Secret-sharing Website Shut Down For Sharing Microsoft Secrets
Since 1996, cryptome.org has posted documents people want to keep secret. Then the site published a confidential Microsoft document that revealed how much information the company keeps on users. Today, Microsoft succeeded in shutting the site down.
For years, cryptome has admirably annoyed corporations and government agencies by posting sometimes-embarrassing secret documents on its barebones, Drudge-like front page. We've picked up a few good stories from them, including the TSA's standard operating procedure manual for screening supervisors and a story about a lying DEA agent.
Now, Microsoft has shut down the site via a DMCA takedown notice, claiming Cryptome violated its copyright by publishing a confidential document meant only for law enforcement. After the site's owner, Manhattan architect John Young, refused to take down the document, his ISP, Network Solutions, axed the site. (Geekosystem notes that Network Solutions is also 4Chan's ISP. Uh oh!)
A cursory glance at the document, "Microsoft Online Services Global Criminal Compliance Handbook," doesn't turn up anything especially explosive. (Wired has posted the entire thing.) Basically, it tells law enforcement officials exactly what kinds of information they can expect to receive if they subpoena Microsoft when investigating one of its customers. For example, Wired combed through the 22-page document and found that every IP address you use to log into Xbox Live is kept by Microsoft; and while your Microsoft Messenger buddy list might be turned over to the cops, your messages won't. (Though, who uses Microsoft Messenger except people in Southeast Asia, anyway?) But Microsoft still wanted it off the Internet—apparently wagering that bullying a small website into taking down barely-scandalous documents would seem less Big Brother-ish than the documents themselves.
For now, Cryptome is at a temporary address, and Young remains defiant. He told Geekosystem that "Most repugnant in the MS guide was its improper use of copyright to conceal from its customer violations of trust toward its customers." He continued:
Microsoft's lawful compliance guide is one of a dozen or so (below) we have published recently and only Microsoft and Yahoo have behaved like assholes - probably because they are more afraid of the authorities than they are of customer wrath, having been burned repeatedly for not being sufficiently official ass-kissing.
Here's the thing: Why does it take a conspiracy-minded secret-sharing website for customers to find out exactly what kinds of information a company keeps on them, for how long, and who they might give it to? If there's a silver lining to this whole thing, it's that Microsoft's move has just alerted a bunch of people who were previously unaware that the company had every IP they've ever used to play Call of Duty online.
Cryptome has been especially adept at getting this kind information out there. (They have "spy guides" for everyone from AT&T to Yahoo to Skype.) We're eagerly awaiting the relaunch of cryptome at a different address and/or ISP.