They're Reading Your Mail: Microsoft's ToS, Windows 8 Leak, and Snooping

After the recent Windows 8 leak by recently arrrested then-Microsoft employee Alex Kibkalo, Microsoft has tweaked its privacy policies, but also defended reading the email of the French blogger to whom Kibkalo sent the software. "The blogger in question, who remains unidentified, happened to use Hotmail—the investigation began in 2012 before Hotmail's Outlook.com transition—as his primary email account. So as part of its investigation, Microsoft peeked into the blogger's email account to read that person's correspondence with Kibkalo. ... Microsoft says it was justified in searching the blogger's email account, because it had probable cause to believe Kibkalo was funneling trade secrets to the blogger.The company also pointed out that even with its justification for searching the account, it would have been impossible to gain a court order." "The legal system wouldn't have let us" seems a strange argument to defend any act of snooping.

According to Arrington, Google reads it too

[mTor]

Here's what Michael Arrington, former editor of TechCrunch, says:

I have first hand knowledge of this. A few years ago, Iâ(TM)m nearly certain that Google accessed my Gmail account after I broke a major story about Google.

A couple of weeks after the story broke my source, a Google employee, approached me at a party in person in a very inebriated state and said that they (Iâ(TM)m being gender neutral here) had been asked by Google if they were the source. The source denied it, but was then shown an email that proved that they were the source.

The source had corresponded with me from a non Google email account, so the only way Google saw it was by accessing my Gmail account.

A little while after that my source was no longer employed by Google.

ABOUT THAT TIME GOOGLE SPIED ON MY GMAIL

Re:According to Arrington, Google reads it too

[sumdumass]

Its interesting that no one claimed someone else planted the emails there. If they are accessing accounts then i'm not sure how they can claim no one else (including them at another time) accessedthe accounrs and sent that message in order to escape being discovered. I mean they went behind their backs so why wouldn't they go behind their backs.

Re:According to Arrington, Google reads it too

At this point, I think Arrington has little credibility. So his claims about Gmail, right or wrong, are not going to be taken seriously.

Re:According to Arrington, Google reads it too

[K.+S.+Kyosuke]

Wow, you suck at reading comprehension.

Re:According to Arrington, Google reads it too

[1s44c]

Uhm, so Google read the email of one of its employees? Gosh!

Google read the email of a third party that that one their employees sent an email to. Google have the ability to, and willingness to, read private email of people who use gmail who are not otherwise connected to google. Gmail isn't to be trusted.

Re:According to Arrington, Google reads it too

[davester666]

Sure, the TOS gives Microsoft the right to look at pretty much whatever they want, whenever they want, and it's true that Microsoft could not have got a warrant to search their own email service [because companies don't get issued search warrants, either for themselves or to permit them to search other businesses or individuals].

What they gloss over is, Microsoft could have avoided this whole mess by getting the police/FBI to run the investigation. The FBI would have no problem getting a search warrant for the email, Microsoft hands the email to the FBI, who search through it.

The FBI get the information they need to charge the guy and Microsoft doesn't look like a total hypocrite.

Problem solved.

Re:According to Arrington, Google reads it too

[sjames]

No. Google read the email of a person who corresponded with a Google employee. The mailbox they found the mail in was not that of a Google employee.

Re:According to Arrington, Google reads it too

[stoploss]

All I'm hearing is that these bloggers are incompetent at protecting their sources.

I mean, WTF? Who the hell would imagine it's safe to use a company's services when collecting insider information? I mean the data is on the company's servers, FFS. I bet real spies don't need to be told not to set up a dead drop inside, say, the Capitol rotunda or the FBI headquarters, either.

Protip for any planning to publish dirt on Yahoo: don't use Yahoo mail to collect the information. Not that anyone still uses Yahoo mail anymore...

Re: According to Arrington, Google reads it too

[citation needed]

Re:According to Arrington, Google reads it too

[fermion]

MS, Google, Yahoo, all free service, I don't think there is an expectation for privacy. I have seen no situations where our information is protected from employees. In the past few years they have apparently set up more guidelines, but I wonder anyone actually get fired for browsing the occasional email.

What is clear is there no legal recourse. You can't stop paying because you do not pay. I think suing over such a thing would be hard as showing damages would be hard.

I guess this shows the need for a paid encrypted account.

Re: According to Arrington, Google reads it too

Those times he was determined to slander Last.fm.

Re:According to Arrington, Google reads it too

It doesn't surprise me Arrington doesn't use pgp.

Re:According to Arrington, Google reads it too

[mysidia]

Google read the email of a third party that that one their employees sent an email to.

No... we have a hearsay claim that Google must have read the email of a third party.

They assumed because the recipient account was a gmail account; they must have gotten the message by opening his mailbox.

There might be some other way(s) they could have gotten ahold of the message, such as internet traffic monitoring of the employee's computer.

Re:According to Arrington, Google reads it too

[DexterIsADog]

Uhm, so Google read the email of one of its employees? Gosh!

Google read the email of a third party that that one their employees sent an email to. Google have the ability to, and willingness to, read private email of people who use gmail who are not otherwise connected to google. Gmail isn't to be trusted.

Do you actually know this, or are you guessing? If I were Google (though I'm not really evil), if I suspected a Google source for a journalist's story, I'd look at the SENT email from all employees, for any emails going to the journalist.

