Microsoft, in a public statement released today, announced that email snooping practices will end immediately at the Redmond, Washington company. This came just days after a storm of controversy was unleashed against the company when it was revealed that the company’s executives were reading customer emails stored on their servers to track down trade secret leaks.
The stormy reaction was triggered by the revelation that Microsoft was reading the email in a prominent blogger’s Hotmail account to identify the employee who had leaked pre-release versions of the Windows 8 RT code before the new tablet device operating system was launched. The same employee also leaked the code for the company’s Activation Server software development kit which could enable hackers to generate working activation keys to unlock the company’s software products.
The alleged perpetrator, Alex Kibkalo, a Russian national, was quietly tracked down by Microsoft’s internal security department and fired in September 2012. No attempt was made to prosecute Kibkalo at the time, nor did the company identify the French blogger to whom Kibkalo leaked the information. After conducting their own internal investigation, the company turned the information over to the Federal Bureau of Investigation to pursue criminal charges again Kibkalo, which were filed last week after a several months long investigation. The software company’s actions only came to light last week when reporters reviewed the court documents filed in conjunction with the arrest of the alleged perpetrator.
Today, Microsoft general counsel Brad Smith issued an open letter to its customers explaining that, in the future, when they become aware that someone is using their services to “traffic in stolen intellectual or physical property from Microsoft” the company will refer the matter to law enforcement if further action is required.
The announcement comes a week after the company had defended its actions, claiming that they did not need a court order to search their own servers for evidence of the theft, until a storm of protests encouraged the management of the 39 year-old company to rethink their position.
Microsoft does not claim ownership of the materials posted, uploaded or otherwise submitted to any Microsoft service, but their terms of service also state that “you are granting Microsoft…permission to copy, edit, translate and reformat” anything that users upload to any Microsoft website. Under the terms of service, as they are currently written, because Microsoft claims the right to “edit, translate and reformat” any documents uploaded to their servers, they are also giving themselves the tacit right to read anything submitted by a user because they cannot do those things without reading the documents they are doing them to.
The admission that Microsoft was reading users email was especially ironic. Microsoft has been running their “Scroogled” advertising campaign since 2012 – the same time as they were involved in reading a consumer’s email – warning consumers that Google reads their email to help them identify consumer preferences. (In fact, Google actually relies more on the analysis of consumer’s search terms than email contents to determine the consumer’s interests to help them target advertising placements.)
The latest revelation of email tampering came just months after Edward Snowden revealed the extent to which U.S. intelligence agencies were reading email traffic. The extent to which major email service providers like Microsoft and Google cooperated with those intelligence agencies continues to rankle many computer users who feel that their trust had been compromised by those companies.
In fact, both, Google and other email conduits regularly scan email passing through their systems for viruses, but those scans do not collect content. Last week, Google announced that all Gmail accounts will always be encrypted after previously allowing customers to turn off encryption in order to increase computer speed.
This week, Microsoft has promised end email snooping practices and stop reading other people’s mail without first getting a warrant permitting them to do so but the chastened software giant has not apologized to Google for the ad campaign.
By Alan M. Milner