the original notifier must file a lawsuit. If they don't, the content goes back up.
Before taking anything down Network Solutions suggested that Cryptome file a counter notice, and pointed out to them how to do it. They pointed out that if Cryptome took down the one file for the 10-14 days, they would not have to take down the rest of the site. Cryptome sent a counter notice which specifically indicated they would not be taking down the file. Upon receipt, Network Solutions took down the site, as they clearly explained they would be required to by law.
I'm not much of a fan of Network Solutions generally, but in this situation, they are not the bad guy. They are impartially following the law. Their letter even goes so far as to helpfully lay out Cryptomes choices. Cryptome made their choice to stand on principle and force the system to shut the whole site down. I assume Cryptome figured the resulting publicity would do more for their fight than taking down the file and keeping their site up, and I also assume they are right.
Re:Down already (Score:3, Informative)
I'm not aware of any fair use rulings that have ever allowed for the broad publication of a complete copyrighted work.
His justification appears to be that although Microsoft is required to comply with the law, they should publish exactly how they comply so that people are more capably of avoiding the governmental eavesdropping.
Basically he's arguing that while complying on the surface, Microsoft should be helping subvert the law at the same time, which would likely land Microsoft in some pretty serious legal trouble.
The public has a right to know what the law allows the government to do. It doesn't have a right to know the specific implementation.
Such back doors do often result in some security risks, however, believe it or not you don't have a right to do penetration testing on someone else's system, even if you use that system.
Re:But it *is* copyrighted, right? (Score:2, Informative)
Yes, Microsoft's claim is legally valid. No, newsworthiness is not one of the fair use criteria, so Cryptome has no leg to stand on.
Re:Already gone? (Score:2, Informative)
Or... did you mean Network Solutions charged you to let you transfer the domain away from them?
Yes. I transferred several over a couple years, but one that sticks out in my memory was a case where Network Solutions policy would not allow me to transfer a domain because it was scheduled to expire soon. Not expired, just expiring within 30 days or so. Believe it or not, the restriction was right there in their service terms that I didn't bother reading.
In another case they claimed I didn't respond properly to a transfer request and I had to start the process all over again even though I never received anything.
This was all within a year or so after the deregulation chaos when Network Solutions was losing many of their customers. It's quite possible they've improved their customer relations since then, but the bad flavor still lingers in my mind.
Re:But it *is* copyrighted, right? (Score:4, Informative)
The document is mainly facts. Facts themselves can't be copyrighted (if they could, you wouldn't be able to learn the scores of sporting events without paying). As such, it would be possible to create a new work containing all of the facts that are available in this document and publish that. Attempts to take down your work would be very easy to defend against. In truth, showing that a new document created using only facts that are now public is very similar to the original work, one could make an argument that a copyright claim is of little merit.
Such a document could look like this:
Microsoft has online services that retain data on user's connections and the contents of their communications, and that data is available to law enforcement.
Increasing quantities of information will be disclosed depending on whether law enforcement provides Microsoft with a subpoena, court order, or search warrant. This information appears to be available through a handy web interface to the agency requesting the information. Microsoft doesn't clearly state the procedure or availability for non-law enforcement agencies (such as those bringing civil suit) to receive their retained information through court actions.
For Email services (hotmail, msn, live), information retained by Microsoft (and the legal instrument to receive it):
Duration and scope of retention of email information by Microsoft:
Similar information is retained for instant messaging, windows live spaces, msn groups, windows live domain administrator, online file storage services, and even the xbox live service, although this author is to lazy to detail them.
Notice: The above work (30 minutes of artistic time needed), is protected under copyright of this poster, even though no notice of Copyright is required after 1989, and even though this work is entirely a list of facts regarding how Microsoft retains data and discloses it to authorities.
Re:Already gone? (Score:1, Informative)
Rapidshare link:
http://rapidshare.com/files/355462676/27390163-Microsoft-Spy-Guide.pdf.html
MD5: F688C4406D3A3FB76F72248630FEA270
Re:Already gone? (Score:1, Informative)
Some google searching: inurl:microsoft-spy [google.com]
Re:Already gone? (Score:3, Informative)
Believe it or not, the restriction was right there in their service terms that I didn't bother reading.
That doesn't matter as it violates ICANN policy. A registrar cannot limit your ability to transfer a domain at any time.
Re:Didn't think this is how the DMCA works (Score:3, Informative)
Since I asked the question in the GP, I looked up what I believe is the applicable part of the US Code. 17 U.S.C. Sec. 512 [cornell.edu] states that a service provider will not be liable for taking down material in response to a copyright infringement notice as long as (among other things) the provider
So now we know.
Re:Ballsy (Score:3, Informative)
So, does this manual that Cryptome put up reveal any dark secrets, or is the complaint justified here? I wouldn't bet either way without reading it.
No, it outlines the procedures for getting data about hotmail and live users from Microsoft, it shows examples of what data is provided, what each piece of data means etc. It also tells what information is stored and how long and which type of warrant/court order is required for certain types of information. An interesting read, but nothing that shocked me so far (I didn't read all of it yet).
On the other hand, I can't really see why MS goes out of it's way to prevent this document from being public. It's the kind of documentation they could just as well publish on their own website, everything in there is, as far as I can see, simply the result of what's in the law. If you have a problem with that, complain to the ones that made the law...
The only thing in there which MS probably doesn't want to be published are a few phone numbers and email addresses and frankly those should have been redacted out.