MICROSOFT HAS DECIDED that it will no longer access the emails of Hotmail users it suspects of foul deeds, announcing that from now on it will leave this activity to law enforcement.
The move comes a week after the firm reported the arrest of former employee Alex Kibkalo. He was caught after Microsoft accessed his Hotmail account without a warrant to discover that he had sent proprietary software code to a blogger based in France.
Microsoft faced a widespread backlash for using powers outside the realm of data privacy rules to monitor and access the content of private emails that happened to be sent via its email system.
In the wake of the criticism, general counsel and EVP for Legal and Corporate Affairs at Microsoft Brad Smith has revealed that the firm will swiftly change its ways.
"Last Thursday, news coverage focused on a case in 2012 in which our investigators accessed the Hotmail content of a user who was trafficking in stolen Microsoft source code," he said in a blog post. "Over the past week, we've had the opportunity to reflect further on this issue, and as a result of conversations we've had internally and with advocacy groups and other experts, we've decided to take an additional step and make an important change to our privacy practices."
Smith said that as of now, Microsoft will pass on any information related to suspected intellectual property or physical theft to law enforcement officials to decide if further action is required, rather than inspecting customers' private content itself. This change will also be put into Microsoft terms and conditions so it will be binding.
Smith cited Edward Snowden's exposure of PRISM and Microsoft's discomfort with NSA monitoring of its customers' data as another reason for the firm taking this step. "We've advocated that governments should rely on formal legal processes and the rule of law for surveillance activities," he noted.
"While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us. Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures."
The Electronic Frontier Foundation (EFF) is certainly happy with Microsoft's change of heart, and has teamed up with it on a joint privacy project, along with the Center for Democracy and Technology, aimed at identifying potential best practices.
"We commend Microsoft for its willingness to reconsider its policies, and we think it made the right decision. As many have noted, while the specific circumstances that led to this case may have been unusual, the underlying issues are common to the industry," the civil liberties organisation said.
Smith's approach to email privacy is an about-turn from that outlined by his deputy general counsel John Frank last week.
"While Microsoft’s terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances. We applied a rigorous process before reviewing such content," Frank explained.
"In this case, there was a thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites. In fact, as noted above, such a court order was issued in other aspects of the investigation."
"Unfortunately, this new policy just doubles down on Microsoft's indefensible and tone-deaf actions in the Kibkalo case," the organisation noted in a post last week.
"It begins with a false premise that courts do not issue orders in these circumstances because Microsoft was searching 'itself' rather than the contents of its user's email on servers it controlled. The monumental problem here is that Microsoft's process has none of the protections provided by our legal system.
"Yet another colossal problem with Microsoft's policy is its potential for abuse. The search in the Kibkalo case may have revealed criminal activity, but it was also conducted in Microsoft's self-interest, which is an exceedingly dangerous precedent. Combined with the kangaroo court potential of the company's new internal Warrants for Windows policy, Microsoft is playing with fire. It should have followed its own advice and asked the FBI to step in with a warrant." µ