Despite likely not having to legally, Microsoft has gone the extra mile to protect its employees and customers

Microsoft Corp. (MSFT) raised some eyebrows when it revealed exactly how it had ferreted out a leaker back in 2012.

After being contacted by a French blog asking if a leaked build of Window 8 was authentic, it turned out it was and that the leaker had used a Hotmail account.  The only problem?  Microsoft owns and operates the Hotmail service (Hotmail was recently replaced by, but the branding is still living on in some regard).  So it performed an internal audit and identify the leaker as Alex Kibkalo, a software architect who was allegedly disguntled over a poor performance review.

I. Microsoft: Your Email is Safe

In the wake of Mr. Kibkalo's arrest, many have cried foul and complained that Microsoft had no right to search a private email account, even if it belonged to one of their own employees who had commited crimes.  After all, if they would do that to Mr. Kibkalo, what's to stop them from doing it to the next customer?

To clarify, Google Inc. (GOOG), Microsoft, and every other major online service provider do scan message content in an automated manner without asking, as they typically state in their terms of service.  They due that in order to better target you with ads.  That may be annoying, but it's not overly evil, after all they're offering you a free service and have to make money somehow.

More controversial is whether a company like Microsoft can "search itself", accessing password protected accounts belonging to customers or employees that may have broken company policies or the law.  Many believe allowing such a practice without strict procedures may be legal, but is unethical to employees and invites abuse.

Well, believe it or not, Microsoft actually agrees.

Hotmail logo

In a statement released this week Microsoft's general counsel, VP John Frank, commented:

We believe that Outlook and Hotmail email are and should be private.  Today there has been coverage about a particular case.  While we took extraordinary actions in this case based on the specific circumstances and our concerns about product integrity that would impact our customers, we want to provide additional context regarding how we approach these issues generally and how we are evolving our policies.

Courts do not issue orders authorizing someone to search themselves, since obviously no such order is needed.  So even when we believe we have probable cause, it’s not feasible to ask a court to order us to search ourselves. However, even we should not conduct a search of our own email and other customer services unless the circumstances would justify a court order, if one were available.  In order to build on our current practices and provide assurances for the future, we will follow the following policies going forward...

He goes on to explain that the company will separate the legal team from the audit team, and that if an employee is suspected of criminal activity on a work account, the auditors will have to justify to legal that a warrant would be issued, were the account with a different company.

II. A Seemingly Progressive Policy

This is pretty incredible as Microsoft has no legal obligation to do this.

Google has a similar policy, which was elaborated by Christopher Nguyen, head of internet apps at Google back in 2012.  He posted to Quora:

A small number of GMail related engineers have access to the servers as a matter of necessity to do their jobs; a very small number of people actually access the contents as a matter of necessity to do their jobs, and even then, almost always only the associated metadata.

The rest have to file a request and justify any access they ever need, which is extremely rare. All have to sign paperwork re users’ privacy at the risk of dismissal & legal action, knowing that whatever they do is discoverable. And ultimately, an internal culture of respecting users’ privacy helps keep one another in check.

To our knowledge Google hasn't as rigidly defined or made public its audit structure for such requests to the extent that Mr. Shaw did, nor did in promise the level of transparency to internal audits as Mr. Shaw has.  Google does a good deal of reporting on external audits, but internal audits have remained cloaked in secrecy to some extent.

You employer likely has no legal compulsion to give you due proccess if you use its email accounts; however Microsoft is going the extra mile with its employees and customers to prevent abuse. [Image Source: The Next Web]

Facebook, Inc. (FB) on the other hand appears to have no such policy.  And again, it has no legal obligation to.

Nolo, an online legal information wiki, summarizes:

Courts [in the U.S.] have found that employers are generally free to read employee email messages, as long as there's a valid business purpose for doing so.

Microsoft had previously operated under a similar policy.  Its terms (which have yet ot be amended) state:

We may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the services; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers or the public. We may also disclose personal information as part of a corporate transaction such as a merger or sale of assets.

In other words, if you're doing activity that harms Microsoft -- whether you're a college student selling pirated XP licenses out of your account or a Microsoft employee sharing insider secrets because your boss wrote you up -- you were fair game in the past to have you account inspected.  Now it will be a bit harder.

But don't get too cocky.  The policy is designed to prevent abuse.  If Microsoft finds compelling evidence that a crime was committed against it using its messaging services, it can and will get an inspection order approved by its internal auditors.

III. Microsoft Remains a Powerhouse in the World of Email

An aside, regarding how important this new is or isn't, Hotmail/ currently occupy 6 percent of total email opens, according to marketing firm Litmus:

Email market share

[Image Source: Litmus]

According to that report, in 2013 Apple, Inc. (AAPL) controlled 46 percent of email traffic via its popular mobile products.  Microsoft was in second with roughly 25 percent, while Google was in third with 18 percent. Yahoo! Inc. (YHOO) had 5 percent.

Google is the dominant force in webmail (online clients), while Microsoft's Outlook is the most used installed email client app.  Apple's services, meanwhile, lead the mobile realm in usage.

Those numbers suggest that a slim majority of U.S. users may use Google Inc.'s Android operating system, but many of them also rely on Microsoft products (or Yahoo!) for their email needs.  By contrast Apple keeps its entire customer base tightly corralled.

Oh, and Apple definitely has no compunction with reading employee email.  In fact it's infamous for the lengths it goes to, to hunt down leakers.  So while Microsoft and Google's promises rely on a degree of customer and employee trust, at least they're making an apparent effort, versus the likes of Apple and Facebook.

Source: Microsoft via The Verge

"It looks like the iPhone 4 might be their Vista, and I'm okay with that." -- Microsoft COO Kevin Turner

Latest Blog Posts

Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki