Microsoft promises additional steps for protecting your email privacy

Last week it came to light that an ex-Microsoft employee had busted by the feds for leaking Windows 8. Microsoft was protecting their intellectual property, but came under fire for how they went about doing it. The ex-employee had shared sensitive Microsoft material to a leaker in France using Hotmail and SkyDrive. Microsoft received flak last week for an apparent invasion of privacy and has sent out a statement about corrective actions the company will be taking.

Microsoft received some pretty damning accusations last week over how they handled the situation. Many were concerned that Microsoft was actively snooping into personal email accounts. Which would be pretty hypocritical with the Scroogled campaign and all.

However, that wasn’t the case. Microsoft went into one email account to interrupt a crime in progress. The legal team at Microsoft had internal discussions on whether or not to pursue this extraordinary action. In the end they decided it was in the best interest of Microsoft to go into the leakers Hotmail account.

A lot of people on the internet chimed in saying that Microsoft should have reached out to the FBI or other law enforcement parties before going through the email. Microsoft did what they thought was best at the time. And it’s entirely within their terms-of-service to do that. Companies like Google and Yahoo have similar protections in place.

But we’re dealing with a fairly more modern Microsoft. One that appears open to feedback. Here’s Brand Smith, General Counsel and EVP of Legal & Corporate Affairs, announced today on a company blog post:

“Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.”

The company will incorporate the changes in the coming months into their customer terms of service. This will make it a clear binding agreement between customers and Microsoft.

We can always get behind increased transparency. What do you think of the changes?

Source: Microsoft (opens in new tab)

P.S. Read this post from Ed Bott for some good reading on the leaks and how Microsoft tracked down the source. 

Sam Sabri
  • Well, that's why I stopped using Gmail . Honestly I'm loving outlook!
  • I never loved Google. I love the simplicity and design that Microsoft has with all their products. Google is CRAP!
  • +1020
  • Left Google for scanning my emails now Microsoft is reading them when they feel like it's necessary, WTF!
  • Your conclusion is what is known as an inductive fallacy aka generalizing. 
  • Hyperthetically, this is strictly deduction; by the facts in hand.. but then the problem with causality is that there is a hair-breath difference in these concepts, and the margin of error is quite high. Having said that, according to TANSTAAFL principle, we can safely deduce that Microsoft too is getting incentive of some sorts from the massive user data; something more than impressive stats. /end-of-opinion-time.
  • Rofl... either you are a not very sharp fanboy or on MS payroll. I like some of the MS products, but no one should believe their PR bullshit. You can be sure that thet will be ONLY more cautious about this issue, but still snoop through emails.
  • People like things, you bashing him for liking all Microsoft products is stupid because I use all of them. Every flipping app there is I have on my phone just for the hell of it.
  • Absolutely.
  • I'll still take a company that snoops into emails to prevent a crime than one that snoops into email to enhance the targeting of ads and increase their ad revenue. Google makes almost all their money from advertising. I will trust the company that makes money from selling actual software and hardware to enterprises and consumers than the one that one that makes money from selling ads. The company that makes money from ads has more to gain from abusing your privacy. The company that lives and dies from people trusting their software has a lot more to lose. There is very little right to privacy from an employee using an employers network. Besides the policy of hotmail, there is probably also the employment agreement that allows Microsoft to go into an employees email on their network. This is true with most employers. It's just that most employers don't have an email network that is also used by hundreds of millions of consumers.
  • +187.6
  • Let's be honest, if we compare Microsoft with Google in email privacy, Microsoft is a thousand times better. You can even feel the privacy in outlook from the first moment you log in. I don't feel the privacy in Gmail by watching all those adds in my email. It feels like the ads are reading my emails.
  • " Google makes almost all their money from advertising. I will trust the company that makes money from selling actual software and hardware to enterprises and consumers than the one that one that makes money from selling ads." I never really thought about it that way. I trust no corporation, including Microsoft, but you make a good point with this.
  • This is the big difference and I agree 100%, if they have evidence that someone is stealing IP then they are within their right. They are not snooping peoples email to target ads and make money. Typical media and users that have no clue blow things out of proportion.
  • +1228
  • Me too
  • People please!!! Microsoft is not gonna play with privacy when they have a campaign against Google in that matter, I don't know after the campaign but not for now. Be smart.
  • Good response from Microsoft.
  • I like how they respond to feedback. Not like other companies that don't give a dam about the consumers.
  • Nice one MS!
  • Minor grammar issue in the first sentence of the article.
  • We're live dude!
  • I saw it too
  • It would be one thing if it was a work email account put going into someones personal account is not cool.  If you have to ask legal about it you probably should know its not the greatest thing to be doing. Glad the practice will be locked down a bit more.
  • I like how they handled this. That said, it would have been a lot easier without the whole 'scroogled' thing hanging over it. I never did like those ads. Always thought to myself, Microsoft is better than this. They don't need to resort to low-ball attack ads. Appearance is everything in situations such as this.
  • Any steps to protect personal privacy is a good step.
  • Does anyone ever proofread these things? Had busted? IT'S HAD BEEN BUSTED.
  • Sounds good, though wish i could configure my outlook in office 2007!!
  • U can but u need to install outlook connector, a little bit glithy some times though
  • Thanks tho I've got connector working ok n av W8 mail working fine, just the darned office 2007 version...
  • Time to upgrade?
  • Maybe, maybe...
  • Send me your password
  • We will send you personalized ads (alongside other stuff) thank you for using our *free* services
  • But i use gmail for trash emails use to subscribe anywhere but i want to keep my hotmail clean for official use only.
  • I have Yahoo for that purpose.
  • Don't know which one is better for that purpose, gmail or ymail! xD
  • I like yahoo there apps on my iPhone is stupendous and you get a plethora of storage. I use ymail for social media updates.
  • Me too,
  • I use yahoo to subscribe everywhere i use outlook for my million dollar bank account
  • Switched from Gmail to Hotmail about two years ago. Couldn't be happier!
  • Glad to hear this response - MS seems to be getting quite responsive to feedback - this i like. With regards to going into email accounts because they are suspicious of the activity - they correct thing to so would be to contact the law enforcement agencies in question. Checks and balances people! And, of course, for true privacy one must pay for it - this is a free service, one gets what one pays for! Either way, good on MS for reacting in a manner not arrogant! (better for business ;)
  • It annoys me that Google uses an automated search algorithm to scan my emails to target ads to me. But I like the Gmail is now end-to-end encrypted.  I'd like Microsoft to follow that lead.  If they do already, please let me know. My bigger desires for MS's services is that they improve the quality. 1. Let me use my own images for contacts in my contact collection. Currently, forces users to accept contacts' social media images, which forces users to connect their social media accounts to Microsoft's. That seems like an invasion of privacy. Google doesn't ask for my Facebook password.  Also, why can't I assign a traditional picture to a contact in my own contact collection, instead of accepting somebody's Facebook profile picture of their cat? 2. won't display your to-dos (tasks) on the calendar itself. You have to use a different page to see tasks. When I plan my work week, I need to see appointments and tasks in one view. Basic rule for email: you should expect that anything you email could be made public. If that bothers you, you should stop using email or use an encryption method between senders. Even though Google may offer end-to-end encryption, the email is still sent in plain text from your correspondent to Google, which then encrypts it.  Or, if you send from Gmail, it leaves Google's servers in plain text on its way to its recipient.  There really never was privacy in email. We all have our favorite tech companies and services, but I think they're all equally self-interested. I have a lot of data on OneDrive. Do I think it's safe from Microsoft's prying eyes? No. But I'm willing to give up some privacy for the convenience of the service. That's also why I use Gmail. Sure Google scans my email, so I don't ever use email for communications that I would care if somebody else read.
  • Was he using a personal account or employee account?
  • Good question.It comes across that the account snooped was a personal account which seems to have prompted Microsoft to take these steps.
  • They did not scan the employee's account. They scanned the account of a journalist who was in touch with the employee.
  • To be honest this is not your typical snooping allegation, this is an employee using tools made by its employer. Its a bit grey and it is good Microsoft is choosing to recognise this and act to remove any grey issues in favour of the individual.
