Thursday, February 25, 2010

Microsoft's Global Criminal Compliance Handbook

Business Insider via Gizmodo reports links to a Microsoft document describing Microsoft's contact details and processes for being served legal documents. The document sets expectations for response, enumerates the online services described, and what data the users provide to the services. An example is their XBox Live service which records Gamertag, credit card number, phone number, first and last name with zip, the serial number of devices registered online, service request numbers, email account, and the IP history for the lifetime of the gamertag.

Yes, according to this document, XBox Live tracks every IP your gamertag has logged in from. Ever. That might surprise some XBox players, but shouldn't really surprise most security analysts.

The document fully describes the information retained about each service's users, their activities, and their content. Along with these, Microsoft offers sample language describing a records request, such as this: "Any and all website information for the [group requested] including content, images, member lists, and all IIS logs" for MSN Groups.

Finally, the document describes the legal process required to acquire this information.

This is an interesting read - take a look for yourself:
Microsoft Spy

No comments: