Saturday, February 27, 2010

What Microsoft knows and keeps about you, abusing DMCA & kicking Cryptome

Yobie Benjamin
SF Gate -

As the Patriot Act comes up for reauthorization by Congress, it's time to reflect on the immense powers Americans have ceded to the government and potential for abuse by federal, state and local authorities. Last year, an FBI Inspector General report has excoriated the FBI Communications Analysis Unit for abusive warrantless surveillance of perhaps thousands of innocent people. FBI Director Robert Mueller promised Congress the FBI will be take steps to stop the abuses cited in the Inspector General's report.

"The FBI's use of exigent letters... circumvented, and in many cases violated, the requirements of the Electronic Communications Protection Act statute," according to the report, which was referencing a leading federal wiretap law.

The global Internet and telecommunications infrastructure provides massive information on almost each and every person on the planet. In a twisted way, the only ones fortunate enough to maintain true privacy are the poorest of the poor in armpits of the world. If one has a cell phone no matter where they are on the planet, they could be subjected to the vast surveillance powers of states. But one power truly stands out --- the all encompassing reach and technological capabilities of the US National Security Agency. If you want to be secure, don't use a phone, a computer, credit card or any other technologically linked system because it guarantees that big brother will find you if they want to.

There is another side to this story.

While most cases that involve terrorism will inevitably involve NSA and other clandestine agencies' surveillance, most consumer "spying" comes from subpoenas and requests from other non-terrorist-related federal, state, local agency requests AND non-governmental private litigation and discovery. Simply put, a subpoena issued by a court in support of private litigation and discovery may have the same impact on an individual as the full force of the NSA.

These are some of the reasons why the public is entitled to know what private companies are doing with information entrusted to them by their customers and the public at-large. If Microsoft, Cisco, Sprint, AT&T, Facebook, MySpace and legions of other companies ONLY provided consumer information in response ONLY to legal National Security Letters issued by the FBI, then the outrage is probably overblown.

The fact is --- when a company receives a court-approved subpoena (or order) requested by an "officer of the court" (meaning the judge, defendant or plaintiff's counsel), most of the time, the company will provide all the information requested.

So what information is typically requested from a company by say a plaintiff's lawyer during some discovery phase?

Well, it's everything. In fact, it's generally a fishing expedition for every log file, every uploaded video, photo, chat session and anything else they can get their hands on. This is what happened to the famous skank case in which Google was involved.

The unintended consequence of a surveillance state is the creation of a surveillance society. The nuance of the legal system provides anyone willing to spend the money on lawyers, litigation and the discovery process to effectively get all the information on anyone they want. Bottom line: Most general counsels' offices in most companies will NOT decline to give information requested by a court order, approved subpoena or discovery request, whether it is a criminal or civil matter.

These are some reasons why Cryptome (a site that is run by John Young, a long time privacy, crypto and security activist) needs to continue and provide critical privacy-related information to the public. This is why the attempts of Microsoft and others to obfuscate the information they gather and provide on demand to court subpoenas is misguided.

Cryptome has long been the bane of US and other global intelligence agencies. Much of the information on Cryptome is controversial including its compilation of President Obama's security details and personnel. It is also the destination and source of embarrassing and leaked government documents. Cryptome is bold and brash as it takes on the government of China, the US and the UK and other countries as they try to suppress information.

A free society needs more John Youngs and Cryptomes not less. Information about private individuals and organizations and matters (health records, email, finances, phone conversations, etc...) that may affect them should and must have a reasonable sense of privacy. People should know how information about them is kept, retained and guarded and under what conditions the information is released..

It is unfortunate that Microsoft continues to be the lead company in harassing Cryptome by filing seemingly endless DMCA (Digital Millennium Copyright Act) notices (which is by the way not even a court-sanctioned act) with John Young's Internet service provider. By virtue of its size, Microsoft's DMCA notices almost carry the weight of a court's command on ISPs. On receiving a Microsoft notice yesterday, Cryptome's ISP Network Solutions impishly and hastily agrees to take down Cryptome's web site rather than demand to see supporting court-ordered documents.

Today someone in Microsoft got smart and withdrew the DMCA compliant and Network Solutions restored Cryptome. Several Cryptome links are still dead.

If you read the disputed Microsoft "spying document" on Cryptome's site, nothing seems damaging to either Microsoft's business or intellectual property. The Microsoft document entitled "Global Criminal Compliance Handbook" contains compliance guidelines and information on what information Microsoft knows about your activities, what they keep and for how long. It's hardly a top-secret document as any college junior enrolled in computer science would assume as much is done. In addition, the document is a living oxymoron stamped all over with "For Law Enforcement Use" markings when in fact it was clearly meant to comply also with civil subpoenas --- like a court ordered (perhaps to be used for some crazy high profile defamation or divorce matter) discovery. Again, recall that the New York model skank case is hardly a national security matter.

In my opinion, such information should be in fact made public in any company's terms of use statement. Hiding the information is a useless exercise and waste of the company lawyers' time.

The goodwill lost by Microsoft's inane DMCA filings has been far more damaging than John Young's publication of the document. It may have also unleashed a movement to have DMCA abuse curtailed by Congress.

The public and Microsoft's customers have the absolute right to know what information is being retained on their online activities, for how long and under what conditions the information will be provided for criminal or civil matters.

It should not be a big deal to tell people what information about them you keep. I guess it is the price we pay for living in a surveillance society.

No comments:

Post a Comment