What do ISPs charge the law to spy on you?

Cryptome is hosting several ISPs' pricelists and guidelines for "lawful spying" activities on behalf of law enforcement. Included is Yahoo's price-guide (hilariously, Yahoo tried to send them a copyright takedown notice to make this go away).

One of the more remarkable elements of Yahoo's document is the sheer quantity of material that Yahoo retains for very, very long periods. From /.: "IP logs last for one year, but the original IPs used to create accounts have been kept since 1999. The contents of your Yahoo account are bought for $30 to $40 by law enforcement agencies."

Yahoo! will seek reimbursement based on the actual time expended by Yahoo!'s compliance staff in complying with the request. The average costs related to compliance matters are listed below for your convenience. These estimates are neither a ceiling nor a floor but represent the average costs of typical searches. Time spent may vary considerably based on the wording of the request and the information available about the user. These time estimates are also based on narrowly tailored requests that do not require extensive searches in multiple databases. These estimates are not price quotes, budgets, or guarantees and should not be used for budgeting purposes. Yahoo! reserves the right to adjust its estimates and reimbursement charges as necessary.

* Basic subscriber records: approx. $20 for the first ID, $10 per ID thereafter

* Basic Group Information (including information about moderators): approx. $20 for a group with a single moderator

* Contents of subscriber accounts, including email: approx. $30-$40 per user

* Contents of Groups: approx. $40 - $80 per group

Yahoo Lawful Spying Guide (via /.)


  1. hrrmm… After-hours emergencies: Yahoo! Security at 408-349-5400

    [ring… ring…]

    “Help! Help! This is an emergency! Our civil rights are going to shit!”

  2. @3: “Why wouldn’t they hang on to records?” Because the more the keep, and the longer they keep it, the greater the likelihood of harmful disclosure, either as the result of a court order or an accident or a crime.

    1. Harmful to whom? I don’t see how Yahoo can be harmed by this. And given that Yahoo still doesn’t give a hoot about you, especially if you did something that might be judged “harmful” I don’t see why it’s in their best interest not to keep this data. Especially considering that they get paid for finding it.

  3. Sheesh, they’re cheap. If you’re going to sell out like that in the first place, you should at least have the good grace to suck up ten times as much taxpayer money.

  4. In the UK, under the Regulation of Investigatory Powers Act, ISPs can charge the same kind of fees to cover costs for law enforcement requests. As reported by the BBC and others, those charges can be “as much as £65 a time” (http://news.bbc.co.uk/1/hi/uk/7840924.stm). Some ISPs do not charge UK police at all for these requests – AOL has a policy of not charging in the UK as they do not in the US (AFAIK, this may have changed).

    The Child Exploitation & Online Protection Centre is lobbying hard for them to be exempt from this provision of RIPA as they think it should be part of the cost of doing business for the ISPs, but it can be argued that attaching a price tag to each request helps moderate law enforcement’s insatiable desire for data on each and every one of us.

    Is HMG’s desire to have a central database of all internet communications managed by them just a desire to get the cost of unlimited access down to a more manageable level?

  5. I would think the government bodies concerned would just laugh in the ISP’s figurative faces and tell ’em to add it to their customers’ bills. I thought they had anyway.

  6. I’ve worked for a couple of large Telecoms companies, both didn’t keep detailed records for more than was necessary for billing purposes because of the sheer volumes involved.
    Sweden, France and the UK are going to choke on their data if their idiot governments persue their various 3 strikes policies. And their customers will choke on their freshly-inflated bills.

  7. Charging seems perfectly fine for me.

    The important thing is not what they charge but when and how they grant access.
    a) Anyone from “the law” at any time.
    b) With a court order, under some circumstances.

    I can understand Yahoo wanting to be reemberised for their time and these fee’s arnt much.
    Your paying for an engineer to spend half hour to an hour getting the relivent information from a database, formating it nicely, and sending it off.
    If the database is well secure, and the ISP’s are doing their job. This shouldnt be too easy (ie, not everyone on the staff should have access), and they should double check everything.

    Id be more worried if they didnt charge.

  8. They will sell the contents of your user account for $40.00 bucks to a leo but no amount of begging pleading or cash can get your own account contents back if you get locked out of your own email by someone.

  9. The trick is to post contradictory stuff in multiple places. This way, all they manage to accumulate is a meaningless pile of confusion, Making them waste time and money is the only protest you can make on the individual level – um . . . or, so I’ve heard. . . .

  10. More evidence that you need a good encryption program, even on your free email accounts. PGP anyone?

  11. I’ll bet one could argue for a class action suite for royalities to the person whose data was provided if it could be shown their copyrighted information sold to the police generated a profit for the ISP.

    It’s one thing to provide info under a court order for no profit, but if a company is profiting on your writing’s being sold to a client no matter what the reason you can demand a cut of the profit’s as copyright holder in your own writings.

    I’d love to see that lawsuit.
    Then either ISP’s would need to verify they don’t make a profit from selling your writings or you would have a right to royalty statements every time your stuff was sold to law enforcement for a profit.

  12. Good luck removing this, Yahoo. It’s fair use for the purpose of discussion and commentary. It is newsworthy and there is a compelling public interest in the dissemination of this item.

Comments are closed.