Microsoft Criminal Compliance Handbook 2008
Download original document:
Document text
Document text
This text is machine-read, and may contain errors. Check the original document to verify accuracy.
Microsoft Online Services ® Global Criminal Compliance Handbook U.S. Domestic Version March 2008 2007-2008© Copyright Microsoft Corporation. All rights reserved. Microsoft, MSN, Hotmail, Xbox and Xbox 360 are trademarks of the Microsoft group of companies. No part of this handout may be reproduced or transmitted in any form or by any means, electronic or mechanical, without the written permission of Microsoft Corporation. Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 2 MICROSOFT ONLINE SERVICES Law Enforcement Hotline: (425) 722-1299 Where to Serve Legal Process in Criminal Matters Windows Live TM,, Windows Live ID (Passport), MSN®, Xbox & Other Online Services: FAX: (425) 708-0096 Microsoft Corporation Attn: Online Services Custodian of Records One Microsoft Way Redmond, WA 98052-6399 EMERGENCY REQUESTS Microsoft Online Services will respond to emergency requests outside of normal business hours if the emergency involves “the danger of death or physical injury to any person…” as permitted in 18 U.S.C. § 2702(b)(8) and (c)(4). Emergencies are limited to situations like kidnapping, murder threats, bomb threats, terrorism threats, etc. If you have an emergency request, please call the law enforcement hotline at (425) 722-1299. NON-U.S. LAW ENFORCEMENT Microsoft has established local contacts within your country or region to handle legal process related to Microsoft Online Services. If you are not already familiar with your local contact, please e-mail the Global Criminal Compliance team at globalcc@microsoft.com, and you will be directed to the local contact handling requests from your country. All legal process for criminal matters from non-U.S. law enforcement, prosecutors and courts must be directed to Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 and not to Microsoft’s local subsidiary as all Microsoft Online Services customer data is stored in the U.S. Your local contact will be able to educate you as to what local process must be followed in order to obtain online services customer account records from Microsoft. Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 3 What are Microsoft Online Services? E-mail Services Authentication Service: Windows Live ID Instant Messaging: Windows Live Messenger Social Networking Services: Windows Live Spaces & MSN Groups Custom Domains: Windows Live Admin Center & Office Live Small Business Online File Storage: Office Live Workspace & Windows Live SkyDrive Gaming: Xbox Live Wi ndows Live~ ~. Windows Live 10 msn. • 'b.~ ··ve Messenger • • .~'. Windows Live Hotmail ~. msn.. .~ Groups .. ;e4. Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 4 E-mail Services What are the Various E-mail Services Microsoft Provides? Several different domains: @hotmail.com @msn.com @live.com Microsoft also provides some country specific domains such as .co.uk, .fr, .it, .de, .es, .th, .tk, .co.jp Currently all e-mail service customer data is stored in the U.S. even if the account name contains a country specific domain. E-mail accounts may be either free or associated with a paid service Accounts that start out as paid accounts may later become free ~OR~ accounts that start out as free may later be associated with a paid service. Therefore, the records available in response to law enforcement requests will vary depending on the type of e-mail service. Below are several examples of the paid e-mail services Microsoft offers: Windows live-Hotmail It'. M,." 1M .......". oexo·........, _ .......... .........., ,.~_p _.. ,~~'..... 1 .. , f~ ..... ~ ...._ " .. "'~"._ In , _ ~ . . .........................hkh G..... ....h' , .. vo.' ,........... ........... ' .... H ....." ..... ........... " ... H ......" ................ ..-.., ...... _-""'.. _ .... Slg.9~/'. ,,~ _,.-..- _do_,...-,.... • 0 . - "'" ,. . ....-. • 0.-_ •• 0.. """'.,W-w. ,..... "" _ ... . " 'M , w,_. .-.--,_.". ........... H.'...". p'." .,., , """". .,., .... ".~ ·"""_'OP""'M. {Sw_,...........-. ....... ~-, - w,........""" H ......" .......... ' .... H ....." ..... Ol ........_ Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 5 msn. . Premium $9.95 monthly Advanced e-mail, PC-wide protection, and more Two rnorths free! Plan Oetaiis Overview Features System Requirements FAQ Protect (Click for quick demo ) Help safeguard your system with Virus Guard and Firewall Guard powered by McAfee® Security. Get powerful parental controls to help keep kids safe online. Organize Stay on top of your to-do list by creating tasks for yourself or others. Share your calendar to stay in sync with friends or family. Create Design special stationery with fonts, colors and custom signatures to make your e-mail unique. Share Share a single photo or an entire slide show right inside your e-mail with cool photo sharing and editing tools. What E-mail Services Records are Retained and for How Long? E-mail account registration records are retained for the life of the account. Internet Protocol (“IP”) connection history records are retained for 60 days. How Do I Read E-Mail Account Results? Sample E-mail Account Registration Records: Mi~i aI ereated2/24/20061:08:44PH I. criminal-compliance-lraining@holmail.com Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 6 Microsott~1 . I criminal-comptiance-training@hotmail.com ....-.. 1/14/]fNN> I:U8:4J PH v FitW c· L.c"l'l Fi'1t.I~ i..ut .• -·t ~tlt4 • ~. ~.3 -; All registration data is provided by the user EXCEPT for the Registered from IP Address. Occasionally the “Registered from IP Address” field may blank for some accounts. In this situation the user’s IP address was not captured by Microsoft’s systems during the registration process. Microsoft retains e-mail account registration records for the life of the account. For free MSN Hotmail and free Windows Live Hotmail accounts, the e-mail content is typically deleted after 60 days of inactivity. Then if the user does not reactivate their account, the free MSN Hotmail and free Windows Live Hotmail account will become inactive after a period of time. Sample E-mail Account IP Connection Records: Microsott~ ,, criminal-compliance-training@hotmail.com I ~.. I 2/24/2006 1:08:43 PM 0 Menu Cover Letter IP Date {Pacific} Pass/Fail 64.4.1.11 2/22}2006 9:36:14 AM (PST) PilS; User Info 64.4.1.11 2/22/20069:37:21 AM (PST) pus History Info 64.4.1.11 212'2/2006 2: 13:41 PM (PST) pa3S Folders 64.4.1.11 2/22/20062:13:57 PM (PST) palOs 64.4.1.11 2/22/20062:14:18 PM (PST) piSS!!: 216.33.243,217 2/22/20062:17:48 PM (PST) pas!: Email Other Info 64.4.1.11 2/22/2006 2:~O:26 PM (PST) pas: Home 64.4.1.11 2/23/2006 8:21:~7 AM (PST) pass 64.4.1.11 2123/20068:2'2:49 AM (PST) pass 64.4. l. 11 2123/20068:23:00 AM (PST) pass 64.4.1.11 2/23/20068,23,42 AM (PST) pass: 64.4.1.10 2/23/200612:42:43 PM (PST) paiS 64.4.1.10 2]23/200612:43:56 PM (PST) piln 64.4.1.10 2/24/2006 1 :00:54 PM (PST) pOliS 64.4.1.10 2/24/20061:01:23 PM (PST) pas>;: 64.4.1.10 2/24/20061:05:34 PM (PST) pa!is a Print 64.4.1.10 2/24/2006 1 :06:46 PM (PST) pas: 64.4.1.10 2}24/2006 1:07:02 PM (PST) pass - Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 7 Occasionally the “Pass/Fail” column will include an entry entitled “mymsn”. When this indication is present, it means the user logged in from the www.msn.com homepage. Stored E-mail Records for MSN Premium Customers: Mail - Inbox O%~ 5I:e<_ Microsoft‘s systems only store the e-mails a user has elected to maintain in the account. Therefore, the only e-mails provided in response to legal process seeking stored e-mail content will be the e-mails stored in the “Folders on MSN” section of a user’s account. Be aware that users may also store e-mail content on their computer’s hard drive. Microsoft will not be able to disclose e-mail content stored on a user’s computer – only e-mail content stored on Microsoft’s e-mail servers. @ FoId~ .. on MSM Inbox (48) t:a5ert Me,,_, Trash Con t:a-'.rJkE-M.>iI (1) @ FoId~ .. on your comput~r 6;5I:e<od Me,,_, ~Droft, ~CVbox ~5ert Me,,_, ~Trash Con Additional Tips: Within the available IP records, an entry could exist that belongs to Microsoft services due to internal configurations. ‘Registered From IP’ addresses or other IP addresses in the IP history that are in the blocks of 65.54.xx.xx (MSN Hotmail) or 207.68.174.xx, 207.46.237.xx, 65.54.198,xx, 64.4.55.xx (MSN Mobile) are from Microsoft-owned servers, but they do not provide any further information which relates to the user. If there is an entry of 1.1.1.1 or 2.2.2.2 in the ‘History Info’ the entry is a Microsoft system generated line item. The 1.1.1.1 and 2.2.2.2 entries are not generated by user activity. Specific questions can be directed to the Global Criminal Compliance Team. FREE E-MAIL ACCOUNT AGE OUT TIMELINE Account Creation User must sign in within the first 10 days to keep account active Account will become inactive after 30 days of inactivity. No email content is deleted but the account will not receive e-mail. If account owner does not sign in after 120 days of inactivity, all email is deleted and the account becomes a Windows Live ID only account. If the associated WLID is not used for 365 days from the first day of the 120 day inactivity period, then the associated WLID is deleted. After 365 days of inactivity, the account name is recycled and is available for creation by another customer. Users may self delete an account at any point along this process. The 30 day inactivity period is canceled if someone tries to create the same account name ~or~ attempts to access it. Between 120 and 365 days, users can recreate an e-mail mailbox. Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 8 Authentication Service: Windows Live ID What is the Service? The Windows Live ID authentication service, formerly known as “Passport”, helps simplify your sign in: Create your sign in credentials – e-mail and password – once, and then use them everywhere on the Windows Live Network. There are three different ways you may obtain a Windows Live ID: Use a @live, @hotmail or @msn e-mail account Easy ID: Use an e-mail address you already have – @other_email_provider.com. You can use any existing e-mail address from any e-mail provider when you create your credentials for Windows Live ID. Then you can use those credentials to sign in to any Windows Live ID site. Sign up for a limited account – @passport.com Create credentials only – Log on using e-mail address and password only. Account cannot send or receive e-mail. Windows Live ID / Passport accounts: Works with MSN, Office Live, and Microsoft Passport sites Have an MSN Hotmail, MSN Messenger, or Passport account? It's your Windows Live ID. r: SIgn In Windows Internet hplorer ~ ~ ItJhl:t<»:/i\;?1,lvo"orfII . J""""'.. '" ~ ISSig1 ~ + CJ In Sign in !- .... h<ldl"• .,.: I Pnoword: I FQ,oQl yow' RIII$,d' o So"" my o-rnllll &ddr= ...... po,,,,,,,,,,d o sa"" my.-rnIIIl &ddr= o """'.yo"", lot my.-rnIIIl &ddr= ...... _ d SiqJ .... To .ign in to th~ wob<ito wh~r~ you clickod th~ Ac< brow..,r, aM then si~n in on the previous page. Related IInh Sign up lor an account Loom moro .bout priv.cy .nd «curity Get .n'wers lrom Cu,tomer SUPPOr1 n U!1k1g 'l«1d«d !IeI1lj\): :) Wondowt L~ ID "'1<0 ~,th', ,t .-.lo.... ~, MSN, ...... _ _ tt P _ t ~tos s.c·.. "•• Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 9 What Windows Live ID (Passport) Records are Retained and for How Long? Microsoft retains the following: Windows Live ID retains registration records as long as the account exists in our systems. All registration data is provided by the user. The last 10 Microsoft site and IP connection record combinations (not the last 10, consecutive IP connection records.) How Do I Read Windows Live ID (Passport) Account Results? Sample Sign-in Summary Last Modified Entry Created Action 2006/11/30 10:22:35 2006/08/12 10:24:42 Login Success 2006/11/30 10:22:35 2006/11/06 10:12:55 Site/IP/Time History 2006/11/02 17:50:38 2006/08/12 10:24:42 2006/11/02 17:50:38 Value Site Name Site IP Address ID 0 192.192.240.192 Hotmail|192.192.240.192|Nov 30 2006 10:22AM; Hotmail|192.226.141.89|Nov 29 2006 8:16PM; Hotmail|192.140.179.82|Nov 28 2006 8:22AM; Hotmail|192.192.150.140|Nov 24 2006 4:57PM; Hotmail|192.192.140.151|Nov 24 2006 3:40PM; Hotmail|192.192.132.144|Nov 18 2006 12:57PM; Hotmail|192.71.148.10|Nov 18 2006 9:19AM; Hotmail|192.192.156.23|Nov 17 2006 3:56PM; Hotmail|192.226.137.230|Nov 16 2006 4:22PM; Hotmail|192.214.138.210|Nov 16 2006 1:37PM; 0 192.192.240.192 IP Address History 192.209.154.235;192.212.1.52;62.20.2.45;192.209.154.6 6;192.192.45.86; 0 192.209.154.235 2006/08/12 10:24:42 Date/Time History 02 Nov 2006 17:50:38:770;01 Nov 2006 06:06:00:310;30 Oct 2006 14:24:45:397;27 Oct 2006 10:30:21:143;25 Oct 2006 19:36:14:570; 0 192.209.154.235 2006/09/28 17:02:08 2006/08/12 10:24:42 Current State (login succeeded) 0 192.192.45.86 2006/09/28 17:02:08 2006/08/12 10:25:39 Login Failure 0 0 192.192.45.86 2006/08/12 10:24:42 2006/08/12 10:24:42 Create Credential 2 192.192.45.86 2 192.192.45.86 1 JMDCE6AM Hotmail Create Credential Row 2006/08/12 10:24:42 2006/08/12 10:24:42 Create Credential The time when the account was created 1 JMDCE6AM Ignore this value Microsoft Confidential For Law Hotmail The Microsoft site where the account E nwas f ocreated rceme The IP address from where the account was created nt Use Only Microsoft Confidential For Law Enforcement Use Only Page 10 Login Failure Row 2006/09/28 17:02:08 2006/08/12 10:25:39 Login Failure 0 The last time the user failed to login. (If the current state is “Login Failed” ignore this value.) 0 192.192.45.86 The IP address from where the user tried to login but failed The number of times the user has failed to login. This value is reset to zero once the user is successful in logging in. Login Successful Row 2006/11/30 10:22:35 2006/08/12 10:24:42 The last time the user successfully logged in. (If the current state is “Login Failed” else ignore this value.) Login Success 0 192.192.240.192 The IP address from where the user last logged in The first time ever the user successfully logged in typically the same as the creation date. Current State Row 2006/09/28 17:02:08 2006/08/12 10:24:42 Current State (login succeeded) The timestamp of the last login attempt 0 192.192.45.86 Please ignore this IP Address. Refer to IP address in “Failure Row” or “Success Row”. Site IP/Time/History Row 2006/11/30 10:22:35 2006/11/06 10:12:55 The last time the user successfully logged in Site/IP/Time History Hotmail|192.192.240.192|Nov 30 2006 10:22AM; Hotmail|192.226.141.89|Nov 29 2006 8:16PM; Hotmail|192.140.179.82|Nov 28 2006 8:22AM; Hotmail|192.192.150.140|Nov 24 2006 4:57PM; Hotmail|192.192.140.151|Nov 24 2006 3:40PM; Hotmail|192.192.132.144|Nov 18 2006 12:57PM; Hotmail|192.71.148.10|Nov 18 2006 9:19AM; Hotmail|192.192.156.23|Nov 17 2006 3:56PM; Hotmail|192.226.137.230|Nov 16 2006 4:22PM; Hotmail|192.214.138.210|Nov 16 2006 1:37PM; Shows the FIRST time of the LAST day’s successful logins to a new Microsoft site or from a new client machine. 0 192.192.240.192 Please ignore this IP Address. Refer to IP address in “Failure Row” or “Success Row”. Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 11 Additional Tips: 1. 2. 3. 4. 5. 6. 7. In Create credential Row In the Current State Row a. The IP address DOES NOT denote the IP address of the machine of the last attempt. If the last login was a failure, then the IP address is present in the “IP address” column of the Login Failure Row while if it was success then the IP address is present in Site/IP/Time history row. b. If the state is “Login failed”, then refer the “Last Modified” timestamp in the “Login Failure Row” to find the last time the user tried to login and failed. If the state is “Login Successful”, then refer to the “Last Modified” timestamp in the “Login Success Row” to find the last time the user signed in successfully. In Login Failure Row a. The value (number of failure tries) is cleared once the user is able to successfully login. Hence, if a user failed to login on several tries, but eventually logs in successfully, there is no record of the previous failures. In Site IP/Time/History Row a. The Site IP/Time/History table is not updated if the user logs in again from the SAME IP address to the SAME Microsoft site. It only shows the FIRST login of the LAST day for the user, from the same IP and to the same machine. b. There are many cases where end user IP address is hidden by ISP proxy server. SIS shows the IP address of ISP proxy server, instead of real end user IP address. So for the individual user information you can approach the ISP. c. The table is limited to only the last 10 MS SITE and IP combinations. Sign-In Summary records are restricted to initial authentication so subsequent authentication to other Microsoft sites are not logged. All times are UTC and the time-stamps come from Windows Live ID (Passport) servers and not the user’s computer. Ignore rows “IP Address History” and “Date/Time History”. These are present for some older accounts and have now been replaced by “Site IP/Time/History” row. III One way to understand the table is to draw the timeline and plot the individual events in it. It gives a quick view of the activities in that account. Here is the timeline for the Sign-In Summary Table provided above: 8/12/2006 Account created in Hotmail 9/28/2006 Last failure attempt 9/1/2006 10/1/2006 11/30/2006 Last Successful login 11/1/2006 8/12/2006 8/12/2006 Login failed for the first time 11/30/2006 11/16/2006 - 11/30/2006 Last 10 entries in Hotmail Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 12 Instant Messaging: Windows Live Messenger What is the Service? Windows Live Messenger is the “Next generation of MSN Messenger” Free service Customers use Windows Live ID / Passport account to sign-in Microsoft retains: Windows Live ID / Passport account registration data Some Windows Live ID / Passport account IP connection records Windows Live Messenger program is downloaded onto client Microsoft servers authenticate users, but Microsoft does not log the content of communications between users Windows Live Messenger customers talk to Yahoo! contacts If a Windows Live Messenger customer adds a Yahoo! contact to his or her contact list, Microsoft will have the name of the Yahoo! contact. What records are retained and for how long? Since the Windows Live ID service is used to authenticate Windows Live Messenger or MSN Messenger users, Windows Live ID records are retained. Please refer to the “Authentication Services: Windows Live ID” section above. Please note that Microsoft needs a full account name with domain (@hotmail.com, @msn.com or @live.com) in order to identify a Windows Live ID (Passport) account. An account cannot be identified when only an alias or screen name has been provided. Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 13 Social Networking Services: Windows Live Spaces & MSN Groups What are the Services? Windows Live Spaces is a free service where users may create and customize their own blog, upload photos and network with other users (friends and friends of friends). MSN Groups are free websites that provide features such as message boards, chat rooms and photo albums. http://spaces.live.com http://groups.msn.com 0 ... · 0 _"'~~_""'_""'~~ _. ~ P_·.'_ M_ - _ _ ' __ ;;I_Ll ' O· _ @ 11 (,l ~ -1l- ' .... 11...-& y ,-......... _17_ -_._.- fJ-"_ e s· ... • • rz 11 rIl-. - _ _ · __ . o· ~_i.l_i_ _.- ---__.-_.- :::::---r- _ -_._._.-'- ,,'... -= = .- . Windows Live Spaces One owner Only the owner of the space can upload content Spaces can be public or private Space owner can invite you to a private space if you belong to his or her contact list and/or e-mail you the link to the space MSN Groups Has only one manager but manager may have assistant managers Anyone who is a member of the group can upload content Groups can be public or private Manager must e-mail link in invitation to a private group Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 14 What Records are Retained and for How Long? Windows Live Spaces: Only the owner of a Windows Live Space can upload content (e.g. images, documents, videos), and when they do so, the IP address and date and time is also captured. In addition, if someone posts a comment to the blog, Microsoft captures the text of the comments as well as the IP address, date and time of upload and the nickname. These transactional records are retained for 90 days. MSN Groups: When a manager or member of an MSN Group uploads content, Microsoft captures the IP address and date and time of content upload. These transactional records are retained for 60 days. Sample Language Windows Live Spaces: The Windows Live Spaces online service enables customers to reach out to others by publishing their thoughts, photos, and interests in an easy way. They can be as inclusive or exclusive as they want to be. They can set three levels of permissions to view their Space: 1) public – allows anyone on the Internet, 2)allows only the group of people from their Windows Live Messenger allow list, or 3) private – allows only each person specified individually from their MSN Address Book. Information that they publish in their Space is arranged in units called content modules. Content modules contain information and links to their items such as photos, music, blogs, and lists. However, when you are looking for information on a specific incident like a photo posting or blog posting, please request all content and logs for the Space. We cannot retrieve single incident data. When submitting legal process for information on Windows Live Spaces, please include the following item descriptions as needed (listed below in bold): For information requests on Spaces website content & logs: content including photos; photo albums; blogs; lists etc.; and IIS (website activity) logs: Any and all website information for the [Space requested] including content, photos, blogs, lists, and all IIS logs. For information requests on the creator (owner) of the Space: Any and all subscriber information for the creator of the [Space] including means and source of payment of any such paid subscription records associated with the owner’s e-mail account as well as associated IP history for the account. For information requests on other visitors of the Space (e.g. by nickname or email address): Any and all subscriber information for the visitor [visitor name] of the Space [Space name] including means and source of payment of any such paid account and associated IP logs for these accounts. Note: we have information only on visitors who posted comments posted to the Space. Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 15 MSN Groups: When submitting legal process for information on MSN Groups, please include the following items (in bold): For information requests on group website content/logs: content, including images; member lists; IIS (activity) logs: Any and all website information for the [group requested] including content, images, member lists, and all IIS logs. For information requests on the manager of the group: Any and all subscriber information for the manager of the group including means and source of payment of any such paid account and associated IP logs for these accounts. For information requests on other members of the group (e.g. by nickname or email address): Any and all subscriber information for the member [member name] of the group [group name] including means and source of payment of any such paid account and associated IP logs for these accounts. Please note that the following items cannot in any way be associated with MSN Groups: Telephone number(s) and Local and long distance telephonic connection records. In addition, when you are looking for information on a specific incident like a photo posting or message posting, please request all group content and logs. We cannot retrieve single incident data. Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 16 Custom Domains: Windows Live Admin Center What is the Windows Live Admin Center Service? The Windows Live Custom Domains is now Windows Live Admin Center, which includes Windows Live Custom Domains, Windows Live @edu, Windows Live @net and Windows Live Community Builder. You may learn more about all of these services at http://domains.live.com. Windows Live Custom Domains provides customers with their own domain name and, initially, up to 100 email accounts. For example, John Doe may create a custom domain www.johndoefamily2.com and may create e-mail addresses such as john@johndoefamily2.com, mary@johndoefamily2.com, etc. Windows Live@edu delivers student and alumni e-mail as well as communication and collaboration services. The e-mail accounts offer a 5 GB in box, university domain name, as well as other features and students may keep their e-mail after they graduate. Additional services may also be utilized by Windows Live@edu customers such as Office Live Workspace and Windows Live SkyDrive. Learn more about Windows Live@edu at http://get.liveatedu.com/Education/Connect. Law enforcement should know to send their criminal legal process to Microsoft if a domain name lookup indicates association with Microsoft. Windows live Admin Center Windows live Custom Domains is now Windows live ....dmin Center. We'ro ch.1Ir>gir>g I~ Mme 10 brlt., roll"d our le,luro.,r>d copabilili. ., bul don'l worry, Ihi. i• .till w~ro you I~ ",m" ~ro'lle'lur.. you did wilh Cu.lom [lom,i"". In I'd, we'ro inlroduar>g excilir>g now le,lures we Ihink you'll rnlly like. Th.1Ink you lor ur>de"'l1Ir>dir>g ,. we Ir.""ilion 10 our new ""me. ,=•• Exidin~ cudom" .... - You m.y not notice ,nylhir>g new beyor>d I~ Mm" ch.1Ir>ge. Thi. i• .tilll~ ",m" ~ro,1 ""Nice you've be"n u.ir>g. • ....11 u"",rs - We'ro exaled 10 inlroduce I~ .bility 10 cu.lomize Wir>dow. Live ""Nice. like Wir>dow. Live Holm,il wilh your own 10ll0. Now your dom,in u""'" will """ your org,nizolion·. 10110 every lim" I"",y check I"",ir Holm.il. Ju.1 ""Ioct I"", co-br.r>dir>g link in I~ I"tt Mvi~,lion 10 ~<l .11Irted. • N"w cudom" .... - Gd .11Irted below 10 ro~i.I" your dom,in,r>d cro,le cu.lomized Wir>dow. Live ,cc<>unls. • Le,," moro ,boul Wir>dow. Live prOll"m. for org,nizolio"". • Wir>dow. Live ~ edu -- Thi. prOll"m i••pec;licolly l1Iilorod lor I"", ne"d. 01 educolioMI in.tilulions. Le,," moro • Wir>dow. Live ~ net -- Thi. prOllr.m enable. network 00",,10'" 10 brir>g "",.Ied communicolion ""Nice. 10 I"",ir cu.lome",. Le,," moro (.ddilion.1 inlorm.lion i• • v.il.ble in Er>gli.h only) • Wir>dow. Live Community Build., -- Thi. prOll"m ~Ip. org,nizolions build,r>d .Iror>gl"",n I"",ir communili. . wilh Wir>d ow. Live ""Nice •. Le,," moro (.ddilion.1 inlorm.lion i•• v.il.bl" in Er>gli.h only) Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 17 Custom Domains: Office Live Small Business & Office Live Workspace What is the Office Live Service? Office Live Small Business provides customers with web sites, custom domain name and e-mail as well as ecommerce and other tools. Office Live Workspace provides storage and access to Microsoft Office documents as well as space to share documents and projects. Law enforcement should know to send their criminal legal process to Microsoft if a domain name lookup indicates association with Microsoft or “Office Live”. Learn more about Office Live at: http://officelive.com . ['I. M""""'r . • .Offlce Live Small Business Office Live Small Business • Already have a Microsoft Office Li",e account? Sign in Get Online Get Online Create your own professional Web site-for FREE Quick Links Microsoft Office Live Small Business makes it easy to create a professional-looking Web site for your business. Sign up and you11 have everything you need to get started - including free Web hosting, a custom domain name, e-mail accounts, ecommerce, and more. Resource Center Sign up and get a custom domain (.com, .net, .org) and up to 100 companybranded e-mail accounts-free for the first year. Frequently asked Questions Customer Stories Sign up for the newsletter Community lind blOl;Js Sign Up Free BU61noeS5 eta•• Internet. Fa.terthan DSL. Nowwith Web Site Create a professional online presence, including free Web hosting, easy-to-use design tools, site reports, and much more PowerBoost" lorelltra burs:t5 of speed when you need it. Custom Domain Name and E-Mail Have more impact with a custom domain and business e-mail accounts-free for the first year E-Commerce Home learn More Examples FAQ Community Microsoft Office Live Workspace An online extension of Microsoft Office r.==~~~~~~~==>] for S..i..g..n....U,,;p....F..r..e..e~ • [!",.. service and sweepstakes" Bot. Fund a college education. Start a business. Support a charity. Sign up for a workspace and a chance to win, and the choice could be yours. Learn more Watch the video Anywhere Access • • • ... Save 1000+ Microsoft Office documents in one place Access them from almost any computer with a Web browser No more flash drives or sending yourself documents via e-mail Learn more ... More examples Share with Others • • • ... Invite people to your workspace You control who can view, comment, and edit your documents Stop manually merging versions from multiple people Learn more Extend the Microsoft Office Experience • • • ... Open and save files directly from Word, Excel, and PowerPoint Synchronize contact, task, and event lists with Outlook No need to learn a new program Learn more TechCrunch, ZDNet, and more NYC launch event coverage *NO PURCHASE NECESSARY. Open to legal residents of the 50 United States (and District of Columbia), 18 years or older. Sweepstakes end at 11:59 P.M. Eastern Time on May 11, 2008. Official rules. Find out how to opt out. Winners will be notified via e-mail and have 3 days to claim daily and overall prize period prizes. Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 18 Online File Storage: Windows Live SkyDrive What is the Windows Live SkyDrive Service? Windows Live SkyDrive provides password-protected online file storage for yourself, to share with others or share with the world. Learn more at http://skydrive.live.com. SkyDriv~ : Ev~nls ,Windows Live'SkyDrive P... wor~·pro\Kl~ onli"" lil~ .torogo. Alwoy. ovoilobl~ w".r. you "".~ it. Store files for vourself Share files with friellds Share files with the world lJsln.g multipl~ a>mputo",> No probl~m. Store ond oceo •• your POroo",,1 filo. Irom OnVW"OrO onllOO. SMrin.g 'Vlt" Iri~nd •• a>-work~",. or lomily '" ... y .. ~n you oil odd ond upodoto Iii .. in 0 'MrO~ lol~~r. Som~ <doo. oro too good to k~~p to you ... ~. S"",'" t~m in 0 public lold.r t"ot only you can upodoto. Get started Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 19 Gaming: XBOX LIVE® What is the Service? Xbox LIVE is the premier online gaming and entertainment service that enables customers to connect their Xbox® to the Internet and play games online. The Xbox LIVE service is available on both original Xbox and new Xbox 360® consoles. Original Xbox Accounts restricted to ages 13 and up Credit card required Data collected: Date of birth, name, e-mail address, physical address, telephone, credit card number, type of credit card, credit card expiration date Xbox 360 – User under 13 Credit card required Data collected: Date of birth, name, e-mail address, physical address, telephone, credit card number, type of credit card, credit card expiration date, Microsoft Passport Xbox 360 – User 13 and up – No credit card requirement (but can be used) Data collected without credit card: Date of birth, name, e-mail address, physical address, telephone, Microsoft Passport Data collected with credit card: Date of birth, name, e-mail address, physical address, telephone, credit card number, type of credit card, credit card expiration date, Microsoft Passport Note: General subscriber information is unverified. Detailed credit card verification has been implemented. What records are retained and for how long? Both registration and IP connection history records are retained for the life of the gamertag account. Because the volume of IP connection history records may be large, when