Skip navigation
CLN bookstore

Microsoft Criminal Compliance Handbook 2008

Download original document:
Brief thumbnail
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
Microsoft Online Services
®

Global Criminal Compliance
Handbook
U.S. Domestic Version
March 2008

2007-2008© Copyright Microsoft Corporation. All rights reserved. Microsoft, MSN,
Hotmail, Xbox and Xbox 360 are trademarks of the Microsoft group of companies. No
part of this handout may be reproduced or transmitted in any form or by any means,
electronic or mechanical, without the written permission of Microsoft Corporation.

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 2

MICROSOFT ONLINE SERVICES
Law Enforcement Hotline: (425) 722-1299
Where to Serve Legal Process in Criminal Matters
Windows Live TM,, Windows Live ID (Passport),
MSN®, Xbox & Other Online Services:
FAX: (425) 708-0096
Microsoft Corporation
Attn: Online Services Custodian of Records
One Microsoft Way
Redmond, WA 98052-6399

EMERGENCY REQUESTS
Microsoft Online Services will respond to emergency requests outside of normal business hours if the
emergency involves “the danger of death or physical injury to any person…” as permitted in 18 U.S.C.
§ 2702(b)(8) and (c)(4). Emergencies are limited to situations like kidnapping, murder threats, bomb
threats, terrorism threats, etc. If you have an emergency request, please call the law enforcement
hotline at (425) 722-1299.

NON-U.S. LAW ENFORCEMENT
Microsoft has established local contacts within your country or region to handle legal process related
to Microsoft Online Services. If you are not already familiar with your local contact, please e-mail the
Global Criminal Compliance team at globalcc@microsoft.com, and you will be directed to the local
contact handling requests from your country.
All legal process for criminal matters from non-U.S. law enforcement, prosecutors and courts must
be directed to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 and not to
Microsoft’s local subsidiary as all Microsoft Online Services customer data is stored in the U.S. Your
local contact will be able to educate you as to what local process must be followed in order to obtain
online services customer account records from Microsoft.
Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 3

What are Microsoft Online Services?








E-mail Services
Authentication Service: Windows Live ID
Instant Messaging: Windows Live Messenger
Social Networking Services: Windows Live Spaces & MSN Groups
Custom Domains: Windows Live Admin Center & Office Live Small Business
Online File Storage: Office Live Workspace & Windows Live SkyDrive
Gaming: Xbox Live

Wi ndows Live~
~. Windows Live 10

msn.
•

'b.~

··ve Messenger • •

.~'. Windows Live Hotmail

~.

msn.. .~

Groups

..

;e4.

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 4

E-mail Services
What are the Various E-mail Services Microsoft Provides?






Several different domains:
 @hotmail.com
 @msn.com
 @live.com
Microsoft also provides some country specific domains such as .co.uk, .fr, .it, .de, .es, .th, .tk,
.co.jp
 Currently all e-mail service customer data is stored in the U.S. even if the account
name contains a country specific domain.
E-mail accounts may be either free or associated with a paid service
 Accounts that start out as paid accounts may later become free ~OR~ accounts that
start out as free may later be associated with a paid service.
 Therefore, the records available in response to law enforcement requests will vary
depending on the type of e-mail service.
Below are several examples of the paid e-mail services Microsoft offers:

Windows live-Hotmail

It'. M,." 1M

.......".

oexo·........, _

..........
..........,

,.~_p

_.. ,~~'.....

1

..

,

f~

.....

~

...._ " .. "'~"._ In , _ ~ . .

.........................hkh G.....
....h' , ..

vo.'

,...........

........... ' .... H ....." .....

........... " ... H ......"

................
..-.., ...... _-""'.. _ ....

Slg.9~/'.

,,~

_,.-..-

_do_,...-,....

• 0 . - "'" ,. . ....-.
• 0.-_

•• 0..
"""'.,W-w.

,.....

""

_

...

. " 'M

,

w,_.

.-.--,_.".
...........
H.'...". p'."
.,.,
, """".
.,.,
....

".~

·"""_'OP""'M.

{Sw_,...........-. .......
~-,

-

w,........"""

H ......"

.......... ' .... H ....." .....

Ol ........_

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 5

msn. . Premium
$9.95 monthly

Advanced e-mail, PC-wide protection, and more

Two rnorths free!
Plan Oetaiis

Overview

Features

System Requirements

FAQ

Protect

(Click for quick demo )

Help safeguard your system with Virus Guard and
Firewall Guard powered by McAfee® Security. Get
powerful parental controls to help keep kids safe
online.

Organize
Stay on top of your to-do list by creating tasks for
yourself or others. Share your calendar to stay in
sync with friends or family.

Create
Design special stationery with fonts, colors and
custom signatures to make your e-mail unique.

Share
Share a single photo or an entire slide show right
inside your e-mail with cool photo sharing and
editing tools.

What E-mail Services Records are Retained and for How Long?
E-mail account registration records are retained for the life of the account. Internet Protocol (“IP”) connection
history records are retained for 60 days.

How Do I Read E-Mail Account Results?
Sample E-mail Account Registration Records:

Mi~i

aI

ereated2/24/20061:08:44PH

I.

criminal-compliance-lraining@holmail.com

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 6

Microsott~1 . I

criminal-comptiance-training@hotmail.com

....-..

1/14/]fNN> I:U8:4J PH

v

FitW

c·

L.c"l'l
Fi'1t.I~

i..ut .• -·t
~tlt4

•

~.
~.3

-;




All registration data is provided by the user EXCEPT for the Registered from IP Address.
Occasionally the “Registered from IP Address” field may blank for some accounts. In this
situation the user’s IP address was not captured by Microsoft’s systems during the
registration process.
Microsoft retains e-mail account registration records for the life of the account.
For free MSN Hotmail and free Windows Live Hotmail accounts, the e-mail content is typically
deleted after 60 days of inactivity. Then if the user does not reactivate their account, the free
MSN Hotmail and free Windows Live Hotmail account will become inactive after a period of
time.




Sample E-mail Account IP Connection Records:
Microsott~

,,

criminal-compliance-training@hotmail.com

I

~..

I

2/24/2006 1:08:43 PM

0

Menu

Cover Letter

IP

Date {Pacific}

Pass/Fail

64.4.1.11

2/22}2006 9:36:14 AM (PST)

PilS;

User Info

64.4.1.11

2/22/20069:37:21 AM (PST)

pus

History Info

64.4.1.11

212'2/2006 2: 13:41 PM (PST)

pa3S

Folders

64.4.1.11

2/22/20062:13:57 PM (PST)

palOs

64.4.1.11

2/22/20062:14:18 PM (PST)

piSS!!:

216.33.243,217

2/22/20062:17:48 PM (PST)

pas!:

Email
Other Info

64.4.1.11

2/22/2006

2:~O:26

PM (PST)

pas:

Home

64.4.1.11

2/23/2006

8:21:~7

AM (PST)

pass

64.4.1.11

2123/20068:2'2:49 AM (PST)

pass

64.4. l. 11

2123/20068:23:00 AM (PST)

pass

64.4.1.11

2/23/20068,23,42 AM (PST)

pass:

64.4.1.10

2/23/200612:42:43 PM (PST)

paiS

64.4.1.10

2]23/200612:43:56 PM (PST)

piln

64.4.1.10

2/24/2006 1 :00:54 PM (PST)

pOliS

64.4.1.10

2/24/20061:01:23 PM (PST)

pas>;:

64.4.1.10

2/24/20061:05:34 PM (PST)

pa!is

a

Print

64.4.1.10

2/24/2006 1 :06:46 PM (PST)

pas:

64.4.1.10

2}24/2006 1:07:02 PM (PST)

pass

-

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 7



Occasionally the “Pass/Fail” column will include an entry entitled “mymsn”. When this
indication is present, it means the user logged in from the www.msn.com homepage.

Stored E-mail Records for MSN Premium Customers:

Mail - Inbox
O%~

5I:e<_





Microsoft‘s systems only store the e-mails a user has
elected to maintain in the account. Therefore, the
only e-mails provided in response to legal process
seeking stored e-mail content will be the e-mails
stored in the “Folders on MSN” section of a user’s
account.
Be aware that users may also store e-mail content
on their computer’s hard drive. Microsoft will not
be able to disclose e-mail content stored on a user’s
computer – only e-mail content stored on
Microsoft’s e-mail servers.

@ FoId~ .. on MSM
Inbox (48)

t:a5ert Me,,_,
Trash Con
t:a-'.rJkE-M.>iI (1)

@ FoId~ .. on your comput~r
6;5I:e<od

Me,,_,

~Droft,
~CVbox
~5ert

Me,,_,

~Trash Con

Additional Tips:




Within the available IP records, an entry could exist that belongs to Microsoft services due to
internal configurations. ‘Registered From IP’ addresses or other IP addresses in the IP history
that are in the blocks of 65.54.xx.xx (MSN Hotmail) or 207.68.174.xx, 207.46.237.xx,
65.54.198,xx, 64.4.55.xx (MSN Mobile) are from Microsoft-owned servers, but they do not
provide any further information which relates to the user.
If there is an entry of 1.1.1.1 or 2.2.2.2 in the ‘History Info’ the entry is a Microsoft system
generated line item. The 1.1.1.1 and 2.2.2.2 entries are not generated by user activity.
Specific questions can be directed to the Global Criminal Compliance Team.
FREE E-MAIL ACCOUNT AGE OUT TIMELINE

Account
Creation
User must sign in
within the first 10
days to keep
account active



Account will
become inactive
after 30 days of
inactivity. No email content is
deleted but the
account will not
receive e-mail.

If account owner
does not sign in
after 120 days of
inactivity, all email is deleted
and the account
becomes a
Windows Live ID
only account.

If the associated
WLID is not used
for 365 days from
the first day of
the 120 day
inactivity period,
then the
associated WLID
is deleted.

After 365 days of
inactivity, the
account name is
recycled and is
available for
creation by
another
customer.

Users may self delete an account at any point along this process. The 30 day inactivity period
is canceled if someone tries to create the same account name ~or~ attempts to access it.
Between 120 and 365 days, users can recreate an e-mail mailbox.
Microsoft Confidential For Law Enforcement Use Only

Microsoft Confidential For Law Enforcement Use Only

Page 8

Authentication Service: Windows Live ID
What is the Service?
The Windows Live ID authentication service, formerly known as “Passport”, helps simplify your sign in: Create
your sign in credentials – e-mail and password – once, and then use them everywhere on the Windows Live
Network. There are three different ways you may obtain a Windows Live ID:





Use a @live, @hotmail or @msn e-mail account
Easy ID: Use an e-mail address you already have – @other_email_provider.com.
 You can use any existing e-mail address from any e-mail provider when you create
your credentials for Windows Live ID. Then you can use those credentials to sign in to
any Windows Live ID site.
Sign up for a limited account – @passport.com
 Create credentials only – Log on using e-mail address and password only. Account
cannot send or receive e-mail.

Windows Live ID / Passport accounts:
 Works with MSN, Office Live, and Microsoft Passport sites
 Have an MSN Hotmail, MSN Messenger, or Passport account? It's your Windows Live ID.
r: SIgn In

Windows Internet hplorer

~

~

ItJhl:t<»:/i\;?1,lvo"orfII

. J""""'..

'" ~ ISSig1

~ + CJ

In

Sign in
!- .... h<ldl"• .,.:

I

Pnoword:

I
FQ,oQl yow' RIII$,d'

o So"" my o-rnllll &ddr= ...... po,,,,,,,,,,d
o sa"" my.-rnIIIl &ddr=
o """'.yo"", lot my.-rnIIIl &ddr= ...... _ d
SiqJ

....

To .ign in to th~ wob<ito wh~r~ you clickod th~ Ac<
brow..,r, aM then si~n in on the previous page.
Related IInh
Sign up lor an account
Loom moro .bout priv.cy .nd «curity
Get .n'wers lrom Cu,tomer SUPPOr1

n U!1k1g 'l«1d«d !IeI1lj\):

:) Wondowt L~ ID
"'1<0

~,th',

,t

.-.lo....

~,

MSN, ...... _ _ tt P _ t

~tos

s.c·.. "••

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 9

What Windows Live ID (Passport) Records are Retained and for How Long?
Microsoft retains the following:
 Windows Live ID retains registration records as long as the account exists in our systems. All
registration data is provided by the user.
 The last 10 Microsoft site and IP connection record combinations (not the last 10, consecutive IP
connection records.)

How Do I Read Windows Live ID (Passport) Account Results?
Sample Sign-in Summary
Last
Modified

Entry Created Action

2006/11/30
10:22:35

2006/08/12
10:24:42

Login
Success

2006/11/30
10:22:35

2006/11/06
10:12:55

Site/IP/Time
History

2006/11/02
17:50:38

2006/08/12
10:24:42

2006/11/02
17:50:38

Value

Site
Name

Site IP Address
ID
0

192.192.240.192

Hotmail|192.192.240.192|Nov 30 2006 10:22AM;
Hotmail|192.226.141.89|Nov 29 2006 8:16PM;
Hotmail|192.140.179.82|Nov 28 2006 8:22AM;
Hotmail|192.192.150.140|Nov 24 2006 4:57PM;
Hotmail|192.192.140.151|Nov 24 2006 3:40PM;
Hotmail|192.192.132.144|Nov 18 2006 12:57PM;
Hotmail|192.71.148.10|Nov 18 2006 9:19AM;
Hotmail|192.192.156.23|Nov 17 2006 3:56PM;
Hotmail|192.226.137.230|Nov 16 2006 4:22PM;
Hotmail|192.214.138.210|Nov 16 2006 1:37PM;

0

192.192.240.192

IP Address
History

192.209.154.235;192.212.1.52;62.20.2.45;192.209.154.6
6;192.192.45.86;

0

192.209.154.235

2006/08/12
10:24:42

Date/Time
History

02 Nov 2006 17:50:38:770;01 Nov 2006 06:06:00:310;30
Oct 2006 14:24:45:397;27 Oct 2006 10:30:21:143;25 Oct
2006 19:36:14:570;

0

192.209.154.235

2006/09/28
17:02:08

2006/08/12
10:24:42

Current State
(login
succeeded)

0

192.192.45.86

2006/09/28
17:02:08

2006/08/12
10:25:39

Login Failure 0

0

192.192.45.86

2006/08/12
10:24:42

2006/08/12
10:24:42

Create
Credential

2

192.192.45.86

2

192.192.45.86

1 JMDCE6AM

Hotmail

Create Credential Row
2006/08/12
10:24:42

2006/08/12
10:24:42

Create
Credential

The time when the
account was created

1 JMDCE6AM

Ignore this value

Microsoft Confidential For Law

Hotmail

The Microsoft site
where the account
E nwas
f ocreated
rceme

The IP address from
where the account
was created

nt Use Only

Microsoft Confidential For Law Enforcement Use Only

Page 10

Login Failure Row
2006/09/28
17:02:08

2006/08/12
10:25:39

Login Failure 0

The last time the user failed to login.
(If the current state is “Login Failed”
ignore this value.)

0

192.192.45.86

The IP address from
where the user tried to
login but failed

The number of times the user has failed to login.
This value is reset to zero once the user is
successful in logging in.

Login Successful Row
2006/11/30 10:22:35

2006/08/12 10:24:42

The last time the user
successfully logged in. (If
the current state is “Login
Failed” else ignore this
value.)

Login Success

0

192.192.240.192

The IP address from
where the user last
logged in

The first time ever the user
successfully logged in typically the same as the
creation date.

Current State Row
2006/09/28 17:02:08

2006/08/12 10:24:42

Current State (login succeeded)

The timestamp of the last
login attempt

0

192.192.45.86

Please ignore this IP Address.
Refer to IP address in “Failure
Row” or “Success Row”.

Site IP/Time/History Row
2006/11/30
10:22:35

2006/11/06
10:12:55

The last time the
user successfully
logged in

Site/IP/Time
History

Hotmail|192.192.240.192|Nov 30 2006 10:22AM;
Hotmail|192.226.141.89|Nov 29 2006 8:16PM;
Hotmail|192.140.179.82|Nov 28 2006 8:22AM;
Hotmail|192.192.150.140|Nov 24 2006 4:57PM;
Hotmail|192.192.140.151|Nov 24 2006 3:40PM;
Hotmail|192.192.132.144|Nov 18 2006 12:57PM;
Hotmail|192.71.148.10|Nov 18 2006 9:19AM;
Hotmail|192.192.156.23|Nov 17 2006 3:56PM;
Hotmail|192.226.137.230|Nov 16 2006 4:22PM;
Hotmail|192.214.138.210|Nov 16 2006 1:37PM;

Shows the FIRST time of the LAST day’s successful
logins to a new Microsoft site or from a new client
machine.

0

192.192.240.192

Please ignore this IP
Address. Refer to IP
address in “Failure Row” or
“Success Row”.

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 11

Additional Tips:
1.
2.

3.

4.

5.
6.
7.

In Create credential Row
In the Current State Row
a. The IP address DOES NOT denote the IP address of the machine of the last attempt. If the last login was a failure, then
the IP address is present in the “IP address” column of the Login Failure Row while if it was success then the IP address is
present in Site/IP/Time history row.
b. If the state is “Login failed”, then refer the “Last Modified” timestamp in the “Login Failure Row” to find the last time the
user tried to login and failed. If the state is “Login Successful”, then refer to the “Last Modified” timestamp in the “Login
Success Row” to find the last time the user signed in successfully.
In Login Failure Row
a. The value (number of failure tries) is cleared once the user is able to successfully login. Hence, if a user failed to login on
several tries, but eventually logs in successfully, there is no record of the previous failures.
In Site IP/Time/History Row
a. The Site IP/Time/History table is not updated if the user logs in again from the SAME IP address to the SAME Microsoft
site. It only shows the FIRST login of the LAST day for the user, from the same IP and to the same machine.
b. There are many cases where end user IP address is hidden by ISP proxy server. SIS shows the IP address of ISP proxy
server, instead of real end user IP address. So for the individual user information you can approach the ISP.
c. The table is limited to only the last 10 MS SITE and IP combinations.
Sign-In Summary records are restricted to initial authentication so subsequent authentication to other Microsoft sites are not
logged.
All times are UTC and the time-stamps come from Windows Live ID (Passport) servers and not the user’s computer.
Ignore rows “IP Address History” and “Date/Time History”. These are present for some older accounts and have now been
replaced by “Site IP/Time/History” row.

III

One way to understand the table is to draw the timeline and plot the individual events in it. It gives a quick
view of the activities in that account. Here is the timeline for the Sign-In Summary Table provided above:

8/12/2006
Account created in Hotmail

9/28/2006
Last failure attempt

9/1/2006

10/1/2006

11/30/2006
Last Successful login

11/1/2006

8/12/2006
8/12/2006
Login failed for the first time

11/30/2006
11/16/2006 - 11/30/2006
Last 10 entries in Hotmail

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 12

Instant Messaging: Windows Live Messenger
What is the Service?
Windows Live Messenger is the “Next generation of MSN Messenger”
 Free service
 Customers use Windows Live ID / Passport account to sign-in
 Microsoft retains:
 Windows Live ID / Passport account registration data
 Some Windows Live ID / Passport account IP connection records
Windows Live Messenger program is downloaded onto client
 Microsoft servers authenticate users, but Microsoft does not log the content of
communications between users
Windows Live Messenger customers talk to Yahoo! contacts
 If a Windows Live Messenger customer adds a Yahoo! contact to his or her contact list,
Microsoft will have the name of the Yahoo! contact.

What records are retained and for how long?
Since the Windows Live ID service is used to authenticate Windows Live Messenger or MSN Messenger users,
Windows Live ID records are retained. Please refer to the “Authentication Services: Windows Live ID” section
above.
Please note that Microsoft needs a full account name with domain (@hotmail.com, @msn.com or @live.com)
in order to identify a Windows Live ID (Passport) account. An account cannot be identified when only an alias
or screen name has been provided.
Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 13

Social Networking Services:
Windows Live Spaces & MSN Groups
What are the Services?
Windows Live Spaces is a free service where users may create and customize their own blog, upload photos
and network with other users (friends and friends of friends).
MSN Groups are free websites that provide features such as message boards, chat rooms and photo albums.
http://spaces.live.com

http://groups.msn.com
0 ... · 0

_"'~~_""'_""'~~

_.

~

P_·.'_

M_ - _ _ ' __ ;;I_Ll

' O·

_

@ 11 (,l ~ -1l-

' .... 11...-&
y

,-......... _17_

-_._.-

fJ-"_

e s· ... •

•

rz 11

rIl-. - _ _ · __

. o·
~_i.l_i_

_.- ---__.-_.-

:::::---r-

_

-_._._.-'- ,,'...

-=
=

.-

.




Windows Live Spaces
One owner
Only the owner of the space can upload
content
Spaces can be public or private
Space owner can invite you to a private space
if you belong to his or her contact list and/or
e-mail you the link to the space






MSN Groups
Has only one manager but manager may have
assistant managers
Anyone who is a member of the group can
upload content
Groups can be public or private
Manager must e-mail link in invitation to a
private group

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 14

What Records are Retained and for How Long?
Windows Live Spaces: Only the owner of a Windows Live Space can upload content (e.g. images, documents,
videos), and when they do so, the IP address and date and time is also captured. In addition, if someone posts
a comment to the blog, Microsoft captures the text of the comments as well as the IP address, date and time
of upload and the nickname. These transactional records are retained for 90 days.
MSN Groups: When a manager or member of an MSN Group uploads content, Microsoft captures the IP
address and date and time of content upload. These transactional records are retained for 60 days.

Sample Language
Windows Live Spaces: The Windows Live Spaces online service enables customers to reach out to others by
publishing their thoughts, photos, and interests in an easy way. They can be as inclusive or exclusive as they
want to be. They can set three levels of permissions to view their Space: 1) public – allows anyone on the
Internet, 2)allows only the group of people from their Windows Live Messenger allow list, or 3) private –
allows only each person specified individually from their MSN Address Book. Information that they publish in
their Space is arranged in units called content modules. Content modules contain information and links to
their items such as photos, music, blogs, and lists. However, when you are looking for information on a
specific incident like a photo posting or blog posting, please request all content and logs for the Space. We
cannot retrieve single incident data.
When submitting legal process for information on Windows Live Spaces, please include the following item
descriptions as needed (listed below in bold):


For information requests on Spaces website content & logs: content including photos; photo albums;
blogs; lists etc.; and IIS (website activity) logs:
Any and all website information for the [Space requested] including content, photos, blogs, lists,
and all IIS logs.



For information requests on the creator (owner) of the Space:
Any and all subscriber information for the creator of the [Space] including means and source of
payment of any such paid subscription records associated with the owner’s e-mail account as
well as associated IP history for the account.



For information requests on other visitors of the Space (e.g. by nickname or email address):
Any and all subscriber information for the visitor [visitor name] of the Space [Space name]
including means and source of payment of any such paid account and associated IP logs for
these accounts. Note: we have information only on visitors who posted comments posted to the
Space.

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 15

MSN Groups: When submitting legal process for information on MSN Groups, please include the following
items (in bold):






For information requests on group website content/logs: content, including images; member lists;
IIS (activity) logs:
Any and all website information for the [group requested] including content, images,
member lists, and all IIS logs.
For information requests on the manager of the group:
Any and all subscriber information for the manager of the group including means and source
of payment of any such paid account and associated IP logs for these accounts.
For information requests on other members of the group (e.g. by nickname or email address):
Any and all subscriber information for the member [member name] of the group [group
name] including means and source of payment of any such paid account and associated IP
logs for these accounts.

Please note that the following items cannot in any way be associated with MSN Groups: Telephone number(s)
and Local and long distance telephonic connection records. In addition, when you are looking for information
on a specific incident like a photo posting or message posting, please request all group content and logs. We
cannot retrieve single incident data.

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 16

Custom Domains:
Windows Live Admin Center
What is the Windows Live Admin Center Service?
The Windows Live Custom Domains is now Windows Live Admin Center, which includes Windows Live Custom
Domains, Windows Live @edu, Windows Live @net and Windows Live Community Builder. You may learn
more about all of these services at http://domains.live.com.
Windows Live Custom Domains provides customers with their own domain name and, initially, up to 100 email accounts. For example, John Doe may create a custom domain www.johndoefamily2.com and may
create e-mail addresses such as john@johndoefamily2.com, mary@johndoefamily2.com, etc.
Windows Live@edu delivers student and alumni e-mail as well as communication and collaboration services.
The e-mail accounts offer a 5 GB in box, university domain name, as well as other features and students may
keep their e-mail after they graduate. Additional services may also be utilized by Windows Live@edu
customers such as Office Live Workspace and Windows Live SkyDrive. Learn more about Windows Live@edu
at http://get.liveatedu.com/Education/Connect.
Law enforcement should know to send their criminal legal process to Microsoft if a domain name lookup
indicates association with Microsoft.

Windows live Admin Center
Windows live Custom Domains is now Windows live ....dmin Center.
We'ro ch.1Ir>gir>g I~ Mme 10 brlt., roll"d our le,luro.,r>d copabilili. ., bul don'l worry,
Ihi. i• .till w~ro you
I~ ",m" ~ro'lle'lur.. you did wilh Cu.lom [lom,i"". In
I'd, we'ro inlroduar>g excilir>g now le,lures we Ihink you'll rnlly like. Th.1Ink you lor
ur>de"'l1Ir>dir>g ,. we Ir.""ilion 10 our new ""me.

,=••

Exidin~ cudom" .... - You m.y not notice ,nylhir>g new beyor>d I~ Mm" ch.1Ir>ge.
Thi. i• .tilll~ ",m" ~ro,1 ""Nice you've be"n u.ir>g.
• ....11 u"",rs - We'ro exaled 10 inlroduce I~ .bility 10 cu.lomize Wir>dow. Live ""Nice.
like Wir>dow. Live Holm,il wilh your own 10ll0. Now your dom,in u""'" will """ your
org,nizolion·. 10110 every lim" I"",y check I"",ir Holm.il. Ju.1 ""Ioct I"", co-br.r>dir>g
link in I~ I"tt Mvi~,lion 10 ~<l .11Irted.
• N"w cudom" .... - Gd .11Irted below 10 ro~i.I" your dom,in,r>d cro,le cu.lomized
Wir>dow. Live ,cc<>unls.

•

Le,," moro ,boul Wir>dow. Live prOll"m. for org,nizolio"".
• Wir>dow. Live ~ edu -- Thi. prOll"m i••pec;licolly l1Iilorod lor I"", ne"d. 01
educolioMI in.tilulions. Le,," moro
• Wir>dow. Live ~ net -- Thi. prOllr.m enable. network 00",,10'" 10 brir>g "",.Ied
communicolion ""Nice. 10 I"",ir cu.lome",. Le,," moro (.ddilion.1 inlorm.lion i•
• v.il.ble in Er>gli.h only)
• Wir>dow. Live Community Build., -- Thi. prOll"m ~Ip. org,nizolions build,r>d
.Iror>gl"",n I"",ir communili. . wilh Wir>d ow. Live ""Nice •. Le,," moro (.ddilion.1
inlorm.lion i•• v.il.bl" in Er>gli.h only)

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 17

Custom Domains:
Office Live Small Business & Office Live Workspace
What is the Office Live Service?
Office Live Small Business provides customers with web sites, custom domain name and e-mail as well as ecommerce and other tools. Office Live Workspace provides storage and access to Microsoft Office documents
as well as space to share documents and projects.
Law enforcement should know to send their criminal legal process to Microsoft if a domain name lookup
indicates association with Microsoft or “Office Live”. Learn more about Office Live at: http://officelive.com .
['I. M""""'r

.

• .Offlce Live Small Business

Office Live Small Business

•

Already have a Microsoft Office Li",e account?

Sign in

Get Online

Get Online
Create your own professional Web site-for FREE

Quick Links

Microsoft Office Live Small Business makes it easy to create a professional-looking
Web site for your business. Sign up and you11 have everything you need to get
started - including free Web hosting, a custom domain name, e-mail accounts, ecommerce, and more.

Resource Center

Sign up and get a custom domain (.com, .net, .org) and up to 100 companybranded e-mail accounts-free for the first year.

Frequently asked Questions

Customer Stories
Sign up for the newsletter
Community lind blOl;Js

Sign Up Free
BU61noeS5 eta•• Internet.
Fa.terthan DSL. Nowwith

Web Site
Create a professional online presence, including free Web hosting,
easy-to-use design tools, site reports, and much more

PowerBoost" lorelltra burs:t5
of speed when you need it.

Custom Domain Name and E-Mail
Have more impact with a custom domain and business e-mail
accounts-free for the first year

E-Commerce

Home

learn More

Examples

FAQ

Community

Microsoft Office Live Workspace
An online extension of Microsoft Office
r.==~~~~~~~==>] for

S..i..g..n....U,,;p....F..r..e..e~ •

[!",..

service and sweepstakes"

Bot.

Fund a college education. Start a business.
Support a charity. Sign up for a workspace
and a chance to win, and the choice could
be yours. Learn more

Watch the video

Anywhere Access
•
•
•
...

Save 1000+ Microsoft Office documents in one place
Access them from almost any computer with a Web browser
No more flash drives or sending yourself documents via e-mail
Learn more

... More examples

Share with Others
•
•
•
...

Invite people to your workspace
You control who can view, comment, and edit your documents
Stop manually merging versions from multiple people
Learn more

Extend the Microsoft Office Experience
•
•
•
...

Open and save files directly from Word, Excel, and PowerPoint
Synchronize contact, task, and event lists with Outlook
No need to learn a new program
Learn more

TechCrunch, ZDNet, and more
NYC launch event coverage

*NO PURCHASE NECESSARY. Open to
legal residents of the 50 United States
(and District of Columbia), 18 years or
older. Sweepstakes end at 11:59 P.M.
Eastern Time on May 11, 2008. Official
rules. Find out how to opt out. Winners will
be notified via e-mail and have 3 days to
claim daily and overall prize period prizes.

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 18

Online File Storage: Windows Live SkyDrive
What is the Windows Live SkyDrive Service?
Windows Live SkyDrive provides password-protected online file storage for yourself, to share with others or
share with the world. Learn more at http://skydrive.live.com.

SkyDriv~

:

Ev~nls

,Windows Live'SkyDrive

P... wor~·pro\Kl~ onli""

lil~

.torogo. Alwoy.

ovoilobl~

w".r. you

"".~

it.

Store files for vourself

Share files with friellds

Share files with the world

lJsln.g multipl~ a>mputo",> No probl~m.
Store ond oceo •• your POroo",,1 filo.
Irom OnVW"OrO onllOO.

SMrin.g 'Vlt" Iri~nd •• a>-work~",. or
lomily '" ... y .. ~n you oil odd ond
upodoto Iii .. in 0 'MrO~ lol~~r.

Som~ <doo. oro too good to k~~p to
you ... ~. S"",'" t~m in 0 public lold.r
t"ot only you can upodoto.

Get started

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 19

Gaming: XBOX LIVE®
What is the Service?
Xbox LIVE is the premier online gaming and entertainment service that enables customers to connect
their Xbox® to the Internet and play games online. The Xbox LIVE service is available on both original
Xbox and new Xbox 360® consoles.
Original Xbox




Accounts restricted to ages 13 and up
Credit card required
Data collected: Date of birth, name, e-mail address, physical address, telephone, credit card
number, type of credit card, credit card expiration date

Xbox 360 – User under 13



Credit card required
Data collected: Date of birth, name, e-mail address, physical address, telephone, credit card
number, type of credit card, credit card expiration date, Microsoft Passport

Xbox 360 – User 13 and up – No credit card requirement (but can be used)



Data collected without credit card: Date of birth, name, e-mail address, physical address,
telephone, Microsoft Passport
Data collected with credit card: Date of birth, name, e-mail address, physical address,
telephone, credit card number, type of credit card, credit card expiration date, Microsoft
Passport

Note: General subscriber information is unverified. Detailed credit card verification has been
implemented.