Come on, it's friggin' Google, that search would probably take a second. Also, they'd find every source within Google, and it would all be legal; no reading of a non-Google employee required.

Re:According to Arrington, Google reads it too

[DexterIsADog]

There might be some other way(s) they could have gotten ahold of the message, such as internet traffic monitoring of the employee's computer.

Or just, you know, search the outgoing email of every Google employee. Why is this not obvious?

Re:According to Arrington, Google reads it too

Probably your other point... But, Bloggers are defunct journalists, the way they conduct themselves is pretty self centered. However that is pretty much every journalist.

My point........

You have to wonder if the NSA or other government agencies have been doing this same thing, to all media/press? We've reached a point where no one is safe from using -------any type of digital communication-----.

I know the article is about companies hacking there users/employees emails, to find out who is "leaking" information. But the thought pop in my mind no one could be safe anymore. The days of whistle blowers and insiders is coming to an end.

Re:According to Arrington, Google reads it too

[gnasher719]

No. Google read the email of a person who corresponded with a Google employee. The mailbox they found the mail in was not that of a Google employee.

An email can be read at the sender, in transit, or at the receiver. The receiver was a google employee, and the content was apparently Google's business. If I give my employer permission to read emails that I receive, they are allowed to read emails that _you_ sent to me.

There was a case a while ago that some people thought protected journalistic sources, but where in reality a judge totally destroyed the safety of any sources: Some information leaked from Apple to some website, Apple naturally tried to get the identity of the source from the website, went to court, and was told that they hadn't done enough to find the source themselves. One thing that they should have done was calling in every single employee with access to the information, ask them to declare under oath that they didn't leak the information, and fire anyone refusing to make that declaration. That's what the judge said they should have done.

Google may have very well read what that judge said, asked every employee for permission to read the emails that they received, fired everyone who refused (exactly the way that judge told Apple what they should have done), and found the email. Perfectly legitimate.

Re:According to Arrington, Google reads it too

Hey! Some of us are paying for our Yahoo! account ($49.99/year) (with the sole advantage of getting no ads). (Sort of want to support the company. And before you say it, I know I could block/remove the ads.)

Re:According to Arrington, Google reads it too

[sjames]

No, read carefully. The *SENDER* was a Google employee using a non-google mail account (for obvious reasons). The *RECIPIENT* was not a Google employee but was using a gmail account.

At least that is the allegation.

Re:According to Arrington, Google reads it too

[mysidia]

Or just, you know, search the outgoing email of every Google employee. Why is this not obvious?

Well... they say the employee was not using a Google e-mail account. What they don't tell us... is whether or not the employee was on a computer connected to Google's network at the time, or using a Google laptop, or other computer with Google-provided software, in order to send the e-mail.

We also can't rule out the possibility that the person's Ex logged into the employee's non-Google e-mail account, saw the juicy message, and decided to cause trouble by forwarding to Google.

Or that Google hired a private investigator who used pre-texting or other techniques to deceive the news reporter into sharing or leaking info ultimately allowing them to identify the employee, and break into their poorly secured outside email account.

Re:According to Arrington, Google reads it too

[amiga3D]

You would be far safer using snail mail. It's way too easy to have a computer sift through millions of e-mails whereas someone has to get off their dead-ass and work to go through real mail. The labor alone makes it cost prohibitive. Using PO boxes and fake names and you are probably worlds ahead of e-mail for safety. At least your deniability goes up.

Re:According to Arrington, Google reads it too

[jc42]

MS, Google, Yahoo, all free service, I don't think there is an expectation for privacy.

Or, more generally, anyone who stores anything on a commercial server and expects privacy is a fool.

Yes, this is especially true with "free" services, which must be profitable or they won't exist for long. But one should generally assume that any data that's ever been on any company's machines will be saved (at least backed up) and available indefinitely to any company employee or customer who's willing to pay. Anything else just shows a total misunderstanding of how these companies work.

Actually, some of the jobs I've had has involved maintaining and troubleshooting the email systems. I've had many occasions where as part of fixing a reported problem, I subtly let the people involved know that, yes, I can see the content of all their messages, so they might want to be a bit more careful about what they put in writing. In a few cases, they've even thanked me for this extra warning.

I've found that a good way of explaining this is by telling people that email isn't like a postal letter; it's really more like a post card. Everything is visible to the people who handle the delivery process. Usually they won't read anything, but they can, and with email it's so easy that I often have to carefully avoid reading the content. And in a few cases, I've had to dig into the content itself to figure out why the delivery system messed it up. (I don't like to do this, but some email software does "interesting" things to the content, and the damage can only be fixed by looking at the text itself.)

And, as others have said, with a free service you should understand that you're not the customer, you're the product. Or rather, the content of what you're sending and receiving is their product, which they sell to their actual customers.

Re:According to Arrington, Google reads it too

At the very least they should lead with something along the lines of "Here is my public key. If you don't know how to use it, then figure it out for your protection and mine."

Re:According to Arrington, Google reads it too

Let's see, on one side we have an official court record.

On the other, we have a paid-by-the-pageview blogger's hearsay from a drunk person.

Yes, both might be true, but only one is a legitimate news story.

Re:1st

No wonder you don't have a girlfriend.

Bad summary

[whoever57]

Much as I hate to defend Microsoft, the summary mischaracterises Microsoft's statement. Microsoft is saying that it already had the right to search the mailbox, so a court would not have issued an order. It's like asking a court for permission to search your own house. The court won't issue an order, but that doesn't mean that it would be illegal to do the search.

I don't know if Microsoft is right in its claim that it would not have been able to get a court order, but let's get the facts straight when criticising Microsoft.

Re: Bad summary

[fustakrakich]

Intruder is saying he already had the right to break into the house. No need to ask for permission.

That's right. He owns the house. And guess what. A landlord can go into your apartment without your permission also.

Re: Bad summary

[Albanach]

Tl;dr : You must be batshit crazy to think that was legitimate without a court order. But hey, MS said so. Must be true then. Facepalm

So, you say they can't do it without a court order, but don't seem to address their statement that they cannot get a court order.

So what exactly is your proposal in these circumstances?

Re: Bad summary

That is not a universal law. In Europe your landlord can not enter the flat without the tenants permission. It is expressly forbidden.

Re: Bad summary

If they can not get a court order, they have no right to intrude into the mailbox. Really simples. There is no dilemma.

Get a court order or stay out.

Re: Bad summary

Not accessing the email.

Re: Bad summary

[nickmalthus]

Typical corporate behavior - lobby incessantly against regulation but when caught in blatant malfeasance shirk accountability with the excuse "it may be unethical but it is not illegal"

Re: Bad summary

[sribe]

A landlord can go into your apartment without your permission also.

Wrong. Except in cases of emergency, he needs your permission. Unlike what some people think, you do get a few rights when you pay for the use of the apartment...

Re: Bad summary

[Runaway1956]

Castle doctrine, anyone?

Jingle jingle - creeeeaak - BANG BANG BANG BANG BANG BANG!

Officer: "Ma'am, why did you shoot the landlord six times?"

Tenant: "I ran out of bullets, officer!"

Re: Bad summary

A landlord can go into your apartment without your permission also.

Where I live he would get a police escort helping him leave and a nice notice from court forbidding him from getting anywhere near his property for the next few years.
After all there is a legal document that states that "I pay him" to use that apartment as "my" home and as a result unless "I" invite him into "my" home he has no right to be there - he has after all temporarily transferred parts of his rights as the owner to me in exchange for my money.

Re: Bad summary

[fustakrakich]

Yes, well, I've noticed it's pretty easy to declare an "emergency".

Re: Bad summary

[Anonymous+Brave+Guy]

A landlord can go into your apartment without your permission also.

Not in my country, he can't, other than under quite strictly defined conditions such as to effect repairs in an emergency.

What you say might be true in the US, but Europe typically has stronger privacy safeguards.

Re: Bad summary

[ThatAblaze]

I know someone who owns a house that his ex wife has been staying in. When they divorced it also resulted in a restraining order being taken out by her against him. It is his house though. So he is in the position of being unable to approach the house or her to collect rent on the house or to evict her.

Re:Bad summary

His legal defence is weak, however bad PR Microsoft will ensure...in other words, the guy going down, and Microsoft Cloud Biz is going down as well!

Re: Bad summary

[sjames]

But he absolutely cannot open your mailbox or paw through your personal papers. Generally, landlords who enter without permission are limited to actions necessary to protect the property from damage (fire, leaking pipe, etc).

Re: Bad summary

[Zontar+The+Mindless]

Intruder is saying he already had the right to break into the house. No need to ask for permission.

That's right. He owns the house. And guess what. A landlord can go into your apartment without your permission also.

That's not quite how it has worked in in my experience as a renter in the US, Australia, and Sweden.

Re: Bad summary

And copy any documents he finds there? LOL!

Re: Bad summary

[Zontar+The+Mindless]

Typical corporate behavior - lobby incessantly against regulation but when caught in blatant malfeasance shirk accountability with the excuse "it may be unethical but it is not illegal"

It's more like, "If we ask, we know that we'll be told it's illegal. Therefore, we won't ask."

Re: Bad summary

[mjr167]

That actually varies by state to state... Some states require the landlord to provide notice, others do not. I had this problem at my first apartment. The landlord was constantly sending in maintenance and not bothering to tell me. They had to do work on the furnace, inspect the fire extinguishers, etc. At least once a month they came in and the only reason I knew was because I bought a security camera. It was ridiculous. In the end, I moved out. Legally there was nothing I could do and trust me, I was pissed and tried.

Re:Bad summary

That's complete BS. To stay with your house comparison: It's as if they were to search a part of the house they own, that they rented out to someone else.

You do need a search warrant for that and of course a private entity won't get one.

Re: Bad summary

[camperdave]

Around here, they need to give you written 24 hrs notice except in an emergency.

Re: Bad summary

[Zedrick]

> That's right. He owns the house. And guess what. A landlord can go into your apartment without your permission also.

Perhaps in Somalia and North Korea, it doesn't work like that in most other countries.

Re: Bad summary

[Zero__Kelvin]

No. 100,000 times no. Stop spreading ridiculous claims (I'm guessing you're a landlord; they like to make up lies like that). Unless there is a flood or other major issue which would cause damage to the infrastructure a landlord absolutely may not enter your house without permission. Not that it matters, since M$ is not a "landlord", but to extend the somewhat broken analogy,a landlord may enter your house if there is a fire, but may not enter it to search for matches or a lighter because he suspects you might cause a fire.

Re:Bad summary

Microsoft is saying that it already had the right to search the mailbox, so a court would not have issued an order. It's like asking a court for permission to search your own house.

Just because a company offers some email service doesn't mean they are allowed to read your mails. Sysadmins who think they can should better consult a lawyer first. There are anti-wiretapping and privacy laws. Perhaps Microsoft has violated them, especially since they have already admitted that they weren't able to obtain a court order? On the other hand, these laws differ from country to country and US law seems to be very friendly to corporations. So perhaps they can get away with it. Let's see how this will play out ...

Re: Bad summary

Two downmods. The hate is powerful.

Re: Bad summary

[vux984]

So he is in the position of being unable to approach the house or her to collect rent on the house or to evict her.

Hire someone to collect the rent and serve the eviction notice. This is not a real problem.

Re:Bad summary

[TapeCutter]

Yes, that plus the fact a private individual or company will not be given a search warrant for anything.

Re: Bad summary

[TapeCutter]

A landlord can go into your apartment without your permission also.

What third world hell hole do you live in that still allows that sort of crap? Surely a man's home is still his castle in the US?

Re: Bad summary

You are so stupid it hurts. The claim, if true, is that the court will not grant the order because it has no jurisdiction to do so. It's as if you told me that you were thinking of having a glass of water. I tell you that I don't think you can have it unless you have a court order. You are unable to get one because the judge says- I'm not giving an order for you to do something you are already within your rights to do. I guess you die of dehydration.

Based on your comment maybe that's a good result.

Re: Bad summary

The same is true in (most/all?) of the US, except in the case of an emergency (your house is flooding/on fire/etc).

Re: Bad summary

It's pretty easy to take the landlord to court, too. Whining online about being victimized without taking any steps to fix the situation is the surest method for continuing to be victimized.

Re: Bad summary

[Stormy+Dragon]

He doesn't even have to hire someone. In most parts of the US, his municipal government will have already hired someone who's job includes serving eviction notices:

http://en.wikipedia.org/wiki/S...

Re: Bad summary

[guruevi]

No they can't. A landlord has to notify you at least 24/48 hours in advance (varies depending on jurisdiction) and then only for reasons pertaining to the state of the property (such as repairs, inspections or to show prospecting buyers). So MS can log into your account if it were necessary to perform maintenance but not to rifle through your personal stuff.

Re: Bad summary

[guruevi]

You could've sued and gotten your rent back for every day that something was claimed to be out of order (if your furnace doesn't work for 3 days, you technically don't have to pay rent for 3 days).

Re: Bad summary

Indeed. Residental tenants have a right called "quiet enjoyment", it's an implicit right (you can't just leave it out of a contract, or even disclaim it from the rental agreement) and it means you can't enter the apartment (yes, even though you own it) without their permission except where it's urgently necessary for example because there's a gas leak and you need to let a gas plumber in to fix it.

Violating quiet enjoyment rights is a breach of contract, and your presence would be unlawful, the same as e.g. a burglar, so if they break a vase over your head thinking you're a thief, too bad that's your fault for being there without permission.

Re: Bad summary

[mysidia]

I know someone who owns a house that his ex wife has been staying in. When they divorced it also resulted in a restraining order being taken out by her against him. It is his house though. So he is in the position of being unable to approach the house or her to collect rent on the house or to evict her.

Simple solution to this. Pay an agent to serve the notice for eviction.

These actions can still be done on his behalf by a paid employee or contractor.

Re:Bad summary

[jonwil]

Are companies that run private mailbox services allowed to search/read the mail that they handle on behalf of their customers? Are self-storage places allowed to search the lockers of people hiring them?

In both cases the answer is "not without a warrant/court order". The same should apply to Microsoft in this case.

Re: Bad summary

[mysidia]

(such as repairs, inspections or to show prospecting buyers).

Not unless you signed a lease that says they can enter and disturb you to show to prospecting buyers.

Of course if they disturb your right to quiet enjoyment of the property, you might be inclined to move out early, and terminate the rental, resulting in financial loss for the landlord.

Re: Bad summary

Surely a man's home is still his castle in the US?

In far too much of the US, a man has a legal obligation to jump out the nearest window and flee like a routing peasant.

Re: Bad summary

I doubt that. The law in America is that the landlord's demand to enter must be reasonable, and he must you adequate notice (usually 24-48hours in advance if its foreseeable). And if you have reasonable reason to refuse his entry at the time (e.g. you're naked), that's okay too, but you can't unreasonably prevent him from entering assuming he met the first two criteria.

If the landlord needs to upgrade the piping in the building, you can't prevent him. And I'd bet you bottom dollar the same is true in Europe or anywhere else. Any other rule is patently stupid.

Re: Bad summary

The rule in _any_ state is that he must give you notice. He can't walk in without your permission. But you also cannot unreasonably withhold permission. It's just that some states statutorily define what reasonable notice is, whereas in others its up the courts to decide.

When you lease property, the property interest is _yours_. You effectively own the lease and have a legal right to exclusive possession and enjoyment of the property. Your property interest is just as unassailable as the landlord's interest. But like everything in life, things are complicated, rights can overlap in complex ways, and reasonable demands intended to protect the landlord's long-term property interest or to perform under the terms of the lease he granted you (such as maintenance) must be met with reasonable behavior in return.

