After reports last week that Microsoft had infiltrated a Hotmail client’s content in search of alleged stolen company source code, the tech giant now claims it will notify proper legal authorities in the future to avoid violating privacy protections.
In a blog post, Brad Smith, Microsoft’s General Counsel and & Executive Vice President of legal affairs, said on Friday that based on customer feedback following last week’s report, the company has decided it will not invade a customer’s personal content if it suspects impropriety.
“Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves,” Smith wrote. “Instead, we will refer the matter to law enforcement if further action is required.”
Microsoft was found to have searched a blogger’s Hotmail email account after receiving word that an ex-employee had leaked company software to the blogger. Microsoft claims they did so given company believed the case was “extraordinary,” according to TechCrunch, and that the action was justifiable to disrupt any illegal distribution of the content.
Smith said the company’s latest move will reflect in new, legally-binding customer terms of service.
Despite the conciliatory tone, though, Smith made a point to say Microsoft had not violated its current customer-privacy obligations.
“Our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case,” he wrote, adding “the circumstances raised legitimate questions about the privacy interests of our customers.”
Ultimately, Smith said, the action was taken because of a “post-Snowden era” involving technology companies, online privacy rights, and the US government’s proven record of surveillance abuse, criticized by the likes of Microsoft and other top internet and telecom entities.
“As a company we’ve participated actively in the public discussions about the proper balance between the privacy rights of citizens and the powers of government,” Smith explained. “We’ve advocated that governments should rely on formal legal processes and the rule of law for surveillance activities.”
Thus, expect Microsoft work further with law enforcement to track down intellectual property violators, Smith said.
“It seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us,” he wrote. “Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures."
Microsoft, Google, and the like have concurrently received flack from the public and privacy advocates for working too closely with legal authorities despite the company’s grand protestations of government abuse following former National Security Agency contractor Edward Snowden’s leaks exposing vast NSA surveillance. The classified NSA programs exposed through the leaks showed that a formidable amount of public surveillance is aided by tech and telecom complicity.
Smith added that Microsoft is joining with public advocacy groups such as the Center for Democracy and Technology and the Electronic Frontier Foundation to flesh out “best practices” for addressing customer privacy issues in the future.