Microsoft read the email of Hotmail users without a warrant, in order to catch someone who'd leaked some Microsoft software. When they were caught out, the pointed out that they'd always reserved the right to read Hotmail users' email, and tried to reassure other Hotmail users by saying that they were beefing up the internal process by which they decided whose mail to read and when.
Now, citing the "'post-Snowden era' in which people rightly focus on the ways others use their personal information," the company has announced that it will not read its users' email anymore when investigating theft or copyright violations -- instead, it will refer this sort of thing to the police in future (they still reserve the right to read your Hotmail messages without a court order under other circumstances).
As Techdirt's Mike Masnick points out, this is a most welcome change. The message announcing the change by Brad Smith (General Counsel & Executive Vice President, Legal & Corporate Affairs) is thoughtful and forthright. It announces a future round-table on the questions raised by the company's snooping that the Electronic Frontier Foundation can participate in.
Smith asks a seemingly rhetorical question: "What is the best way to strike the balance in other circumstances that involve, on the one hand, consumer privacy interests, and on the other hand, protecting people and the security of Internet services they use?" That is indeed a fascinating question, but in the specific case of Hotmail, I feel like it has a pretty obvious answer: change your terms of service so that you promise not to read your customers' email without a court order. Then, if you think there's a situation that warrants invading your customers' privacy, get a court order. This is just basic rule-of-law stuff, and it's the kind of thing you'd hope Microsoft's General Counsel would find obvious.
The fact that the question is being raised casts more light on Microsoft's extensive "Scroogled" campaign, which (rightly) took Google to task for having a business-model that was predicated on harvesting titanic amounts of personal data. The takeaway here is that while Microsoft's business-model (at the moment) is less privacy-invading than Google's, that is not due to any inherent squeamishness about spying on people -- rather, it's just a practical upshot of its longstanding practices.
Read the rest
Read the rest