MS is hating on Cryptome

Eugen Leitl eugen at
Wed Feb 24 13:56:43 PST 2010

Will they ever learn?

Site Leaks Microsoft Online Surveillance Guide, MS Demands Takedown Under
Copyright Law (UPDATE 2)

CALEA Cryptome Cryptome Down Cryptome Microsoft Cryptome Yahoo Global
Criminal Compliance Handbook John Young Microsoft Microsoft Online Services
Network Solutions Online Surveillance Surveillance Guide Yahoo

by Robert Quigley | 9:31 am, February 24th, 2010

Cryptome, a whistleblower site that regularly leaks sensitive documents from
governments and corporations, is in hot water again: this time, for
publishing Microsoftbs bGlobal Criminal Compliance Handbook,b a
comprehensive, 22-page guide running down the surveillance services Microsoft
will perform for law enforcement agencies on its various online platforms,
which includes detailed instructions for IP address extraction. You can find
the guide here (warning: PDF).

Microsoft has demanded that Cryptome take down the guide b on the grounds
that it constitutes a bcopyrighted [work] published by Microsoft.b Yesterday,
at 5pm, Cryptome editor John Young received a notice from his sitebs host,
Network Solutions, bearing a stiff ultimatum: citing the Digital Millenium
Copyright Act (DMCA), Network Solutions told him that unless he takes the
bcopyrighted materialb down, they will bdisable [his] websiteb on Thursday,
February 25, 2010.

So far, Young refuses to budge.

Cryptome is no stranger to controversy: last year, when it leaked a detailed
surveillance guide from Yahoo, which, embarrassingly enough, included a
pricing sheet tallying up the costs of its various services, Yahoo demanded
its takedown, also under DMCA. (The Microsoft guide doesnbt contain a pricing
list.) Cryptome refused to back down, and the guide is still up.

Geekosystem swapped emails with Young about the situation, and he said that
if Network Solutions follows through and takes Cryptome down on the 25th, bwe
will set up elsewhere, arrangements are always ready for that.b

He had this to say when we asked him what he found most repugnant about
Microsoftbs guide:

    Most repugnant in the MS guide was its improper use of copyright to
conceal from its customer violations of trust toward its customers. Copyright
law is not intended for confidentiality purposes, although firms try that to
save legal fees. Copyright bluffs have become quite common, as the EFF
initiative against such bluffs demonstrates.

    Second most repugnant is the craven way the programs are described to
ease law enforcement grab of data. This information would also be equally
useful to customers to protect themselves when Microsoft cannot due to its
legal obligations under CALEA.

    There are other means to maintain confidentiality of legal obligations as
lawyers well know. Claims of copyright violation is merely the cheapest and
quickest way to coerce a service provider, no expensive lawyers needed. And
it is a cheap and fast way to hide information from competitors as Yahoo
intended with its false copyright claim.

    There are many firms with similar obligations to law enforcement who do
not use copyright to hide the compliance process b Cisco for one puts its
compliance procedures online, as do others.

    We think all lawful spying arrangements should be made public, not
necessary the legally-protected information under CALEA. Microsoft should
join the others who openly describe the procedures, and just may do so if
there is a public demand for it.

    We would like to aid that demand by publishing and refusing to take down
the document which provides very important public benefits.

    Microsoftbs lawful compliance guide is one of a dozen or so (below) we
have published recently and only Microsoft and Yahoo have behaved like
assholes b probably because they are more afraid of the authorities than they
are of customer wrath, having been burned repeatedly for not being
sufficiently official ass-kissing.

So, briefly:

1. Microsoftbs use of copyright rather than other mechanisms to try to take
down the guide [note that Yahoo tried to do the same thing],

2. The asymmetry of information Microsoft provides to consumers and law
enforcement agencies under CALEA, or the Communications Assistance for Law
Enforcement Act, which Cryptome is meant to rectify, and, implicitly,

3. The strength and speed of Microsoftbs response: this past weekend,
Cryptome also published electronic surveillance guides from Facebook, AOL,
and Skype, among others (warning: all PDFs), but according to Young, none of
those companies bbehaved like assholesb by calling for a takedown, much less
by using copyright law to do so.

Since the mid-b90s, Cryptome has been an unrelenting clearinghouse of
information, and its all-text, minimalist look bespeaks the Wild West vibe of
the early Internet days. In 2007, its ISP, Verio, booted it for some of its
leaks. At the time, Young wrote, bCryptome is now on a new ISP, Network
Solutions, another US giant like Verio, closely linked to the authorities.
Webll see if it can take the heat or cave.b

Well, with the Microsoft surveillance guide leak, the heat is on. Whether
Network Solutions backs down from its takedown threat or enforces it, itbs
not likely that February 25th will be the end for Cryptome: itbs weathered
bigger leaks and fallouts in the past.

Update, 1:47pm EST: Young has received another notice from Network Solutions
asking that he provide a counter-notification in compliance with the DMCA.
His response can be found on Cryptome.

Update 2, 2:20pm EST: Well, it looks like Network Solutions didnbt even wait
for their February 25th deadline; Cryptome is down.They took the site down as
soon as they received the counter-notification.

Young says there is a bNetSol bLegal Lockb on the domain name to prevent it
being transferred to another ISP until the bdisputeb is settled; All Cryptome
pages other than the home page now generate a 404 message.b

Currently, Cryptomebs files are being transferred to a new domain,; Young says they will be transferred back
when the lock is removed.

More information about the cypherpunks-legacy mailing list