MSFT Criminal Compliance Handbook Leaked

February 24, 2010

The release of an internal Microsoft document, which details how the software giant stores information and the ways in which law enforcement members can access it, has drawn the wrath of Redmond.

As detailed on GeekOSystem.com, the document, entitled Global Criminal Compliance Handbook, and dated March, 2008, was originally posted by the whistleblower website Cryptome. Microsoft reacted quickly, claiming that the document was copyright material under the Digital Millennium Copyright Act (DMCA), and the offending content, and indeed, the whole website, was taken down swiftly.

Fortunately, BusinessInsider decided to host the PDF on its website for anyone interested in viewing it. The document is a version for U.S. law enforcement officials, and pertains to Microsoft’s online services such as Windows Live, Windows Live ID Windows Live Messenger, Hotmail and Xbox Live.

Cryptome editor John Young detailed what he found most distasteful in the document:

Most repugnant in the MS guide was its improper use of copyright to conceal from its customer violations of trust toward its customers. Copyright law is not intended for confidentiality purposes, although firms try that to save legal fees. Copyright bluffs have become quite common, as the EFF initiative against such bluffs demonstrates.

Second most repugnant is the craven way the programs are described to ease law enforcement grab of data. This information would also be equally useful to customers to protect themselves when Microsoft cannot due to its legal obligations under CALEA.

For Xbox 360 users who have registered on Xbox Live with a credit card, Microsoft collects and stores your: date of birth, name, e-mail address, physical address, telephone number, credit card number, type of credit card, credit card expiration and Microsoft Passport.

Xbox Live users will have their registration and IP connection history recorded “for the life of the gamertag account.” Also collected, and stored, is the Xbox’s serial number (if it was registered online).

Law enforcement officials armed with a subpoena can grab “basic subscriber information,” such as name, address, screen names, IP address, IP logs, billing info and email content “more than 180 days old.”

A court order results in “disclosure of all of the basic subscriber information available under a subpoena plus the e-mail address book, Messenger contact lists, the rest of a customer’s profile not already listed above, internet usage logs and e-mail header information (to/from) excluding subject line.”

Search warrants allow law enforcement members to access emails in electronic storage 180 days or less.

The Cryptome site has since returned on a different domain and posted the full email trail from Microsoft and Network Solutions that led to the original site being shuttered.

Posted in

Comments

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by Talouin on Thu, 02/25/2010 - 16:53.

I hope they're not storing Canadian personal information on a server farm within the United States. That's definitely illegal and perhaps some Canadian lawyer that wanted to "get rich quick" should take them to task over it.

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by Thomas P. on Thu, 02/25/2010 - 11:15.

What are they covering up? The fact they cooperate with law enforcement when Microsoft is given the appropriate supoenas/warrents?

Sounds less like a cover up and more like buisness as usual for most companies located in the United States.

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by SpaceGhost2K on Wed, 02/24/2010 - 22:00.

It's not a coverup if an internal document was leaked and taken down.

If GamePolitics had a website leak one of their internal documents, are you telling me they wouldn't take steps to have it taken down? And if they did, would THAT be considered a coverup?

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by DarkSaber on Thu, 02/25/2010 - 06:43.

Yes, yes it would.

--------------------------------------------------

I LIKE the fence. I get 2 groups to laugh at then.

-------------------------------------------------- I LIKE the fence. I get 2 groups to laugh at then.

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by SeanB on Thu, 02/25/2010 - 11:26.

no it wouldn't.

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by Cerabret100 on Wed, 02/24/2010 - 18:14.

While cover ups aren't exactly appreciated, isn't all that's being covered up standard regulation that i would assume all companies have? that is to supply information when the proper legal actions (warrents and such) are taken?

doesn't really seem something to get up in arms about. sure one could say it implies microsoft is covering worse things up, but then again any action can imply a lot of things.

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by Thomas P. on Wed, 02/24/2010 - 18:05.

I read the PDF. There really isn't anything there that we didn't know already. What it really does confirm is that Microsoft only complies with a government's request for information if they have a subpoena from a court. I don't know why Microsoft is getting their panties into a bunch, this is stuff the criminals already know...

ZOMG U GUYS HAVE LOGS OF WHAT SERVICES I USE FROM U! OMGWTFBBQ

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by GrlGmr on Sat, 02/27/2010 - 14:27.

Pretty much every company does that. Personally, I don't see what the problem is or why people are complaining.

I've worked for several large cellular carriers, and trust me, the information THEY have about their customers and keep on file is much more extensive than this, and no one is up in arms. Their proceedure for giving up information was the same: law enforcement needed a subpeona to get it. And I bet they work with criminal investigators a lot more often than Microsoft.

Also, stuff like credit card numbers, type of credit card, expiration date, physical address, and phone number are all information that's needed to repeat bill the credit card. Xbox Live has auto renew. Blame the credit card companies.

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by Thad on Wed, 02/24/2010 - 17:09.

It seems to me that the coverup is far worse than what's being covered up. It sounds like MS is actually complying with due process and only giving away this information to law enforcement if they have a warrant or subpoena. Sprint was recently revealed doing much worse (allowing law enforcement to track people's physical locations using their cell phones, WITHOUT a warrant), and nobody batted an eye.

MS's real abuse here is in misusing copyright law in an attempt to silence whistleblowers. If they'd just come out and say "Yes, we store this information, and yes, we will comply with law enforcement, but only if a warrant is provided," then most people would find that perfectly reasonable.

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by Ratros on Wed, 02/24/2010 - 19:11.

Yeah, it kinda pisses me off that they claimed copyright infringement to get the site locked. And I fear that this is what's going to happen to many sites in the near future.

---

I once had a dream about God. In it, he was looking down upon the planet and the havoc we recked and he said unto us, "Damn Kids get off my lawn!"

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by SeanB on Wed, 02/24/2010 - 17:01.

And although plenty will complain about it, not a single one of you will cancel your accounts over it, continuing to shovel them money, thereby aproving of what they are doing.

A few years ago an analysis was done showing how much personal information MSFT "could" get from the apps running in XP and Vista systems, if they actually wanted it. People on a website i frequented were all up in arms, many stating "That's the final straw, i'm going to linux!"

Years later, they're all still using MSFT OS's

Re: MSFT Criminal Compliance Handbook Leaked

Submitted by mootyslayer on Thu, 02/25/2010 - 02:08.

Although I still have an xbox account. I stopped paying for live a long time ago. Perfer the ps3 for my online needs. Once my 360 died for the 3rd time from the ring of death I decided that most of my game buys would be for the ps3 or pc. I still buy games for 360 but only exclusive titles.

Shout box

NyuRena: You nailed it James! Yikes..06/18/2013 - 1:56pm

james_fudge: With MS willing to share with the government, an always listening device should give everyone pause.06/18/2013 - 1:37pm

james_fudge: you can't turn off the Microphone on the Kinect and it has to be plugged in. It's not rocket science.06/18/2013 - 1:35pm

E. Zachary Knight: The Humble Bundle Guys just don't like me having money in my pocket do they? https://www.humblebundle.com/06/18/2013 - 1:12pm

E. Zachary Knight: CMiner, I know that my Android camera is off unless I am using an application that turns it on. Same with the microphone.06/18/2013 - 12:38pm

CMiner: Can you turn off the camera on an iPhone? Like, -really- turn it off, not just change a setting that -tells- you the camera is off?06/18/2013 - 12:13pm

james_fudge: when they make it a requirement, yes they are06/18/2013 - 12:10pm

CMiner: I just don't think Microsoft bears any more (or less) responsibility for privacy with its Kinect camera than do the makers of laptops or smartphones with integrated cameras.06/18/2013 - 12:00pm

Imautobot: The ability to operate the console without the camera is key. It's a peripheral, not directly integrated into the console, and yet it behaves as if it is. Thankfully I don't have kids, and won't have an Xbone either.06/18/2013 - 11:49am

CMiner: Oh, I agree that the decision to make the kinect mandatory/always listening is terrible.06/18/2013 - 11:48am

E. Zachary Knight: CMiner, and the easier the provider makes to do such things, the better. The fact that the XBone will not even funtion without it plugged in and turned on in some fashion makes a world of difference from a PC Webcam.06/18/2013 - 11:38am

CMiner: It takes steps on the user's part to ensure 100% privacy (unplugging, uninstalling, putting tape over it, not putting it in the kid's rooms, etc)06/18/2013 - 11:29am

CMiner: My point is that no webcam producing company can guarantee that no one will ever ever ever be able to access video from that webcam without your knowledge and permission06/18/2013 - 11:28am

E. Zachary Knight: Of course at that point, you are still opening up yourself to Windows zero day vulnerabilities and back doors that they are happy to share with the government before Windows users.06/18/2013 - 11:26am

E. Zachary Knight: Cminer, I don't because I wipe the OS and reinstall something more secure, Linux. Even still, just wiping the OS and reinstalling Windows fresh removes all the bloatware PC companies install.06/18/2013 - 11:26am

E. Zachary Knight: I agree that the Kinect requirement of the XBone has my civil liberty senses tingling. Just another nail in the coffin for me.06/18/2013 - 11:25am

E. Zachary Knight: Honestly, I wouldn't put anything with an integrated camera in my kids' rooms. You are just asking for trouble. Of course, I am not a fan of having tvs/videogames/computers in kids rooms in general.06/18/2013 - 11:24am

CMiner: In the case of integrated webcams on laptops, do you have the same concern that people at Dell, HP, Lenovo, etc might be spying on you?06/18/2013 - 11:24am

E. Zachary Knight: I love awesome indie devs. Incredipede is free if you run linux! http://www.incredipede.com/linux.html Thanks @ColinNorthway You're the best.06/18/2013 - 11:23am

Imautobot: More creepy is that the Xbox Camera can see in the dark. Now we're in Buffalo Bill territory.06/18/2013 - 11:21am

All shouts

<< Return To Top

Forgot your password?
Username :
Password :