Microsoft privacy policy to change in wake of Hotmail privacy debate

The Microsoft privacy policy changes are meant to address concerns raised by the company's questionable search of a Hotmail account.

Microsoft has promised to make a significant change to its customer privacy policy in response to the uproar caused by its controversial search of a private Hotmail account, now known as Outlook.com, in relation to a criminal investigation.

Rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures.

Brad Smith
general counsel, Microsoft

The decision comes after Alex Kibkalo, an ex-employee of the Redmond, Wash.-based software giant, was recently arrested for allegedly leaking pre-release Windows 8 source code and Microsoft's "Activation Server Software Development Kit" -- meant to prevent the unauthorized copying of the company's programs -- to a French blogger.

Microsoft was apparently made aware of Kibkalo's actions when the blogger sent an email via the company's Hotmail service to a Microsoft employee asking the company to verify the stolen code. That employee instead sent the information on to a Microsoft executive, eventually prompting what a Microsoft spokesperson referred to as a "limited review" of the Hotmail account.

Microsoft last week defended its actions, claiming it operated both within its legal rights and its user privacy policy, but criticism from digital privacy advocates at the Electronic Frontier Foundation (EFF) and American Civil Liberties Union, among others, forced the company to backtrack.

Brad Smith, Microsoft's general counsel and executive vice president for legal and corporate affairs, said the company would make immediate changes to how it handles such situations, and promised to reach out to prominent digital privacy advocates for advice on implementing best practices in the future. Smith said the changes would be formally written into Microsoft's privacy policy in the coming months.

"While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us," said Smith in a statement published Friday. "Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures."

Smith further admitted this controversy comes at an inopportune time for Microsoft, as the company has spent the better part of the last year distancing itself from accusations that it provides the National Security Agency unfettered access to customer data, prompted by leaks from former NSA contractor Edward Snowden. Though not directly unacknowledged, Microsoft's "Scroogled" series of attack advertisements, which aim to paint the company in a positive light on digital privacy issues and sully the reputation of tech rival Google, have also put the company in an awkward position after recent revelations.

"We entered a 'post-Snowden era' in which people rightly focus on the ways others use their personal information. As a company, we've participated actively in the public discussions about the proper balance between the privacy rights of citizens and the powers of government," Smith said. "We've advocated that governments should rely on formal legal processes and the rule of law for surveillance activities."

In a blog post Friday, EFF legal fellow Andrew Crocker defended Microsoft's decision.

"We commend Microsoft for its willingness to reconsider its policies, and we think it made the right decision," Crocker wrote. "We've said it repeatedly: It is wrong for companies to use terms of service to reserve vast, unnecessary rights to access and disclose user content."

Dig deeper on Data Privacy and Protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Brandan Blevins, News Writer asks:

Under what circumstances, if any, is it OK for an email provider to search a customer's email account?

6  Responses So Far

Join the Discussion

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close