Microsoft Clarifies E-Mail Snooping Policies After Windows 8 Leak
After the Windows 8 leak that made international news headlines -- and its privacy controls were called into question as a result -- Microsoft
is trying to throw water on burning coals by clarifying when it will and will not search user e-mail.
John Frank, Microsoft Deputy General Counsel & Vice President of Legal & Corporate Affairs, made the announcement on Thursday. Before outlining Redmond's new privacy efforts he offered the backstory of what led up to the brewing privacy storm.
Making a long story short, Frank explained that Microsoft received information about an employee providing stolen intellectual property to a cyber criminal who was selling it for a profit. A lengthy investigation with law enforcement agencies in multiple countries, he explained, confirmed the information.
“As part of the investigation, we undertook a limited review of this third party’s Microsoft operated accounts,” Frank said. “While Microsoft’s terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances. We applied a rigorous process before reviewing such content.”
Bringing Clarity to Privacy
On Thursday, Seattle Post-Intelligencer reported that Alex Kibkalo had been accused of leaking Windows RT software code, along with Windows 7 program files and data about the company’s internal anti-piracy system called Activation Server Software Development Kit, to an unnamed tech blogger in France.
“In this case, there was a thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites,” Frank said. “In fact, as noted above, such a court order was issued in other aspects of the investigation.”
Still, in the age of National Security Agency (NSA) spying, some are expressing concern, which prompted Microsoft to announce steps it will add to strengthen policies if similar situations arise in the future. For starters, Frank said the company wouldn't search customer e-mail or other services unless it finds, in a layered accountability system, that there is enough evidence to justify a court order.
“Even when such a search takes place, it is important that it be confined to the matter under investigation and not search for other information,” Frank said. “We therefore will continue to ensure that the search itself is conducted in a proper manner, with supervision by counsel for this purpose.”
Microsoft also pledged to publish any such searches as part of its bi-annual transparency report, which lately has been revealing requests for user information made by the NSA and other government agencies. (continued...)