Forgot your password?
typodupeerror
Microsoft Privacy

Microsoft Promises Not To Snoop Through Email 144

Posted by Soulskill
from the we-apologize-for-getting-caught dept.
An anonymous reader writes "Microsoft took some much-deserved flack last week for admitting they examined the emails of a Hotmail user who received some leaked Windows 8 code. The company defended their actions at the time. Now, after hearing the backlash, Microsoft General Counsel Brad Smith says they will not do so in the future. Instead, they'll refer it to law enforcement. He wrote, 'It's always uncomfortable to listen to criticism. But if one can step back a bit, it's often thought-provoking and even helpful. That was definitely the case for us over the past week. Although our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case, the circumstances raised legitimate questions about the privacy interests of our customers. ...As a company we've participated actively in the public discussions about the proper balance between the privacy rights of citizens and the powers of government. We've advocated that governments should rely on formal legal processes and the rule of law for surveillance activities. While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us.'"
This discussion has been archived. No new comments can be posted.

Microsoft Promises Not To Snoop Through Email

Comments Filter:
  • Translation: (Score:5, Insightful)

    by Anonymous Coward on Friday March 28, 2014 @04:42PM (#46606065)

    Translation: "Sorry we got caught. We'll be more careful to not get caught next time."

    • Re:Translation: (Score:4, Insightful)

      by asmkm22 (1902712) on Friday March 28, 2014 @05:23PM (#46606397)

      Next time, they'll just snoop through the email and, when they have all the evidence they need, they'll forward it to the law enforcement with details on "possible suspects" that can be used to request search warrants for...

    • Caught? You mean... they literally _told_ people they did it? That kind of "caught"?
      • by rtb61 (674572)

        It's called 'arrogance' ie we are M$ and we have the right to snoop through all our users email as we own it, it is on our servers. So yes, caught by their own arrogance. So when you send or receive email, assume it has been read by every M$ employee who has any interest for any reason. M$ wont snoop, oh yes we believe you, oh my ;D. You can bet they also snoop your searches, your gaming access, your online application use, your MSN uses and anything else they can stick the creepy crawlies onto at any time

    • Re: Translation: (Score:5, Informative)

      by Kevin Hu (3553411) on Friday March 28, 2014 @06:54PM (#46606975)
      Now the scroogle campaign made MS look so stupid.
      • Re: Translation: (Score:5, Informative)

        by LordLimecat (1103839) on Friday March 28, 2014 @11:58PM (#46608135)

        Its made them look stupid since the beginning. Whatever minor nitpicks they have with Google, Google stood up to China's demands for outing dissidents. Microsoft has actively engaged with them, assisting in spying (TOM Skype), turning over dissident info, and censoring Bing. Their privacy policy has generally been WORSE than Google's, to boot, and they have a history of being anticompetitive / anti-standards and monopolistic.

        If microsoft wants to gloat and feel big because they dont use the same sort of email keyword tagging as gmail, go for it. I just know that when it comes to trusting SkyDrive or Bitlocker when it comes to evading totalitarian governments, youd have to be absolutely out of your mind.

    • Translation: "Sorry we got caught. We'll be more careful to not get caught next time."

      I've yet to post anything bout this, but I've felt Microsoft was well within their means to check an ex-employees email. As legalese as Microsoft is I'd be very surprised if the employee didn't sign a Non-disclosure agreement http://en.wikipedia.org/wiki/N... [wikipedia.org], which I feel gives Microsoft the right to.

      Microsoft mentioned from the very beginning that part of the tracking (legal) process was checking the employee's E-mail, so forward with that fact I'm sure they were blind-sided by the repercussions.

      A employe

      • Re:Translation: (Score:5, Informative)

        by Lloyd_Bryant (73136) on Friday March 28, 2014 @09:46PM (#46607667)

        A employee doesn't have the same rights as a non-employee, they play by a different set of rules. That Microsoft changed their privacy policy was for those who need to be spoon fed, or see Microsoft as their sugar daddy.

