Cryptome, a whistleblower site that regularly leaks sensitive documents from governments and corporations, is in hot water again: this time, for publishing Microsoft’s “Global Criminal Compliance Handbook,” a comprehensive, 22-page guide running down the surveillance services Microsoft will perform for law enforcement agencies on its various online platforms, which includes detailed instructions for IP address extraction. You can find the guide here (warning: PDF). not anymore.
Microsoft has demanded that Cryptome take down the guide — on the grounds that it constitutes a “copyrighted [work] published by Microsoft.” Yesterday, at 5pm, Cryptome editor John Young received a notice from his site’s host, Network Solutions, bearing a stiff ultimatum: citing the Digital Millenium Copyright Act (DMCA), Network Solutions told him that unless he takes the “copyrighted material” down, they will “disable [his] website” on Thursday, February 25, 2010.
So far, Young refuses to budge.
Cryptome is no stranger to controversy: last year, when it leaked a detailed surveillance guide from Yahoo, which, embarrassingly enough, included a pricing sheet tallying up the costs of its various services, Yahoo demanded its takedown, also under DMCA. (The Microsoft guide doesn’t contain a pricing list.) Cryptome refused to back down, and the guide is still up.
Geekosystem swapped emails with Young about the situation, and he said that if Network Solutions follows through and takes Cryptome down on the 25th, “we will set up elsewhere, arrangements are always ready for that.”
He had this to say when we asked him what he found most repugnant about Microsoft’s guide:
Most repugnant in the MS guide was its improper use of copyright to conceal from its customer violations of trust toward its customers. Copyright law is not intended for confidentiality purposes, although firms try that to save legal fees. Copyright bluffs have become quite common, as the EFF initiative against such bluffs demonstrates.
Second most repugnant is the craven way the programs are described to ease law enforcement grab of data. This information would also be equally useful to customers to protect themselves when Microsoft cannot due to its legal obligations under CALEA.
There are other means to maintain confidentiality of legal obligations as lawyers well know. Claims of copyright violation is merely the cheapest and quickest way to coerce a service provider, no expensive lawyers needed. And it is a cheap and fast way to hide information from competitors as Yahoo intended with its false copyright claim.
There are many firms with similar obligations to law enforcement who do not use copyright to hide the compliance process — Cisco for one puts its compliance procedures online, as do others.
We think all lawful spying arrangements should be made public, not necessary the legally-protected information under CALEA. Microsoft should join the others who openly describe the procedures, and just may do so if there is a public demand for it.
We would like to aid that demand by publishing and refusing to take down the document which provides very important public benefits.
Microsoft’s lawful compliance guide is one of a dozen or so (below) we have published recently and only Microsoft and Yahoo have behaved like assholes — probably because they are more afraid of the authorities than they are of customer wrath, having been burned repeatedly for not being sufficiently official ass-kissing.
So, briefly:
1. Microsoft’s use of copyright rather than other mechanisms to try to take down the guide [note that Yahoo tried to do the same thing],
2. The asymmetry of information Microsoft provides to consumers and law enforcement agencies under CALEA, or the Communications Assistance for Law Enforcement Act, which Cryptome is meant to rectify, and, implicitly,
3. The strength and speed of Microsoft’s response: this past weekend, Cryptome also published electronic surveillance guides from Facebook, AOL, and Skype, among others (warning: all PDFs), but according to Young, none of those companies “behaved like assholes” by calling for a takedown, much less by using copyright law to do so.
Since the mid-’90s, Cryptome has been an unrelenting clearinghouse of information, and its all-text, minimalist look bespeaks the Wild West vibe of the early Internet days. In 2007, its ISP, Verio, booted it for some of its leaks. At the time, Young wrote, “Cryptome is now on a new ISP, Network Solutions, another US giant like Verio, closely linked to the authorities. We’ll see if it can take the heat or cave.”
Well, with the Microsoft surveillance guide leak, the heat is on. Whether Network Solutions backs down from its takedown threat or enforces it, it’s not likely that February 25th will be the end for Cryptome: it’s weathered bigger leaks and fallouts in the past.
Update, 1:47pm EST: Young has received another notice from Network Solutions asking that he provide a counter-notification in compliance with the DMCA. His response can be found on Cryptome.
Update 2, 2:20pm EST: Well, it looks like Network Solutions didn’t even wait for their February 25th deadline; Cryptome is down.They took the site down as soon as they received the counter-notification.
Young says there is a “NetSol ‘Legal Lock’ on the domain name to prevent it being transferred to another ISP until the “dispute” is settled; All Cryptome pages other than the home page now generate a 404 message.”
Currently, Cryptome’s files are being transferred to a new domain, http://cryptomeorg.siteprotect.net; Young says they will be transferred back when the lock is removed.
(Minor) Update 3, 4:30pm EST: As one Hacker News reader points out, Network Solutions is 4chan.org‘s ISP registrar. How about that.
Update 4: Wikileaks has offered to host Cryptome for the time being, via Twitter. “We will host Cryptome on our multi-jurisdictional network-outside the US-if required.” They’re currently hosting a copy of the surveillance guide. (warning: PDF.)
Update 5: Microsoft has withdrawn its copyright complaint against Cryptome, ReadWriteWeb reports.
Update 6: This is hopefully the end of the Cryptome saga: Cryptome is now back up at Cryptome.org. So is microsoft-spy.zip, along with brand-new “spying guides” for PayPal and MySpace.
