After outcry, Microsoft changes course and won't access user data in theft probes

Instead, the company will refer the matter to law enforcement agencies

Microsoft will no longer go through email messages and other personal data that users of its online services have stored on its servers, a decision taken after being sharply criticized for accessing a person's inbox as part of an internal investigation.

"Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer's private content ourselves," said Brad Smith, Microsoft's general counsel and executive vice president, legal and corporate affairs, in a blog post on Friday.

Instead, the company will refer the matter to law enforcement agencies if further action is required, he said.

Microsoft sparked an outcry last week when it revealed that it had looked at messages from a blogger's Hotmail account as part of a company investigation into trade-secret leaks.

The company subsequently amended its policies, saying that in the future a separate legal team at the company would review evidence in similar cases before deciding to access an end user's data.

Since then, "we've had the opportunity to reflect further on this issue" after having internal conversations and talks with advocacy groups and other experts, Smith wrote.

"Although our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case, the circumstances raised legitimate questions about the privacy interests of our customers," Smith said.

However, it might not be a blanket promise. The company did not say whether it would also change its policies if the case involves a matter other than stolen property. Microsoft did not immediately respond to a request for comment.

Microsoft said it will incorporate the change into its customer terms of service in the coming months.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Tags Internet-based applications and servicessecurityMicrosoftlegalMailsocial networkingdata protectioninternetsocial mediaprivacysearch engines

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

IT Compliance Solutions

Enforce compliance consistently and cost-effectively across your organization.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.