Microsoft Clarifies Email Snooping Policy - InformationWeek
Software // Productivity/Collaboration Apps
10:20 AM
Connect Directly
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Microsoft Clarifies Email Snooping Policy

Microsoft amends its terms of service to stop peeking into customers' emails, even if it suspects they may be stealing from the company.

Windows XP Game Over: 9 Upgrade Options
Windows XP Game Over: 9 Upgrade Options
(Click image for larger view and slideshow.)

Microsoft said it will honor its privacy commitments to its customers, even those it suspects may be thieves.

In a blog post Friday, Microsoft executive VP and general counsel Brad Smith said that the company has reflected on the criticism it received over how it handled a 2012 case in which its investigators accessed the Hotmail account of a blogger alleged to have received stolen Windows code from a disgruntled employee. As a consequence of internal conversations and input from advocacy groups, Microsoft has decided that its privacy promises should also be binding on its own employees and agents.

"Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer's private content ourselves. Instead, we will refer the matter to law enforcement if further action is required," said Smith.

[Say hello to the privacy revolution. Read March Madness: Online Privacy Edition.]

Smith said Microsoft will incorporate this change into its terms of service to clarify its commitment to customers and to make it binding.

Over the past week, Microsoft has been the target of withering criticism from privacy advocates who pointed out the hypocrisy of Microsoft's Scroogled ad campaign -- which takes Google to task for using algorithms to read Gmail messages to target ads -- in light of its own behavior. While many acknowledged that Microsoft may have been within its rights to access a customer account outside of normal legal processes, they said it was a stupid thing to do because of the damage done to the company's image.

Image credit: Sean MacEntee on Flickr.
Image credit: Sean MacEntee on Flickr.

The Electronic Frontier Foundation suggested in a blog post last week that Microsoft's decision to access the Hotmail user's account might qualify as a violation of the Electronic Communications Privacy Act (ECPA). Smith maintains Microsoft's actions were lawful.

The advocacy group said that Microsoft's insistence that its terms of service allow such action is itself worrying because so many possible actions could violate its code of conduct, thereby granting the company access. The EFF noted that merely linking to a Peanuts cartoon would be enough to justify a suspension of user privacy "because Snoopy is eternally pantsless, and Microsoft specifically prohibits links to 'nudity in non-human forms such as cartoons.'"

Microsoft's critics took time to praise the company for reversing its stance. "Microsoft's legal team (and their privacy team who were involved in discussions) deserve serious praise for this change in policy," said Christopher Soghoian, principal technologist at the ACLU, via Twitter. "Bravo."

"While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us," said Smith. "Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures."

Now the question is whether Google and other companies that store customer data will join Microsoft in rejecting the special privileges written into their terms of service contracts.

The NSA leak showed that one rogue insider can do massive damage. Use these three steps to keep your information safe from internal threats. Also in the Stop Data Leaks issue of Dark Reading: Technology is critical, but corporate culture also plays a central role in stopping a big breach. (Free registration required.)

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
3/31/2014 | 9:10:48 PM
An excellent example of "just because you can do something doesn't mean you should."  I especially like that "Smith said Microsoft will incorporate this change into its terms of service to clarify its commitment to customers and to make it binding."  Not 100% foolproof, but an excellent start. Kudos Microsoft.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll