News Stay informed about the latest enterprise technology news and product updates.

Microsoft privacy policy to change in wake of Hotmail privacy debate

The Microsoft privacy policy changes are meant to address concerns raised by the company's questionable search of a Hotmail account.

Microsoft has promised to make a significant change to its customer privacy policy in response to the uproar caused by its controversial search of a private Hotmail account, now known as, in relation to a criminal investigation.

Rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures.

Brad Smith
general counsel, Microsoft

The decision comes after Alex Kibkalo, an ex-employee of the Redmond, Wash.-based software giant, was recently arrested for allegedly leaking pre-release Windows 8 source code and Microsoft's "Activation Server Software Development Kit" -- meant to prevent the unauthorized copying of the company's programs -- to a French blogger.

Microsoft was apparently made aware of Kibkalo's actions when the blogger sent an email via the company's Hotmail service to a Microsoft employee asking the company to verify the stolen code. That employee instead sent the information on to a Microsoft executive, eventually prompting what a Microsoft spokesperson referred to as a "limited review" of the Hotmail account.

Microsoft last week defended its actions, claiming it operated both within its legal rights and its user privacy policy, but criticism from digital privacy advocates at the Electronic Frontier Foundation (EFF) and American Civil Liberties Union, among others, forced the company to backtrack.

Brad Smith, Microsoft's general counsel and executive vice president for legal and corporate affairs, said the company would make immediate changes to how it handles such situations, and promised to reach out to prominent digital privacy advocates for advice on implementing best practices in the future. Smith said the changes would be formally written into Microsoft's privacy policy in the coming months.

"While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us," said Smith in a statement published Friday. "Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures."

Smith further admitted this controversy comes at an inopportune time for Microsoft, as the company has spent the better part of the last year distancing itself from accusations that it provides the National Security Agency unfettered access to customer data, prompted by leaks from former NSA contractor Edward Snowden. Though not directly unacknowledged, Microsoft's "Scroogled" series of attack advertisements, which aim to paint the company in a positive light on digital privacy issues and sully the reputation of tech rival Google, have also put the company in an awkward position after recent revelations.

"We entered a 'post-Snowden era' in which people rightly focus on the ways others use their personal information. As a company, we've participated actively in the public discussions about the proper balance between the privacy rights of citizens and the powers of government," Smith said. "We've advocated that governments should rely on formal legal processes and the rule of law for surveillance activities."

In a blog post Friday, EFF legal fellow Andrew Crocker defended Microsoft's decision.

"We commend Microsoft for its willingness to reconsider its policies, and we think it made the right decision," Crocker wrote. "We've said it repeatedly: It is wrong for companies to use terms of service to reserve vast, unnecessary rights to access and disclose user content."

Dig Deeper on Data privacy issues and compliance

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Under what circumstances, if any, is it OK for an email provider to search a customer's email account?
Email are and should be private Unless Microsoft’s Hotmail privacy policy includes rights for the company to access the personal information of an individual in order to “protect the rights or property of Microsoft or our customers and to act on good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers or the public
Under a court order only...
NO, because they will be seeing everything of that person's e-mail
and that should be illegal. If they think the person is doing something against them they should call their lawyers to get legal advice before procesnding.
Where does the line on such searches get drawn though? What if the likes of Microsoft and Google were to do automated searches for keyword phrases that might set off alarms? Would that be problematic?

It's a slippery slope for users that aren't willing to pay for email services, and instead rely on big tech companies to provide accounts for "free".
only after obtaining a court order
Only in cooperation with law enforcement with a court order
How can i known address email of customer is trust or vỉttual ?