23 August 2000: Add news on Presidential approval of NTT/Verio deal and Verio's basic privacy and acceptable use policies.
22 August 2000: Add Verio and Cryptome responses.
18 August 2000
To: mpeloquin@verio.net
From: John Young <jya@pipeline.com>
Date: August 18, 2000
Subject: Inquiry on NTT/Verio Privacy Policy
Mona Peloquin
Director, Public Relations
Verio Inc.
(303) 645-1961; (703) 642-2800
Dear Ms. Peloquin,
We are a customer of Verio, in particular of your subsidiary, Digital Nation, which provides a dedicated server for Cryptome.org.
We would appreciate additional information on your privacy and confidentiality policy in light of Verio's acquistion by NTT. We would like to learn more about news reports on your arrangements with the US government concerning its access to your customers' confidential information.
We have read the August 15 news release on your Web site which states:
In connection with the proceedings, NTT Communications and Verio, following consummation of the transaction, will supplement Verio's existing internal operational policies, manuals and procedures for handling lawful requests of law enforcement agencies, including formal security procedures to protect classified information. These new steps will also ensure that Verio customer information is not disclosed to unauthorized parties. NTT Communications and Verio believe that these steps further goals shared by the industry and are fully consistent with the requirements of Verio's customers.
Could you provide to me a written copy of your "policies, manuals and procedures for handling lawful requests of law enforcement agencies," as well as the "supplement" to made of them under NTT's agreement with the US government.
We wish to inform our customers of these provisions to assure that their confidential information has been and will be fully protected as provided by US law and according to our agreement for Digital Nation's services and Verio's policy on privacy.
The provisions will be published on our Web site at cryptome.org, as this letter has been published.
We very much appreciate Verio's past adherence to exemplary standards of privacy protection and highly principled support of Cryptome's right to publish controversial information.
Thank you very much,
John Young
Cryptome
Tel: 212-873-8700
Fax: 212-787-6102
From: Mona Peloquin
<mpeloquin@verio.net>
To: "'jya@pipeline.com'" <jya@pipeline.com>
Subject: policies
Date: Mon, 21 Aug 2000 09:41:18 -0400
Greetings.
Our privacy policy, as well as acceptable use policy, can be found on our web site at www.verio.com.
Thank you.
To: Mona Peloquin <mpeloquin@verio.net>
From: John Young <jya@pipeline.com>
Subject: policies
Date: Mon, 21 Aug 2000 09:58:30 -0400
Greetings,
Your previously published policies are not what I was inquiring about, and are familiar to me. I wish to learn what Verio/NTT have agreed with the USG to do as "supplemental" to your public policies.
These "supplemental" arrangements were referred to in the news release on your Web site as well as other news reports.
Thank you very much,
John Young
Wednesday August 23 11:49 AM ET
Clinton Allows Japan's NTT to Purchase Verio
By Arshad Mohammed
WASHINGTON (Reuters) - President Clinton will allow Japan's NTT Communications to buy U.S. Internet service provider Verio Inc. (NasdaqNM:VRIO - news), a U.S. official said on Wednesday, a decision suggesting he sees no espionage threat from the deal.
The $5.5 billion deal attracted intense scrutiny from Washington because of worries that it might expose the United States to foreign espionage by giving Japan's state-controlled NTT (9432.T) access to U.S. wiretapping activities.
"The White House will announce today that the president has decided against intervening in the proposed acquisition of Verio Inc. by NTT Communications,'' said the U.S. official, saying that a memorandum approving the deal was signed on Tuesday.
"The decision was based on the results of the investigation of the transaction by the Committee on Foreign Investment in the United States (CFIUS),'' the official added, declining to provide further details.
NTT Communications reached an agreement in May to buy the shares it did not already own of Verio for $60 a share, but has had to extend its tender offer six times to respond to U.S. national security concerns.
The deal would give NTT Communications, which had already launched a Web hosting service in Japan powered by Verio, more expertise on Web site hosting and infrastructure.
