landed in hot water earlier this week when its "Global Criminal
Compliance Handbook" was published by whistleblower
site Cryptome. The
guide details much of the wealth of information that the company
retains on its internet users and Xbox owners. Now Microsoft is
demanding that the site remove the posted guide, which its legal team
claims was illegally obtained and posted.The guide, dated
March 2008, details Microsoft's surveillance services of Hotmail,
Live Messenger and Xbox LIVE users that it offers the
government.For Hotmail, Microsoft offers IP address
disclosure, e-mail account registration records, stored e-mail
records, account access records. For Windows Live Spaces, it
offers the previous information, plus owner (creator) information.
For Xbox Live it offers users' Gamertags, their credit card number,
phone number, first/last name, zip code, the serial number of their
Xbox console if it has been used on Xbox LIVE, their email account
address, and the lifetime IP history of the Gamertag.Microsoft
officials have not publicly commented on the leak, though they are
actively pursuing trying to silence it online.Cryptome's
host -- Network Solutions -- has responded to a Digital Millennium
Copyright Act (DMCA) takedown notice from Microsoft and Cryptome is
now offline. The manual can easily be found as a 1.7 MB
file on numerous torrents, though, such as this
one at Torrent
Fellow whistleblower site Wikileaks has
agreed to host the site outside the U.S. to protect it from the
powerful DMCA. Describes a spokesperson for Wikileaks,
"We will host Cryptome on our multi-jurisdictional
network-outside the US-if required."The incident was
similar to the previous leak of Microsoft's secret Computer
Online Forensic Evidence Extractor (COFEE). Microsoft gives
COFEE on USB sticks to law enforcement agencies, allowing them to
extract "volatile" files from offenders with Windows
computers.The incident also raises questions in the ongoing
debate over just how much personal information web service providers,
OS makers, and game console makers should retain. Google,
Yahoo, and Microsoft all came
under fire in recent months for retaining
users' search records. They have all since agreed to scale
back the time of data retention.
quote: They can force them to turn over data, but they can't force them to go through costly procedures to collect data that serves no purpose to their business.
quote: They can force them to turn over data but not force them to collect it? Uh, whut?
quote: Microsoft gives COFEE on USB sticks to law enforcement agencies, allowing them to extract "volatile" files from offenders with Windows computers.
quote: However, the FBI can’t just go to Microsoft and say “You need to collect and make a database because we think it will be useful.”
quote: The government can’t get some blanket "subpoena" forcing a private company to create and implement a system to track people for the purpose of government spying.
quote: Show me any law that would allow an investigative agency to come in and force a business to gather information. It doesn't exist.
quote: They can force them ...