Microsoft had a leak. They plugged it, and murdered their reputation in the process.
Someone, somewhere in the company, had been leaking screenshots and code for Windows 8 and its "Activation Server Software Development Kit" (the anti-piracy measure that validates legitimate copies of Windows). When a French blogger, code in hand, requested that the company verify that the code was legitimate, the company did the exact wrong thing -- they searched the blogger's Hotmail and instant messaging logs to identify the leak, reported to be Alex Kibkalo, a now-former employee who has been charged with theft of trade secrets in federal court, reports the Seattle Press-Intelligencer.
Microsoft could have contacted law enforcement. Instead, they searched through a blogger's accounts themselves to find evidence against an employee. It may be legal per the company's terms of service, but it's also despicable, and the company's mea culpa and proposed remedy -- an internal mock court of sorts -- does little to reassure us about the concerns of a company rifling though bloggers', journalists', or any other customer's email.
Terms of Service
In their initial statement on the matter, Microsoft noted that the snooping only occurred after a "rigorous process" that involved a "thorough review by a legal team separate from the investigating team" and "evidence of a criminal act that met a standard comparable to that required to obtain a legal order," reports Engadget.
The company also noted that their terms of service give them permission to dig through customers' email. From the Hotmail TOS:
"We may access or disclose information about you, including the content of your communications, in order to [...] protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the Service [...]"
And this, my friends, is why it is always important to read and understand the "shrinkwrap" license that is attached to every service you sign up for online, especially for a service as important as one's email.
Mea Culpa and a Moot Court
Probably sensing the impending backlash, Microsoft followed up with another statement, promising to be even more protective of their customers' privacy in the future. In addition to the aforementioned "thorough review by a legal team separate from the investigating team," the company will also submit the evidence to a former federal judge to determine if it would hypothetically meet the standard required for a court order.
To summarize, Microsoft can pilfer through your personal communications if they think you're bootlegging Microsoft products, but they'll only do so if paid Microsoft employees, separate from other paid Microsoft employees, submit any evidence of wrongdoing to a former federal judge, who is almost certainly also going to be compensated by Microsoft.
Here's the question: why not let law enforcement investigate? Why does it have to be an internal snooping investigation, rather than passing the case on to law enforcement, and cooperating with actual court orders that would spring forth from this supposedly compelling internal evidence?
And it's not just bootleggers that need to be concerned. The Electronic Frontier Foundation points out that violations of the company's Code of Conduct would also empower the company to snoop. These violations could, under a broad reading of the terms, include linking to any page on Wikipedia (the site contains nudity), or one that will irk Second Amendment afficionados, "[P]romoting or otherwise facilitate[ing] the purchase and sale of ammunition or firearms." (Note the lack of an appropriate modifier, such as "illegal" purchase or sale.)
The takeaway? We're not sure, actually. Is there any email service left that is actually private?
If you have a suggestion, let us know on Facebook.