Whistleblower Site Cryptome to Microsoft: Make Your Spying Guide Public
February 26, 2010
(ChattahBox)— Forget about the Olympics and the healthcare showdown between Republicans and Democrats; the big event in the geek-o-sphere this week has been the entertaining battle between tech giant Microsoft and the little-known whistleblower site Cryptome. After Cryptome posted an internal law enforcement document revealing Microsoft’s how-to manual on ways to subpoena online user data, Microsoft demanded that the document be removed under the shield of copyright law. And all of the entertaining back-and-forth email exchanges between Microsoft, Cryptome and Network Solutions, the site’s server, have been posted online.
Of course, Microsoft’s heavy-handed legal brouhaha resulted in drawing even greater attention to its spying document, when Network Solutions responded by taking the whole site offline. And finally on Friday, Microsoft withdrew its complaint and the site was back up, but not before Cryptome’s founder John Young made his point, referring to Microsoft as law enforcement ass kissers, among other things. Young ended his rant against Microsoft, as well as Yahoo, with the words: “Quote me.”
The whistleblower site Cryptome takes an in-your-face approach to disclosure of private documents Young believes the public deserves to see:
“Cryptome welcomes documents for publication that are prohibited by governments worldwide, in particular material on freedom of expression, privacy, cryptology, dual-use technologies, national security, intelligence, and secret governance — open, secret and classified documents — but not limited to those. Documents are removed from this site only by order served directly by a US court having jurisdiction. No court order has ever been served; any order served will be published here — or elsewhere if gagged by order. Bluffs will be published if comical but otherwise ignored.”
Although Microsoft’s 22-page law enforcement manual did not contain any trade secrets, Microsoft still insisted that it was protected by copyright under the Digital Millennium Copyright Act. The document contained information on how to file subpoenas and revealed what data Microsoft retains on users of its online services, including Xbox Live and Hotmail.
Young believes that “all lawful spying arrangements should be made public.” And some firms, such as Cox Communications, do in fact, make their lawful compliance guides available to their customers. But Microsoft, Google, Facebook and Yahoo do not. And as pointed out by Wired.com, Internet firms refusing to “publish the most basic statistics on how often law enforcement comes knocking with subpoenas and warrants, expect “their users to trust them with their most sensitive data and communications.” When Yahoo’s lawful spy document was leaked by Young, the company also unsuccessfully tried to block its publication on copyright grounds.
In responding to an email from the site Geekosystem, asking Young what he found most repugnant about Microsoft’s law enforcement guide, Young condemned Microsoft’s use of copyright law to prevent disclosing its lawful spying policies to its customers:
Most repugnant in the MS guide was its improper use of copyright to conceal from its customer violations of trust toward its customers. Copyright law is not intended for confidentiality purposes, although firms try that to save legal fees. Copyright bluffs have become quite common, as the EFF initiative against such bluffs demonstrates. Second most repugnant is the craven way the programs are described to ease law enforcement grab of data. This information would also be equally useful to customers to protect themselves when Microsoft cannot due to its legal obligations under CALEA.”
Young then railed against Microsoft and Yahoo for their refusal to make company law enforcement guides available to their customers:
“We think all lawful spying arrangements should be made public, not necessary the legally-protected information under CALEA. Microsoft should join the others who openly describe the procedures, and just may do so if there is a public demand for it. We would like to aid that demand by publishing and refusing to take down the document which provides very important public benefits.
Microsoft’s lawful compliance guide is one of a dozen or so (below) we have published recently and only Microsoft and Yahoo have behaved like assholes — probably because they are more afraid of the authorities than they are of customer wrath, having been burned repeatedly for not being sufficiently official ass-kissing.
Microsoft’s lawful spying guide can be found here.