Does Microsoft Have the Right To Search Your Email?

Zenon Evans | 3.25.2014 2:55 PM

(cc)

Looks like you just "scroogled" yourself, Microsoft. — cote / Foter / CC BY

Microsoft has long run a campaign to convince people that its email service, Outlook, is safe. They assure that "Outlook.com prioritizes your privacy" and "your email is nobody else's business." That privacy ends, though, if Microsoft itself says it has a good reason to snoop through your emails or chat logs.

Last week, the company accused one of its former employees, Alex Kibkalo, of leaking trade secrets. The Seattle Post-Intelligencer wrote last Wednesday that "Kibkalo is alleged to have leaked Windows 8 code to a French technology blogger in mid-2012, prior to the software's release." The blogger is unnamed in the court complaint, and the leaks amounted to "screenshots of a pre-release version" of the operating system.

How'd Microsoft figure all this out? Company investigators went snooping through private messages of the blogger, who used Outlook, in order to hunt down Kibkalo.

John Frank, Microsoft's general counsel, argues that this is no big deal because:

courts do not… issue orders authorizing someone to search themselves, since obviously no such order is needed. So even when we believe we have probable cause, there's not an applicable court process for an investigation such as this one relating to the information stored on servers located on our own premises.

He also assures that the company's terms and services allow them to do this.

Harry McCracken of TIME expresses some sympathy for Microsoft, noting that among all other potential illegal deals transpiring over Outlook, "the one sort of case in which we know that Microsoft thinks it's OK for it to spy on your e-mail without a warrant is when you might be stealing its own stuff."

Others are more skeptical. Edward Wasserman, the dean of the Graduate School of Journalism at University of California, Berkeley, told The New York Times, "I have never seen a case like this. Microsoft essentially decided that whatever privacy expectation that its own customers supposedly had was basically a dead letter."

"Microsoft clearly believes that the users' personal data belongs to Microsoft, not the users themselves," Ginger McCall of the Electronic Privacy Information Center said to CNN.

Mike Masnick of Techdirt predicts that this "is hugely damaging to the company," more so than just letting the leaks just pass.

Either way, Microsoft is now doing damage control. They're revamping their privacy policy and issued a statement that they "vow to go through a more stringent process" before reading people's emails again.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: British Conservative Group Urging Cameron To Drop Migration Target

Hide Comments (79)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Pro Libertate 11 years ago

It's certainly actionable if Microsoft tells consumers one thing and does something else.
1. Sigivald 11 years ago
  
  Depends.
  
  If it tells customers it's petting a kitten on their behalf, and isn't, that's not actionable.
  
  Actionable requires, as a tort, some harm done, not just not doing what they say.
  
  And I'm not sure what the harm here is supposed to be, other than to Microsoft for scaring off notional customers.
  1. Pro Libertate 11 years ago
    
    There's ample law out there that says that statements like privacy policies are binding on those who issue them.
    1. Michael S. Langston 11 years ago
      
      ProL -
      
      I agree.. but what about this scenario... I know it seems unlikely, but what if...
      
      Company X only violated their privacy policy because some government agency forced them to do, while simultaneously telling said company that they weren't allowed to tell anyone it was happening under penalty of law?
Paul. 11 years ago

Putting aside whether or not this is within Microsoft's rights, when you use an online service for your email, always assume an employee named Chad is reading your email. Always. Assume it. Forever. And ever. Amen.

If you want the content/body of the email to be protected and you must use an online service, encrypt it with PGP or some other external encryption tool. Don't use any company internal tools. If it's readable on the server, it's readable to Chad. Remember people, IT'S THE ENDPOINTS, STUPID!
Suthenboy 11 years ago

I pay a company to provide me with a medium for communication. How would that give that company a right to snoop on those communications? If it does, then why not apply that to paper, pen and envelope manufacturers?
1. sarcasmic 11 years ago
  
  Well, if you physically went to the company that made those things, wrote and stored all your correspondence on a desk at their location, and relied upon them to deliver and receive everything for you, then you might have a good comparison.
  1. Suthenboy 11 years ago
    
    I was being a little over the top there, but my point is this:
    
    I purchase a medium from a company on which to record communications. I do it with an expectation of privacy and with 4th amendment protections for that privacy.
    