The U.S. government committee last week recommended Clinton give the green light for the acquisition by NTT Communications, the long-distance and international phone unit of Japanese telecoms giant Nippon Telegraph and Telephone Corp (9432.T).
CFUIS, which is chaired by Treasury Secretary Lawrence Summers and includes representatives from the U.S. Departments of Justice, State, Defense and Commerce, among others, made the recommendation after a 1 1/2-month investigation that focused on the national security issues stemming from the deal.
Before recommending Clinton approve the acquisition, representatives from the committee met with NTT and Verio representatives to try to address issues raised by law enforcement officials.
Because of the importance of the deal, analysts had expected NTT would compromise to meet any U.S. national security concerns.
The deal is being watched closely as a precedent for possible hurdles that Deutsche Telekom (DTEGn.DE) may face, after it announced last month that it was buying U.S. mobile operator VoiceStream Wireless Corp. (NasdaqNM:VSTR - news). Many U.S. legislators have expressed concern about the German government's current 58.2 percent stake in the Bonn-based group.
U.S. law prohibits the transfer of a telecoms license to a firm that is owned 25 percent or more by a foreign government, but it gives regulators discretion to waive that limitation if a deal is deemed to be in the public interest.
Cryptome: Until information is received from Verio on the supplemental arrangements with the US government by NTT to protect the privacy of customer communications, the following basic policies are provided:
Source: http://home.verio.net/company/policies/privacy.cfm
[Excerpts]
VERIO's policies and procedures for handling customer information have been created with the understanding that Internet technologies are still evolving and that Internet business methods are continuing to evolve to meet the needs and opportunities of the changing technologies. As a result, VERIO's policies and procedures are subject to change.
In the course of serving its customers, VERIO acquires, stores and transmits customer communications and information that customers may regard as private or sensitive. Some of this information - such as the customer's name, address, telephone number, and credit card data - is provided to VERIO by its customers in order to establish service. Other information - such as the customer's account status, choice of services, and customer logs - is created and maintained by VERIO in the normal course of providing service. VERIO also uses cookies, which are small pieces of information that a web site can store in a designated file on a user's computer for various reasons. For example, VERIO uses cookies on the landing pages of products sold online which record the customer information that is required on the order form. This information is then forwarded to an internal sales tracking database within VERIO. In addition, VERIO may store customers' electronic mail and other communications as a necessary incident to the transmission and delivery of those communications.
Data Security
VERIO will protect the confidentiality of its customers' information, account information and personal communications to the fullest extent possible and consistent with the law and the legitimate interests of VERIO, its partners, its employees and other customers of VERIO's services. To protect the loss, misuse, and alteration of information that is collected from customers, VERIO has appropriate physical, electronic, and managerial procedures in place. ...
Disclosure of customer information and communications
VERIO will not otherwise disclose its customers' personal and account information unless VERIO has reason to believe that disclosing such information is necessary to identify, make contact with, or bring legal action against someone who may be causing harm or interfering with the rights or property of VERIO, VERIO's customers, or others, or where VERIO has a good faith belief that the law requires such disclosure.
VERIO also will not, except for reasons stated below, disclose to third parties
the contents of any electronic mail or other electronic communications that
VERIO stores or transmits for its customers. The circumstances under which
VERIO will disclose such electronic customer communications are when:
VERIO disclaims any intention to censor, edit or engage in ongoing review or surveillance of communications stored on or transmitted through its facilities by customers or others. VERIO will, however, review, delete or block access to communications that may harm VERIO, its customers or third parties. The grounds on which VERIO may take such action include, but are not limited to, actual or potential violations of VERIO's Acceptable Use Policy (below).
