This story didn't get the attention it deserved.
Last week it transpired that Microsoft, looking to track down someone who'd leaked some of its code online, went digging into the private home Hotmail email account of one of its employees. (Microsoft owns Hotmail, which it has recently rechristened Outlook.)
The move was disturbing.
If the guy had taken the code, that's wrong.
But I don't like the idea of these private companies we've entrusted so much personal data to deciding on their own that they deserved to go snooping into it.
A code-leaker is one thing. What if you owed the company money and it decided it was justified to go poking around into your email? What if you were a digital journalist who criticized the company or had spoken off the record to an employee?
Microsoft offered up some legalistic justifications last week. Then it said that, in the future, it would go through a new quasijudicial proceeding before doing it again.
That didn't work for me. It's simple, really: We customers want our private email kept private, period.
Now the company has backed down, and big time.
In a blog post, the company's top lawyer says this:
Last Thursday, news coverage focused on a case in 2012 in which our investigators accessed the Hotmail content of a user who was trafficking in stolen Microsoft source code. Over the past week, we’ve had the opportunity to reflect further on this issue, and as a result of conversations we’ve had internally and with advocacy groups and other experts, we’ve decided to take an additional step and make an important change to our privacy practices.
Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.
He went on:
In addition to changing company policy, in the coming months we will incorporate this change in our customer terms of service, so that it’s clear to consumers and binding on Microsoft.
It’s always uncomfortable to listen to criticism. But if one can step back a bit, it’s often thought-provoking and even helpful. That was definitely the case for us over the past week. Although our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case, the circumstances raised legitimate questions about the privacy interests of our customers.
The full post is here.
In my opinion, the statement is not squirrelly. On this matter, at least, the company seems to get it. The lawyer went on to say it would be working with other email providers and the Electronic Frontier Foundation - a consumer-oriented group - to establish best practices throughout the industry.