And, again, states will often define what reasonable means in common scenarios, to simplify and streamline dispute resolution.

Re: Bad summary

You may doubt all you want it's a matter of fact.

Re:Bad summary

[donaldm]

Much as I hate to defend Microsoft, the summary mischaracterises Microsoft's statement. Microsoft is saying that it already had the right to search the mailbox, so a court would not have issued an order.

This is such a grey area and I would be surprised if there is not some precedent in law that would classify reading someone's mail and private data as a serious offence without the express permission of the owner of that data or a court order requesting such access. Stating that we own the infrastructure therefore we have the right to do what we please is not a valid excuse.

Consider the following. Say a person owns the building that houses a post office, would they have the right to enter that post office and demand to read mail without proper legal permission? Why would private email be any different from private physical correspondence?

When acting as a System Admin on occasion I was approached by management requesting me to read other peoples email which I promptly denied stating that I would need a court order to do this. The reason for requesting a court order is mainly to cover yourself in case there were legal implications. The only thing relating to email which was acceptable was checking if particular email had been sent and where too, which required a check of the logs. Even then I required written permission to do this. Was I being overly cautious? Well yes since it may not be a good excuse in a court of law stating that I was ordered by management to do specific investigations without the proper legal authority.

Was Microsoft breaking the law demanding that the particular System Admin read certain mail for them? Well I would hate to be in that System Admin shoes right now since they effectively did the "break and enter" while management can sit back with a smug look on their face.

Re: Bad summary

The only one being stupid here beyond redemption is you.

MS allowed itself to breach wiretap laws and invented the reason that they would not have gotten a court order. They claim that without evidence. They didn't even try. They just assert they have the right to breach wiretap laws. You can never legitimize yourself to have the right to break the law. But that's what MS did. And thats why YOU are as stupid as a blanket. You can't even grasp what they did.

Re: Bad summary

[gnasher719]

That is not a universal law. In Europe your landlord can not enter the flat without the tenants permission. It is expressly forbidden.

There are conflicting interests: The right of the tenant to use the rented space, including the right to privacy and the right to secure their property from theft (landlord could easily pick up any cash or valuables lying around), and the right of the landlord to protect his property or the right and duty to keep the public safe, including the tenant.

Assume you are on a long holiday, and there's a major water leak in your flat. Would you insist that the landlord can't get in and fix the leak, and instead has to let his property, your property, and the property of the people living below you getting destroyed?

Re:Bad summary

[l0n3s0m3phr34k]

And I'll bet that MS had also discussed this with their legal team first, who told them all this. Maybe they have a console cowboy who just goes and does stuff like this without telling his management, but I doubt it.

Re: Bad summary

[l0n3s0m3phr34k]

Thus why the first thing I do in a new apartment is change the locks. If they leave a note telling me they need to come in, I call the leasing office to find out when they will be there so I'm there too...I have way too much $$$ in equipment to trust a maintenance guy, it would be far too easy for them to walk out with something I might not even notice is gone for awhile, and it's happened to me before, and all the leasing office would do is say "we'll look into it". That, and they let me "break my lease" without penalty when I moved out. Calling the police just resulted in the police saying "well, since it's under $500 we just send this form, you mail it back"...basically no one cared except me and since I had no "proof" it was the maintenance guy...the ironic thing is he took a broken laptop that I was going to toss anyway, but I was still pretty mad about it.

Re: Bad summary

[l0n3s0m3phr34k]

It all comes down to the rental agreement really. Very few people read the whole thing, but almost all of them state they can enter for maintenance, pest control, etc.

Re: Bad summary

[l0n3s0m3phr34k]

your apartment provided fire extinguishers? I've found the best security system is a big dog, but that usually doesn't work well in an apartment! But I too have set up a web cam now...mostly to record my cats flying around chasing each other, but if someone did come in I'd have the evidence now.

Re: Bad summary

[l0n3s0m3phr34k]

it's his house, set it on fire! lol

Re: Bad summary

[l0n3s0m3phr34k]

the BEST emergency maintenance was when I was dying some clothes red in my sink...apparently there was a leak into the apartment below...the maintenance guy said it really freaked the people downstairs out, looked like blood or something leaking from the walls! It had been leaking for awhile, but they hadn't really noticed until their ceiling started bleeding.

Re: Bad summary

[l0n3s0m3phr34k]

I'm sure that buried in MS's TOS for hotmail it specifically says (in complex legalese no normal human can comprehend) that they can do whatever they want with their own service.

Re:Bad summary

[l0n3s0m3phr34k]

thus why at any job if a manager asks me to do anything gray like this I request some documentation from them telling me to do whatever, so if / when it blows up I at least have something to point to...but in this situation, it all depends on the TOS that you have to agree to so you can set up an email there. If the TOS said somewhere they can search your inbox, and you agree, then what?

Re: Bad summary

[Cochonou]

You'd probably lose your dollars. For instance, under French law, there are two exceptions to this rule.
- When there are maintenance or urgent works to be done (and actually not for just any work)
- When you have noticed of your intention to leave, to allow for visits
In these cases, the schedule of the visits must be agreed by both parties. They cannot exceed two hours or occur during weekends. In any other instance, there is no right of access. Of course, the landlord can ask (like any other person), and he may be denied access without any justification.
But of course, there is no such thing as an universal european law for renting. This may vary from country to country.

