Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Crime Microsoft The Internet Your Rights Online

Cryptome in Hot Water Again 241

Posted by ScuttleMonkey
from the revel-in-the-bulls-eye dept.
garg0yle writes to tell us that Cryptome appears to have stepped in it again with a recent leaked document concerning Microsoft's "Global Criminal Compliance Handbook." "Microsoft has demanded that Cryptome take down the guide — on the grounds that it constitutes a 'copyrighted [work] published by Microsoft.' Yesterday, at 5pm, Cryptome editor John Young received a notice from his site’s host, Network Solutions, bearing a stiff ultimatum: citing the Digital Millennium Copyright Act (DMCA), Network Solutions told him that unless he takes the 'copyrighted material' down, they will 'disable [his] website' on Thursday, February 25, 2010. So far, Young refuses to budge." In a gesture of goodwill, Wikileaks has offered to host Cryptome via their twitter feed.
This discussion has been archived. No new comments can be posted.

Cryptome in Hot Water Again

Comments Filter:
  • Already gone? (Score:5, Informative)

    by tomalpha (746163) * on Wednesday February 24, 2010 @05:24PM (#31265658)

    Looks like DNS has already gone...

    Searching for cryptome.org. A record at G.ROOT-SERVERS.NET. [192.112.36.4] ...took 31 ms
    Searching for cryptome.org. A record at D0.ORG.AFILIAS-NST.org. [199.19.57.1] ...took 9 ms

    Nameserver D0.ORG.AFILIAS-NST.org. reports: No such host cryptome.org

  • Re:Already gone? (Score:4, Informative)

    by Eristone (146133) * <slashdot@casaichiban.com> on Wednesday February 24, 2010 @05:27PM (#31265706) Homepage

    According to the take down notice and response from Network Solutions, they do this for 10-14 days because cryptome.org refuses to take down the "offending" document. If there's no legal response to the DMCA Counterclaim from Microsoft (response being the filing of litigation) in the next 14 days, cryptome.org will be released back into the wild.

  • Re:Already gone? (Score:5, Informative)

    by Anonymous Coward on Wednesday February 24, 2010 @05:30PM (#31265772)

    The document is already available via wikileaks [wikileaks.org].

  • by ak_hepcat (468765) <<leif> <at> <denali.net>> on Wednesday February 24, 2010 @05:31PM (#31265782) Homepage Journal

    "http://file.wikileaks.org/files/" + "microsoft-spy.pdf"

    Just, you know, in case?

  • Wikileaks mirror (Score:5, Informative)

    by TheSHAD0W (258774) on Wednesday February 24, 2010 @05:32PM (#31265794) Homepage

    Wikileaks [wikileaks.org] may not be mirroring Cryptome.org in its entirety yet, but they are hosting the "offending" material [wikileaks.org]. Download and redistribute!

  • by chill (34294) on Wednesday February 24, 2010 @05:32PM (#31265800) Journal

    http://cryptomeorg.siteprotect.net/ [siteprotect.net]

    $25 will get you 2 DVDs with 54,000+ articles, spanning June 1996 to February 2010, mailed anywhere in the world.

  • by klingens (147173) on Wednesday February 24, 2010 @05:32PM (#31265808)

    The mirror-site cryptome put up is http://cryptomeorg.siteprotect.net/ [siteprotect.net]
    However, they took the offending document down and wrote "for the MS Spy Guide send email to ..."

  • new mirror (Score:5, Informative)

    by TheSHAD0W (258774) on Wednesday February 24, 2010 @05:34PM (#31265832) Homepage

    A mirror of the site is now up [siteprotect.net], with partial content available and the rest being transferred.

  • Re:Wikileaks mirror (Score:1, Informative)

    by Anonymous Coward on Wednesday February 24, 2010 @05:43PM (#31265932)
    i read this material... what is so offensive about it?
  • Re:Already gone? (Score:3, Informative)

    by yenne (1366903) on Wednesday February 24, 2010 @05:46PM (#31265964)

    Young says there is a “NetSol ‘Legal Lock’ on the domain name to prevent it being transferred to another ISP until the “dispute” is settled; All Cryptome pages other than the home page now generate a 404 message.”

    It astonishes me that anyone still uses Network Solutions. Their extensive list of blocks for transferring domain services (read: anytime you'd actually want to, you're prevented) is mind-boggling.

    I had several domains with them back when they were the only game in town, and every transfer has been a nightmare that usually involves paying for another year of service before a transfer is approved.

  • Re:Wikileaks mirror (Score:3, Informative)

    by TheSHAD0W (258774) on Wednesday February 24, 2010 @05:48PM (#31265986) Homepage

    Why do you think I put the word in quotes? :-P

  • by LDAPMAN (930041) on Wednesday February 24, 2010 @05:49PM (#31266006)
    Having just skimmed the doc, I don't see why anyone would care. The information available to law enforcement is actually less than I had expected.
  • by Anonymous Coward on Wednesday February 24, 2010 @05:55PM (#31266068)

    MD5: f688c4406d3a3fb76f72248630fea270

    I don't understand why it's supposedly confidential - there's nothing sensitive in it whatsoever, it seems to match up perfectly with their privacy policies, and even confirms that (for example) they do not log the content of Messenger conversations.

    I am amazed that after all this time, all those secret and quasi-secret documents published, cryptome was finally destroyed by this, however. What Wikileaks does today was to a large extent pioneered by John Young. But it appears copyright has finally trumped free speech in the US - the astute will note that in fact, Netsol's response is, though pigheaded, in perfect compliance with the DMCA 512(g)(2) counter-notification proposal (in the actual DMCA as enacted in the US, counter-notifications cannot take effect immediately, it must stay down for 10 days!).

    I hope John Young's creation comes back, hopefully unstoppable, but it is a crushing blow for a long-standing privacy and free speech campaigner that he may have to move the servers out-of-jurisdiction to actually exercise that free speech.

  • Re:Wikileaks mirror (Score:3, Informative)

    by Darkness404 (1287218) on Wednesday February 24, 2010 @06:07PM (#31266192)
    Because it shows that "law" enforcement officers are basically able to use whatever records they want from Microsoft, not only via a textdump from a server somewhere, but with a nice GUI and little concern of user's privacy. Myself, I'd want to use an e-mail provider that first off didn't keep logs, but if they did, they wouldn't provide a nice GUI for "law" enforcement and that they would make it quite hard for them to reduce privacy. This document shows Microsoft is exactly the opposite.
  • by TubeSteak (669689) on Wednesday February 24, 2010 @06:11PM (#31266242) Journal

    I just want to make sure I fully understand the situation. This is something written by MS and being hosted in its entirety by someone else without permission, right? So their claim is legally correct and everything, isn't it?

    Written by MS: Yes
    Hosted by someone else w/o permission: Yes
    Legally correct claim: ???

    The newsworthiness of the document makes for a very strong defense against any copyright claim and that's the rebuttal Cryptome made in the DMCA reply.

  • Re:Already gone? (Score:4, Informative)

    by HeronBlademaster (1079477) <heron@xnapid.com> on Wednesday February 24, 2010 @06:11PM (#31266248) Homepage

    and every transfer has been a nightmare that usually involves paying for another year of service before a transfer is approved.

    GoDaddy does that, but they treat it like an early renewal; that is, they take the existing expiration date, and add a year to it. So technically you're paying when you do the transfer, but you're also adding a year to the expiration date, so really you're just paying ahead of time.

    Could that have been the case?

    Or... did you mean Network Solutions charged you to let you transfer the domain away from them? Because that would be utterly absurd.

  • by Predius (560344) <josh.coombs@gmail.cLIONom minus cat> on Wednesday February 24, 2010 @06:14PM (#31266292)

    Local logs on their machines? MSN may not log at the main server, but many clients certainly log locally.

