As part of an investigation into a leak of Windows 8, Microsoft snooped on the Hotmail emails and instant messages of a blogger. The company claims it was all legal. Is your Microsoft account safe from the company's prying eyes?
Before the release of Windows 8, Microsoft launched an investigation into who had leaked Windows 8 code to a blogger. The investigation was begun after the blogger published screenshots of Windows 8, and then sent code to Microsoft, asking the company to verify that it was the real thing. Here's what happened next, according to Seattlepi.com:
The code was later confirmed to be authentic, prompting corporate investigators to dredge the Hotmail account the blogger used to contact the Microsoft worker. While the blogger took pains to protect his identity -- he claimed falsely to be in Quebec and used an assumed name online -- a Microsoft team dubbed Trustworthy Computing Investigations attempted to track the blogger down.
Trustworthy Computing Investigations -- there's an Orwellian name if ever there were one. And that's as it should be, because Microsoft's investigation was Orwellian as well. It managed to track the blogger down, scoured through his email and messaging account, found messages from a leaker inside Microsoft, and then lowered the hammer on both the leaker and the blogger, eventually turning over that private information to prosecuters.
Keep in mind that this was not a criminal investigation -- no government agency was involved until after the fact. And keep in mind that Microsoft did this without a court order or search warrant, something that a government agency would have been required to get if it did this.
Those who care about privacy have been quick to criticize Microsoft, and with good reason. Edward Wasserman, the dean of the Graduate School of Journalism at University of California, Berkeley, told the New York Times:
"I have never seen a case like this. Microsoft essentially decided that whatever privacy expectation that its own customers supposedly had was basically a dead letter. It simply decided that in its own corporate interest, it can intrude on a person’s email."
As for Microsoft, it says that the Terms of Service that people agree to when they use Microsoft's mail accounts gives Microsoft the right to snoop. (You do read the entire Terms of Service you agree to when you sign up for email services don't you? I don't either. Neither does anyone else on the planet.)
If you look at the Terms of Service, you'll see that Microsoft in fact does have that right. Seattlepi.com dug up the exact section -- section 5.2. Here it is:
"You consent and agree that Microsoft may access, disclose, or preserve information associated with your use of the services, including (without limitation) your personal information and content, or information that Microsoft acquires about you through your use of the services (such as IP address or other third-party information) when Microsoft forms a good faith belief that doing so is necessary (a) to comply with applicable law or to respond to legal process from competent authorities; (b) to enforce this agreement or protect the rights or property of Microsoft or our customers; or (c) to help prevent a loss of life or serious physical injury to anyone."
That's frighteningly broad. Not only does Microsoft give itself the right to snoop through all of your information if it decides it wants to, it can also gather information that "Microsoft acquires about you through your use of the services (such as IP address or other third-party information)..."
Microsoft now claims that it will apply stricter rules about when it snoops on someone's Microsoft's mail and messaging account. But keep in mind that it's not changing its Terms of Service agreement, which means that whenever it wants, it can abandon those stricter rules and do whatever it wants.
So how safe are your private emails and messages from Microsoft? Not very. Whenever it wants, it can snoop on them. Ironically, Microsoft has been engaged in a massive marketing campaign against Google called Scroogled in which it points out all the ways in which Google invades your privacy, while Microsoft doesn't.
Ooops. There goes that campaign. Is there time for Google to launch one countering it, called "Microsofted?"