Microsoft Promises Not To Snoop Through Email 144
An anonymous reader writes "Microsoft took some much-deserved flack last week for admitting they examined the emails of a Hotmail user who received some leaked Windows 8 code. The company defended their actions at the time. Now, after hearing the backlash, Microsoft General Counsel Brad Smith says they will not do so in the future. Instead, they'll refer it to law enforcement. He wrote, 'It's always uncomfortable to listen to criticism. But if one can step back a bit, it's often thought-provoking and even helpful. That was definitely the case for us over the past week. Although our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case, the circumstances raised legitimate questions about the privacy interests of our customers. ...As a company we've participated actively in the public discussions about the proper balance between the privacy rights of citizens and the powers of government. We've advocated that governments should rely on formal legal processes and the rule of law for surveillance activities. While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us.'"
Translation: (Score:5, Insightful)
Translation: "Sorry we got caught. We'll be more careful to not get caught next time."
Re:Translation: (Score:4, Insightful)
Next time, they'll just snoop through the email and, when they have all the evidence they need, they'll forward it to the law enforcement with details on "possible suspects" that can be used to request search warrants for...
Oh sure. (Score:1)
Re:Oh sure. Good as gold that promise (Score:2)
Microsoft don't need no steenking warrants!
Re: (Score:1)
Re: (Score:2)
It's called 'arrogance' ie we are M$ and we have the right to snoop through all our users email as we own it, it is on our servers. So yes, caught by their own arrogance. So when you send or receive email, assume it has been read by every M$ employee who has any interest for any reason. M$ wont snoop, oh yes we believe you, oh my ;D. You can bet they also snoop your searches, your gaming access, your online application use, your MSN uses and anything else they can stick the creepy crawlies onto at any time
Re: Translation: (Score:5, Informative)
Re: Translation: (Score:5, Informative)
Its made them look stupid since the beginning. Whatever minor nitpicks they have with Google, Google stood up to China's demands for outing dissidents. Microsoft has actively engaged with them, assisting in spying (TOM Skype), turning over dissident info, and censoring Bing. Their privacy policy has generally been WORSE than Google's, to boot, and they have a history of being anticompetitive / anti-standards and monopolistic.
If microsoft wants to gloat and feel big because they dont use the same sort of email keyword tagging as gmail, go for it. I just know that when it comes to trusting SkyDrive or Bitlocker when it comes to evading totalitarian governments, youd have to be absolutely out of your mind.
Re: (Score:3)
Translation: "Sorry we got caught. We'll be more careful to not get caught next time."
I've yet to post anything bout this, but I've felt Microsoft was well within their means to check an ex-employees email. As legalese as Microsoft is I'd be very surprised if the employee didn't sign a Non-disclosure agreement http://en.wikipedia.org/wiki/N... [wikipedia.org], which I feel gives Microsoft the right to.
Microsoft mentioned from the very beginning that part of the tracking (legal) process was checking the employee's E-mail, so forward with that fact I'm sure they were blind-sided by the repercussions.
A employe
Re:Translation: (Score:5, Informative)
A employee doesn't have the same rights as a non-employee, they play by a different set of rules. That Microsoft changed their privacy policy was for those who need to be spoon fed, or see Microsoft as their sugar daddy.
The fuss isn't over the employee's email being read. It's about the email of a blogger who is *not* associated with MS (other than using a Hotmail account) being read.
Re: (Score:2)
A employee doesn't have the same rights as a non-employee, they play by a different set of rules. That Microsoft changed their privacy policy was for those who need to be spoon fed, or see Microsoft as their sugar daddy.
The fuss isn't over the employee's email being read. It's about the email of a blogger who is *not* associated with MS (other than using a Hotmail account) being read.
Who opened themselves up when they contacted Microsoft, the employee's email includes any they sent, and it's destination.
Re: (Score:2)
One wonders what happened to their Scroogled campaign, I thought that was a centerpiece of it.
Oh well, maybe theyve learned their lesson and theyll stick to just bugging Skype in the future (for those who arent aware: Google "TOM Skype").
Re:Translation: (Score:5, Funny)
Oh! How valuable! A PROMISE! From... MICROSOFT!
I feel better already.
Re: (Score:1)
Yeah, remember their promise about Mono?
Re:Translation: (Score:5, Informative)
And PlaysForSure?
Re: (Score:1)
Re:Translation: (Score:4, Insightful)
Seconded. As I understand it, Microsoft have promised not to sue anyone if they implement the published standard Common Language Infrastructure stuff. Mono has implemented this and more: they've implemented the WinForms GUI API, which is not covered by Microsoft's promise [techrights.org].
Despite this, Microsoft still haven't sued Mono. In this particular instance, I can't see a way to paint Microsoft as the bad guy.
Re:Translation: (Score:5, Insightful)
Well, you have to admit that MS has a record of having rather good ideas that eventually fall on the face by poor to nonexistent implementation. Don't chalk up to malice what can sufficiently be explained by incompetence.
Re: (Score:2, Interesting)
I have to admit no such thing.
In the 25 years I've been in the industry, Microsoft has primarily stolen other people's ideas.
The ideas they come up with on their own (like the house of the future) are mostly crap nobody wants.
So, what examples of 'good idea's coming out of Microsoft can you provide? Because I don't believe you.
Re: (Score:2)
From a business point of view:
Forced obsolescence: By killing off services like PlaysForSure they force people to repurchase things they've already bought.
Vendor lock in: They're the king of PC vendor lock-in, although they've failed at this recently.. they cant even FUD properly these days.
Kinect2: The US Government loves being able to remotely monitor people's living rooms especially at $50 a view.
need more?
Re: (Score:3)
I believe them if they say that they won't tell next time they sieve through the mails. That's actually very plausible and believable.
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Oh. I hate Google more. :-)
Just as evil, and half as incompetent - with backing by lunatic fringe of the Military/Industrials.
Re: (Score:2)
Jeremiah Cornelius! Now, you confess that you were reading my mind! I clicked the link just to tell everyone how much better I feel after Microsoft promised not to read my mail - and you sneaked in here ahead of me to post my thoughts! You psy guys should be ashamed of yourselves!
Re: (Score:3)
A promise from Microsoft is worth two ounces of fairy dust. That's something.
I exchanged a handful of magic beans for an ounce of fairy dust. Barely got me a foot off the ground.
Microsoft Promises Not To Snoop Through Email (Score:2)
Microsoft != Facebook
Ok...
Re: (Score:1)
Microsoft not evil -- I feel like my head is going to exploaaqft
Re:Microsoft Promises Not To Snoop Through Email (Score:5, Funny)
Microsoft != Facebook
Ok...
Right! That's right! Facebook is a software giant that snoops through your stuff. Microsoft is... is...
Waaaait a minute...
If they say so (Score:3)
I'm reassured.
Re:If they say so (Score:5, Insightful)
I'm not!
"thought-provoking"? How was it even a question?
If they had a problem seeing the problem in the first place then I don't trust them to see the problem in the future.
Re: (Score:2)
I can sleep now
You forgot to turn out the light.
Your Microsoft Home will turn it off for you for only 10 cents a day to save you 0.001 cents in electric bills.
By the way, the xBox One loves your new PJs. Pics uploaded to NSA at no charge!
Re:If they say so (Score:5, Funny)
I'm gonna sleep naked from now on. That's gonna teach them, go blind, bastards!
Re: If they say so (Score:1)
Distributing porn? That will get you on the no fly list in no time
Re: (Score:2)
Hey, did I tell them to look? They didn't even tell me I'm on cam!
Re: If they say so (Score:3)
ignorance is no excuse.
Re: (Score:2)
In the privacy of my home, I have a reason to believe nobody is going to videotape me. At least in my country I do.
Scroogled (Score:5, Insightful)
Wasn't scaremongering about Google reading your email part of their stupid ad campaign?
not sayin Google is blameless here... (Score:2)
sorry for any bad MS - Seinfeld associations that brought up, complimentary mindbleach [mindbleach.org] on the table by the door.
Re: (Score:1)
Yeah! He's a real Scroogler!
inject (Score:5, Interesting)
Re: (Score:2)
Re: (Score:2)
Wouldn't it be equally possibile to assume http://en.wikipedia.org/wiki/R... [wikipedia.org]
Never attribute to stupidity that which is adequately explained by intelligence.
not flack (Score:3)
It's 'flak'
Re: (Score:1)
Incorrect [grammarist.com]
Re:not flack (Score:4, Funny)
Incorrect [grammarist.com]
Incorrect correction, jackass.
Try reading the article you link to before hitting "Post" next time, me.
Re: (Score:2)
You realize you replied to your own post (correctly) pointing out that your original correction was wrong, right? "Jackass", indeed.
Re: (Score:2)
Re: (Score:2)
Did you read the definition you posted? Thanks for making my point.
As soon as they change their TOS... (Score:1)
...then I'll believe them. Until that point I'll anticipate them reading all my email.
Sometimes I wonder why we even have this topic... (Score:1)
Other than iOS which requires being spoon-fed by special enterprise software, virtually every desktop OS supports PGP, GPG, S/MIME, or a combination of the above.
Maybe it is time to stop bellyaching about who is doing "less /var/spool/mail/ihatemymommy2012" and start working on a PGP/gpg web of trust, or just pay the small fee from a CA to use an E-mail client cert, if one wanted to go the S/MIME route?
End to end encryption is the only thing that makes sense. Even back in the early 1990s, the cypherpunks w
Re: (Score:2)
I believe it was Thawte did/do free certs for email for non-commercial use. I would prefer php/gpg though.
Edit: did. Ah well.
(Just kidding, Slashdot has no edit function)
Re: (Score:2)
Cause if there was an edit function, that would read pgp, not php :)
Re: (Score:2)
The difference is that, with the right key information, one can be decoded, the other cannot.
Re: (Score:2)
Could you elaborate a little?
Re: (Score:2)
Oh. Just got it ;)
Re: (Score:3)
I believe it was Thawte did/do free certs for email for non-commercial use. I would prefer php/gpg though.
Edit: did. Ah well.
(Just kidding, Slashdot has no edit function)
CAcert.org and StartSSL offer free client certs.
While CAcert's root is not included in browsers and mail clients (thus people you communicate with will need to install and trust the CAcert root or they'll get scary warnings), the StartSSL root is widely included. StartSSL is totally free for "Class 1" certs (domain-validated server certs or email-validated client certs) for non-commercial purposes. Class 2 certs (identity-validated server and client certs, as well as organization-validated certs for organiz
Re: (Score:2)
Just to add a bit more, though some email clients do have encryption built in, their tools for handling the certificates and encryption and trust are woefully inadequate. If a client was built from the perspective of encryption first, some ground might be gained.
Though even then, you start running into corporate mail filters etc. My brother's company (West Sussex County Council) email filter would silently reject my emails that were just *signed* by me. When I contacted their mail administrator about it, I
Re: (Score:2, Interesting)
I had similar happen back in 2010 when a would-be employer called back and started threatening me about legal ramifications about sending them malware, and send me a $7000 "cleaning" invoice from Geek Squad.
Further discussion found that the HR person thought the ribbon icon that shows a signed E-mail was malware that seized his machine, so the company called GS to have every computer in the business "fixed".
Liable suit (Score:3)
from Google? MS just admitted they lied so that would have made the Scrroogled ad campaign a straight face lie?
Re: (Score:2)
Re: (Score:2)
Won't fly. It's like suing me for telling you that I own the moon. If you believed me, you'd be stupid, and the law should protect the innocent, not the stupid.
For the same reason nobody who believed that ad campaign will have a case.
Not what they said (Score:3)
They said:
Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.
One narrow circumstance that probably won't happen again. In all other circumstances they can read the customer's private content?
