Guide to Microsoft Police Forensic Services

The “Microsoft Online Services Global Criminal Compliance Handbook (U.S. Domestic Version)” (also can be found here, here, and here) outlines exactly what Microsoft will do upon police request. Here’s a good summary of what’s in it:

The Global Criminal Compliance Handbook is a quasi-comprehensive explanatory document meant for law enforcement officials seeking access to Microsoft’s stored user information. It also provides sample language for subpoenas and diagrams on how to understand server logs.

I call it “quasi-comprehensive” because, at a mere 22 pages, it doesn’t explore the nitty-gritty of Microsoft’s systems; it’s more like a data-hunting guide for dummies.

When it was first leaked, Microsoft tried to scrub it from the Internet. But they quickly realized that it was futile and relented.

Lots more information.

Posted on March 9, 2010 at 6:59 AM11 Comments


Markus March 9, 2010 7:56 AM

I’d like to see such a document from each ISP or online service provider. Essentially for transparency sake.

Clive Robinson March 9, 2010 8:12 AM

Is it me (and it might be 😉 but the document reads like a “how to find your suspect guilty” document.

That is it is unbalanced in a way that would be unacceptable in an “expert witness” in court.

When I first read it I was not surprised MS wanted to surpress it…

Adam March 9, 2010 9:22 AM

ah yes, “Expert witness” who is that exactly again?

I’ve been involved in a few legal discoveries mostly business contract related, but one fbi related.

There is no standard, no process, no clear line of responsibility.

I was personally involved in a MS HR adventure that led to my own release(really a long ago and silly story) from MS. The end all of it is the electronic information is gathered to match whatever the gatherer is looking for and very little to no information is needed to take action.

Clive Robinson March 9, 2010 10:07 AM

@ Adam,

An “expert witness” is in theory (in the UK) one who is alowed to give “opinion” which is technicaly hearsay and would not normally be alowed in a criminal case (civil/tort law is unto it’s self these days).

In return they are supposed to “represent the court” (not either side) and bring impartial clarity to the court.

However “he who pays the piper” etc., etc.

I gather in the US the current little legal earner is electronic discovery, which whilst enriching the legal fraternity (especialy the judges) usually achives little of consiquence relating to the actual case. But can bankrupt one side or the other hence it’s used as a “Goliath attack”.

BF Skinner March 9, 2010 10:47 AM

@Adam “There is no standard, no process, no clear line of responsibility”

Well sure. We’re still making it up as we go along and each company starts over again when it first comes up. Add to that that the law is inherently messy, uses natural language, and defines variables like “reasonable person” as a standard.

@Clive “technicaly hearsay”
Oh. I thought at first you said ‘technical hearsay’. Kinda like the sound of that.

While MS has relented and was restored by thier ISP from MS takedown order. Paypal has frozen thier account with what ever money they have on the pipe.

wiredog March 9, 2010 11:12 AM

Really, is anyone surprised by the data that they can gather? Heck, the users give the data to them, and all of it is data that would be gathered by any provider of similar services. I’m sure Google keeps the same sort of data, and Apple, and Sony (with regards to consoles) and etc.

If a law enforcement agency has the appropriate subpoena or warrant, then MS has a choice to either “provide a way for law enforcement to collect it, in such a way that protects every other user of the service from undue scrutiny or “let law enforcement walk in, take the servers, and screw everyone”

And if you think that law enforcement agents won’t do the latter if you refuse to give them the former, then I’ve got a bridge to sell you. Great view of Brooklyn.

BF Skinner March 9, 2010 1:21 PM


Informed consent should mean more than “we put a link on our webpage and if people don’t read or understand what they read that’s not our problem. We’ve met our due diligiance obligation.”

And of course there are the times when companies withhold info (anyone drive a prius?) that is necessary for making an informed decision.

Adam March 9, 2010 1:25 PM

@BF Skinner 100% agree

I afraid the real problem is everyday people not understanding technology.

The average person would protest in the streets the widespread searching of houses, but the widespread searching of private emailboxes doesn’t even raise their blood pressure.

I bet with the security focus of this website all the comments are being recorded by someone/agency if not 10.

AA Aaronson March 9, 2010 9:14 PM

I think I at first mis-read that the title as
being a a book to show Global Criminals
how they might comply with,
or at the very least evade,
the long arm of John Law.
But Microsoft would never do that, would they?
Tut-tut, of course not.

Mat March 10, 2010 10:04 AM


The Daubert Standard in the US provides a standard that expert witnesses must comply with for their testimony to be accepted by the court. I’ve seen a few expert witnesses not cut the mustard as far as the Daubert standards are concerned. The good thing about an unsound expert is that given a competent attorney, it’s really easy to make them look stupid.

That being said, it’s important to note that in the discovery process of litigation (in the US, at least), subpoenas tend to be VERY broad. Phrases like “Any and all documents related to xyz” are fairly common. I imagine this document and service is used to expedite the (frequent) discovery requests that MS receives. I can’t imagine the information used is any different than the information that might be provided without such a service.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.