Cryptome.org has added more materials to its site on the policies and manuals for law enforcement agents seeking customer or subscriber data. Last week, it posted guides for Cox, SBC-Ameritech, Cingular, Cricket, Nextel, GTE, and PacTel. Newly added to the collection of compliance guides are:
- Sprint’s Corporate Security Electronic Surveillance Manual (.zip), dated November 2002, and marked “For LEA use only;”
- Sprint CALEA Delivery System (pdf), dated June 2002;
- Verizon Law Enforcement Legal Compliance Guide, dated October 2002;
- VoiceStream Law Enforcement Guide (.zip), dated December 2000 and marked “NOTICE: The information contained in this reference guide is of a sensitive nature. Distribution is restricted to bona-fide law enforcement personnel strictly in support of their official duties.”
- AT&T’s Subpoena Response Cover Sheet; and
- AT&T: a subpoena involving the records production of a named individual
As of the time of this publication, the Yahoo! compliance guide, which led to a DMCA takedown demand (pdf) from Yahoo!, remains on the site, with a separate page now devoted to the correspondence between Yahoo! and Cryptome over the guide’s publication on the site. It seems that Yahoo! is the only organization taking a copyright infringement approach, at least so far, to getting the material removed. Of course, anyone that knows anything about Cryptome’s history would have predicted that their threat would be both posted and useless in the short-term. Whether they created a Streisand Effect by the DCMA notice is unclear, but their litigious approach may help explain why Wikileaks has now mirrored the compliance guide in a number of countries. As of the time of this posting, Wikileaks does not seem to have uploaded the other carriers’ guides that are on Cryptome (at least, not yet), but they have posted MySpace.com’s Law Enforcement Investigators Guide dated 23 Jun 2006.
I suspect that this has not been a good week for the legal and security departments of all of the companies who may have no clue as to how their sensitive documents leaked to the public. Not only have their price lists and detailed explanations of what data they store become publicly available, but their restricted non-public phone numbers have also been exposed. I contacted Sprint to request a statement or comment, but as of the time of this posting, have not yet heard back from them.