Yahoo Issues Takedown Notice for Spying Price List
-
By Kim Zetter
- December 4, 2009 |
- 5:00 pm |
- Categories: Surveillance
Yahoo isn’t happy that a detailed menu of the spying services it provides law enforcement agencies has leaked onto the web.
Shortly after Threat Level reported this week that Yahoo had blocked the FOIA release of its law enforcement and intelligence price list, someone provided a copy of the company’s spying guide to the whistleblower site Cryptome.
The 17-page guide describes Yahoo’s data retention policies and the surveillance capabilities it can provide law enforcement, with a pricing list for these services. Cryptome also published lawful data-interception guides for Cox Communications, SBC, Cingular, Nextel, GTE and other telecoms and service providers.
But of all those companies, it appears to be Yahoo’s lawyers alone who have issued a DMCA takedown notice to Cryptome demanding the document be removed. Yahoo claims that publication of the document is a copyright violation, and gave Cryptome owner John Young a Thursday deadline for removing the document. So far, Young has refused.
Yahoo’s letter was sent on Wednesday, within hours of the posting of Yahoo’s Compliance Guide for Law Enforcement at Cryptome. In addition to copyright infringement, the letter accuses the site of revealing Yahoo’s trade secrets and engaging in “business interference.” According to the letter, disclosure of its surveillance services (.pdf) would help criminals evade surveillance.
The Compliance Guide reveals, for example, that Yahoo does not retain a copy of e-mails that an account holder sends unless that customer sets up the account to store those e-mails. Yahoo also cannot search for or produce deleted e-mails once they’ve been removed from a user’s trash file.
The guide also reveals that the company retains the IP addresses from which a user logs in for just one year. But the company’s logs of IP addresses used to register new accounts for the first time go back to 1999. The contents of accounts on Flickr, which Yahoo also owns, are purged as soon as a user deactivates the account.
Chats conducted through the company’s Web Messenger service may be saved on Yahoo’s server if one of the parties in the correspondence set up their account to archive chats. This pertains to the web-based version of the chat service, however. Yahoo does not have the content of chats for consumers who use the downloadable Web Messenger client on their computer.
Instant message logs are retained 45 to 60 days and includes an account holder’s friends list, and the date and times the user communicated with them.
Young responded to Yahoo’s takedown request with a defiant note:
I cannot find at the Copyright Office a grant of copyright for the Yahoo spying document hosted on Cryptome. To assure readers Yahoo’s copyright claim is valid and not another hoary bluff without substantiation so common under DMCA bombast please send a copy of the copyright grant for publication on Cryptome.
Until Yahoo provides proof of copyright, the document will remain available to the public for it provides information that is in the public interest about Yahoo’s contradictory privacy policy and should remain a topic of public debate on ISP unacknowledged spying complicity with officials for lucrative fees.
—–
Note: Yahoo’s exclamation point is surely trademarked so omitted here.
The company responded that a copyright notice is optional for works created after March 1, 1989 and repeated its demand for removal on Thursday. For now, the document remains on the Cryptome site.
Threat Level reported Tuesday that muckraker and Indiana University graduate student Christopher Soghoian had asked all agencies within the Department of Justice, under a Freedom of Information Act (FOIA) request, to provide him with a copy of the pricing list supplied by telecoms and internet service providers for the surveillance services they offer government agencies. But before the agencies could provide the data, Verizon and Yahoo intervened and filed an objection on grounds that the information was proprietary and that the companies would be ridiculed and publicly shamed were their surveillance price sheets made public.
Yahoo wrote in its objection letter that if its pricing information were disclosed to Soghoian, he would use it “to ’shame’ Yahoo! and other companies — and to ’shock’ their customers.”
“Therefore, release of Yahoo!’s information is reasonably likely to lead to impairment of its reputation for protection of user privacy and security, which is a competitive disadvantage for technology companies,” the company added.
The price list that Yahoo tried to prevent the government from releasing to Soghoian appears in one small paragraph in the 17-page leaked document. According to this list, Yahoo charges the government about $30 to $40 for the contents, including e-mail, of a subscriber’s account. It charges $40 to $80 for the contents of a Yahoo group.
Photo: Jeff Pearce/Flickr
See also:
Odd that Yahoo would be so protective over a document that hardly sounds embarrassing to them. Why the hardheadedness and refusal to be reasonable?
It’s a double edged sword. Publication of this document helps us understand how Yahoo retains user data and would help us protect our privacy better. On the other hand, the clear stating of the system’s limitations would also allow criminals and others of malicious intent to circumvent these measures. In my opinion, it would have been better if this document remained secret. Just because you have the right to information does not mean that you should open it to the public where this information may be abused by others.
Compared to what Cox and others charge, Yahoo!’s prices seem like chickenfeed. Don’t know why they’re so fritzed out about it.
What’s funny is that had they just released this info via FIOA nobody would have cared. I doubt I’d be reading about it on WIRED if they hadn’t pursued this BS copyright claim.
The real issue is the attempted use of a DMCA takedown notice to block publication of a leaked document. Think of the impact that could have on press freedoms.
Wait, this works both ways. If I copyright all of my emails and chats, can I stop Yahoo from selling them to law enforcement agencies with a DMCA takedown notice?
You can’t copyright facts. If I publish a price that is a collection of factual information and cannot be copyrighted. I might copyright the particular formatting of the list, but that’s easily circumvented for digital data by just changing the formatting.
I’m wondering if any of you saw the recent article at ArsTechica on how unbelievably prevalent it is for law enforcement agencies to freely GPS track, log activity , and compile metadata for cellphone, smartphone , netbook and VOIP users, among others. Sprint/Nextel is being picked on here ofr its automated web portal that allows agencies to extract all manner of data without FISA court warrants or any other oversight. And they are one of the smaller network companies..imagine what AT&T and Verizon , the BabyBells, and all the others are capable of. Sprint/Nextel delivered over 8 MILLION tracking requests in the past 13 months.
Here’s the link:
arstechnica.com/telecom/news/2009/12/sprint-fed-customer-gps-data-to-leos-over-8-million-times.ars
@memebag
Yahoo is right about one thing: you don’t have to “copyright” something any more. It is automatically copyrighted, without being entered into a government list, as long as it fulfills various conditions. I’m not sure your emails count, but then again, they probably have as much grounds as a price list from Yahoo.
Yahoo claims that a copyright notice is not necessary for works created after March 1 1989. If that is true, then Yahoo is in violation of the copyrights of its users by selling their works created after March 1, 1989 without their knowledge or consent. Opps! They out smarted themselves. I think Yahoo is in for a big can of whoop ass!
From what I remember of my copyright law class: You don’t have to register copyrights in the US. All the web site owner has to do is reformat the list, because you can’t copyright fact. And all someone else has to do is host the file in another country, one where you do have to register copyrights.
@gerrymandery
That’s hard for anyone to swallow in all honesty. If everyone used that tact in arguing against the release of valuable information of the misdeeds of corporations and governments then we as the public would be kept completely in the dark as far as our world goes. Would you have made the same argument for Watergate or KBR/Haliburton Ops in Iraq? Even though with the Iraq bits you can learn how to murder/rape and get off scott-free through loopholes in US contracter procurement code(as well as overprotective liability shields)?
The argument that criminals will use this information is bogus.
Criminals already know that their emails and publicly-transmitted communications are traceable and trackable, and the fact that the information is only kept for a year won’t make any difference to a Bad Guy.
He won’t want it tracked at all.
The ONLY reason The Big Boys don’t want us to know this info is because there are many very naive users (the Bad Guys are not naive!) in computerland who somehow think that big corporations have high ethics, and are committed to their customers’ best intersts. I know it’s stupid, but there it is.
And the corporations pay big money to foster that image, and this kind of specific information can undo millions of dollars of PR campaign.
Yahoo: please intercept this and pass it on to the NSA and CIA and Feds “WE Americans needs to get out of Afghanistan ASAP and FOK the WAR Tax, too. Thank you, you bunch of Yahoos.
Are we beginning to understand how all these “free services” like email & social networking are being funded? Answer: Government is paying for the information the consumers have been duped into thinking is “private”.
Really though, it’s not a secret. Read the privacy statements of places like Facebook that admit they are “sharing” your information with “third-parties”.
Well, that third-party is primarily the U.S. Government (and other foreign governments), either directly (like the Justice Department) or by proxy via business front companies operated by said government operated intelligence agencies.
It’s a brave new world.
Keep in mind that Yahoo! is a ‘partner’ of AT&T’s ISP operation, what they do reflects the policy of that corporate monopoly in terms of consumer privacy and account confidentiality.
Does this mean that any whistleblowers in any industry now can be both identified and sanctioned under the DMCA if the evidence the present can be claimed by the company? Finally a way to stop all that whistleblower nonsense and let companies do whatever the politicians will allow.
That bill just gets better and better with interpretation.
I’ve already downloaded it and prepared to put it back up on the web if I need to.
“spying” aka complying with the court orders and subpoenas. omg, the horror.
What’s funny is that Yahoo’s objection is based on the fact that if people found out what was doing, it would be embarassing for Yahoo. DURR! Well stop doing it, douche.
We don’t need no stinkin subpenises!
Yahoo pwns the pron, and Y!ou too.
If Sprint gave out 8 million a year, Yahoo could make more than they did with that Reservations Rewards scam.
What such documents really highlight is that corporations have taken a page from the Blackwater books of our day (nka Xe Services LLC). As surveillance mercenaries, they’ve turned domestic spying into a for-profit business. They would be embarrassed if that became widely understood. That’s why they fear being exposed in this way.
Dear Federal District Court,
*
On or about last Tuesday the secret recipe for our primary product was leaked to a website. We respectfully request you order the recipe suppressed because if our customers knew what we were really doing we would be held up to public ridicule and shame. This, of course, would damage our reputation and ultimately our profits and the well being of our shareholders.
*
Respectfully submitted,
The Directors of Soylent Green, Inc.
nothing is every private or secret on the internet. the only possible exception is something you encrypted using a encryption program you yourself made from scratch. and even then there always ways of cracking it. If you want something to be private talk to the other individual face-to-face.
Kasar brings up a rather relevant point about Yahoo’s tactics and practices. We contacted some Yahoo advertisers to notify them of their ads directly sponsoring several thousand pornographic Flickr pages on public display. Because placement varied by area, some clients couldn’t see their ads on Yahoo’s unlabeled porno pages from their location. So, we provided some screen shots, since they were naturally pissed off at Yahoo for lying to them. Yahoo sent their security/legal chief and ex-FBI bungler of 9/11 terrorists, John Zent to threaten us with DMCA rights to their porno pages, and other bluffs. Just as they had tried to shake down another former user they censored named Shepard Johnson, along with threats involving the Sunnyvale Police Dept, strangely enough. For all their power and prowess, Yahoo doesn’t seem to have one clue as to what they are doing, really. That’s what’s scariest about Yahoo, it’s the way they trick people into trusting them, whether client or user, and then turn on them like Chinese dissidents to make more money off the suckers that believe their BS. They’re some royal a-holes, with our government in their fat pockets, unfortunately.