  • Re:Down already (Score:3, Informative)

    by MidnightBrewer (97195) on Wednesday February 24, 2010 @06:22PM (#31266374)

    Not meant for hiding secrets, but definitely meant for preventing illegally made copies of a work. This is exactly what copyright is for, whether you like Microsoft or not.

  • Re:Down already (Score:3, Informative)

    by khallow (566160) on Wednesday February 24, 2010 @06:24PM (#31266392)
    Keep in mind that this probably was a legal copy of the work. As has been mentioned elsewhere, Microsoft's work is newsworthy. There is a fair use for such things.
  • by Rijnzael (1294596) on Wednesday February 24, 2010 @06:24PM (#31266394)
    Of course being hosted in the United States is one problem if you want to be an indiscriminate whistle-blower, but an even more serious problem is picking a registrar hosted in the United States. Not only are you and your server host accountable to the DMCA, but so is the company that has the permanent on-off switch to your site's name. When I registered domain names that I thought might ever contain the slightest bit of content that could get me in hot water via the DMCA, I made sure to register my domain names through a registrar which hosts much more notable sites with content in contravention of DMCA. So, I ran a whois on the most notable site I could think of which completely disrespects copyrights (ThePirateBay), and registered my domain names at Key-Systems, http://dd24.net/ [dd24.net] being their consumer-facing site. They might be a bit more of an expense (being that I incur a foreign transaction fee with every registration/renewal), but I think the peace of mind in knowing you won't be losing your domain name due to copyright disputes is very worth it.
  • by Wesley Felter (138342) <wesley@felter.org> on Wednesday February 24, 2010 @06:29PM (#31266450) Homepage

    Maybe you haven't looked at their site lately (I wouldn't blame you); NetSol has been providing hosting for years: http://www.networksolutions.com/web-hosting/index.jsp [networksolutions.com]

  • by slimjim8094 (941042) <slashdot3@@@justconnected...net> on Wednesday February 24, 2010 @06:33PM (#31266482)

    I just read the document and it's really kinda reassuring. They lay out exactly what they require in order to disclose exactly what information, and they don't say anything without a subpoena (gets you name/address/email older than 180 days). Anything more interesting than that requires a court order (for address book/friend list/email to-from) or a search warrant (new email).

    Plus, they detail exactly what they do and don't keep - for example, they don't have messenger logs.

    Frankly, I thought they had more info than that. They really keep very little info aside from what they need to actually deliver the service.

    YMMV due to the Patriot act, etc - but I don't see why MSFT would lie in a confidential document

  • Re:Already gone? (Score:5, Informative)

    by dgatwood (11270) on Wednesday February 24, 2010 @06:44PM (#31266580) Journal

    It astonishes me that anyone still uses Network Solutions. Their extensive list of blocks for transferring domain services (read: anytime you'd actually want to, you're prevented) is mind-boggling.

    Agreed. It astonishes me even more, however, that an organization like this would do so, and doubly so that anyone in their right minds doing anything more than a personal vanity site would use the same provider for both hosting and domain name registration. That's just asking for a hard-to-fix DMCA shutdown of the site, loss of the site due to the ISP going bankrupt, loss of the domain due to any number of billing disagreements with the ISP that are unrelated to the domain name registration, etc.

    AFAIK, the DMCA does *not* provide for locking the domain registration of a claimed-infringing site, only providing for the takedown of the content. However, if your ISP decides it is easier to kill your DNS and lock the domain to prevent transferring it than to muck with your server account, you're stuck. Why? Because you are using the same provider for hosting and (massively overpriced) domain name registration. Don't DO that.

