Microsoft is defending its right to break into customers’ accounts and read their emails.
The company’s ability — and willingness — to take such an approach became apparent this week. Microsoft (MSFT, Fortune 500) admitted in federal court documents that it forced its way into a blogger’s Hotmail account to track down and stop a potentially catastrophic leak of sensitive software. The company says its decision is justified.
From the company’s point of view, desperate times call for desperate measures.
“In this case, we took extraordinary actions based on the specific circumstances,” said John Frank, one of the company’s top lawyers, in a blog post Thursday night.
According to an FBI complaint, Microsoft in 2012 discovered that an ex-employee had leaked proprietary software to an anonymous blogger. Fearing that could empower hackers, Microsoft’s lawyers approved emergency “content pulls” of the blogger’s accounts to track it down. Company investigators entered the blogger’s Hotmail account, then pored over emails and instant messages on Windows Live. The internal investigation led to the arrest on Wednesday of Alex Kibkalo, a former Microsoft employee based in Lebanon.
Although the move could be perceived as a breach of trust, Microsoft says it’s allowed to make such unilateral decisions. It pointed to its terms of service: When you use Microsoft communication products — Outlook, Hotmail, Windows Live — you agree to “this type of review … in the most exceptional circumstances,” Frank wrote.
Microsoft’s legal team thought there was enough evidence suggesting the blogger would try selling the illegally obtained intellectual property. In such instances, law enforcement agents would typically seek a warrant, but Microsoft said it didn’t need one. The servers storing the information are on its own property.
Ginger McCall, a director at the Electronic Privacy Information Center, said those actions are deeply troubling, because they show “Microsoft clearly believes that the users’ personal data belongs to Microsoft, not the users themselves.”
“This is part of the broader problem with privacy policies,” she said. “There are hidden terms that the users don’t actually know are there. If the terms were out in the open, people would be horrified by them.”
Microsoft recognizes that it’s a sensitive topic, especially as the nation grapples with revelations about the extent of warrantless surveillance on Americans by their own government — spying that Microsoft and other major tech companies have loudly criticized.
That’s why Microsoft is instituting a new policy: In the future, it’ll loop in an outside lawyer who’s a former federal judge and seek his or her approval.
In a move that might be deemed ironic, Microsoft will now add its own internal searches to its biannual transparency reports on government surveillance.