    The nature of the medium itself, the location where I store it and the means by which I deliver it have no effect on those conditions.
    1. kinnath 11 years ago
      
      I purchase a medium from a company on which to record communications. I do it with an expectation of privacy and with 4th amendment protections for that privacy.
      
      Only if the Ts & Cs say that. You are renting space on their physical property. Your rental agreement has to specify what your rights are and what their rights are. So read the fucking Ts & Cs when you sign up for an online service.
      1. Suthenboy 11 years ago
        
        You and Sarc are both right. I was just lamenting about the loss of privacy really.
        
        I never write anything with any expectation that Paul's evil Chad won't read it.
        
        kinnath 11 years ago
        
        Yeah, fuck that Chad guy.
    2. JW 11 years ago
      
      I do it with an expectation of privacy and with 4th amendment protections for that privacy.
      
      From the company which owns the servers? No such right exists.
      1. Suthenboy 11 years ago
        
        What I am trying poorly to say is that no matter the medium, the communication itself is mine and thus I get the say as to who can read it.
        
        I believe my argument is destroyed already so I will give it up.
        
        entropy 11 years ago
        
        That's not really true.
        
        If you choose a billboard in Times square as your medium, you don't get to choose who can read it. There are many other examples demonstrating the same principle. You can only assume privacy if you own the medium.
    3. Zeb 11 years ago
      
      It is a shame that you can't assume privacy there. It is a shame that instead of extending the privacy protection that was given to telephone communications (which didn't turn out all that great in the end, but it was something) to other things like email and other electronic communications the government has done everything it can to do just the opposite.
Paul. 11 years ago

Putting aside whether or not this is within Microsoft's rights, when you use an online service for your email, always assume an employee named Chad is reading your email. Always. Assume it. Forever. And ever. Amen.

If you want the content/body of the email to be protected and you must use an online service, encrypt it with PGP or some other external encryption tool. Don't use any company internal tools. If it's readable on the server, it's readable to Chad. Remember people, IT'S THE ENDPOINTS, STUPID!

Squirrels, I predict this post shows twice...
1. Paul. 11 years ago
  
  *sigh*
2. Suthenboy 11 years ago
  
  Why all the Chad hate?
  1. JW 11 years ago
    
    Chad's a dick.
  2. Paul. 11 years ago
    
    Chad has a sweater tied around his neck.
    1. JW 11 years ago
      
      WHICH MAKES HIM A DICK.
      1. Paul. 11 years ago
        
        You called him a dick, I illustrated why. We're like the Siegfried and Roy of dick exposition.
        
        JW 11 years ago
        
        Wait, which is the gayer one?
        
        gimmeasammich 11 years ago
        
        The one with the dick in his ass?
entropy 11 years ago

"Microsoft clearly believes that the users' personal data belongs to Microsoft, not the users themselves,"

Looks like someone finally read their EULA. In 60,000 words it basically states 'all your base are belong to us'.
1. Paul. 11 years ago
  
  Online services of all types almost universally believe the data you stick on their servers is theirs. Remember when people went apeshit when Facebook said all your data are belong to them?
  1. entropy 11 years ago
    
    Yup. But with MS it's not just data you stick on their servers, it's more like data on any machine running any of their software, which you are only leasing the right to use.
    1. thatsright 11 years ago
      
      You're confusing Outlook.com w/ Exchange/Outlook. They're totally different. Outlook.com is the new name for Hotmail and is what MS searched.
2. Tman 11 years ago
  
  ^^^this.
  
  Every EULA is basically a "hold harmless" guarantee to the vendor providing the services that by agreeing to use said services you are relinquishing your rights to whatever degree the vendor decides is necessary.
  
  Everyone whines about Facebook and their security settings but they realize that when they signed up -for free I might add- they agreed to share their personal info and pictures with Facebook and they retain the rights once it's used on their site.
  
