A former Microsoft employee now wishes he had never gone ahead and stole company secrets. For now, he is out of a job and facing charges. However, the biggest surprise that came from this debacle is how Microsoft got its proof, which forces us to ask the question, was it the right thing to do?
To collect information on the suspect, Microsoft scoured a user's Hotmail email account to identify the person behind the leak. This shows that Microsoft and other email providers have the ability to gain access to users email accounts, and the law is on their side.
Bear in mind that Microsoft's privacy policy allows the company to do the very thing it did to collect information on the former employee.
"We may access or disclose information about you, including the content of your communications, in order to - protect the rights or property of Microsoft," stated in Microsoft's privacy policy.
This move forced Microsoft to look into its privacy policy, and users are hoping the company will prevent itself from pulling off such a maneuver in the future without the need for a court order.
According to John Frank, Microsoft's deputy general counsel, the company will meet a more rigorous standard before looking into a Hotmail account that is not of a Microsoft employee. Frank also laid out four parts to the new standard, which can be viewed below.
We will not conduct a search of customer email and other services unless the circumstances would justify a court order, if one were available.
To ensure we comply with the standards applicable to obtaining a court order, we will rely in the first instance on a legal team separate from the internal investigating team to assess the evidence. We will move forward only if that team concludes there is evidence of a crime that would be sufficient to justify a court order, if one were applicable. As a new and additional step, we will then submit this evidence to an outside attorney who is a former federal judge. We will conduct such a search only if this former judge similarly concludes that there is evidence sufficient for a court order.
Even when such a search takes place, it is important that it be confined to the matter under investigation and not search for other information. We therefore will continue to ensure that the search itself is conducted in a proper manner, with supervision by counsel for this purpose.
Finally, we believe it is appropriate to ensure transparency of these types of searches, just as it is for searches that are conducted in response to governmental or court orders. We therefore will publish as part of our bi-annual transparency report the data on the number of these searches that have been conducted and the number of customer accounts that have been affected.
After witnessing what Microsoft has done to identify the leaker within the company, it is clear that every other Hotmail user is at risk. We can't give Microsoft the benefit of the doubt here, as a simple court order would have sufficed, instead of taking the task upon itself to search the user's account.
It makes us wonder if Microsoft employees are looking into Hotmail user accounts just because they can. Something needs to be done, and we're happy to know that John Frank has laid out the plans to make a difference. Hopefully, other email providers such as Google and Yahoo take similar measures to protect the privacy of users.