  • I never put sensitive information on Skydrive or on my hotmail email because MS's terms and conditions entitle them to access your data. This seems entirely reasonable to me. You can password protect any Office document or .pdf file so there is never any need to open yourself up to Microsoft or any other cloud storage or email provider.
  • I'm glad to got into his email to solve a criminal matter, commit the crime do the time, pretty simple, and I would say the same applies to any organision, they generally have a right to look at your emails if they are opened or used within a internal network.
  • No email service is really private
  • I had read bout this elsewhere and i wondered why this site wasn't reporting about the Microsoft snooping incident.
    Until of course now.
    I get the impression that you'll held back from reporting on that incident being a Microsoft/Windows Tech/fan site which is disappointing cause negative or not - I believe you'll should have written about it anyway...not waited till this positive development came out.
    That apart, Im glad Microsoft has rectified what they did as it would have been egg on their face after that whole Scroogle-this Scroogle-that campaign they ran.
  • Not now; It was reported on this site on 20th March. You Missed it.
  • The story here had a totally different spin than what was reported about the privacy violations by other media. So not at all comparable. There should at least have been a follow up story that MS gets heavily criticized for its email spying. Also keep in mind that only the positive statement from MS gets reported here now while a couple of days back MS officially still said they did nothing wrong and won't change anything. Just when the outside now became too big MS now decided to somehow protect your privacy again.
  • The whole internet has said MS has been sneaking into peoples emails. The worse statement ever came from BGR. Shame on MS for sneaking into my email!
  • I don't think Microsoft did anything wrong to begin with they were within their legal rights however the decision to not search emails until they have received permission is just solid proof of how Microsoft respects and values customers privacy.
  • Google is a consumer spy agency. They take your info and try to make money with it anyway they can. Wouldn't you, if you had to answer to investors to justify your job and role in the company? That's what corporations do, but deny it through their PR agent and their campaigns. Remember always; that we are a selfish bread of animal, and we need our Ego and Dilutions to keep us going day after day. Hence Religion and after-life. If you want to avoid these data miners, you have to keep changing your identity like; running under different aliases, Changing IP addresses, Encrypted personal emails, 1 month old Gmail accounts, with plenty of phony data. Let them use that... I've been with Hotmail since the beginning and I've not been given any reason so far to distrust Hotmail. I guess, Bill Gate's conscious is bothering him about all his thieving, dumpster diving and "pushing others off the cliff" days are behind him, and now he wants to be a humanitarian with his foundation and wifey to back his ego, which is fine with me. Just don't burn your bridges Bill and Melinda! Money as you know, can be a curse. The only way to combat this infant-like behavior is through the same tech they use to track you and your activities. Give that up; by cycling your accounts every 30-90 days, using VPN services from a company for up to 90 days, and they won't have a clue about who you are, and what you really do. If that's what you want. Since I haven't had a real identity since day one, I like to keep it that way as long as I can. It’s a lot of work and you need training in security but given the alternatives, I think it’s worth my time and effort. Welcome to the imperial world of telecommunications.
  • And what about the user info which they are selling to FBI for €200 Each ? Privacy? Ehh...
  • They have a legal obligation to supply data about an user when the government makes a request. And as far as I remember, that same law grants them the possibility to charge for that data, so it also helps to prevent abuses with request from the government. If it was free for the government, they will start requesting almost everyone's data.
  • Gmail anyways is bullshit....Outlook/Hotmail all the way :D
  • Really? They(Miscrosoft) are SELLING user info to FBI.
    Gmail is still better.
  • If I'm not wrong, all the big tech companies have the obligation to supply data to the government. And I remember I read that Sprint had a problem because the government thought they were charging too much. Based on that fact, my logic tells me that all the tech companies that are obligated to supply data, also have the right to charge for it, even Google (which I hardly doubt won't charge for that). Additionally, Google scans your e-mail to place "better" ads on your inbox, while Microsoft does this to prevent spam and to fight against unwanted practices online. Do the math and tell me who's better now. I know Microsoft is not perfect, but Google ain't either. And I don't like the way media treats Microsoft for this kind of stuffs while Google remains untouched and "the cool one" every day. EDIT: Sorry for replying to you in two different posts. I didn't notice you were the same person!
  • I'm sorry, if you're dumb enough to leak MS software using their products, then you should get caught and shouldn't have babies. We don't need more ppl like you.
  • The report here is highly misleading. It makes the impression that MS scanned the emails of an employee and got criticized for that. That is wrong. To track down their employee MS started to scan email accounts on of third party persons that were in touch with the employee. The whole story is that MS read emails of a journalist's account that was in touch with the ex-employee. While you can argue that it might be ok to scan the email account of the employee who is an actual suspect in an investigation, to scan email accounts of a third party persons not suspected in any crime is a totally different thing.
  • That's interesting, because multiple sites didn't mention that. While I can now see the reason people are up in arms ... Again, they have access to their product. If you choose to use said product, they have the right to do what they did.
  • No they don't. There are national privacy laws that MS has to follow. At least in Europe reading someone else's emails requires a court order in most countries. You cannot void the local privacy laws in your TOC. In the current case the journalist was a French national, so French privacy law applies.
  • I didn't know that was a French law. But if they can't scan the emails, then said French journalist has a law suit. So it's a legal matter in France.
  • That's exactly why MS emphasizes in every statement that they first asked their legal team and that it was totally legal. Simply because they are afraid as hell that someone sues them over this. I also remember their statements back in the 90s that "bundling Windows with IE is totally legal in the EU". At the end we all know who had to pay a record amount because of violating EU law.
    Same BTW with Google's statement that capturing and recording WiFi systems was "totally within the law". At the end they got convicted for it. Or Apple that lost a law suit because of not informing EU buyers about their warranty possibilities in a correct way. So MS is no exception there. It's a general problem of companies with a very US-centric view that always think what's ok in the US is ok in other countries as well.
  • Down with google! I love outlook:) wish I could access all my accounts from one login though...have a handful is quite tedious to check everyday.
  • I got an email from Microsoft saying someone in France attempted to login in to my live email 3 times. It showed me their I.P address, location and their device they used. I've changed my password should that be enough to prevent anyone else accessing it?