Microsoft Pulls Back on Cryptome Takedown Request over Leaked Document
Microsoft withdrew its request to take down Cryptome.org after the site posted a document detailing Microsoft's user-data retention policies. Microsoft had originally argued that the posting of the "Microsoft Online Services Global Criminal Compliance Handbook" constituted copyright violation, and Cryptome's service provider took the site down temporarily. The document details how Microsoft stores data such as IP addresses and registration information for sites like Hotmail, MSN Groups, Xbox Live and Windows Live Messenger.Microsoft withdrew its request to have Cryptome.org, a site that posts leaked documents from corporations and governments, taken down after it published an internal document detailing which of its users' online data Microsoft was willing to share with law enforcement under certain circumstances.
That document, titled, "Microsoft Online Services Global Criminal Compliance Handbook," details how long Microsoft retains its online users' IP connection history records, user-provided registration data, IP addresses and dates of uploaded content, among other records. The online services described in the document include Microsoft Office Live, Xbox Live, Windows Live, Windows Live Messenger, Hotmail, MSN Groups, Windows Live ID and Windows Live Spaces.
Soon after Cryptome posted the document on Feb. 20, Microsoft responded with a copyright infringement claim under the Digital Millennium Copyright Act (DMCA), which in turn led Cryptome host Network Solutions to take down the site on Feb.24. News of the DMCA takedown quickly spread, and other sites quickly began posting the documents, which may have compelled Microsoft to rescind its legal maneuver. "While Microsoft has a good faith belief that the distribution of the file that was made available ... infringes Microsoft's copyrights, it was not Microsoft's intention that the takedown request result in the disablement of Web access to the entire cryptome.org Website," Evan Cox, outside counsel to Microsoft, wrote in a Feb. 25 e-mail to Network Solutions administrators. "Accordingly, on behalf of Microsoft, I am hereby withdrawing the takedown request."
Microsoft reiterated that position in an e-mail to eWEEK on Feb. 26.
"Like all service providers, Microsoft must respond to lawful requests from law enforcement agencies to provide information related to criminal investigations," a Microsoft spokesperson wrote. "We take our responsibility to protect our customers' privacy very seriously, so have specific guidelines that we use when responding to law enforcement requests."
In the case of Cryptome, the spokesperson continued, "we did not ask that this site be taken down, only that Microsoft copyrighted content be removed. We are requesting to have the site restored and are no longer seeking the document's removal."
The document in question, along with the e-mail correspondence related to Microsoft's takedown request, can be found here.
As more and more consumers port their information onto cloud-based services, there has been an accompanying rise in privacy concerns. On Feb. 16, the Electronic Privacy Information Center filed a complaint with the Federal Trade Commission charging that Google Buzz, a micro-blogging site connected to Gmail that has the potential to make user data unintentionally public, violates consumer protection. Cryptome has posted documents from other tech companies, including Yahoo, that detail their handling and storage of online user information.