_____________________________________
Source: http://home.verio.net/company/policies/aup.cfm
As a provider of Internet access, web site hosting, and other Internet-related services, Verio offers its customers (also known as subscribers), and their customers and users, the means to acquire and disseminate a wealth of public, private, commercial, and non-commercial information. Verio respects that the Internet provides a forum for free and open discussion and dissemination of information, however, when there are competing interests at issue, Verio reserves the right to take certain preventative or corrective actions. In order to protect these competing interests, Verio has developed an Acceptable Use Policy ("AUP"), which supplements and explains certain terms of each customer's respective service agreement and is intended as a guide to the customer's rights and obligations when utilizing Verio's services. This AUP will be revised from time to time. A customer's use of Verio's services after changes to the AUP are posted on Verio's web site, www.verio.com, will constitute the customer's acceptance of any new or additional terms of the AUP that result from those changes.
One important aspect of the Internet is that no one party owns or controls it. This fact accounts for much of the Internet's openness and value, but it also places a high premium on the judgment and responsibility of those who use the Internet, both in the information they acquire and in the information they disseminate to others. When subscribers obtain information through the Internet, they must keep in mind that Verio cannot monitor, verify, warrant, or vouch for the accuracy and quality of the information that subscribers may acquire. For this reason, the subscriber must exercise his or her best judgment in relying on information obtained from the Internet, and also should be aware that some material posted to the Internet is sexually explicit or otherwise offensive. Because Verio cannot monitor or censor the Internet, and will not attempt to do so, Verio cannot accept any responsibility for injury to its subscribers that results from inaccurate, unsuitable, offensive, or illegal Internet communications.
When subscribers disseminate information through the Internet, they also must keep in mind that Verio does not review, edit, censor, or take responsibility for any information its subscribers may create. When users place information on the Internet, they have the same liability as other authors for copyright infringement, defamation, and other harmful speech. Also, because the information they create is carried over Verio's network and may reach a large number of people, including both subscribers and nonsubscribers of Verio, subscribers' postings to the Internet may affect other subscribers and may harm Verio's goodwill, business reputation, and operations. For these reasons, subscribers violate Verio policy and the service agreement when they, their customers, affiliates, or subsidiaries engage in the following prohibited activities:
Spamming -- Sending unsolicited bulk and/or commercial messages over the Internet (known as "spamming"). It is not only harmful because of its negative impact on consumer attitudes toward Verio, but also because it can overload Verio's network and disrupt service to Verio subscribers. Also, maintaining an open SMTP relay is prohibited. When a complaint is received, Verio has the discretion to determine from all of the evidence whether the email recipients were from an "opt-in" email list.Intellectual Property Violations -- Engaging in any activity that infringes or misappropriates the intellectual property rights of others, including copyrights, trademarks, service marks, trade secrets, software piracy, and patents held by individuals, corporations, or other entities. Also, engaging in activity that violates privacy, publicity, or other personal rights of others. Verio is required by law to remove or block access to customer content upon receipt of a proper notice of copyright infringement. It is also Verio's policy to terminate the privileges of customers who commit repeat violations of copyright laws.
Obscene Speech or Materials -- Using Verio's network to advertise, transmit, store, post, display, or otherwise make available child pornography or obscene speech or material. Verio is required by law to notify law enforcement agencies when it becomes aware of the presence of child pornography on or being transmitted through Verio's network.
Defamatory or Abusive Language -- Using Verio's network as a means to transmit or post defamatory, harassing, abusive, or threatening language.
Forging of Headers -- Forging or misrepresenting message headers, whether in whole or in part, to mask the originator of the message.
Illegal or Unauthorized Access to Other Computers or Networks -- Accessing illegally or without authorization computers, accounts, or networks belonging to another party, or attempting to penetrate security measures of another individual's system (often known as "hacking"). Also, any activity that might be used as a precursor to an attempted system penetration (i.e. port scan, stealth scan, or other information gathering activity).
Distribution of Internet Viruses, Worms, Trojan Horses, or Other Destructive Activities -- Distributing information regarding the creation of and sending Internet viruses, worms, Trojan horses, pinging, flooding, mailbombing, or denial of service attacks. Also, activities that disrupt the use of or interfere with the ability of others to effectively use the network or any connected network, system, service, or equipment.
Facilitating a Violation of this AUP -- Advertising, transmitting, or otherwise making available any software, program, product, or service that is designed to violate this AUP, which includes the facilitation of the means to spam, initiation of pinging, flooding, mailbombing, denial of service attacks, and piracy of software.
Export Control Violations -- Exporting encryption software over the Internet or otherwise, to points outside the United States.
Usenet Groups -- Verio reserves the right not to accept postings from newsgroups where we have actual knowledge that the content of the newsgroup violates the AUP.
Other Illegal Activities -- Engaging in activities that are determined to be illegal, including advertising, transmitting, or otherwise making available ponzi schemes, pyramid schemes, fraudulently charging credit cards, and pirating software.
Other Activities -- Engaging in activities, whether lawful or unlawful, that Verio determines to be harmful to its subscribers, operations, reputation, goodwill, or customer relations.
As we have pointed out, the responsibility for avoiding the harmful activities just described rests primarily with the subscriber. Verio will not, as an ordinary practice, monitor the communications of its subscribers to ensure that they comply with Verio policy or applicable law. When Verio becomes aware of harmful activities, however, it may take any action to stop the harmful activity, including but not limited to, removing information, shutting down a web site, implementing screening software designed to block offending transmissions, denying access to the Internet, or take any other action it deems appropriate.
Verio also is aware that many of its subscribers are, themselves, providers of Internet services, and that information reaching Verio's facilities from those subscribers may have originated from a customer of the subscriber or from another third-party. Verio does not require its subscribers who offer Internet services to monitor or censor transmissions or web sites created by customers of its subscribers. Verio has the right to directly take action against a customer of a subscriber. Also, Verio may take action against the Verio subscriber because of activities of a customer of the subscriber, even though the action may effect other customers of the subscriber. Similarly, Verio anticipates that subscribers who offer Internet services will cooperate with Verio in any corrective or preventive action that Verio deems necessary. Failure to cooperate with such corrective or preventive measures is a violation of Verio policy.
Verio also is concerned with the privacy of on-line communications and web sites. In general, the Internet is neither more nor less secure than other means of communication, including mail, facsimile, and voice telephone service, all of which can be intercepted and otherwise compromised. As a matter of prudence, however, Verio urges its subscribers to assume that all of their on-line communications are insecure. Verio cannot take any responsibility for the security of information transmitted over Verio's facilities.
Verio will not intentionally monitor private electronic mail messages sent or received by its subscribers unless required to do so by law, governmental authority, or when public safety is at stake. Verio may, however, monitor its service electronically to determine that its facilities are operating satisfactorily. Also, Verio may disclose information, including but not limited to, information concerning a subscriber, a transmission made using our network, or a web site, in order to comply with a court order, subpoena, summons, discovery request, warrant, statute, regulation, or governmental request. Verio assumes no obligation to inform the subscriber that subscriber information has been provided and in some cases may be prohibited by law from giving such notice. Finally, Verio may disclose subscriber information or information transmitted over its network where necessary to protect Verio and others from harm, or where such disclosure is necessary to the proper operation of the system.
Verio expects that its subscribers who provide Internet services to others will comply fully with all applicable laws concerning the privacy of on-line communications. A subscriber's failure to comply with those laws will violate Verio policy. Finally, Verio wishes to emphasize that in signing the service agreement, subscribers indemnify Verio for any violation of the service agreement, law, or Verio policy, that results in loss to Verio or the bringing of any claim against Verio by any third-party. This means that if Verio is sued because of a subscriber's or customer of a subscriber's activity, the subscriber will pay any damages awarded against Verio, plus costs and reasonable attorneys' fees.
We hope this AUP is helpful in clarifying the obligations of Internet users, including Verio and its subscribers, as responsible members of the Internet. Any complaints about a subscriber's violation of this AUP should be sent to abuse@verio.net.
Last Modified March 9, 2000