For awhile there, it looked like watchdog site Cryptome was no more, finally sunk by a takedown request from Microsoft after publishing one of the company's internal documents. Now that it's been revived (with the whole email thread between the site's administrators and Microsoft's legal counsel reprinted on its home page), you can take a look at the offending document in question, labeled the "spy guide" by many of my colleagues in the media.

Saddled with the hefty title, "Microsoft Online Services Global Criminal Compliance Handbook" and dated March 2008, the document contains information for law enforcement on just what sorts of personal data Microsoft stores as part of its online-services offerings. Specific services covered include Microsoft Office Live, Xbox Live, Windows Live, Windows Live Messenger, Hotmail, MSN Groups, Windows Live ID, and Windows Live Spaces.

The document (which you can also find here) explains how each of those services works, and the user data from those services that Microsoft retains. It tells what data Microsoft is willing to give up to law enforcement, and under what circumstances.

Having read through the document twice today, nothing in its pages immediately makes me paranoid enough to hide underneath my bed with a tinfoil hat. That being said, Microsoft and/or law enforcement can glean a good deal of information from someone registered for some of these services, particularly Xbox Live, which apparently retains date of birth, name, e-mail address, physical address, telephone number, credit card data, and Microsoft Passport.

Some highlights from the rest of the document:

Windows Live ID: Microsoft retains user-provided registration data, as well as the "last 10 Microsoft site and IP connection record combinations."

Hotmail: Microsoft retains IP connection history records for 60 days.

Windows Live Messenger: retains account registration data and some IP connection records, but does not log content of communications between users.

Windows Live Spaces: IP address and date/time of uploaded content is captured. Microsoft also captures commenters' texts as well as IP address and date/time. Those records are kept for 90 days.

MSN Groups: A 60-day limit on transactional records, including IP addresses and date/time of uploads.

Windows Live SkyDrive, Office Live: Actually, if you're going to dive underneath a heavily defensible spot with your oh-so-fashionable tinfoil hat firmly in place, this is probably the section of the document is when that impulse will hit you. Not because Microsoft throws open the proverbial doors here for law enforcement to pick through your Microsoft Office documents and file storage, but because there's a decided lack of transparency about what records are retained and for how long.

The final section of the document handles the "legal process required for customer account information and content," and starts off by referencing the Electronic Communications Privacy Act (ECPA). Here you'll find exactly what you'd expect, such as "search warrants are required for contents" and information that can only be disclosed with a subpoena.

There's a lot of paranoia lately about people's information online (here I'm thinking about Google's reported deal with the National Security Agency, a story that's setting privacy advocates' teeth gnashing), something that I bet will only increase as more and more services are ported onto the cloud. I suggest reading Microsoft's document, of course, and making your own conclusions about how much information you want to let out there. If nothing else, I'm really glad that Cryptome is back up.