What records are retained and for how long?
Both registration and IP connection history records are retained for the life of the gamertag account. Because
the volume of IP connection history records may be large, when possible please ask for the specific date range
of records you are specifically interested in receiving. A full listing of retained records is below:





Gamertag
Credit card number
Phone number
First/last name with zip code
Microsoft Confidential For Law Enforcement Use Only

Microsoft Confidential For Law Enforcement Use Only

Page 20






Serial number but only if box has been registered online. “Console ID” is better.
Service request number from Xbox Hotline (e.g. SR 103xx-xx-xx)
E-mail account (e.g. @msn.com, @hotmail.com or any other Windows Live ID account name)
IP history for the lifetime of the gamertag (only one gamertag at a time)

If your investigation involves a stolen Xbox console, if the console serial number or Xbox LIVE user gamertag is
provided and the console has been connected to the Internet, IP connection records may be available.

Sample Xbox LIVE Account Results

n.. rep<Hl coni"",. u.agelhrough s.lurday, F ~ 10. 2007
Sian Tlme UTe

{nd Trmo UTe

10J291200S 08 59 PM
10J2912005 0901 PM
10I29l2OO5 10 39 PM
10I29l2OO5 10 41 PM
10I29l2OO5 10 43 PM
10J291200S 10 4S PM
1013012005 0\ 301 AM
1013112005 03 36 AM
1013112005 12-33 PM
1013112005 09 2S PM
11/112005 1230 AM
11/112005 0\ 10 AM

Gemor Te

Tltla Name

IP

10J2912005 0900 PM
1l1J2912OO5 10 39 PM
10J2912005 10 40 PM
10I29l2OO5 10 43 PM
10J2912005 10 44 PM
10J291200S 10 56 P'J:!
10J3012005 05 02 AM
1013112005 04 08 AM
1013112005 1236 PM
1013112005 10 10 PM
11/112005 01 01 AM
11/112005 0\ 10 AM

Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 21

Legal Process
Legal Process Required for
Customer Account Information and Content
The Electronic Communications Privacy Act (ECPA) (18 U.S.C. §§ 2701-2712) sets forth the appropriate legal
process required to compel Microsoft’s Online Services Records Custodians to disclose customer records and
contents:
Information that may be disclosed with a subpoena. Basic subscriber information includes name,
address, length of service (start date), screen names, other email accounts, IP address/IP logs/Usage
logs, billing information, content (other than e-mail, such as in Windows Live Spaces and MSN Groups)
and e-mail content more than 180 days old as long as the governmental entity follows the customer
notification provisions in ECPA (see 18 U.S.C. §§ 2703(b), 2705.)
Court orders are required for the rest of the customer’s profile (18 U.S.C. § 2703(d)). A court order
issued pursuant to 2702(d) will compel disclosure of all of the basic subscriber information available
under a subpoena plus the e-mail address book, Messenger contact lists, the rest of a customer’s
profile not already listed above, internet usage logs (e.g. WEBTV or MSN Internet Access), and e-mail
header information (to/from) excluding subject line.
Search warrants are required for contents. A search warrant will compel disclosure of all information
available with a court order issued pursuant to 2703(d) (as listed above), plus all contents (if prior
notice is not provided or an order for delayed notice is not obtained), and is the only means to compel
the disclosure of e-mails, including subject line, in electronic storage 180 days or less**.
**A Note About Opened E-mail Content less than 181 days: Under ECPA, e-mail in electronic
storage for 180 days or less may be disclosed pursuant to a search warrant. While some have
interpreted “in electronic storage” to refer only to unopened mail, a Ninth Circuit decision in
Theofel et al v. Farey-Jones and Kwansy, 341 F.3d 978 (9th Cir. 2003) held that opened e-mails on
ISP servers are also in “electronic storage.” Therefore, as Microsoft receives and processes legal
process for its online services in the Ninth Circuit, Microsoft discloses both opened and
unopened e-mail in electronic storage for 181 days or less only upon pursuant to a search
warrant.
Preservation Requests 18 U.S.C. § 2703(f): Upon the request of a governmental entity, Microsoft shall preserve
all information, including IP logs and contents for a period of 90 days from the date of the preservation. A
preservation creates a snapshot of the information in or about the account at a particular point in time, but there
is no update of the information throughout the preservation period. Per Microsoft policy, preservations may be
extended up to two (2) times. Each extension shall be for a period of 90 days from the expiration of the current
preservation, resulting in a maximum of 270 days on a given preservation. An extension does not create a new
snapshot, but merely preserves the information for the additional period.
Microsoft Confidential For Law Enforcement Use Only
Microsoft Confidential For Law Enforcement Use Only

Page 22

 

 

CLN Subscribe Now Ad 450x600
PLN Subscribe Now Ad 450x450
The Habeas Citebook Ineffective Counsel Side