Microsoft: We have the right to search your Hotmail account

[travis_valkyrie]

The fanbois are out in force today, I see.

Yes, Google scans your email. Let's put this in context. An automated system scans the words in your email, matches it to keywords which advertisers have selected and shows an ad. That's as far as it goes. They

MSFT accessed a private individual's account - This guy WAS NOT A MICROSOFT EMPLOYEE. He was a "third-party" if you RTFA:

"An ex-Microsoft employee was recently arrested for allegedly leaking company secrets, all because Redmond found evidence against him in his contact's Hotmail account. "

Humans read his email, WITHOUT a warrant signed by a judge. That is a very very different thing.

No, just no. No. For starters, he was a Microsoft employee, do you not see what you just quoted "ex-Microsoft employee"? And Google, doesn't just scan - they scan, collect, and sell. Lastly, Microsoft has its own investigation department much like with other companies, which if they find something suspicious (in this case they did), it would then be brought to the FBI or whatever the government security agency is for legal actions. Microsoft didn't need a warrant, it's their service, their ToS, their policy, services agreement, code of conduct, etc.

From your perspective, you say it like Microsoft did something unlawful because they went through the guys' data for investigation, and its ok with you if Google scans your everything and make profit out of you. It doesn't matter if it's automated or human, data is still collected. Only difference is that Microsoft's own codes were being leaked and violated a whole lot of their policies, while Google sells everything from its user.

 

[psychotron]

OK, so here's another twist that I failed to mention in the original post. Not only did Microsoft go through the former employees mail, they also went through the private Hotmail of the blogger that he was corresponding with. In light of that fact, does anyone who didn't so before now believe that this may have been crossing the line?

 

[psychotron]

Once again this brings up the issue that people also consent to Google's TOS regarding scanning your mail for advertising keywords, yet they are still facing potential litigation. Do you also agree that Google has the right to do what they do? As you've stated, it is a contract which the user has agreed to, so technically no foul play.

 

[Michael Alan Goff]

Legally? No.

Ethically? Probably.

 

[_Emi_]

do you even know the law?
I mean... do you think if evidence is illegally obtained it will be useful to the court?
do you think Microsoft thought it was nice to search someday for Kibkalo emails and it would just work to get him arrested?
wow... please, imagine if criminals had child porn or were committing terrorism but nobody can touch their PRIVATE email, PRIVATE computer, PRIVATE phone... or well, PRIVATE.. house, etc etc?
do you think Microsoft didnt do the right steps to actually obtain the evidence?

this has NOTHING to do with scroogle and google and Microsoft TOS or anything of that, this has NOTHING to do with ads and how google uses or not his resources to get information for ads, this was a crime, and evidence had to be collected you like it or not... it could have been in AOL or gmail or yahoo, do you think the same information wouldnt have been collected? it had to be collected in order to arrest him and have a solid case. but its obvious since if Microsoft owns the email service where things happened, its easier for them to get the information, it would be stupid to think otherwise.

I know some people like to twist information so much just to call Microsoft hypocrite and somehow defend google, and make threads about it just to be against Microsoft but thats just being ignorant... since again, this has nothing to do with google or anything like that. this was a serious crime investigation, not a tv ad or a happy thing to do, but Microsoft had to do it because his property has to be protected and not leaked and given like candies, especially something like Microsoft Activation Server SDK, which is obviously not a light thing and "lets be happy about it".

 

[psychotron]

Wow. Hold on there, sparky. If you read my original post carefully you'll see I'm not trying to defend anyone. All I'm doing is trying to have a serious discussion about a relevant topic in the press. And as a matter of fact, it has A LOT to do with TOS, as it sets out your legal rights regarding use of a service.

And it was pretty darned unnecessary to call me ignorant, don't you think? Let's not get childish about this. Can we not have an intelligent discussion about something and still be civil?

 

[Citizen X]

The fanbois are out in force today, I see.

Yes, Google scans your email. Let's put this in context. An automated system scans the words in your email, matches it to keywords which advertisers have selected and shows an ad. That's as far as it goes. They

MSFT accessed a private individual's account - This guy WAS NOT A MICROSOFT EMPLOYEE. He was a "third-party" if you RTFA:

"An ex-Microsoft employee was recently arrested for allegedly leaking company secrets, all because Redmond found evidence against him in his contact's Hotmail account. "

Humans read his email, WITHOUT a warrant signed by a judge. That is a very very different thing.

He's a criminal. Are you? Then?

 

[Michael Alan Goff]

By the way, the idea that no humans read GMail is funny. Two employees had to be fired at one point because they used GMail to stalk somebody. :|

 

[FinancialP]

@OP I completely understand your sentiment. However your point won't go well here at wpcentral.

I used to think Crackberry had some wild comments and beliefs. This place takes the cake.

Rational people understand that all these companies snoop to some extent. Microsoft is no different they're in the "better to serve you" business as well.

 

[Guytronic]

Reading thru there's a lot fear\anger concerning evidence gained from a "private" account.

No expert here yet all I can see is my privacy ends at my property line (and that's at risk also.)
To me it's just a scary fact that if anyone is connected to the globe there simply is no privacy.

I know I just have an agreement with the providers of web and mail services.
Knowing I may have opened myself up to scrutiny by not bothering to get familiar with any agreement provided by any service is how I've dropped my guard.

Simply put it's just not possible to send secrets out over connections provided by operations that you don't own without laying down your right to privacy.
I'm pretty sure all web users have been watched from the beginning ... that's just not a secret anymore.
Over wire info just isn't and never will be guarded completely.

 

[tgp]

Simply put it's just not possible to send secrets out over connections provided by operations that you don't own without laying down your right to privacy.
I'm pretty sure all web users have been watched from the beginning ... that's just not a secret anymore.
Over wire info just isn't and never will be guarded completely.

Well put. There are lots of different businesses involved that have access to your data. Let's say for example I send an email to you from my Yahoo account, on my Android on AT&T. You have an Outlook email account and you receive the email on your BlackBerry using Verizon's network. Six companies are involved in that email: Yahoo, Google, Microsoft, BlackBerry, AT&T, and Verizon. I would imagine that any one of them could read that email if they wanted to, or at least would have some form of access to it. And that's not even counting the NSA! :eck:

This incident happened to be one that the media got ahold of, but I'm sure it's nothing new. We would probably crap our pants if we knew what all went on behind closed doors. And that's with all companies: carriers, ISPs, OS manufacturers, governments...

 

[Guytronic]

Well put. There are lots of different businesses involved that have access to your data. Let's say for example I send an email to you from my Yahoo account, on my Android on AT&T. You have an Outlook email account and you receive the email on your BlackBerry using Verizon's network. Six companies are involved in that email: Yahoo, Google, Microsoft, BlackBerry, AT&T, and Verizon. I would imagine that any one of them could read that email if they wanted to, or at least would have some form of access to it. And that's not even counting the NSA! :eck:

This incident happened to be one that the media got ahold of, but I'm sure it's nothing new. We would probably crap our pants if we knew what all went on behind closed doors. And that's with all companies: carriers, ISPs, OS manufacturers, governments...

Laid out very well my friend.

 

[Markham Ranja]

No, just no. No. For starters, he was a Microsoft employee, do you not see what you just quoted "ex-Microsoft employee"? And Google, doesn't just scan - they scan, collect, and sell. Lastly, Microsoft has its own investigation department much like with other companies, which if they find something suspicious (in this case they did), it would then be brought to the FBI or whatever the government security agency is for legal actions. Microsoft didn't need a warrant, it's their service, their ToS, their policy, services agreement, code of conduct, etc.

From your perspective, you say it like Microsoft did something unlawful because they went through the guys' data for investigation, and its ok with you if Google scans your everything and make profit out of you. It doesn't matter if it's automated or human, data is still collected. Only difference is that Microsoft's own codes were being leaked and violated a whole lot of their policies, while Google sells everything from its user.

RTFA again. There are 2 people - Kibkalo, the MS employee who was leaking secrets, and an unnamed blogger, who received these secrets. MS searched the blogger's account without a warrant.

Also, FYI, MS and every other email service HAVE to scan your email, for spam filtering and other purposes. And nobody "sells" user data, that's just stupid.

Yes, it is not ok with me if MS intentionally goes after MY accounts because THEY unilaterally think that I might be causing harm to MS. Google serves ads on everybody's email - that seems to be better to me. MS' ToS have this "that they reserve the right to "protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services"

That's a problem with the overly broad wording of privacy policies. Nearly every company in the world is a Microsoft customer. And "protecting rights or property" is very broad. Could Microsoft look for information about why a customer is not paying its bills in Hotmail accounts? Could they scan their customers' corporate email for indication of piracy? Or software licensing irregularities? What about patent disputes?

 

[travis_valkyrie]

RTFA again. There are 2 people - Kibkalo, the MS employee who was leaking secrets, and an unnamed blogger, who received these secrets. MS searched the blogger's account without a warrant.

Also, FYI, MS and every other email service HAVE to scan your email, for spam filtering and other purposes. And nobody "sells" user data, that's just stupid.

Yes, it is not ok with me if MS intentionally goes after MY accounts because THEY unilaterally think that I might be causing harm to MS. Google serves ads on everybody's email - that seems to be better to me. MS' ToS have this "that they reserve the right to "protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services"

That's a problem with the overly broad wording of privacy policies. Nearly every company in the world is a Microsoft customer. And "protecting rights or property" is very broad. Could Microsoft look for information about why a customer is not paying its bills in Hotmail accounts? Could they scan their customers' corporate email for indication of piracy? Or software licensing irregularities? What about patent disputes?

The blogger was reported to Sinofsky by the random person because of the email probably along with the sample codes. Only then Microsoft took action to abide with the agreement. Warrant or not, the end result would've been the same, but Microsoft is not a law enforcement agency so they cannot get a warrant for itself, that's why they had to stick with their agreement. And since this was not an ordinary case of scanning for spam or etc, they had to take a different approach to catch a criminal.

 

[Jaskys]

But in both cases the legality is extremely questionable (Google is fighting a class action over the very thing you mention as we speak). The previous employee should still be afforded a citizens right to privacy. Microsoft is not a law enforcement agency and doesn't have any more privilege than you or I to go through someone's private email without a warrant or court order.

Posted via the WPC App!

He has contract with MS and he broke it, MS can do anything with people who works for them, what would you do?

Oh keep leaking little boy, you're doing a GOOD job, those security vulnerabilieties that you gave out to public, are really great, hackers are on their way to infect thousands of computers, but we won't stop you. Keep doing what you do, oh and pirates says thanks for KMS activation

You have to understand, would you allow random person who would wreck anything in your house to live with you? No, so MS doesn't want some reckless ******* living in their house.

That person broke the law, broke MS contract.

 

[jojoe42]

Personally I think the press has overblown it a little. He did break a few contracts in the process of sharing these early Windows 8 builds (I'd imagine an NDA, employment contract and MS account T&Cs) and so fair enough Microsoft gets to scan through someone's inbox. Not only has he broken agreements with those contracts, it's also illegal too. So what if he has a citizens' privacy rights thing - he clicked agree to the MS T&Cs which is SEPARATE to a citizens' privacy rights, and besides he broke Microsoft copyright/disowned their rights to their CONFIDENTIAL stuff, it's not like the guy emailed a torrented movie and MS pulled him up. Early builds of Windows belong to Microsoft, anyone else who has access to it is on Microsoft's terms, and they have the right to pull someone out if they fall out of agreement.

 

[csd_images]

Here's John Frank's statement on the matter. It lays clear MS's actions and why the undertook them. If you have issues or want to second guess the guy in charge of legal counsel for MS feel free.

Statement

Microsoft is usually fairly transparent when issues like these occur. If you have an issue with how MS conducts these searches then e-mail them but note they was totally within the remit as the law as it stands in this point of time.

Here's Frank's bio if you don't know who the guy is:

LinkedIn

To note finally, this isn't the same on any level nor related in any way to what Google does with the AdSense network. All e-mail providers have similar terms and conditions that will veto any right to privacy, if you have any inclination for privacy then don't use e-mail as everyone who plays pass the parcel on the network will potentially have copies of the data or has the ability to eavesdrop. The investigation was triggered upon finding criminal actions detrimental to Microsoft, if you say Google, Apple, AOL or any other company who hosts e-mails won't do this if they find similar circumstances then you're naive or a troll.

The solution here is simple, if you're concerned with privacy learned to use PtP encryption which is easier said than done when it's not the easiest thing to set up and ensure veracity. If you are reliant on a third party then you've compromised the chain of trust.

 

[jailman]

Well ... Microsoft has the right to protect its business dont they ?

 

[herbertsnow]

I agree with Microsoft. Don't like too bad.

 

[neo158]

Well ... Microsoft has the right to protect its business dont they ?

Exactly, the problem is that everyone thinks that this is exactly the same as what Google has been doing. It isn't, it was their own servers and the search was conducted in accordance with their ToS, which is the same ToS we all accepted when we created our own Microsoft Accounts.

The point is that if you engage in illegal activity on a companies servers then that company has the right to search their servers as part of the investigation, no warrant needed.