Software // Productivity/Collaboration Apps
News
3/31/2014
10:20 AM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Microsoft Clarifies Email Snooping Policy

Microsoft amends its terms of service to stop peeking into customers' emails, even if it suspects they may be stealing from the company.

Windows XP Game Over: 9 Upgrade Options
Windows XP Game Over: 9 Upgrade Options
(Click image for larger view and slideshow.)

Microsoft said it will honor its privacy commitments to its customers, even those it suspects may be thieves.

In a blog post Friday, Microsoft executive VP and general counsel Brad Smith said that the company has reflected on the criticism it received over how it handled a 2012 case in which its investigators accessed the Hotmail account of a blogger alleged to have received stolen Windows code from a disgruntled employee. As a consequence of internal conversations and input from advocacy groups, Microsoft has decided that its privacy promises should also be binding on its own employees and agents.

"Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer's private content ourselves. Instead, we will refer the matter to law enforcement if further action is required," said Smith.

[Say hello to the privacy revolution. Read March Madness: Online Privacy Edition.]

Smith said Microsoft will incorporate this change into its terms of service to clarify its commitment to customers and to make it binding.

Over the past week, Microsoft has been the target of withering criticism from privacy advocates who pointed out the hypocrisy of Microsoft's Scroogled ad campaign -- which takes Google to task for using algorithms to read Gmail messages to target ads -- in light of its own behavior. While many acknowledged that Microsoft may have been within its rights to access a customer account outside of normal legal processes, they said it was a stupid thing to do because of the damage done to the company's image.

Image credit: Sean MacEntee on Flickr.
Image credit: Sean MacEntee on Flickr.

The Electronic Frontier Foundation suggested in a blog post last week that Microsoft's decision to access the Hotmail user's account might qualify as a violation of the Electronic Communications Privacy Act (ECPA). Smith maintains Microsoft's actions were lawful.

The advocacy group said that Microsoft's insistence that its terms of service allow such action is itself worrying because so many possible actions could violate its code of conduct, thereby granting the company access. The EFF noted that merely linking to a Peanuts cartoon would be enough to justify a suspension of user privacy "because Snoopy is eternally pantsless, and Microsoft specifically prohibits links to 'nudity in non-human forms such as cartoons.'"

Microsoft's critics took time to praise the company for reversing its stance. "Microsoft's legal team (and their privacy team who were involved in discussions) deserve serious praise for this change in policy," said Christopher Soghoian, principal technologist at the ACLU, via Twitter. "Bravo."

"While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us," said Smith. "Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures."

Now the question is whether Google and other companies that store customer data will join Microsoft in rejecting the special privileges written into their terms of service contracts.

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
J_Brandt
50%
50%
J_Brandt,
User Rank: Ninja
3/31/2014 | 9:10:48 PM
Kudos
An excellent example of "just because you can do something doesn't mean you should."  I especially like that "Smith said Microsoft will incorporate this change into its terms of service to clarify its commitment to customers and to make it binding."  Not 100% foolproof, but an excellent start. Kudos Microsoft.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - August 27, 2014
Who wins in cloud price wars? Short answer: not IT. Enterprises don't want bare-bones IaaS. Providers must focus on support, not undercutting rivals.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.