CyberLaw Blog

Archive for the ‘Microsoft’ Category

Microsoft shields Russia’s refusniks from police harassment: “

Investigates abuses in its name

Microsoft is shaking up its licensing in Russia after reports that authorities are clamping down on the use of Redmond software by government protest groups.…

“

(Via The Register – Public Sector.)

Microsoft backs down over online 'spy guide': “(Guardian)
Microsoft has been forced to backtrack after it closed down a whistleblowing website after it published a leaked version of the company’s ’spy guide’. The American software giant took action against the Cryptome website for publishing a copy of the Microsoft Global Criminal Compliance Handbook, a document explaining how law enforcement officials can access millions of people’s private information online. Microsoft said the publication infringed its copyright and lodged a complaint with Cryptome’s web hosting company, Network Solutions. Network Solutions shut down the website entirely – a move that caused uproar among civil liberties campaigners, and led Microsoft to withdraw its complaint so that Cryptome could go back online. The company did not intend to close the site – just remove the document in question.

(Via QuickLinks Update.)

CyberLaw is also publishing a PDF copy of the Microsoft surveillance compliance document which is mentioned in the story below as the public has a right to know about Microsoft’s policy.

Visit and support http://cryptome.org/

Microsoft Takes Down Whistleblower Site, Read the Secret Doc Here | Threat Level | Wired.com

By Ryan Singel Email Author, February 24, 2010

designedfor_emma_swannMicrosoft has managed to do what a roomful of secretive, three-letter government agencies have wanted to do for years: get the whistleblowing, government-document sharing site Cryptome shut down.

Microsoft dropped a DMCA notice alleging copyright infringement on Cryptome’s proprietor John Young on Tuesday after he posted a Microsoft surveillance compliance document that the company gives to law enforcement agents seeking information on Microsoft users. Young filed a counterclaim on Wednesday — arguing he had a fair use to publishing the document, a full day before the Thursday deadline set by his hosting provider, Network Solutions.

Regardless, Cryptome was shut down by Network Solutions and its domain name locked on Wednesday — shuttering a site that thumbed its nose at the government since 1996 — posting thousands of documents that the feds would prefer never saw the light of day.

Microsoft did not return a call for comment by press time.

The 22-page document (.pdf) contains no trade secrets, but will tell Microsoft users things they didn’t know. (You can read it directly on your own computer from the above link, or read it inline below.)

For instance, Xbox Live records every IP address you ever use to login and stores them for perpetuity. While that’s going to be creepy for some, there’s an upside if your house gets robbed, according to the document: ‘If your investigation involves a stolen Xbox console, if the console serial number or Xbox LIVE user gamertag is provided and the console has been connected to the Internet, IP connection records may be available.’

The Microsoft® Online Services Global Criminal Compliance Handbook (.pdf) also goes so far as to provide sample language for subpoenas and diagrams on how to understand server logs.

Other things you might not know and which Microsoft (sometimes oddly) doesn’t want you to know?

Microsoft retains only the last 10 login records for Windows Live ID. As for your instant messages, it tells police that it keeps no record of what anyone says over Microsoft Messenger – though it will turn over who is on your buddy list.

And if you like to use Microsoft’s social networking products — like its old-school Group mailing list or its Facebook-like Spaces product, be aware that it’s very social when it comes to law enforcement or court subpoenas.

As Microsoft tells potential subpoenaees, ‘when you are looking for information on a specific incident like a photo posting or message posting, please request all group content and logs. We cannot retrieve single incident data.’ The same holds for Spaces — if you are interested in a single picture, just request the entire thing. Call it Subpoena 2.0.

The compliance handbook is just the latest in a series of leaks of similar documents from other companies. Yahoo, like Microsoft, reacted as if its secret sauce had somehow been spilled by letting curious users know the hows and whys of how the companies deal with lawful surveillance requests. Google, for all its crusading for internet freedom, refuses to say how often law enforcement comes searching for user data.

The one company who has had a stand-up policy for years is the Cox Communications’ ISP, which has had this information and their price list public for years.

But hypocrisy is the name of the game for giant internet companies like Yahoo, Microsoft and Google that want us to entrust large portions of our lives to Gmail, Yahoo Mail, Buzz, Xbox, Hotmail, Messenger, Google Groups. When it comes to the most basic information about how, why and how often our data is subpoenaed and collected without our knowledge, these online innovators resort to lawyers, abusive legal process and double-talk.

IN – Yahoo, Flickr and Microsoft introduce access filters: “(Guardian)
A Guardian investigation has discovered that several internet companies have quietly introduced filters to prevent Indian users from accessing sexual content.

The Yahoo search engine and Flickr photo-sharing site (owned by Yahoo) altered their sites earlier this month to prevent users in India from switching off the safe-search facility. The block also applies to users in Singapore, Hong Kong and Korea. Microsoft has also barred Indian users of its Bing search engine from searching for sexual content. Users who do try to search for sexual material receive a notice informing them that ‘your country or region requires a strict Bing SafeSearch setting, which filters out results that might return adult content’. The clampdown is understood to be in response to recent changes to India’s Information Technology Act of 2000, which bans the publication of pornographic material./p>

(Via QuickLinks Update.)

Microsoft Tackles the Child Pornography Problem: (New York imes)
The National Center for Missing and Exploited Children assists law-enforcement authorities by culling through 250,000 images a week, looking for illegal material, and sends daily alerts to 68 Internet service providers worldwide. It is difficult, labor-intensive work for all. But Microsoft is contributing new image-matching software, PhotoDNA, that promises to automate and streamline online child-pornography monitoring. The new software is the result of two years of collaboration by a team at Microsoft Research, led by Larry Zitnick, and a group at Dartmouth College. In test runs, PhotoDNA has processed images in less than five milliseconds each and accurately detected target images 98 percent of the time.

(Via QuickLinks Update.)