Microsoft Admits Email Snoop, Revises Privacy Policy

Brandon Dimmel's picture

Microsoft has revised its Hotmail / Outlook email privacy policy. It's in response to concerns after the company admitted to reading emails and instant messages of a blogger who allegedly tried to sell Microsoft intellectual property without permission.

Former Microsoft employee Alex Kibkalo is currently being investigated for stealing Microsoft trade secrets. According to Microsoft, in 2012 Kibkalo acquired pre-release Windows 8 source code, which he emailed to a mysterious blogger who has not been named. It's the anonymous blogger who had his email and instant messages snooped.

Microsoft Conducts "Limited Review" of Blogger's Accounts

Microsoft alleges that the blogger not only posted images of the then-unreleased Windows 8 operating system to his blog, but that he also tried to sell some of the information acquired from Kibkalo -- including Windows Server activation keys. The activation keys allow users to gain access to Microsoft products without paying for a license.

Microsoft says the blogger also tried to send unreleased and proprietary software code to a third party. The third party then contacted Microsoft's Windows chief Steven Sinofsky, who then forwarded the information to Microsoft's Trustworthy Computing Investigations department, which is responsible for investigating intellectual property leaks.

Microsoft now admits it conducted a lengthy investigation that included a "limited review of [the blogger's] Microsoft operated accounts." (Source: Microsoft also reached a confidentiality agreement with the blogger, which is why he has not been formerly identified in the complaint against Mr Kibkalo. (Source:

Microsoft has defended its action by pointing to its terms of service, which the company says "make clear our permission for this type of review". The firm also says that "this happens only in the most exceptional circumstances." Specifically, Microsoft's terms of service read: "Microsoft reserves the right to review materials posted to the Communication Services and to remove any materials in its sole discretion." (Source:

Privacy Lawyers say Microsoft Actions 'Highly Unusual'

Many Microsoft users expressed frustration with the company's actions in this case. In response, Microsoft deputy general counsel John Frank has introduced a revised and more descriptive privacy policy. The hope is that the new privacy policy will reassure users of Microsoft services like Outlook and OneDrive.

But, that's not likely to change anyone's mind any time soon. Privacy lawyers say that while Microsoft's actions appear to have been legal, its snooping through customer data and without a court order was highly unusual.

Attorney and civil liberties expert Jennifer Granick says that the Electronic Communications Privacy Act allows service providers to read and disclose customers' communications when necessary in order to protect the rights or property of the service provider. She went on to say that Microsoft's actions were within these boundaries, but the actions themselves were "stupid," and likely to raise privacy concerns amongst journalists and bloggers that use any of Microsoft's Internet services to communicate with their sources.

"Microsoft essentially decided that whatever privacy expectation that its own customers supposedly had was basically a dead letter. It simply decided that in its own corporate interest, it can intrude on a person's email," said Edward Wasserman, the dean of the Graduate School of Journalism at University of California, Berkeley.

"To see Microsoft using this right to essentially look through a blogger's email account for evidence of wrongdoing and then turn it over on a silver platter for law enforcement, it is extremely undesirable," noted Nate Cardozo, a staff lawyer for privacy rights group Electronic Frontier Foundation. (Source:

What's Your Opinion?

Do you agree with Microsoft's actions discussed in this article? Particularly, do you believe Microsoft had a right to snoop through emails and instant messages to serve its own purpose? Finally, does Microsoft's actions leave you worried about your privacy and the data you've stored online? Or, does it make you want to switch service providers?

Rate this article: 
Average: 4.7 (3 votes)


ehowland's picture

Piracy, or industrial espionage? I have no issues at all with them looking at email.
I don't believe MS scans millions of emails, like other 'free' email providers to send them targeted ads...

I will not change a thing about my M.S. accounts. The quote is they looked at "A email/bloggers account", really just one?

..."included a limited review" I'm sure the NSA and many more 'free' account providers look at a whole bunch more than ONE account. ANYTHING ever posted on FaceBook is public and there forever (deleted or not, 'private' or not). FB is constantly under 'hack attack' and gets breeched often.

Heck I don't even trust Target now (bought stuff there the other day and paid cash, did not want to swipe a card). I plan no changes with M.S. anything and have zero problems with any of the actions described.

Sounds like this article might have had some input from an apple "fanboy". Really, you think your "MAC" info is any more private? Apple gets and has gotten hacked and has been breeched too...

NOTHING is private... Plan on the fact anything you may say might be public at some point...

DavidFB's picture

What I observed was that they announced it in such a way that it was considered normal. The information is unencrypted and accessible to anyone in the company with access to the appropriate servers. It would not surprise me in the slightest if they keep an eye on staff accounts for reasons such as this case.

The joke here was the staffer and blogger both being dense enough to use their products to do this. Duh.

I saw an incident once where someone emailed confidential info to an investor that made the company look bad. Gmail would not share the identity of the sender without a court order. But would them monitor their own staff? Lots of companies use software just for that purpose.

Thinking Human's picture

This appears to be the proverbial "double edged sword", Turned against us the customer. If Microsoft, had 1st gone to the authorities(read prosecutors office) and allowed them to investigate, I would be all for it. But Now, I am afraid Not only of the governments prying eyes, but now Microsoft(The Worlds Leading OS) Can't be Trusted!

Can Someone Please Restore my Faith in my Expectation and my Right to Privacy.

kb4169's picture

...with what Microsoft did. After all what Mr. Kibkalo allegedly did was illegal, and any individual, company or corporation has a right to protect themselves from theft as long as that entity operates within the confines of existing laws and regulations.
After all The Constitution does not protect me from you, or you from me - it protects you and me from the government.

blueboxer2's picture

Might be another issue here. How did Microsoft catch on to the theft, and when did they report it to the authorities? It's my understanding that under Canadian law those who have knowledge of a criminal act are required to report it to the appropriate jurisdiction for action. There are also severe civil and sometimes criminal sanctions imposed for frivolous or unjustified complaints. Maybe Microsoft did have some justification for doing some private snooping among resources accessible to them before calling in the law. In these litigious days a certain level of prudence when making criminal accusations seems justifiable.

djs003's picture

Seems the crooks got caught, then whined about "privacy". I am of the opinion that the ones who cry the hardest about privacy concerns are the ones that SHOULD be watched closely to protect the rest of us.

This is kin to having a gun in the house to protect against intruders. Once they invade your home, or business, you should have the right to use whatever means at hand to protect your being or property (digital or otherwise).

hrsdad's picture

the only one who might think thisis an invasion of privacy is the criminal who thinks that"wanting" something makes "stealing" that something okay. sorry, folks! if MS is in possession of information that a certain user is stealing proprietary info, then it has not only the right, but a duty to investigate however it needs to to get an answer. your privacy right ends when you steal their data. software or keys or code - doesn't matter which, if it isn't yours and you have taken it, it is theft. on the other hand, I don't use MS for any communication or storage because I don't want any of my info to be "observed" by MS nor the government.