Computer tech giant Microsoft recently admitted that it had read through a user's email inbox as part of an internal leak investigation. The admission has created a furore with users of Microsoft's email service who are worried about their privacy.
The case involves Alex Kibkalo, a Russian native and former senior architect who worked for Microsoft in Lebanon. On March 19, Kibkalo was arrested for supposedly providing sensitive data related to Windows 8 during his tenure with Microsoft. Kibkalo, along with a Russian national Microsoft employee reportedly forwarded confidential trade secrets about Windows 8 to an anonymous French blogger. He was also reportedly providing links to file on his account.
The email search revealed messages from Kibkalo to the blogger comprising fixes for the Windows 8 RT operating system even before they could be publicly released. The complaint alleges Kibkalo also shared a software development kit that could be used by hackers to learn more about how Microsoft uses product keys to activate software. Besides the email search, Microsoft also went through instant messages they exchanged that September. Microsoft also scrutinized the files in Kibkalo's cloud storage account, which was called SkyDrive until last month. Kibkalo is indicted of using SkyDrive to share files with the blogger.
John Frank, deputy general counsel for Microsoft, which owns Hotmail, said in a blog post that the search was technically legal. While Frank noted that user communication should be private, he said the software company took extraordinary actions in this case based on the certain circumstances. In the future, he said, Microsoft would consult an external attorney who is a former judge to determine if a court order would have granted such a search.
John Frank said the incident prompted the software giant to implement a more rigorous process before reviewing a non-employee's Hotmail account. The company has announced four procedures and promises that will be implemented:
The company would never search a customer's account unless the case would be justified by a court order.
Microsoft must comply with the standards to obtain a court order. An external legal team will be used to assess the evidence collected by the internal investigating team. The skills of an outside counsel who is a former federal judge will also be called upon.
Even if searches are conducted they will only focus on the data relevant to the investigation and not look at other things. The search will be supervised by a counsel.
To ensure transparency of the searches related to governmental or court orders, Microsoft will publish in its bi-annual transparency report the number of account searches that are performed and number of customer accounts that have been affected.