        The fuss isn't over the employee's email being read. It's about the email of a blogger who is *not* associated with MS (other than using a Hotmail account) being read.

        • A employee doesn't have the same rights as a non-employee, they play by a different set of rules. That Microsoft changed their privacy policy was for those who need to be spoon fed, or see Microsoft as their sugar daddy.

          The fuss isn't over the employee's email being read. It's about the email of a blogger who is *not* associated with MS (other than using a Hotmail account) being read.

          Who opened themselves up when they contacted Microsoft, the employee's email includes any they sent, and it's destination.

    • One wonders what happened to their Scroogled campaign, I thought that was a centerpiece of it.

      Oh well, maybe theyve learned their lesson and theyll stick to just bugging Skype in the future (for those who arent aware: Google "TOM Skype").

  • Microsoft != Facebook

    Ok...

  • by Rosco P. Coltrane (209368) on Friday March 28, 2014 @04:42PM (#46606073)

    I'm reassured.

  • Scroogled (Score:5, Insightful)

    by Ultra64 (318705) on Friday March 28, 2014 @04:45PM (#46606101)

    Wasn't scaremongering about Google reading your email part of their stupid ad campaign?

  • inject (Score:5, Interesting)

    by cirrustelecom (1353617) on Friday March 28, 2014 @04:49PM (#46606145)
    If Microsoft could read, couldn't they also inject crafted evidence into his account? Might be a nice way to take down opposition...
  • by therealkevinkretz (1585825) on Friday March 28, 2014 @04:50PM (#46606157)

    It's 'flak'

  • by Anonymous Coward

    ...then I'll believe them. Until that point I'll anticipate them reading all my email.

  • Other than iOS which requires being spoon-fed by special enterprise software, virtually every desktop OS supports PGP, GPG, S/MIME, or a combination of the above.

    Maybe it is time to stop bellyaching about who is doing "less /var/spool/mail/ihatemymommy2012" and start working on a PGP/gpg web of trust, or just pay the small fee from a CA to use an E-mail client cert, if one wanted to go the S/MIME route?

    End to end encryption is the only thing that makes sense. Even back in the early 1990s, the cypherpunks w

    • by Richy_T (111409)

      I believe it was Thawte did/do free certs for email for non-commercial use. I would prefer php/gpg though.

      Edit: did. Ah well.

      (Just kidding, Slashdot has no edit function)

      • by Richy_T (111409)

        Cause if there was an edit function, that would read pgp, not php :)

      • by heypete (60671)

        I believe it was Thawte did/do free certs for email for non-commercial use. I would prefer php/gpg though.

        Edit: did. Ah well.

        (Just kidding, Slashdot has no edit function)

        CAcert.org and StartSSL offer free client certs.

        While CAcert's root is not included in browsers and mail clients (thus people you communicate with will need to install and trust the CAcert root or they'll get scary warnings), the StartSSL root is widely included. StartSSL is totally free for "Class 1" certs (domain-validated server certs or email-validated client certs) for non-commercial purposes. Class 2 certs (identity-validated server and client certs, as well as organization-validated certs for organiz

    • by Richy_T (111409)

      Just to add a bit more, though some email clients do have encryption built in, their tools for handling the certificates and encryption and trust are woefully inadequate. If a client was built from the perspective of encryption first, some ground might be gained.

      Though even then, you start running into corporate mail filters etc. My brother's company (West Sussex County Council) email filter would silently reject my emails that were just *signed* by me. When I contacted their mail administrator about it, I

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        I had similar happen back in 2010 when a would-be employer called back and started threatening me about legal ramifications about sending them malware, and send me a $7000 "cleaning" invoice from Geek Squad.

        Further discussion found that the HR person thought the ribbon icon that shows a signed E-mail was malware that seized his machine, so the company called GS to have every computer in the business "fixed".

  • by future assassin (639396) on Friday March 28, 2014 @05:02PM (#46606231) Homepage

    from Google? MS just admitted they lied so that would have made the Scrroogled ad campaign a straight face lie?