Re: (Score:3)
So they will just lean on a friendly LEO who will get the necessary warrant to authorize the search. Job done. Hands clean. This really needs a name like scroogled. I vote for muggled.
Re: (Score:2)
How about MeSsed up?
Re: (Score:2)
Re: (Score:1)
Do you honestly think they'd waste the resources to go hunting through the hotmail accounts of people who they didn't think (with good cause) were stealing from them?
Most likely this started with them searching the corp email account of the guy sending the stuff, and when they saw it going "to: suspect@hotmail.com" they followed the rabbit trail.
They don't seem to be mining emails for advertising content or other such, this was a very limited scope (and most likely completely manual) investigation due to wh
It sounds like... (Score:5, Funny)
Yeah, right!
Re: (Score:3, Funny)
From Terminator 2..
"I will not kill anyone."
[blows out the kneecaps of a guard]
"He'll live"
Re: (Score:2)
I Promise To Pay For Windows. (Score:1, Funny)
That's Nice (Score:4, Interesting)
Re: (Score:2)
How about they build an encryption API right into their service? Encrypt the message locally before it ever goes to the network
What a great idea.
Oh, they don't want to do that. I see.
Probably because encrypting mail before it ever goes to the network and "webmail" you can check from anywhere with a web browser are fundamentally incompatible goals.
So Microsoft promises to not read your mail, while retaining the ability to easily do so whenever it's convenient for them. That makes me feel so much better.
Th
Re: (Score:2)
Not completely incompatible, but would require a 3rd party holding keys that MS does not have access to. Difficult yes, but not impossible.
Impossible.
"[it] would require a 3rd party holding keys that MS does not have access to."
This is the part that can't work.
Think about it. You are accessing the content from a "web app" served by the very party you don't wish to trust. The web app gets its hand on the decryption key from the 3rd party, and can just send that up to the server.
Given that each time you visit
I can't believe this was modded up. (Score:1)
Especially (or even?) in Slashdot.
1) encrypt it... on the client side? with which key? the sender? how whould then the recipient read it ?
2) good bye spam filters
Re: (Score:2)
Promise (Score:1)
Pinkie or cross-their-heart?
Re: (Score:3)
A lawyer said that. So ... what heart?
what they didn't say (Score:1)
So, Moogling then? (Score:2)
With all the braying about "scroogling", and the fact that we've all known Microsoft had both the capacity and intent to do the same damned thing ... can we simply start calling this Moogling?
Sorry, but when you run a campaign about how everything is an add and they're looking through your email ... and then everything you do is an ad and they look through your email, well, people might notice.
MicroScrewing (Was Re:So, Moogling then?) (Score:1)
When Hotmail-Boy invades your privacy, that should probably be called MicroScrewing. But unlike Google that want to hit you with all sorts of advertising, you can sleep more soundly knowing that Hotmail-Boy is just trying to build a criminal case against you.
By the way, when Microsoft called for Safari users to boycott Google for privacy violations and switch to Bing, they probably should have also noted that Bing's privacy
Look, I understand that the primary topic here is (Score:2, Interesting)
but seriously, do you think the other majors are much better? There is anecdotal evidence galore that most IT companies cooperated to a greater or lesser degree, with the NSA, law enforcement, and so forth. Also that they use/used their technical capabilities to investigate whenever and wherever they have had a concern.
Brad Smith at least sounds like a human being and not someone reading a prepared statement. And he's moving in the direction we all say we want. While I agree that we need to watch for im
Re: (Score:3)
I'm feeling... (Score:2)
What a bunch... (Score:2)
Annono (Score:1)
This story was a good lesson for people. This is why you don't use third party services for your mail. Or for anything else important really. If its not on your own server don't use it. You can't trust someone giving you a free service, I won't trust anyone giving me a low cost solution either.
Re: (Score:2)
Demand Proof (Score:1)
When an organization says this was terrible and will never happen again, the absolute minimum people should demand is the following: The person making the decision was fired. They were offered no special severance. Any severance given was publicly stated. The person was named publicly. A statement is issued that no consideration of any kind was offered to the employee either directly or indirectly.
This may seems rather involved, but is completely necessary in these political-like situations. Otherwise the d
Using Company A's service to steal from Company A (Score:2)
Promises (Score:1)
Damage Control PR (Score:2)
Wow, someone at Microsoft thinks they have some credibility left after all these years. Proof that newbie PR interns do have some value.
Who got Scroogled now?? (Score:1)
Now Avoiding Microsoft (Score:3)
I realize in the modern world it's impossible to not do business with MS, but I can move in that direction. I will do so now because two recent events show the nature of the company.
As most of you know, Bill Gates (who now claims to be sort-of detached from his company) came out against Snowden. He used a fake argument, so the motive must be money - money from the government taking from the people.
And now, of course, we know MS thinks nothing of perusing private emails. Although this may be allowed in the fine print of the TOS, it's not the part of the advertised-image MS projects, and MS's repeated defense that doing so was within the law won't help it on the ethical front.
I know many of you have serious monetary disputes with MS, and that is where your MS-disdain springs from. I previously ignored those disputes because I was too lazy to learn the details. But I see your point now without going into the details. A monster company with no ethics is a true monster.
Re: (Score:2)
And now, of course, we know MS thinks nothing of perusing private emails. Although this may be allowed in the fine print of the TOS, it's not the part of the advertised-image MS projects, and MS's repeated defense that doing so was within the law won't help it on the ethical front.
This is hardly anything new. Remember a few years back, when there was a bit of a fuss when people caught msn.com using customers' photos of their children (taken from email and web files "hosted" on msn.com servers) in their advertising? MS's first reaction to criticism was to point out that this was totally legal, since their TOS said specifically that any files stored on one of their machines became the property of Microsoft and msn.com. They were apparently surprised when people were upset by this.
Re: (Score:2)
If you're going to steal IP from a company, uh... maybe... just maybe... you shouldn't use their cloud service to get and transfer the goods?
The point being two moral wrongs make a right?
Re:Missing the Point (Score:5, Insightful)
No, it's exactly the point. Because how many mail folders did they go through before finding the "right" one? Do you think if they did that we'd ever hear about just how many mailboxes they opened without the consent of the content owner and violated their privacy? Do you think it's ok that a company (not even a government, but a mere, ordinary COMPANY) should get away with digging through your emails at a hunch? We think you might have done something we don't like, so we simply dig through your belongings, to hell with your privacy, to hell with how you feel about some strangers digging through your stuff, we do what we WANNA.
What's next? Your landlord opening your home with a key he retained because he heard a rumor that you might have gotten visits from a drug dealer, so he simply marches over at 6am, opens your door, digs through your clothing and your sex tox collection then shrugs when he doesn't find anything and goes without even a "whoopsie, sorry"?
That's ok, too, I guess?
Re: (Score:2)
Do you think it's ok that a company (not even a government, but a mere, ordinary COMPANY) should get away with digging through your emails at a hunch?
Well the rules are tighter for a government than companies for a reason. You have an easy(-ish) choice who to contract for email. Your say in who governs is much smaller. Especially at the federal level. And the government has more authority they could abuse.
But overall I'd say yes it was 'ok' for Microsoft to do what they did because the user agreed to a contract that said it was ok for Microsoft to do what they did. I blame the user, and the billions of other users who agree to such contracts allowi
Re: (Score:2)
The problem is that at some point it gets impossible to bypass corporations for some things, and that's when they need to be held responsible at the same level as governments.
To give you an example: To get a job around here, you need a bank account (that's actually a legal requirement to avoid money laundering, no cash for you, your wage goes to your account). Banks around here require you to have a permanent residency to get an account (not strictly a legal requirement, but there is simply no bank where yo
Re: (Score:2)
Another fantastically insightful post without an author to attribute it to. -- Why are all the good posts submitted as --AC?
Because they don't want to lose their jobs, etc., etc. ;-)