Last week, in relation to the arrest of Alex Kibkalo on theft of trade secret charges, his indictment revealed that Microsoft had accessed personal Hotmail emails in trying to find the source of the thefts. Microsoft then issued a pair of statements clarifying their stance, and making some changes in their policies.
Now today, after continued backlash from the tech press and on Twitter, etc., Microsoft General Counsel Brad Smith has posted additional changes to Microsoft’s policy:
Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.
In addition to changing company policy, in the coming months we will incorporate this change in our customer terms of service, so that it’s clear to consumers and binding on Microsoft.
While Microsoft, under its current terms of service, did have the authority to inspect the emails, Smith goes on to say that in this new “post-Snowden” era, where Microsoft is calling on governments to “rely on formal legal processes and the rule of law for surveillance activities”, that it is time to hold itself up to higher standards, too:
While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us. Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures.
Smith goes on to announce that Microsoft has called upon the “advocacy community” to undertake a project, convened by the Cneter for Democracy and Technology with the Electronic Frontier Foundation as a key participant, to further the discussion on “the best solutions for the future of digital services”.
Microsoft has set itself up to higher standards with its Scroogled campaigns, and while there’s work to do, appears to be serious about dealing with issues of privacy and personal information. Have they done enough?