Skip the navigation

Microsoft accepted PR backlash to protect IP in Kibkalo leak

In a post-Snowden world, company 'would have been irresponsible' if it had not acted, says expert

March 27, 2014 08:31 AM ET

Computerworld - Microsoft had no choice but to bite the bullet and take the inevitable public relations backlash stemming from last week's disclosure that it accessed a customer's Hotmail account, an expert in corporate messaging and public relations said today.

"There isn't much they could have done differently," said Peter LaMotte, an analyst with Levick, a Washington, D.C.-based strategic communications consultancy. "In a post-Snowden world, it would be irresponsible if they didn't track down this leak of their intellectual property."

LaMotte assumed that Microsoft weighed the two -- finding the leaker versus the expected PR hit -- before going with the former.

In federal court documents filed last week, the FBI revealed that Microsoft had gone through the Hotmail.com account of an unidentified French blogger, who they suspected of having its Activation Server SDK (software development kit), internal-only code to create the activation systems that validate product keys, Microsoft's primary anti-piracy technology.

Microsoft's inside investigation had taken place before the mid-2013 renaming of Hotmail as Outlook.com.

While the initial news reports focused on the allegations leveled at a former Microsoft employee, Russian national Alex Kibkalo, for stealing the proprietary Activation Server SDK and sharing it with the blogger, much of the second and subsequent rounds concentrated on Microsoft's accessing the blogger's Hotmail account in a search for leaks.

Because Hotmail was Microsoft's property -- and the terms of service agreement made it clear that the company could, under some circumstances, pull content from an account -- Microsoft said it was not required to obtain a court order.

Bloggers, technology observers and privacy advocates weighed in, decrying the move and in many cases comparing it to the widespread National Security Agency (NSA) spying and data collection revealed by Edward Snowden, a former contractor for the NSA who fled to Russia, where he currently lives.

Microsoft's first reaction was to claim that, "While Microsoft's terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances," in a statement issued last week.

Not surprisingly, that didn't calm the waters. On March 20, John Frank, a deputy general counsel at Microsoft, posted a blog defending the account access even as he said the company would change its policy to "submit this evidence to an outside attorney who is a former federal judge. We will conduct such a search only if this former judge similarly concludes that there is evidence sufficient for a court order."

Those changes didn't cut it with some critics, either.

"This new policy just doubles down on Microsoft's indefensible and tone-deaf actions in the Kibkalo case," argued the Electronic Frontier Foundation's Andrew Crocker, a legal fellow with the San Francisco-based privacy advocacy group. "It begins with a false premise that courts do not issue orders in these circumstances because Microsoft was searching 'itself,' rather than the contents of its user's email on servers it controlled."



Our Commenting Policies