    • by swan5566 (1771176)
      You can only sue for actual harm that was caused. This would imply they would have to convince a jury that people took that campaign seriously.
    • Won't fly. It's like suing me for telling you that I own the moon. If you believed me, you'd be stupid, and the law should protect the innocent, not the stupid.

      For the same reason nobody who believed that ad campaign will have a case.

  • by KPU (118762) on Friday March 28, 2014 @05:04PM (#46606253) Homepage

    They said:

    Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.

    One narrow circumstance that probably won't happen again. In all other circumstances they can read the customer's private content?

    • So they will just lean on a friendly LEO who will get the necessary warrant to authorize the search. Job done. Hands clean. This really needs a name like scroogled. I vote for muggled.

    • Do you honestly think they'd waste the resources to go hunting through the hotmail accounts of people who they didn't think (with good cause) were stealing from them?

      Most likely this started with them searching the corp email account of the guy sending the stuff, and when they saw it going "to: suspect@hotmail.com" they followed the rabbit trail.

      They don't seem to be mining emails for advertising content or other such, this was a very limited scope (and most likely completely manual) investigation due to wh

  • by freeze128 (544774) on Friday March 28, 2014 @05:06PM (#46606267)
    T-800: "I swear I will not kill anyone."

    Yeah, right!
  • I feel better already!!
  • That's Nice (Score:4, Interesting)

    by Greyfox (87712) on Friday March 28, 2014 @05:32PM (#46606477) Homepage Journal
    How about they build an encryption API right into their service? Encrypt the message locally before it ever goes to the network. Oh, they don't want to do that. I see. So Microsoft promises to not read your mail, while retaining the ability to easily do so whenever it's convenient for them. That makes me feel so much better.
    • by vux984 (928602)

      How about they build an encryption API right into their service? Encrypt the message locally before it ever goes to the network

      What a great idea.

      Oh, they don't want to do that. I see.

      Probably because encrypting mail before it ever goes to the network and "webmail" you can check from anywhere with a web browser are fundamentally incompatible goals.

      So Microsoft promises to not read your mail, while retaining the ability to easily do so whenever it's convenient for them. That makes me feel so much better.

      Th

    • by Anonymous Coward

      Especially (or even?) in Slashdot.

      1) encrypt it... on the client side? with which key? the sender? how whould then the recipient read it ?

      2) good bye spam filters

      • by Greyfox (87712)
        1) Encrypt it with the recipient's public key. You know, exactly how encryption always works. If you're writing a client with encryption support, it wouldn't be that hard to hold the public keys on the server and note when they change. Hell, you could just make a space for it on a contact's list. For someone expecting a man in the middle attack, making other arrangements to get a public key ought not to be difficult. The client would just have to copy his private key to all the devices he expects to use the
  • Pinkie or cross-their-heart?

  • Note they didn't say they'd update their ToS removing their right to do it. Are we supposed to rely on their good will and pinky promise not to do so?
  • With all the braying about "scroogling", and the fact that we've all known Microsoft had both the capacity and intent to do the same damned thing ... can we simply start calling this Moogling?

    Sorry, but when you run a campaign about how everything is an add and they're looking through your email ... and then everything you do is an ad and they look through your email, well, people might notice.

    • When GMail-Man invades your privacy to match ad-words, it is called Scroogling.

      When Hotmail-Boy invades your privacy, that should probably be called MicroScrewing. But unlike Google that want to hit you with all sorts of advertising, you can sleep more soundly knowing that Hotmail-Boy is just trying to build a criminal case against you.

      By the way, when Microsoft called for Safari users to boycott Google for privacy violations and switch to Bing, they probably should have also noted that Bing's privacy

  • by Anonymous Coward

    but seriously, do you think the other majors are much better? There is anecdotal evidence galore that most IT companies cooperated to a greater or lesser degree, with the NSA, law enforcement, and so forth. Also that they use/used their technical capabilities to investigate whenever and wherever they have had a concern.

