Microsoft is now releasing an online services global criminal compliance handbook, which may be called as a spy guide for law enforcement detailing what data Microsoft has, keeps and can relinquish. Since most of us use Microsoft in our daily life, we need to know how to use Xbox, hotmail and other Microsoft tools.
“The Global Criminal Compliance Handbook” is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft’s stored user information. It also provides sample language for subpoenas and diagrams on how to understand server logs. I call it “quasi-comprehensive” because, at a mere 22 pages, it doesn’t explore the nitty-gritty of Microsoft’s systems; it’s more like a data-hunting guide for dummies.
Which Microsoft services are affected?
All sorts. Microsoft keeps user information related to its online services. The data ranges from past e-mails to credit card numbers. The information is kept for a designated period of time, sometimes forever.
The sites referenced are:
- Windows Live
- Windows Live ID
- Microsoft Office Live
- Xbox Live
- MSN
- Windows Live Spaces
- Windows Live Messenger
- Hotmail
- MSN Groups
Some of these Microsoft services may not apply to a whole lot of people. Who uses MSN Groups, for instance? But accessing personal information from Xbox Live accounts, for example, could be a big problem for 23 million subscribers; especially since Xbox Live keeps more data than many of Microsoft’s other services.
What information does Microsoft have?
It depends on the service. We’ll deal with the big dogs here:
Windows Live ID: Windows Live ID is a one-stop shop for user info retention and is used on a multitude of sites to limit scattered user names and passwords. Due to its wide reach, Windows Live ID could allow law enforcement agencies to access tons your personal Web surfing information. Microsoft keeps “the last 10 Microsoft site and IP connection record combinations (not the last 10, consecutive IP connection records).”
Hotmail: “E-mail account registration records are retained for the life of the account. Internet Protocol connection history records are retained for 60 days,” according to the document. But if you, like many, switched over to Gmail and let your Hotmail account lapse, all e-mail content is “typically deleted after 60 days of inactivity. Then if the user does not reactivate their account, the free MSN Hotmail and free Windows Live Hotmail account will become inactive after a period of time.”
Office Online and Windows Live SkyDrive
The scariest part of the handbook comes here. Office Online and Windows Live SkyDrive are both services that store documents and files in the cloud. The two pages devoted to these services describe only what the products are and not the access Microsoft has to pertinent information. What can Microsoft get at? How long is everything stored? What are the legal parameters? All of this is uncertain and worthy of a little spine-shake.