  Same thing with email services EULA's. Don't like it? Don't use it.
  1. Zeb 11 years ago
    
    Whining about Facebook is stupid. They are giving you a free service in exchange for being able to do whatever they want with your information and target ads at you. Same with Google.
    
    But with Outlook, it is usually companies paying for a communications system. In those cases I think that the customer has a lot more cause to whine about it. Though I agree that ultimately it comes down to what is in the contract. But if several large companies told MS to get fucked if they didn't change the terms of using Outlook, I bet they would change it.
    1. Paul. 11 years ago
      
      But with Outlook, it is usually companies paying for a communications system. In those cases I think that the customer has a lot more cause to whine about it
      
      I agree, they do. The average consumer has a higher expectation of privacy with email communications than they do of Facebook wall posts-- putting aside any laws or court precedent.
      
      I hope that the higher expectation of privacy will force Microsoft to do the right thing.
      1. thatsright 11 years ago
        
        You're confusing Outlook.com w/ Exchange/Outlook. They're totally different. Outlook.com is the new name for Hotmail and is what MS searched.
        
        Paul. 11 years ago
        
        No, I'm not.
        
        thatsright 11 years ago
        
        ok
John 11 years ago

It seems to me that microsoft accessing people's email accounts without authorization is a violation of the Electronics Communications' Privacy Act. There is no "but we wrote the software and are hunting down a patent violator" exception to the statute.

If we had an honest DOJ that wasn't in the pocket of the tech oligarchs, there would be criminal charges pending against both Microsoft Corporation and the employees who did this.
JW 11 years ago

Your free email on their servers? Yes.

Next question?
1. Zeb 11 years ago
  
  Outlook is not usually free as far as I know.
  
  You are an idiot if you expect privacy from Google or Facebook or whatever. But when you pay for a service, you don't expect that so much.
  
  But yes, read the contract and you will know.
  1. KDN 11 years ago
    
    I believe this is about Outlook.com, not the Outlook you use at work.
    
    To be honest, I'm not even sure how MS could view the latter since it never routes through their environment. I'm no expert here, though.
  2. JW 11 years ago
    
    It's Outlook.com, which is a free service competing with Gmail.
kinnath 11 years ago

http://www.nbcnews.com/tech/se.....ail-n60561

A digital rights advocacy group slammed Microsoft for accessing the Hotmail emails of a blogger who allegedly received stolen Windows information leaked by an employee.

Hotmail is not equal to Outlook.

1) I don't expect that the Ts and Cs of the Hotmail service say that Microsoft can search your email if they think you release MS proprietary data.

2) You have to be completely fucking stupid to release MS proprietary data through an email account provided by Microsoft.
1. kinnath 11 years ago
  
  fucking tags
2. Fr?ulein Nikki 11 years ago
  
  Hotmail is Outlook.com now.
  1. kinnath 11 years ago
    
    All the articles I've read to date said the doofus used an old hotmail account. So I've clearly missed the connection to the new service name.
    1. Lord Humungus 11 years ago
      
      yep, I have an ancient hotmail account* that still putters around - it was transferred to outlook.com
      
      *I now only use it for record label registration when downloading MP3s via the coupon that came with the record.
    2. Fr?ulein Nikki 11 years ago
      
      Funnily enough the transition happened in July 2012, so right around the time this was going on.
  2. Zeb 11 years ago
    
    So Outlook is their free mail now?
    
    What am I thinking of? Exchange?
    1. Paul. 11 years ago
      
      Outlook is Microsoft's name for its email client. Exchange is Microsoft's enterprise email system software. Outlook.com is now the public face of their free online email service which transitioned from Hotmail.
      1. Paul. 11 years ago
        
        And don't even ask me how this all connects with Microsoft Live. I have no idea, and hope to retire before I'm forced to know.
    2. kinnath 11 years ago
      
      Outlook.com is rebranding of Hotmail to take advantage of consumer familiarity with the Outlook desktop email application (god knows why cause Outlook sucks).
      
