 |
Legislation, Public Policy, and Enforcement
Enhancing Customers and Business Online Safety and Security
Published: February 15, 2005 | Updated: July 15, 2007
Collaborating with Industry and Law Enforcement
Microsoft Corporation actively pursues cybercriminals through vigorous civil enforcement in the United States and it works in partnership with law enforcement agencies worldwide to deter cybercrime and bring criminals to justice. Since 2003, Microsoft has supported more than 550 enforcement actions worldwide against spammers, phishers, and distributors of spyware and other malicious code. Microsoft has also engaged with the Federal Trade Commission and attorneys general in California, Florida, Massachusetts, Texas, and Washington State, to investigate and pursue cybercriminals.
Microsoft works to ensure that governments and law enforcement agencies receive the appropriate tools, necessary training, and extensive technical and investigative support to assist in their efforts to combat global cybercrime and work to make the Internet a safer place for everyone.
Training. Microsoft is deeply committed to assisting law enforcement with the identification, location, and prosecution of online fraudsters.
| • | Microsoft has worked with the attorneys general in Alabama, Colorado, Georgia, Kansas, Massachusetts, New Hampshire, South Carolina, and Utah State to provide comprehensive training about Internet investigations to law enforcement officials. |
| • | Microsoft hosted LE Tech 2006 (October 2006 in Redmond, Washington), a conference to introduce law enforcement officials to new Microsoft software and services that will affect cybercrime investigations over the next few years. |
Tools and technical support for investigations. Microsoft supports law enforcement agencies around the world with advanced investigative technology to address cyber threats.
| • | In France, Microsoft participates in Signal Spam a platform (created with public and private sector entities) through which Internet users can report suspected spam. Data that is collected through Signal Spam is shared with Internet service providers (ISPs) and French law enforcement authorities to assist in antispam investigations and prosecutions. In the first ten days after the program's launch, users reported nearly 300,000 instances of spam. |
| • | In August 2006, Microsoft launched the Law Enforcement Portal, a secure, centralized resource that provides law enforcement with access to Internet crime-related information as well as tools, training, and technical support to assist in investigations. |
Anti-phishing efforts. Microsoft is dedicated to stopping phishers and works in alliance with groups to implement anti-phishing measures worldwide.
| • | Microsoft is the founding member of Digital PhishNet (DPN), which fosters cooperation among industry and law enforcement agencies to share information, provide training, and educate consumers about phishing sites. Microsoft encourages worldwide participation in DPN by Internet service providers, online auctions, financial institutions, and law enforcement agencies. |
| • | Microsoft acts with the Anti-Phishing Working Group (APWG) and the Authentication and Online Trust Alliance (AOTA) to promote good public anti-phishing policies and best practices for enforcement of those policies. |
| • | In March 2006, Microsoft launched the Global Phishing Enforcement Initiative (GPEI), a worldwide consumer protection campaign in which industry and law enforcement joined forces to combat phishers. The GPEI works to protect the public from fraudulent sites and provides worldwide investigative support to help prosecute phishers. |
Antispam efforts. Microsoft supports law enforcement with cutting-edge technical and investigative techniques developed specifically to address cyberthreats. To that end, the company has provided technical support to governments around the globe, including in the United States, Europe, Asia, and South America.
| • | Microsoft has been a leader in promoting SpotSpam, a project co-funded by the European Commission, which aims to limit the spread of spam. The project seeks to establish antispam hotlines in France, Germany, and Poland. |
| • | Microsoft also participates in Signal Spam. Created with public and private sector entities, Signal Spam provides a platform through which Internet users can report suspected spam. |
| • | Find out more about the organizations Microsoft is working with to create a safer Internet |
Promoting a Safer Internet Experience for Children
Child Exploitation Tracking System. Microsoft worked closely with Canadian police and international law enforcement agencies to develop Child Exploitation Tracking System (CETS), a unique software tool that enables investigators to store, search, share, and analyze large volumes of evidence and to share that evidence with other police agencies. Following its development in Canada, CETS has been implemented in Brazil, Chile, Indonesia, Italy, and the United Kingdom; Colombia and Spain have announced their intent to adopt it. Microsoft continues to promote CETS to governments and law enforcement agencies throughout the world.
Global Campaign Against Child Pornography. Microsoft joined with Interpol and the International Centre for Missing and Exploited Children (ICMEC) in 2004 to initiate this campaign. Since then, Microsoft has worked with ICMEC and Interpol to help provide training for law enforcement personnel about computer-facilitated crimes against children. As of October 2007, more than 2,400 law enforcement officers from 106 countries have received training to help them identify suspects, investigate offenses, and deal with victims of online child abuse.
Supporting Important Legislation
Council of Europe Convention on Cybercrime. Microsoft has joined industry partners to encourage countries to adopt and ratify the Council of Europe Convention on Cybercrime. This global legal tool requires signatory countries to adopt and update laws and procedures to address online crime. Microsoft also provides technical assistance and consultation to help countries comply with their obligations under the convention.
Model legislation. In April 2006, Microsoft joined ICMEC in announcing its model legislation, which seeks to modernize child pornography laws for the 184 member countries of Interpol. Microsoft has pledged to support worldwide efforts to develop and enforce these laws.
Successes in the Fight Against Cybercrime
Operation Bot Roast. Microsoft provided technical information and analytical support to aid the FBI in Operation Bot Roast. Announced in June 2007, Operation Bot Roast is an ongoing investigation and operation that aims to disrupt and dismantle botnets.
Lawsuit against Bizads UK. In December 2006, the English High Court ruled in favor of Microsoft in a lawsuit against Bizads UK, which had fraudulently sold lists of up to 10,000 e-mail addresses at a time to spammers. The court restricted Bizads UK from further spam-related activities and awarded damages to be assessed later.
129 legal actions against phishers. In November 2006, Microsoft took action against phishers who were targeting users of MSN Hotmail. These legal actions included 97 criminal complaints and three civil settlements in Europe, the Middle East, and Africa.
Anti-spam prosecution in Australia. In October 2006, Clarity1 Pty Ltd. became the first company convicted under Australia's tough new anti-spam laws and was fined more than US$4 million for sending hundreds of millions of junk e-mail messages. Microsoft supported this historic prosecution by providing evidence of e-mail messages received by spam-trap accounts to the antispam investigators at the Australian Communications and Media Authority in 2005.
Anti-spyware lawsuits. In January 2006, Microsoft and the attorney general of Washington State filed parallel anti-spyware lawsuits. This action was the state's first legal action under the Washington Computer Spyware Act, which was enacted in 2005. Microsoft filed its own lawsuit that alleged violation of the same law.
Arrests for financial fraud and identity theft. In January 2006, Bulgarian law enforcement officials arrested eight people who were involved in an international criminal network that was responsible for online financial fraud and personal data theft. Microsoft provided Bulgarian officials with information that helped in the investigation and subsequent identification of the alleged perpetrators.
Settlement with "Spam King." In August 2005, Microsoft reached a US$7 million settlement against self-proclaimed "Spam King" Scott Richter and his Colorado-based company, OptInRealBig.com LLC. Microsoft began the suit in December 2003, in conjunction with a parallel action by the New York State attorney general.
Arrests of Mytob and Zotob worm authors. In August 2005, Microsoft provided United States and worldwide law enforcement agencies with investigative and technical support that led to the arrest of the individuals suspected of authoring and distributing the Mytob and Zotob worms. Turkish and Moroccan law enforcement agencies made the arrests fewer than two weeks after the Mytob and Zotob worms were unleashed.