Microsoft plays big bad wolf. And then blows down its own house
Microsoft watchers will have watched in horror (or perhaps delight) this week as Microsoft did something monumentally ill-advised. It phoned its corporate lawyers, who phoned domain hoster Network Solutions, who took down the small but well-known...
Taking down websites is unusual enough, and Microsoft doing it is even more unprecedented, but it turned out that Cryptome had published an internal guide, the Global Criminal Compliance Handbook, normally handed out to law enforcement to tell them what sort of data Microsoft gathers and keeps on its users. The document was supposed to be a SECRET.
By the time Cryptome had disappeared on Wednesday, a clutch of other sites had taken up the cause, hosting the 22-page PDF on their domains, leaving Microsoft looking rather silly to put it in polite terms.
The history of information ‘take-down’ has a clear message for anyone reaching for the rolodex to contact their legal team. You will fail. Of course, the lawyers probably won’t tell you that.
A famous case was the painful 1985 battle by the government of UK Prime Minister Margaret Thatcher to stop the publication by former MI5 agent Peter Wright of his memoirs, Spycatcher. The book concerned the hunt for a mole in the spy service, something no Cold war era government was comfortable having made public.
The problem was that Wright published the book in Australia, where no such worry existed, and then in Scotland, which operates a different legal system to that of England not covered by the official gagging order. Surely anyone motivated enough could find out what was in the book by having it sent over the border? The government lost its battle, eventually.
The hard truth is that once a document such as this is on the Internet, it’s out there, and it’s too late to get annoyed or to wonder whether a corporate policy has been breached, or to entertain the naive fantasy that it can be stopped. Now such battles take place in hours or days rather than months and years as with Spycatcher.
More people have probably now read the Microsoft Criminal Compliance Handbook than ever would have had the company not been heavy-handed in the first place. And does the guide tell us much that’s new or interesting? Arguably, it tells us little that couldn’t have been worked out anyway.
What we have had underlined is something subtle and important about the policy of large organisations and ‘possibly sensitive’ documents.
The default approach appears to be to assume that anything in the slightest way embarrassing, overbearing, or just mildly creepy in a company’s behaviour should automatically be kept secret. On the contrary, companies should set out to make everything public unless specific criteria are breached. The guaranteed way to make something look embarrassing or creepy is to turn it into a company secret.
Openness is the best way to defuse paranoia, as Machiavelli would not have said, but then again he would have been horrified at the concept of the Internet. To extend Bacon’s dictum, Knowledge is power but only if few have access to it.