Did Microsoft Scroogle itself? Some thoughts, and the company response to the Kibkala/Canouna leaks story

By Kip Kniskern | In News | Posted March 20, 2014 13 comments

Earlier today, we wrote about the arrest yesterday of Alex Kibkala, a former Microsoft employee who apparently leaked not only Windows 8 pre-release information to blogger “Canouna” who ran WinUnleaked.TK and published numerous leaks of Windows 8 before the software was publicly released. For most of the day, Microsoft watchers have been having a field day going back and forth on Twitter, mostly concerning Microsoft’s revelation that it reviewed Canouna’s Microsoft Hotmail emails.

There was somewhat of a flurry of Twitter discussion on the intricacies of the case throughout the day, and by late this afternoon (Seattle time), Microsoft sent us a pair of emails with the company’s response to their actions.

The first email clarified the actions of Microsoft and law enforcement in the handling of the case. Here it is, in full:

“During an investigation of an employee we discovered evidence that the employee was providing stolen IP, including code relating to our activation process, to a third party. In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries. This included the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. The investigation repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past.

As part of the investigation, we took the step of a limited review of this third party’s Microsoft operated accounts. While Microsoft’s terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances. We apply a rigorous process before reviewing such content. In this case, there was a thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites. In fact, as noted above, such a court order was issued in other aspects of the investigation.”

About an hour later, we received a second email, this time a statement by John Frank, Microsoft Vice President and Deputy General Counsel:

We believe that Outlook and Hotmail email are and should be private. Today there has been coverage about a particular case. While we took extraordinary actions in this case based on the specific circumstances and our concerns about product integrity that would impact our customers, we want to provide additional context regarding how we approach these issues generally and how we are evolving our policies.

Courts do not issue orders authorizing someone to search themselves, since obviously no such order is needed. So even when we believe we have probable cause, it’s not feasible to ask a court to order us to search ourselves. However, even we should not conduct a search of our own email and other customer services unless the circumstances would justify a court order, if one were available. In order to build on our current practices and provide assurances for the future, we will follow the following policies going forward:

  • To ensure we comply with the standards applicable to obtaining a court order, we will rely in the first instance on a legal team separate from the internal investigating team to assess the evidence. We will move forward only if that team concludes there is evidence of a crime that would be sufficient to justify a court order, if one were applicable. As an additional step, as we go forward, we will then submit this evidence to an outside attorney who is a former federal judge. We will conduct such a search only if this former judge similarly concludes that there is evidence sufficient for a court order.
  • Even when such a search takes place, it is important that it be confined to the matter under investigation and not search for other information. We therefore will continue to ensure that the search itself is conducted in a proper manner, with supervision by counsel for this purpose.
  • Finally, we believe it is appropriate to ensure transparency of these types of searches, just as it is for searches that are conducted in response to governmental or court orders. We therefore will publish as part of our bi-annual transparency report the data on the number of these searches that have been conducted and the number of customer accounts that have been affected.

The only exception to these steps will be for internal investigations of Microsoft employees who we find in the course of a company investigation are using their personal accounts for Microsoft business. And in these cases, the review will be confined to the subject matter of the investigation.

The privacy of our customers is incredibly important to us, and while we believe our actions in this particular case were appropriate given the specific circumstances, we want to be clear about how we will handle similar situations going forward. That is why we are building on our current practices and adding to them to further strengthen our processes and increase transparency.

Now for the thoughts on the matter. First and foremost, the actions taken by both Kibkala and Canouna were incredibly stupid. Kibkala, for stealing company property, Canouna for not sticking to just blogging the leaks but apparently (according to the indictment) selling key codes on eBay, and both of them for using Microsoft services while engaging in their illegal activities. These two clowns deserve to have been caught.

Next, Microsoft took a lot of heat today, not so much for their actions, but for being hypocrites. After running a “Scroogled” campaign that calls Google to task for reading users’ emails (albeit for ads, and not criminal intent), they did the same thing, or that’s the perception. The Scroogled campaign rubbed a lot of tech pundits the wrong way (this one included), and by taking the low road and slinging mud at their competitors, they’ve set themselves up for abuse, even when it’s probably not justified. If not for the Scroogled campaign, the tone of the reporting on the news would have been much different, and Microsoft only has itself to blame for today’s bad press.

Anyway, we don’t think Microsoft did anything wrong here, except of course to wallow in the mud of the Scroogled campaign and have to deal with the consequences of that. The blogger and the employee were both stupid, and will most likely get what they deserve. Microsoft was careful to follow protocol in their dealings with the Hotmail accounts, and have since increased their checks and balances further, and we applaud that. All in all, it’s been a fun day on Twitter, and hopefully everyone involved has learned a little something.

Posted March 20th, 2014 at 9:04 pm
Category: News
Tags: Scroogled, Windows 8, leaks
  • lubba

    MS is so evil! They should shut down immediately! The world does not need MS, just google and apple.

    • http://questionanswerresponse.wordpress.com/ b4rtw

      Google searches email + attachments all the time…..

      • lubba

        But google is the love child of every journalist and every tech nerd out there. They are allowed to get away with it.

    • Fred A.

      I think you forgot to type /s at the end of your post. It was funny though…

  • jaylyric

    Whomever would compare this to the Scroogle campaign is just a dumbass.. Whether or not you agree with it. Google does this type of thing for their own gain,and there is nothing wrong in exposing it to people who may not have been aware. Google seems to be able to get away with murder these days,and that’s a shame.

    • lubba

      Journalism nowadays, anything just to get attention and spread their own beliefs.

    • Fred A.

      Agree with you 100%. These writers don’t seem to believe that google does this every single day. It is their modus operandi.
      MS obviously did this (one time) to protect their IP, and to make an example of these two idiots. Hope they can bring charges to the blogger as well.

  • Coolone

    So they can SEARCH THEMSELVES… Is this reference to the fact the email accounts were an employee’s and they retain their right over activities and accounts by said employees? Or they are claiming broader rights over the software itself and anyone using it (windows) or it’s associated parts.

    Hmmmmm… Certainly a slippery slope!

    As to the author of this article. . . Even with the stupidity of the act (theft) and the propensity for stupid to get caught, does not justify the means to the end. Who reads the damned TOS anyway and not one of them provide an opt out clause with continued use of the product, which in an OS, is just ridiculous.

    Anyway, my $.02

    • Johnny

      That’s the user’s fault for not reading the TOS. Even though most people don’t read it, you’re still legally agreeing to it. These measures are put to help law enforcement in protecting users and businesses.

  • Johnny

    This article is stupid because this has nothing to compare with the Scroogled campaign. For law enforcement, all companies obviously have the right to look into this to investigate when they have a legal obligation to for a crime. The Scroogled campaign outs Google for using snooping practices on most of it’s products for it’s own profit gain. If laws didn’t enforce this, we’d see criminals, terrorists, etc. using their services to plot more crimes without getting caught.

    Law enforcements vs. Profit data mining for Profit is completely different..

    • sportmac

      yeah, because ms won’t do that. they told you so right?

  • sportmac

    my gawd. ms, according to ballmer, is ready to throw 10 BILLION dollars at bing to compete with google. why? why would a company be willing to lose that kind of money? because they want your data. anybody who thinks otherwise has ms so far up there they can’t tell the difference between pleasure and pain anymore.

    10 BILLION dollars. just to get your search data. and you people think ms isn’t getting data from email? why? because they told you that?

    here’s what you can get with 10 billion:
    2 uss nimitz class air craft carriers and a billion left over.
    about 100 top of the line boeing air planes.
    an up and running international space station.
    a cern large hadron collider.

    they really really REALLY want your data.

    • Danny

      Microsoft has cash to spare. they are everywhere. Desktop, Gaming, Browser, Media players, Audio video formats, Music, mail, news portal, phones, input devices and other hardware, enterprise, Cloud. when people say search they say Google it! imagine how much recognition Google gets just because of search. it was their only successful product before youtube and android (both of which were purchased including Google maps- keyhole LT). bing’s future is in integration into Xbox, wearable computing devices and other devices. $10 billion wasn’t a waste Google’s market share for search has fallen and that is a good thing :)