Microsoft Solemnly Swears: No More Snooping
Last week, we reported about Microsoft being caught pants down poking their nose into a bloggers email while chasing an employee who was leaking the specifications of Windows 8. The change in policy comes after the fact of snooping was revealed publicly.
Last Friday, Microsoft announced a major overhaul of its customer service agreement in the move to try and soften the angry feedback that stormed on the company after the fact that it had searched a bloggers email trying to discover the identity of the employee leaking its software became public.
“Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect the customers’ private content ourselves. Instead, we will refer the matter to law enforcement if further action is required,” says the blog post by Microsoft’s General Counsel Brad Smith.
Microsoft is planning to incorporate the change in its terms of service in the coming months, to make the change binding to Microsoft and clear to consumers.
Apparently, civil rights advocates were positively impressed by the news, “an impressive change in policy, but will Google follow?” said Christopher Soghoian, principal technologist at ACLU, American Civil Liberties Union, in his Twitter.
The change is forced by the outrage stormed on the company after Microsoft was caught searching a bloggers email and instant messages trying to identify an employee who was leaking sensitive data. A Russian native, Alex Kibalko was arrested in Seattle last week and accused of leaking Windows 8 specs to Internet outlets.
In his blog post, Smith says it was painful to listen to criticism, but if the company can step back and turn the negative impacts to the thought-provoking process, the outcome may be helpful, which was exactly what happened in their case. Even though Microsoft’s terms of service allowed them to lawfully access the accounts of its users under the circumstances, just like terms of service of any other company in tech industry, the particular case raised legitimate questions about Microsoft’s customers and their privacy concerns.
The company was looking for ways to solve user privacy concerns during the past year. “We’ve entered a “post Snowden era” in which people rightly focus on the ways others use their personal information. As a company, we have participated actively in the public discussions about the proper balance between the privacy rights of citizens and the powers of government. We have advocated that governments should rely on formal legal processes and the rule of law for surveillance activities.”
Microsoft’s own pursuit of an employee leaking corporate information was within the company’s legal rights, but the company understands they should apply a similar principle and also implement formal legal procedures in their own investigations pursuing people the company suspects are stealing from it.
Microsoft was working in conjunction with The Center for Democracy and Technology and The Electronic Frontier Foundation to identify best solutions and practices from other industries to address the privacy concerns of digital services.
Microsoft encourages other tech companies to join in as well. “Ultimately, these types of questions affect us all,” said Smith.