    If I were one of these folks, I'd register my domain in a neutral country. For example, you can register .com domains with Gandi.net in France or with NameForName in Russia, or... well, here's a list [icann.org] of ICANN-accredited registrars, most of which support the .com registry. Find one in a country that has as few ACTA-like agreements with the U.S. as possible. Even with the exchange rates as bad as they are, those two I mentioned still charge less than half what NetSol charges for a domain name, with the added security of making it much harder to attack the domain itself with a mere DMCA takedown notice.

  • by 2short (466733) on Wednesday February 24, 2010 @06:54PM (#31266666)

    The provider must take down the content within a certain time of receiving a notice. After they receive a counter-notice, the content stays down for 10-14 days, during which the original notifier must file a lawsuit. If they don't, the content goes back up.

    Before taking anything down Network Solutions suggested that Cryptome file a counter notice, and pointed out to them how to do it. They pointed out that if Cryptome took down the one file for the 10-14 days, they would not have to take down the rest of the site. Cryptome sent a counter notice which specifically indicated they would not be taking down the file. Upon receipt, Network Solutions took down the site, as they clearly explained they would be required to by law.

    I'm not much of a fan of Network Solutions generally, but in this situation, they are not the bad guy. They are impartially following the law. Their letter even goes so far as to helpfully lay out Cryptomes choices. Cryptome made their choice to stand on principle and force the system to shut the whole site down. I assume Cryptome figured the resulting publicity would do more for their fight than taking down the file and keeping their site up, and I also assume they are right.
  • Re:Down already (Score:3, Informative)

    by flatrock (79357) on Wednesday February 24, 2010 @07:02PM (#31266750)

    I'm not aware of any fair use rulings that have ever allowed for the broad publication of a complete copyrighted work.

    His justification appears to be that although Microsoft is required to comply with the law, they should publish exactly how they comply so that people are more capably of avoiding the governmental eavesdropping.

    Basically he's arguing that while complying on the surface, Microsoft should be helping subvert the law at the same time, which would likely land Microsoft in some pretty serious legal trouble.

    The public has a right to know what the law allows the government to do. It doesn't have a right to know the specific implementation.

    Such back doors do often result in some security risks, however, believe it or not you don't have a right to do penetration testing on someone else's system, even if you use that system.

  • by DerekLyons (302214) <fairwater&gmail,com> on Wednesday February 24, 2010 @07:19PM (#31266888) Homepage

    Yes, Microsoft's claim is legally valid. No, newsworthiness is not one of the fair use criteria, so Cryptome has no leg to stand on.

  • Re:Already gone? (Score:2, Informative)

    by yenne (1366903) on Wednesday February 24, 2010 @07:50PM (#31267142)

    Or... did you mean Network Solutions charged you to let you transfer the domain away from them?

    Yes. I transferred several over a couple years, but one that sticks out in my memory was a case where Network Solutions policy would not allow me to transfer a domain because it was scheduled to expire soon. Not expired, just expiring within 30 days or so. Believe it or not, the restriction was right there in their service terms that I didn't bother reading.

    In another case they claimed I didn't respond properly to a transfer request and I had to start the process all over again even though I never received anything.

    This was all within a year or so after the deregulation chaos when Network Solutions was losing many of their customers. It's quite possible they've improved their customer relations since then, but the bad flavor still lingers in my mind.

  • by qubezz (520511) on Wednesday February 24, 2010 @08:06PM (#31267264)

    The document is mainly facts. Facts themselves can't be copyrighted (if they could, you wouldn't be able to learn the scores of sporting events without paying). As such, it would be possible to create a new work containing all of the facts that are available in this document and publish that. Attempts to take down your work would be very easy to defend against. In truth, showing that a new document created using only facts that are now public is very similar to the original work, one could make an argument that a copyright claim is of little merit.

    Such a document could look like this:

    Microsoft has online services that retain data on user's connections and the contents of their communications, and that data is available to law enforcement.