Re: Bad summary

[sexconker]

Intruder is saying he already had the right to break into the house. No need to ask for permission.

That's right. He owns the house. And guess what. A landlord can go into your apartment without your permission also.

A landlord cannot enter your apartment without consent, written notice in advance, or an emergent issue (fire, ruptured plumbing, etc.).

Re: Bad summary

[mysidia]

it's his house, set it on fire! lol

Until all the requirements are met for lawful eviction: a tenant occupying has a legal right to continue living there, undisturbed.

This right takes priority, even over the landlord's ownership claim to the property.

Attempting to disturb the tenant -- such as through harassment, turning off critical services, pumping in noxious gasses, taking other actions to make the place unlivable, setting the building on fire, would all be acts of unlawful eviction; possible crime of attempted murder and insurance fraud with the fire --- such acts could very well cause the landlord to lose all his property rights to the building, or have to pay the tenant compensation, in addition to preventing the landlord from evicting.

Re: Bad summary

[Antique+Geekmeister]

Do read the rental agreement. Many in the US,and overseas, do include clauses to address precisely this sort of thing, and a clearly written contract can help prevent many confusing "edge" cases.

Re:Bad summary

[Antique+Geekmeister]

Please read the contract. From work with email systems, I've often needed access to the mail queues in order to verify operation or delivery of email, and the relevant agreements have been very clear that I had the access to do so.

I've been asked to do monitoring on more than one occasion. I was once asked to to replicate all email for a particular user to a manager's mailbox, for a company I was collaborating with, while their core IT administrator was on another project. I carefully did the work, documented the procedures in their IT wiki, and notified the company's technical contact with us of the billable work and the completed documentation on the specific project. Since the targeted user was the technical contact with us, and the person who signed checks for my company's work, this fulfilled the letter of our agreements and let the target of the monitoring know what was going on and how to detect it in the future.

The technical contact was in the process of leaving the company: this let them know that they were also getting their corporate email monitored and they should be _very_ cautious about what they said to current contacts. We had some fascinating discussions in private about their reasons for leaving.

Re: Bad summary

the BEST emergency maintenance was when I was dying some clothes red in my sink...apparently there was a leak into the apartment below...the maintenance guy said it really freaked the people downstairs out, looked like blood or something leaking from the walls! It had been leaking for awhile, but they hadn't really noticed until their ceiling started bleeding.

you were lucky they didn't call the church.

Re: Bad summary

[Anonymous+Brave+Guy]

They can include whatever clauses they like, but they still won't override statute law.

Under the law in my country, a landlord can't just turn up and let himself into a property you're renting from him, other than under certain specific conditions that are typically emergencies. At a minimum, there are normally some basic requirements for giving notice and visiting at a reasonable time in other cases, even where there normal landlord's rights such as being able to inspect the property to check its current condition apply.

Given that the point here is an analogy with Microsoft just deciding to inspect someone's mail because they happen to host it, it's not a very accurate comparison. There are often specific laws covering rental/tenancy agreements, just as there are specific laws for mail sent via the US Postal Service or for common carriers. As far as I'm aware, there are no specific laws covering the kind of behaviour Microsoft has apparently engaged in here, so the question is more about contract law and any more general laws that might apply regarding privacy etc.

Re: Bad summary

[Imagix]

Thus why the first thing I do in a new apartment is change the locks.

In certain jurisdictions this is illegal without a court order.

Re: Bad summary

"landlord could easily pick up any cash or valuables lying around"

As if Euros were actually real money....

Re: Bad summary

Oh my word. That must have been interesting.

Buck feta!

Re: Bad summary

[Richy_T]

The phrase used to be "it is easier to seek forgiveness than permission" but I think it should probably be modified to be "It is easier to say 'Screw you, what are you going to do about it?' than seek permission"

Re: Bad summary

In most civilized places, there are tenant protection laws that take precedence over the rental agreement in several places, including the right of the landlord to enter the property willy-nilly-like. Here, they can enter, but there are limits on how frequently, and they need to issue 24 hours advance warning; any tenancy agreement that says anything to the contrary is void by law.

Re: Bad summary

[bipbop]

True in California. Landlords can't just decide to issue 24 hours notice and enter an apartment because they want to, no matter what the rental agreement says. That said, I've never had a rental agreement or a landlord that respected the law.

Re: Bad summary

[mjwx]

If the landlord needs to upgrade the piping in the building, you can't prevent him. And I'd bet you bottom dollar the same is true in Europe or anywhere else. Any other rule is patently stupid.

How much do you want to bet. In Australia a landlord or representative requires permission to enter, may not enter the premises without the landlord (or their representative) being present or providing their express permission if they are unable to be present. I believe we inherited this from Europe. Above this, a landlord must provide 7 days notice in writing.

Where can I collect on this bet.

Re: Bad summary

Not true. The landlord must only knock first. Everything else is just a nicety they do.

Re: Bad summary

[MiSaunaSnob]

Not in Minnesota they cant

Still better than being Scroogled

Still better than having every email read by Google for advertising. Cue the "bit, it's automated" apologists below.