    Brad Smith at least sounds like a human being and not someone reading a prepared statement. And he's moving in the direction we all say we want. While I agree that we need to watch for im

    • I've never considered Microsoft 'evil.' Self-centered and only looking out for only it's own interests,ya but that's pretty much par for the course with most corps and people. I still hold corporations and people accountable. I always have. Just as with Yahoo giving the PRC the contents of an email account resulted in the closing of my accounts with them, so that is what has happened with Microsoft. These weren't the 7 GB freebies either. I'll wait and watch to see if their is an actual behavioral change, a
  • ...great about this actually. I just need a cup of tea to enjoy's Microsoft's downwards spiral,
  • ... of fucking assholes. Seriously. How on earth can their PR department sleep at night? By ignoring the facts? By ignoring what they know? It should be a law, that people in those positions should be held liable for what they contribute to - privacy invasion.
  • by Anonymous Coward

    This story was a good lesson for people. This is why you don't use third party services for your mail. Or for anything else important really. If its not on your own server don't use it. You can't trust someone giving you a free service, I won't trust anyone giving me a low cost solution either.

    • Properly setting up a mail-server is not for everyone and, from far too many (tens to hundreds of thousands of) examples, properly secure. Frankly, even with this audience, I wouldn't expect everyone here to be able to do so either. Sorry folks! Sure sounds nice right up to the point reality slams a blacklist on your server, even assuming your ISP hasn't blocked it or isn't on the blacklist to begin with.
  • by Anonymous Coward

    When an organization says this was terrible and will never happen again, the absolute minimum people should demand is the following: The person making the decision was fired. They were offered no special severance. Any severance given was publicly stated. The person was named publicly. A statement is issued that no consideration of any kind was offered to the employee either directly or indirectly.

    This may seems rather involved, but is completely necessary in these political-like situations. Otherwise the d

  • Who's the braintrust that decided to use a Hotmail account to coordinate the stealing of Windows source code? Ignoring the expectation of privacy for a moment, that was just plain dumb.
  • And Adolf Hitler promised Stalin he would not to go to war with Russia. We all know how that turned out.
  • Wow, someone at Microsoft thinks they have some credibility left after all these years. Proof that newbie PR interns do have some value.

  • Don't you rather have you mail server serve you: - relevant, targeted ads - or warrants.
  • by Nehmo (757404) <nehmo54@hotmail.com> on Saturday March 29, 2014 @04:52AM (#46608699)

    I realize in the modern world it's impossible to not do business with MS, but I can move in that direction. I will do so now because two recent events show the nature of the company.

    As most of you know, Bill Gates (who now claims to be sort-of detached from his company) came out against Snowden. He used a fake argument, so the motive must be money - money from the government taking from the people.

    And now, of course, we know MS thinks nothing of perusing private emails. Although this may be allowed in the fine print of the TOS, it's not the part of the advertised-image MS projects, and MS's repeated defense that doing so was within the law won't help it on the ethical front.

    I know many of you have serious monetary disputes with MS, and that is where your MS-disdain springs from. I previously ignored those disputes because I was too lazy to learn the details. But I see your point now without going into the details. A monster company with no ethics is a true monster.

    • by jc42 (318812)

      And now, of course, we know MS thinks nothing of perusing private emails. Although this may be allowed in the fine print of the TOS, it's not the part of the advertised-image MS projects, and MS's repeated defense that doing so was within the law won't help it on the ethical front.

      This is hardly anything new. Remember a few years back, when there was a bit of a fuss when people caught msn.com using customers' photos of their children (taken from email and web files "hosted" on msn.com servers) in their advertising? MS's first reaction to criticism was to point out that this was totally legal, since their TOS said specifically that any files stored on one of their machines became the property of Microsoft and msn.com. They were apparently surprised when people were upset by this.

To be a kind of moral Unix, he touched the hem of Nature's shift. -- Shelley

Working...