    Increasing quantities of information will be disclosed depending on whether law enforcement provides Microsoft with a subpoena, court order, or search warrant. This information appears to be available through a handy web interface to the agency requesting the information. Microsoft doesn't clearly state the procedure or availability for non-law enforcement agencies (such as those bringing civil suit) to receive their retained information through court actions.

    For Email services (hotmail, msn, live), information retained by Microsoft (and the legal instrument to receive it):

    • Registration contact info and IP address used to register (available by subpoena)
    • IP access logs, usage logs, billing information (only subpoena needed)
    • Full message contents of emails over 180 days old (only subpoena needed)
    • Address book, contact list, internet usage logs, email headers (available by court order)
    • Complete disclosure of all contents of all emails including email contents less than 180 days old (search warrant required)

    Duration and scope of retention of email information by Microsoft:

    • Registration details and IP address used to register: retained for entire life of account,
    • Emails (headers and contents) - any currently stored on servers (no detail given about retention of deleted emails)
    • Windows Live ID (used to log in) - last 10 connections, IP addresses used, and all sites accessed with that ID

    Similar information is retained for instant messaging, windows live spaces, msn groups, windows live domain administrator, online file storage services, and even the xbox live service, although this author is to lazy to detail them.

    Notice: The above work (30 minutes of artistic time needed), is protected under copyright of this poster, even though no notice of Copyright is required after 1989, and even though this work is entirely a list of facts regarding how Microsoft retains data and discloses it to authorities.

  • Re:Already gone? (Score:1, Informative)

    by Anonymous Coward on Wednesday February 24, 2010 @09:32PM (#31267804)

    Rapidshare link:
    http://rapidshare.com/files/355462676/27390163-Microsoft-Spy-Guide.pdf.html
    MD5: F688C4406D3A3FB76F72248630FEA270

  • Re:Already gone? (Score:1, Informative)

    by Anonymous Coward on Wednesday February 24, 2010 @09:40PM (#31267870)

    Some google searching: inurl:microsoft-spy [google.com]

  • Re:Already gone? (Score:3, Informative)

    by cawpin (875453) on Wednesday February 24, 2010 @11:52PM (#31268636)

    Believe it or not, the restriction was right there in their service terms that I didn't bother reading.

    That doesn't matter as it violates ICANN policy. A registrar cannot limit your ability to transfer a domain at any time.

  • by internic (453511) on Thursday February 25, 2010 @12:46AM (#31268920)

    Since I asked the question in the GP, I looked up what I believe is the applicable part of the US Code. 17 U.S.C. Sec. 512 [cornell.edu] states that a service provider will not be liable for taking down material in response to a copyright infringement notice as long as (among other things) the provider

    ... replaces the removed material and ceases disabling access to it not less than 10, nor more than 14, business days following receipt of the counter notice, unless its designated agent first receives notice from the person who submitted the notification under subsection (c)(1)(C) that such person has filed an action seeking a court order to restrain the subscriber from engaging in infringing activity relating to the material on the service provider's system or network.
    [Emphasis Mine]

    So now we know.

  • Re:Ballsy (Score:3, Informative)

    by AVee (557523) <slashdot@aveBLUEe.org minus berry> on Thursday February 25, 2010 @07:33AM (#31270826) Homepage

    So, does this manual that Cryptome put up reveal any dark secrets, or is the complaint justified here? I wouldn't bet either way without reading it.

    No, it outlines the procedures for getting data about hotmail and live users from Microsoft, it shows examples of what data is provided, what each piece of data means etc. It also tells what information is stored and how long and which type of warrant/court order is required for certain types of information. An interesting read, but nothing that shocked me so far (I didn't read all of it yet).
    On the other hand, I can't really see why MS goes out of it's way to prevent this document from being public. It's the kind of documentation they could just as well publish on their own website, everything in there is, as far as I can see, simply the result of what's in the law. If you have a problem with that, complain to the ones that made the law...
    The only thing in there which MS probably doesn't want to be published are a few phone numbers and email addresses and frankly those should have been redacted out.

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984

Working...