Re:Still better than being Scroogled

You think Microsoft doesn't read your mail for advertising?

Try again. They read it to build up mailing lists to send you more mail...

Re:Still better than being Scroogled

[1s44c]

Microsoft have the strong advantage that they are no good at it. You have no privacy if you give your email to either of these companies.

The traditional slashdot approach was to run your own mail server. I don't know how common that is any more but I still do it.

Re:Still better than being Scroogled

You think Microsoft doesn't read your mail for advertising?

Try again. They read it to build up mailing lists to send you more mail...

So, I use outlook.com because I think it is the best free email service currently, and especially like how they unlike Gmail offer real anonymous aliases, and I have seen no evidence of your claim, it is my most spam free account. So it seems to me and my experience that you are (cough, full of it) just defending Google bad practices.

Re:Still better than being Scroogled

Wait, seriously?

Algorithm matching up keywords to bids to - gasp! - show you ads is worse than random people digging through your mail because they feel like it?

You gotta have your priorities checked.

Don't store unencrypted email online

[gwstuff]

While this story is crazy, and MS should be spitballed for it... I don't buy that other companies that let your store your data online don't give access to your data to their employee, if only for "debugging and administrative purposes." If you want to store your data online encrypt it.

Re:Don't store unencrypted email online

Unfortunately, you have a saying in that. Well, not unless you don't have any friends, which may not even save you depending on where you live. Well, I suppose you could always move to Ecuador....

Re:Don't store unencrypted email online

[fustakrakich]

If you want to store your data online encrypt it.

Unless you're using a one time pad, don't bother... You're only slowing down the script kiddies.

Re:Don't store unencrypted email online

[Dutch+Gun]

Unless you're using a one time pad, don't bother... You're only slowing down the script kiddies.

Funny, I wasn't aware that PGP, TwoFish, AES, and ECC have all been broken by script kiddies. Thank God we still have the ole one-time pad to fall back on!

In all seriousness, no matter how smart the hacker or how well funded the organization, modern encryption standards, implemented correctly, are essentially unbreakable. Please don't discourage people from encrypting their data online, as it's absolutely essential for properly protecting your data. If you encrypt your data locally with a well-vetted standard, there's nothing ANYONE can do to retrieve it (other than circumventing it by stealing the key, etc), which, as far as we know, even includes the likes of the NSA.

Re:Don't store unencrypted email online

[phantomfive]

I came here to say exactly this. All the cloud companies whose internal workings I am familiar with use the data in ways that violates people's privacy, or to actively destroy competition. The sole exception was a company that was too incompetent to find a useful use for the data, otherwise I know they would have as well.

Re:Don't store unencrypted email online

[aaaaaaargh!]

I see a few problems with your advice:

1.) Storing encrypted mail on the server only really works in practice if the sender encrypts the mail he sends to you, but sometimes people send unencrypted mail to you.

2.) Encryption and data integrity are in natural conflict with each other and most encryption programs do not introduce enough redundancy to improve the latter. Twiddle a bit and your data is gone.

3.) Technical solutions to social, moral, and legal problems? If the cloud provider was legally allowed to snoop on you as they like (as Microsoft seems to claim), they can always find a way to do that. Example: Many backup providers auto-update a backup program on the user machine that has root privileges. Other example: Microsoft has total control over everything running on any Windows machine. Ever.

I'm not saying people shouldn't use encryption but that's not the solution to the real problem in this case.

Re:Don't store unencrypted email online

[gwstuff]

All good points. Just a quick note about (1): you can encrypt all your email by using a passthrough email address in a domain that you trust. So me@myname.com received all your email, encrypts it and forwards it to gmail or wherever.

Re: Don't store unencrypted email online

Indeed, most encryption is all about eliminating redundancy. But you can add some afterwards if you want, though not many folks par2 their mail.

Re:Don't store unencrypted email online

[l0n3s0m3phr34k]

and I would even "encrypt" the text inside it too first, so even if they did manage to get into it it wouldn't make any sense. Even just using http://encryption.online-toolz... you could "encrypt" the text, then convert that to hex, then convert that to binary, and send that as the message. The sysadmin may eventually figure it all out, but probably not...

Re:Don't store unencrypted email online

[gwstuff]

Using an unknown encoding scheme is obfuscation, not encryption. So you're suggesting using obfuscation as a cheap substitute for encryption. That might be fine in some situations but 1) It really is very, very easy to crack - you don't need human intervention - there are tools that let you compute polynomial mappings between two data sets. 2) You can encrypt the data using a powerful algorithm using off the shelf free tools, so why not just go one baby step further and do it so that even in the unlikely case that one day the stakes to get to your data are high, there's no way to get it.

Scroogled by Microsoft!

[hsmith]

Here is to Microsofts shit ad campaign "Scroogled" - first they snoop on all Skype communication and now they admit to reading emails LOOKING for things.

I fully expect the daft ad men at Microsoft to continue their pathetic ad campaign.

Glass houses and all that.

Re:Scroogled by Microsoft!

[cheesybagel]

I once went to Microsoft for a meeting and was talking with someone. They had my entire work profile stored in there. I never gave it to them nor did I ever apply for a position in Microsoft. They have a profile database on everyone they have even a tangential connection with.

Re:Scroogled by Microsoft!

It's called LinkedIn dumbass

Re:Scroogled by Microsoft!

