Microsoft Says Leaked Trade Secrets Gave It The Right To Read Emails
March 21, 2014

Microsoft Says Leaked Trade Secrets Gave It The Right To Read Emails

Peter Suciu for - Your Universe Online

On Friday Microsoft defended its right to break into customers’ accounts to read emails if it suspected it had been the victim of a crime. This came after the tech giant admitted in federal court documents that it had forced its way into a blogger’s Hotmail account to track down and stop a leak of software. In this particular case the blogger had been provided sensitive data about the Windows 8 operating system by a former Microsoft employee.

As reported by redOrbit on Thursday Alex Kibkalo, a former senior architect at Microsoft, had been arrested for allegedly stealing Windows-related trade secrets and leaked the information to a French blogger. The Microsoft “Trustworthy Computing Investigations” team reportedly dredged Hotmail accounts that blogger used to contact Kibkalo.

Microsoft is defending its actions.

“We believe that Outlook and Hotmail email are and should be private. Over the past 24 hours there has been coverage about a particular case, so we want to provide additional context and describe how we are strengthening our policies,” John Frank, deputy general counsel and vice president of legal and corporate affairs at Microsoft, posted on the Microsoft TechNet blog.

“In this case, we took extraordinary actions based on the specific circumstances,” Frank added. “We received information that indicated an employee was providing stolen intellectual property, including code relating to our activation process, to a third party who, in turn, had a history of trafficking for profit in this type of material. In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries. This included the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. The investigation repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past.”

Frank also noted that “courts do not, however, issue orders authorizing someone to search themselves,” implying that Microsoft somehow “owns” the information stored on its servers located on its “own premises.” Thus Microsoft has taken the approach that while law enforcement might need a warrant, the company did not.

“We will not conduct a search of customer email and other services unless the circumstances would justify a court order, if one were available,” Frank added in the post. “To ensure we comply with the standards applicable to obtaining a court order, we will rely in the first instance on a legal team separate from the internal investigating team to assess the evidence. We will move forward only if that team concludes there is evidence of a crime that would be sufficient to justify a court order, if one were applicable.”

Of course not everyone is likely to be in agreement with Microsoft’s opinion on this matter.

CNN reported that Ginger McCall, a director at the Electronic Privacy Information Center, said that Microsoft’s actions are deeply troubling, and show that “Microsoft clearly believes that the users' personal data belongs to Microsoft, not the users themselves.”

“This is part of the broader problem with privacy policies,” McCall added. “There are hidden terms that the users don't actually know are there. If the terms were out in the open, people would be horrified by them.”

However, Ian Paul of PC World added, “Kudos to Microsoft for addressing this issue so promptly after it came to light. But what's really needed for future cases is not a more rigorous internal process from Microsoft.”

“Instead, a comprehensive overhaul of laws protecting online privacy are in order,” Paul suggested. “That way, the next time Microsoft does need to sift through a user's account to search for wrongdoing, obtaining a court order would not seem ridiculous—but instead be standard procedure.”