John Young of Cryptome.org has been a thorn in the side of numerous businesses and government agencies for posting documents that they would rather not be seen by the public, such as those marked For Official Use Only, or lawful compliance guides issued by ISPs and providers that detail what kinds of information they maintain on subscribers that they can provide to law enforcement. But now Microsoft has used copyright law to take down Cryptome over its publication of their Microsoft® Online Services Global Criminal Compliance Handbook .
Why didn’t Young respect the copyright notice on the manual? Because he claimed that Microsoft was using copyright to hide information that should be exposed. In an email to Robert Quigley of geekosystem,com, Young explains his actions and rationale:
[…]
If booted by Network Solutions we will set up elsewhere, arrangements are always ready for that.
Most repugnant in the MS guide was its improper use of copyright to conceal from its customer violations of trust toward its customers. Copyright law is not intended for confidentiality purposes, although firms try that to save legal fees. Copyright bluffs have become quite common, as the EFF initiative against such bluffs demonstrates.
Second most repugnant is the craven way the programs are described to ease law enforcement grab of data. This information would also be equally useful to customers to protect themselves when Microsoft cannot due to its legal obligations under CALEA.
There are other means to maintain confidentiality of legal obligations as lawyers well know. Claims of copyright violation is merely the cheapest and quickest way to coerce a service provider, no expensive lawyers needed. And it is a cheap and fast way to hide information from competitors as Yahoo intended with its false copyright claim.
There are many firms with similar obligations to law enforcement who do not use copyright to hide the compliance process — Cisco for one puts its compliance procedures online, as do others.
We think all lawful spying arrangements should be made public, not necessary the legally-protected information under CALEA. Microsoft should join the others who openly describe the procedures, and just may do so if there is a public demand for it.
We would like to aid that demand by publishing and refusing to take down the document which provides very important public benefits.
Microsoft’s lawful compliance guide is one of a dozen or so (below) we have published recently and only Microsoft and Yahoo have behaved like assholes — probably because they are more afraid of the authorities than they are of customer wrath, having been burned repeatedly for not being sufficiently official ass-kissing.
Quote me.
Of course, if Microsoft wanted to keep the manual quiet, the takedown notice ended any thought of that. The manual has now been mirrored all over the Internet, including Wikileaks.
Microsoft, meet Streisand.
Update: Cryptome.org is back online. According to correspondence posted on the site between John Young and Network Solutions, Microsoft withdrew their complaint. A copy of the email from Evan Cox, Microsoft’s outside counsel, posted to the site, says, in part:
While Microsoft has a good faith belief that the distribution of the file that was made available at that address infringes Microsoft’s copyrights, it was not Microsoft’s intention that the takedown request result in the disablement of web acess to the entire cryptome.org website on which the file was made available.
Shame on Microsoft.
I’d like to now see the equivalent document for Microsoft Windows. What does Microsoft store and how long is the information retained for?