possible please ask for the specific date range of records you are specifically interested in receiving. A full listing of retained records is below: Gamertag Credit card number Phone number First/last name with zip code Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 20 Serial number but only if box has been registered online. “Console ID” is better. Service request number from Xbox Hotline (e.g. SR 103xx-xx-xx) E-mail account (e.g. @msn.com, @hotmail.com or any other Windows Live ID account name) IP history for the lifetime of the gamertag (only one gamertag at a time) If your investigation involves a stolen Xbox console, if the console serial number or Xbox LIVE user gamertag is provided and the console has been connected to the Internet, IP connection records may be available. Sample Xbox LIVE Account Results n.. rep<Hl coni"",. u.agelhrough s.lurday, F ~ 10. 2007 Sian Tlme UTe {nd Trmo UTe 10J291200S 08 59 PM 10J2912005 0901 PM 10I29l2OO5 10 39 PM 10I29l2OO5 10 41 PM 10I29l2OO5 10 43 PM 10J291200S 10 4S PM 1013012005 0\ 301 AM 1013112005 03 36 AM 1013112005 12-33 PM 1013112005 09 2S PM 11/112005 1230 AM 11/112005 0\ 10 AM Gemor Te Tltla Name IP 10J2912005 0900 PM 1l1J2912OO5 10 39 PM 10J2912005 10 40 PM 10I29l2OO5 10 43 PM 10J2912005 10 44 PM 10J291200S 10 56 P'J:! 10J3012005 05 02 AM 1013112005 04 08 AM 1013112005 1236 PM 1013112005 10 10 PM 11/112005 01 01 AM 11/112005 0\ 10 AM Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 21 Legal Process Legal Process Required for Customer Account Information and Content The Electronic Communications Privacy Act (ECPA) (18 U.S.C. §§ 2701-2712) sets forth the appropriate legal process required to compel Microsoft’s Online Services Records Custodians to disclose customer records and contents: Information that may be disclosed with a subpoena. Basic subscriber information includes name, address, length of service (start date), screen names, other email accounts, IP address/IP logs/Usage logs, billing information, content (other than e-mail, such as in Windows Live Spaces and MSN Groups) and e-mail content more than 180 days old as long as the governmental entity follows the customer notification provisions in ECPA (see 18 U.S.C. §§ 2703(b), 2705.) Court orders are required for the rest of the customer’s profile (18 U.S.C. § 2703(d)). A court order issued pursuant to 2702(d) will compel disclosure of all of the basic subscriber information available under a subpoena plus the e-mail address book, Messenger contact lists, the rest of a customer’s profile not already listed above, internet usage logs (e.g. WEBTV or MSN Internet Access), and e-mail header information (to/from) excluding subject line. Search warrants are required for contents. A search warrant will compel disclosure of all information available with a court order issued pursuant to 2703(d) (as listed above), plus all contents (if prior notice is not provided or an order for delayed notice is not obtained), and is the only means to compel the disclosure of e-mails, including subject line, in electronic storage 180 days or less**. **A Note About Opened E-mail Content less than 181 days: Under ECPA, e-mail in electronic storage for 180 days or less may be disclosed pursuant to a search warrant. While some have interpreted “in electronic storage” to refer only to unopened mail, a Ninth Circuit decision in Theofel et al v. Farey-Jones and Kwansy, 341 F.3d 978 (9th Cir. 2003) held that opened e-mails on ISP servers are also in “electronic storage.” Therefore, as Microsoft receives and processes legal process for its online services in the Ninth Circuit, Microsoft discloses both opened and unopened e-mail in electronic storage for 181 days or less only upon pursuant to a search warrant. Preservation Requests 18 U.S.C. § 2703(f): Upon the request of a governmental entity, Microsoft shall preserve all information, including IP logs and contents for a period of 90 days from the date of the preservation. A preservation creates a snapshot of the information in or about the account at a particular point in time, but there is no update of the information throughout the preservation period. Per Microsoft policy, preservations may be extended up to two (2) times. Each extension shall be for a period of 90 days from the expiration of the current preservation, resulting in a maximum of 270 days on a given preservation. An extension does not create a new snapshot, but merely preserves the information for the additional period. Microsoft Confidential For Law Enforcement Use Only Microsoft Confidential For Law Enforcement Use Only Page 22