      Exhange is the server side email application that supports SMTP which is supported by many desktop email applications. (from vague memories).
      1. kinnath 11 years ago
        
        And Paul beats me to it.
JW 11 years ago

How'd Microsoft figure all this out? Company investigators went snooping through private messages of the blogger, who used Outlook, in order to hunt down Kibkalo.

Kibkalo doesn't sound like the sharpest of all pencils.
1. Paul. 11 years ago
  
  Clearly not. Why didn't he just post it on his Facebook wall for fuck's sake?
entropy 11 years ago

If we had an honest DOJ

And if ifs and buts were candy and nuts we'd all have a merry inclusive non-denominated equinoctial celebration.
1. entropy 11 years ago
  
  Sorry that was supposed to be a reply to John. Also sorry I forgot the trigger warning.
  1. John 11 years ago
    
    I meant the statement ironically.
JW 11 years ago

Company investigators went snooping through private messages of the blogger, who used Outlook, in order to hunt down Kibkalo.

He should have used the tried and true Jimmy Carter method.
entropy 11 years ago

My next operating system will be Linux Mint.
1. William of Purple 11 years ago
  
  how's it for gamez?
  1. pan fried wylie 11 years ago
    
    or netflix (aka MS Silverlight)...
    
    (hint: no)
    1. Wasteland Wanderer 11 years ago
      
      I don't use Netflix, so I haven't done it myself, but a quick Google search has dozens of tutorials for installing the Netflix app on Linux Mint, Ubuntu, Fedora, etc.
    2. Michael S. Langston 11 years ago
      
      I think almost all linux distros (mint, ubuntu for sure) can now deal easily with silverlight. Go here
  2. Wasteland Wanderer 11 years ago
    
    About the same as most Linux distros. You'll need Wine or an emulator to run games designed for Windows. You can also install the Steam app using the Software Manager tool.
  3. entropy 11 years ago
    
    I can't really say because I don't have it YET. I am in the process of organizing my hard drive and backing up before I move over. But I will try it.
    
    I think it will be fine. We'll see. I don't play a ton of games anymore but Steam has gone to linux now and a few more game projects as well. Plus there's emulators like WINE and Playonlinux. I'll find out eventually.
    1. entropy 11 years ago
      
      I've reached a point where I'm happy with roguelike games and old shit. All the new blockbuster $50 games have gotten boring for me, they're all so formulaic I rarely make it through a whole 40 hour play through anymore. And they offer pretty much zilch for re-playability after you've got 40-60 hours in them.
      
      But old games like nethack or Total War/Civ games and old NES games, that have like 5 minutes of content total but somehow are basically evergreen because the gameplay is actually fun since they didn't blow the whole dev fund on shiny graphics.
2. Paul. 11 years ago
  
  I've been looking at a new one called OpenNSA.
Sigivald 11 years ago

"the one sort of case in which we know that Microsoft thinks it's OK for it to spy on your e-mail without a warrant is when you might be stealing its own stuff."

...

Someone doesn't understand what "warrants" are.

Warrants are things the government gets for permission to look at something without exposing its agents to lawsuits, originally, and these days, to look without the results getting barred from evidence.

No private party needs a warrant to do anything on its own initiative.

For any number of other reasons, they might be liable for an action they perform, of course, but "warrants" are irrelevant to non-State actions.

(Note that the Fourth Amendment does not say anything like "no search shall be performed without a warrant". Originally a warrant protected the searcher from personal liability; but since all State Agents have qualified immunity now, the rules got changed to evidence not being allowed in Court without a warrant. Roughly.)
1. John 11 years ago
  
  No private party needs a warrant to do anything on its own initiative.
  
  Just because they don't need a warrant doesn't mean it is legal. If I break into your house, it is true that I haven't violated your 4th Amendment Rights like I would if I were a cop doing it. But I am still guilty of breaking and entering.
  
  Snooping into someone's email is a federal crime. Microsoft seems to have committed such a crime here.
  1. Wasteland Wanderer 11 years ago
    
    He addressed that point when he stated "For any number of other reasons, they might be liable for an action they perform, of course, but "warrants" are irrelevant to non-State actions."
    1. John 11 years ago
      
      They are liable alright, criminally.
  2. JW 11 years ago
    
    Snooping into someone's email is a federal crime.
    
