Microsoft Clarifies Email Snooping Policy - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Productivity/Collaboration Apps
10:20 AM
Connect Directly

Microsoft Clarifies Email Snooping Policy

Microsoft amends its terms of service to stop peeking into customers' emails, even if it suspects they may be stealing from the company.

Windows XP Game Over: 9 Upgrade Options
Windows XP Game Over: 9 Upgrade Options
(Click image for larger view and slideshow.)

Microsoft said it will honor its privacy commitments to its customers, even those it suspects may be thieves.

In a blog post Friday, Microsoft executive VP and general counsel Brad Smith said that the company has reflected on the criticism it received over how it handled a 2012 case in which its investigators accessed the Hotmail account of a blogger alleged to have received stolen Windows code from a disgruntled employee. As a consequence of internal conversations and input from advocacy groups, Microsoft has decided that its privacy promises should also be binding on its own employees and agents.

"Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer's private content ourselves. Instead, we will refer the matter to law enforcement if further action is required," said Smith.

[Say hello to the privacy revolution. Read March Madness: Online Privacy Edition.]

Smith said Microsoft will incorporate this change into its terms of service to clarify its commitment to customers and to make it binding.

Over the past week, Microsoft has been the target of withering criticism from privacy advocates who pointed out the hypocrisy of Microsoft's Scroogled ad campaign -- which takes Google to task for using algorithms to read Gmail messages to target ads -- in light of its own behavior. While many acknowledged that Microsoft may have been within its rights to access a customer account outside of normal legal processes, they said it was a stupid thing to do because of the damage done to the company's image.

Image credit: Sean MacEntee on Flickr.
Image credit: Sean MacEntee on Flickr.

The Electronic Frontier Foundation suggested in a blog post last week that Microsoft's decision to access the Hotmail user's account might qualify as a violation of the Electronic Communications Privacy Act (ECPA). Smith maintains Microsoft's actions were lawful.

The advocacy group said that Microsoft's insistence that its terms of service allow such action is itself worrying because so many possible actions could violate its code of conduct, thereby granting the company access. The EFF noted that merely linking to a Peanuts cartoon would be enough to justify a suspension of user privacy "because Snoopy is eternally pantsless, and Microsoft specifically prohibits links to 'nudity in non-human forms such as cartoons.'"

Microsoft's critics took time to praise the company for reversing its stance. "Microsoft's legal team (and their privacy team who were involved in discussions) deserve serious praise for this change in policy," said Christopher Soghoian, principal technologist at the ACLU, via Twitter. "Bravo."

"While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us," said Smith. "Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures."

Now the question is whether Google and other companies that store customer data will join Microsoft in rejecting the special privileges written into their terms of service contracts.

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll