Microsoft: We have the right to search your Hotmail account

[psychotron]

Is this hypocrisy in light of the Scroogled campaign or justified in light of the situation? Under what kind of circumstances should a corporation be allowed to do things like this without a court order? Even the NSA needs permission from the DOJ to gather info on suspects. Opinions?

Microsoft: We have the right to search your Hotmail account (updated)

EDIT: I guess I need to make a couple of things a little more clear. What I was mainly trying to accomplish with this post was to play devil's advocate and foster an important discussion. Do I personally think Microsoft was justified? For the most part, yes. Richard Hay of Windows Observer wrote a very good and relatively fair take on the situation here: http://www.windowsobserver.com/2014...s-in-their-search-of-leakers-hotmail-account/

But I do think this is still a topic worthy of discussion as I believe it raises another important question regarding privacy - Just because it is in the TOS of the email host, does that alone make it right or legal, even given the circumstances? The reason I bring that up is because consent is given in Goggle's TOS for them to use an algorithm to scan a user's email for keywords in order to target advertising, yet they are still facing a class action suit based on that practice. Thinking about that also led me to this thought - Is it possible that the defense may be able to persuade the court that is prosecuting this case to declare the email evidence inadmissible due to the manner in which it was gathered? My reasoning behind that is the fact that even known criminals who are clearly guilty of misconduct have wiretap evidence and such dismissed all the time based on how it was obtained. In any case, only one thing is absolutely certain at this point in my opinion, and that is that things become dreadfully murky once lawyers become involved.


I think that Microsoft may have perhaps avoided much of this supposed bruhaha had they simply given permission to an outside law enforcement agency to conduct the investigation and gather evidence as the way they went about it might smack a bit of vigilantism in the eyes of privacy advocates. As always, though, hindsight is 20/20.

 

[Matt Fara]

They were obviously suspicious about this one guy and they got their legal team to verify that it would be allowed. Looks like a smart move to me.
My work has access to all their employees emails and can check them at any time, what's the difference?

 

[psychotron]

They were obviously suspicious about this one guy and they got their legal team to verify that it would be allowed. Looks like a smart move to me.
My work has access to all their employees emails and can check them at any time, what's the difference?

For one, he was no longer an employee. Secondly, it was his private Hotmail account. There's a difference between corporate and private email in the eyes of the law.

Posted via the WPC App!

 

[mpt15]

Google searches email and uses it for targeted ads. Google makes money selling data to advertisers. In Microsofts case, it was the question of tracking down an unlawful activity that harmed its company. That's the difference between google and Microsoft.

 

[Matt Fara]

Doesn't matter, he was an employee at the time of in the incident.
In that case he could have openly stated it was him who leaked the info after he left the company, but it doesn't work that way, he is still held accountable.

Even though it's also a public service, it's a Microsoft service, and he was a Microsoft employee.
With a very strong suspicion they would be crazy to NOT look right under their noses.

 

[psychotron]

Google searches email and uses it for targeted ads. Google makes money selling data to advertisers. In Microsofts case, it was the question of tracking down an unlawful activity that harmed its company. That's the difference between google and Microsoft.

But in both cases the legality is extremely questionable (Google is fighting a class action over the very thing you mention as we speak). The previous employee should still be afforded a citizens right to privacy. Microsoft is not a law enforcement agency and doesn't have any more privilege than you or I to go through someone's private email without a warrant or court order.

Posted via the WPC App!

 

[psychotron]

Doesn't matter, he was an employee at the time of in the incident.
In that case he could have openly stated it was him who leaked the info after he left the company, but it doesn't work that way, he is still held accountable.

Even though it's also a public service, it's a Microsoft service, and he was a Microsoft employee.
With a very strong suspicion they would be crazy to NOT look right under their noses.

So Microsoft is above the law, then?

Posted via the WPC App!

 

[Laura Knotek]

For one, he was no longer an employee. Secondly, it was his private Hotmail account. There's a difference between corporate and private email in the eyes of the law.

Posted via the WPC App!

Many companies require that employees sign a non-compete/non-disclosure clause. I left one company, and I was not allowed to work for any of its competitors for 2 years, or reveal any trade secrets. That was on me, since I read the paperwork and signed it when I got hired.

 

[travis_valkyrie]

It's not that Microsoft is the law, but since Microsoft owns the service, Microsoft and other legal agencies have the right to inspect the service, but only in an event of investigation. There should be a clause in the employee handbook under privacy that says this. And it was a fairly legal action since there was unauthorized distribution and breach of NDA. Google on the other hand, scans everything, no matter the weather.

 

[Live2Deliver]

Is it the same, if one is highly suspected of selling national secrets to have the house FBI raided, and having your house spied by sales companies 24/7 so they'll know what ads to plant at your backyard?

No.

 

[theefman]

Difference number 1: google snoops EVERYBODY'S email on gmail, Microsoft did this in this special circumstance as it involved their trade secrets, not just some screenshots but data that could harm the company. Couldn't be clearer what separates google and Microsoft.

 

[csd_images]

Let's put some context into this:

How Microsoft tracked down a spy who leaked its secrets | ZDNet

Also note, MS is a corporate not political entity, so you can't serve warrants on yourself.

MS followed their procedures of their Legal Counsel, if you want to second guess their expert knowledge then feel free but there is a massive difference between searching a specific remit of e-mails for suspected corporate espionage and using e-mails for generating a bottom line for your company.

Of course everyone and their dog is going to blow this out of proportion to the actual matter, which is simply the ex-employee and a blogger tried to sell source code/corporate secrets and generate keys off a VM. MS investigated and have now handed the evidence to the relevant authorities. If they haven't collected that evidence in a legal manner then that case will get thrown out of court, somehow I don't think MS legal team is that stupid.

 

[Markham Ranja]

The fanbois are out in force today, I see.

Yes, Google scans your email. Let's put this in context. An automated system scans the words in your email, matches it to keywords which advertisers have selected and shows an ad. That's as far as it goes. They

MSFT accessed a private individual's account - This guy WAS NOT A MICROSOFT EMPLOYEE. He was a "third-party" if you RTFA:

"An ex-Microsoft employee was recently arrested for allegedly leaking company secrets, all because Redmond found evidence against him in his contact's Hotmail account. "

Humans read his email, WITHOUT a warrant signed by a judge. That is a very very different thing.

 

[Markham Ranja]

Let's put some context into this:

How Microsoft tracked down a spy who leaked its secrets | ZDNet

MS followed their procedures of their Legal Counsel, if you want to second guess their expert knowledge then feel free but there is a massive difference between searching a specific remit of e-mails for suspected corporate espionage and using e-mails for generating a bottom line for your company.

Yes, there is. Even the FBI, if they want to tap my phone, must get a signed warrant to do so. MSFT violated someone's privacy, with no right to do so. That is much much worse.

 

[Markham Ranja]

Is it the same, if one is highly suspected of selling national secrets to have the house FBI raided, and having your house spied by sales companies 24/7 so they'll know what ads to plant at your backyard?

No.

Being raided, i.e. people busting into your house with guns drawn is very different from being watched. The FBI, in your example, must still go to a judge. Even if they have hard evidence that I am building a nuclear bomb in my basement, they must still go to a judge. If they enter my house without a warrant, any evidence is void. MSFT just raided a house without a warrant,

 

[Markham Ranja]

But in both cases the legality is extremely questionable (Google is fighting a class action over the very thing you mention as we speak). The previous employee should still be afforded a citizens right to privacy. Microsoft is not a law enforcement agency and doesn't have any more privilege than you or I to go through someone's private email without a warrant or court order.

Posted via the WPC App!

Actually, the court recently ruled that it's not a class action. Individuals may still sue, but not as a class.

 

[Markham Ranja]

Doesn't matter, he was an employee at the time of in the incident.
In that case he could have openly stated it was him who leaked the info after he left the company, but it doesn't work that way, he is still held accountable.

Even though it's also a public service, it's a Microsoft service, and he was a Microsoft employee.
With a very strong suspicion they would be crazy to NOT look right under their noses.

He was never a Microsoft employee. Read the article again. They investigated the account of a blogger, not of the employee who leaked secrets.

 

[Markham Ranja]

Of course everyone and their dog is going to blow this out of proportion to the actual matter, which is simply the ex-employee and a blogger tried to sell source code/corporate secrets and generate keys off a VM. MS investigated and have now handed the evidence to the relevant authorities. If they haven't collected that evidence in a legal manner then that case will get thrown out of court, somehow I don't think MS legal team is that stupid.

Huh? Are you THAT short sighted? So MS have the right to read my email if they think I might be harming their company? **** that!

Also, it is dangerous to say "they can't be that stupid" about MS; they have often shown that they are and this is one of them. Even in this case, MSFT has stated that they will modify their process in the future; they will have a "former federal judge" review such issues. I have no legal training, but I believe that could be construed as an admission that the process was insufficient in this instance (why would they change it otherwise?) and that could very well screw them.

 

[psychotron]

Many companies require that employees sign a non-compete/non-disclosure clause. I left one company, and I was not allowed to work for any of its competitors for 2 years, or reveal any trade secrets. That was on me, since I read the paperwork and signed it when I got hired.

Good point, Laura. I worked for the government for many, many years and was in a similar situation when I left.

 

[csd_images]

There is two people in question here the blogger and Kibkalo. Both had accounts under the remit of MS, so there is no foul play here as both had signed to MS contracts. Kibkalo to it's employee agreements (which are pretty much standard across the board) and the blogger to MS e-mail services which allows this (look at Ed Bott's article it shows the paragraph).

The bloggers e-mail account was only searched after there was a clear link to Kibkalo, it couldn't be searched before hand. Since it's within the remit of MS they can conduct a search on their own services without a warrant but they follow a procedure that holds them accountable to a court of law, in this case they assigned a legal counsel to ensure that no legal bounds was over-stepped. The evidence they needed was stricter (in MS's

Deputy General Counsel own words) than what is required for a warrant. ​

Also check the two updates to Arstechnica. I quote:

The investigation repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past.​

The third party in this case was the blogger who gave his permission when he signed up for the privilege of using the service.