    Nope. As the sysadmin for my company, I can go into anyone's account right now, and there isn't thing one, legally, they can do about it. It's our property and they have no expectation of privacy on company time. I wouldn't do it, because I have better things to do with my time and it ain't right (from a professional standpoint).
    
    Every now and then I do get requests from mgmt to go and check some employee (or ex-employee) to see what they've been up to. I always get that in writing. The best one was with an old boss, a brassy Brooklyn-Sicilian female lawyer, with some the biggest and most robust tits you'll ever see.
    
    So I go looking in this (gay) guy's mailbox and I'm about to give up,when I hit paydirt. I print it out and take it up to her in her office. She takes one look, pauses, and then, in the loudest indoor voice ever, with her door open, "OH MY GAWD, IS THAT JIMMY GIVING SOME GUY A BLOWJOB!?"
    
    It echoed through the halls, I swear to Zod.
    1. Michael S. Langston 11 years ago
      
      Nope. As the sysadmin for my company
      
      That is different from the law that disallows email hosting companies to read private emails of individuals.
      
      Corporations own the work product and email is used to perform their work - therefore the law and constraints are much different.
      
      Additionally note that even though corporations own it all and no one really disputes this, every company I've worked for or seen others login to all have a warning stipulating all email and other traffic is tracked/read/etc/etc/etc.
      
      Just to make sure.
      
      But if John is right, and as a lawyer I assume he is, about the federal law, that law is specific to email hosting companies and individual/group hackers (just as it's a federal law to read mail).
Andrew S. 11 years ago

Do they have the "right" to, as a private company, provided that they tell their customers in advance that they'll be doing it? Absolutely.

Will I use this as another part of the long list of reasons why I will not use Microsoft products? Absolutely.
BBB 11 years ago

That Microsoft should not have accessed Outlook.com email for this purpose is undeniable. It violated all expectations for an email provider.

What I want to question is the moron Kibkalo. The guy clearly knew he was transferring confidential Microsoft property to an unauthorized third party.

So he uses WHOSE free email service? His employer's.

He uses WHOSE free cloud storage service? His employer's.

He uses WHOSE free messaging service? His employer's.

The guy should've been fired for unparalleled stupidity. If he had died, he would have been a favorite for a Darwin Award.
Pinky 11 years ago

...they "vow to go through a more stringent process" before reading people's emails again.

See, nothing to worry about.
Stilgar 11 years ago

btw - any of the e-mail companies can do this as can other big names like... Apple! Remember, the iSteve knows what is best for you.
ConstitutionFirst 11 years ago

Unfortunately there is no explicit right to privacy on the net beyond what you and your ISP agree to.
That 100 page terms and conditions document you never read before clicking "agree", yeah it was in there, you gave up your rights by clicking.
The incestuous relationship that has metastasized between Government (read:NAS) and industry (read: Google[government+ogle], Apple, Microsloth) has caused the whole world to rightly distrust America and our control over the net.
The Jumbotron rule apples here; if you don't want the whole world to know your thoughts, don't put them in cyberspace.
If it's that sensitive, Use Snail Mail.
ChristopherQuintana 10 years ago

well, i think they are, but their behavior with product keys is great!
mame 8 years ago

I do not think !! If you're doing this, it's ridiculous... I like your post. I want to share my own blog. Can I share? my blog about Hotmail help hotmail sign up
jennyhannb 8 years ago

They're revamping their privacy policy and issued a statement that they "vow to go through a more stringent process" before reading people's emails again. I Don't believe
hotmail login

Please log in to post comments

Does Microsoft Have the Right To Search Your Email?

Latest

Trump's Tariffs Target Uninhabited Islands, Economic Dead Zones, and Individual Regions of France

Trump's New Tariffs on These 3 Countries Look Particularly Foolish

Joe Biden's Handlers Definitely Knew. Did the Media?

'Liberation Day' Tariffs Will Liberate People—From Their Income

How Trump's New Tariffs Will Make Farming (and Food) More Expensive

Recommended

Login Form