Microsoft accepted PR backlash to protect IP in Kibkalo leak
In a post-Snowden world, company 'would have been irresponsible' if it had not acted, says expert
Computerworld - Microsoft had no choice but to bite the bullet and take the inevitable public relations backlash stemming from last week's disclosure that it accessed a customer's Hotmail account, an expert in corporate messaging and public relations said today.
"There isn't much they could have done differently," said Peter LaMotte, an analyst with Levick, a Washington, D.C.-based strategic communications consultancy. "In a post-Snowden world, it would be irresponsible if they didn't track down this leak of their intellectual property."
LaMotte assumed that Microsoft weighed the two -- finding the leaker versus the expected PR hit -- before going with the former.
In federal court documents filed last week, the FBI revealed that Microsoft had gone through the Hotmail.com account of an unidentified French blogger, who they suspected of having its Activation Server SDK (software development kit), internal-only code to create the activation systems that validate product keys, Microsoft's primary anti-piracy technology.
Microsoft's inside investigation had taken place before the mid-2013 renaming of Hotmail as Outlook.com.
While the initial news reports focused on the allegations leveled at a former Microsoft employee, Russian national Alex Kibkalo, for stealing the proprietary Activation Server SDK and sharing it with the blogger, much of the second and subsequent rounds concentrated on Microsoft's accessing the blogger's Hotmail account in a search for leaks.
Because Hotmail was Microsoft's property -- and the terms of service agreement made it clear that the company could, under some circumstances, pull content from an account -- Microsoft said it was not required to obtain a court order.
Bloggers, technology observers and privacy advocates weighed in, decrying the move and in many cases comparing it to the widespread National Security Agency (NSA) spying and data collection revealed by Edward Snowden, a former contractor for the NSA who fled to Russia, where he currently lives.
Microsoft's first reaction was to claim that, "While Microsoft's terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances," in a statement issued last week.
Not surprisingly, that didn't calm the waters. On March 20, John Frank, a deputy general counsel at Microsoft, posted a blog defending the account access even as he said the company would change its policy to "submit this evidence to an outside attorney who is a former federal judge. We will conduct such a search only if this former judge similarly concludes that there is evidence sufficient for a court order."
Those changes didn't cut it with some critics, either.
"This new policy just doubles down on Microsoft's indefensible and tone-deaf actions in the Kibkalo case," argued the Electronic Frontier Foundation's Andrew Crocker, a legal fellow with the San Francisco-based privacy advocacy group. "It begins with a false premise that courts do not issue orders in these circumstances because Microsoft was searching 'itself,' rather than the contents of its user's email on servers it controlled."
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Defense throughout the Vulnerability Life Cycle with Alert Logic Threat and Log Manager New security threats are emerging all the time, from new forms of malware and web application exploits that target code vulnerabilities to attacks...
- QA Automation: Reducing Test Execution While Improving Coverage A leading capital investment firm in the US was in need of a comprehensive, cost effective and flexible solution to reduce their existing...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Expert Panel: Enterprise Mobility and Data Loss Prevention When it comes to enterprise mobility, it's not just about devices, it's about the way people work. Hear this expert panel discuss the... All Management White Papers | Webcasts