[cheesybagel]

LinkedIn did not even exist back then. They have their own internal database for stuff like that.

Free Email

Is not free. They are reading your email to make money via ad sales, via selling your information to third parties, and via selling it to governments.

You are the only person who doesn't care about your information even though everyone is using it against you and your interests.

It's time for people to wake the hell up.

I want to be shocked, but honestly I'm not

[ocsibrm]

I'd expect the same from damn near any company, which is why if I was funneling secrets about a company I would just roll my own mail server.

Re:I want to be shocked, but honestly I'm not

[pushing-robot]

Not to defend Microsoft's actions, but this does seem like exceptionally poor judgement on the part of the leaker, on par with robbing a bank and having them put the money in your safe deposit box.

Re:I want to be shocked, but honestly I'm not

[techno-vampire]

My thought exactly. If you're going to leak information about your company to a blogger, don't use either your company email account or an account with a service your company owns. Best, of course, is to find a way to get the data home and send it from there using an email address they neither know about nor have access to.

Re:I want to be shocked, but honestly I'm not

[NoKaOi]

Not to defend Microsoft's actions, but this does seem like exceptionally poor judgement on the part of the leaker, on par with robbing a bank and having them put the money in your safe deposit box.

That's true. And in your analogy, the bank couldn't just open up your safety deposit box. In that case, law enforcement would have to obtain a warrant in order to open your safe deposit box. The question is not wether the leaker made a bad call by sending it to the blogger's hotmail account, it wether Microsoft had the right to search the blogger's (it wasn't even the employee's account) emails.

"Courts do not, however, issue orders authorizing someone to search themselves, since obviously no such order is needed," Microsoft Deputy General Counsel John Frank explained in the blog post. "So even when we believe we have probable cause, there’s not an applicable court process for an investigation such as this one."

Preventing this situation is exactly why private entities aren't allowed to get court order for searches...because that's law enforcement's job! If they truly had probably cause, then the legal course of action would have been to present that probably cause to law enforcement, which law enforcement could then use to obtain a court order. Since the guy got arrested, this obviously went beyond a civil matter. I hope to hell that this evidence is thrown out of court as being inadmissible, because it needs to be made clear that this type of behavior is not legal. Then again, MS probably figures if the federal government doesn't have to follow the law to search private emails, then why should they?

Re:I want to be shocked, but honestly I'm not

[l0n3s0m3phr34k]

or just do it the old fashion way, mail it via USPS. Then there is no electronic record to read from. Sometimes the simplest solution is the best.

Re:I want to be shocked, but honestly I'm not

[Tmackiller]

Well, this seems to point out a lack of online policing, or "internet police". That day seems almost upon us.

They checked without a warrant

[assemblerex]

Does ownership of the network override the laws of the country the network is in?

If they had opened physical mail, this would be a criminal charge. But because it's digital, somehow ownership of the service exempts them from having to obey any kind of privacy laws.

Dangerous and shows why you should not trust anything online.

Re:They checked without a warrant

[raburton]

> Does ownership of the network override the laws of the country the network is in?

It's not a legal question at all. If you use the service you have accepted their terms and so have given them permission to do this.

> If they had opened physical mail, this would be a criminal charge. But because it's digital, somehow ownership of the service exempts them from having to obey any kind of privacy laws.

The fact it's digital doesn't make it a special case, if you agreed to let them open your physical mail they could do that too.

> Dangerous and shows why you should not trust anything online.

You shouldn't trust anyone on line, that's true. However this isn't the best example of that, but it is a good example of why you should read the T&C of anything you sign up to.

Re:They checked without a warrant

[ArcadeMan]

Companies can write all the terms they want, they shouldn't be able to override the laws already in place.

Re:They checked without a warrant

[tgv]

> It's not a legal question at all. If you use the service you have accepted their terms and so have given them permission to do this.
That *is* a legal question. If the EULA says: we own your first born, is that so just because you checked a box on a web site? Nope. There are laws governing the reading of email, and Microsoft has to obey those rules like everyone else.

Re:They checked without a warrant

[assemblerex]

EULA does not and never will override legal, law of the land.

I can put slavery in a EULA, that doesn't make it legal.

I can put invasion of your privacy, that doesn't make it legal either.

This is a matter for the courts. A company documents does not make law.

Re:They checked without a warrant

[raburton]

> That *is* a legal question. If the EULA says: we own your first born, is that so just because you checked a box on a web site? Nope. There are laws governing the reading of email, and Microsoft has to obey those rules like everyone else.

I'll ignore your stupid analogy and stick to the point. Do these laws you reference say that that you aren't allowed to give your permission for someone else to read your email? I'd be very surprised (though you haven't stated any specific laws to check), so if you've given someone permission to read your email then they have every legal right to do so. There are plenty of issues here, moral ones mainly, but I don't see any legal problem. If you can see a legal issue here, i.e. one that isn't addressed by the user having given microsoft permission to read his email (under certain circumstances, which appear to have been met), do please elaborate.

Re:They checked without a warrant

[raburton]

> EULA does not and never will override legal, law of the land.
> I can put slavery in a EULA, that doesn't make it legal.
> I can put invasion of your privacy, that doesn't make it legal either.

I think you are missing an important legal distinction. Microsoft / the EULA isn't overriding any law. You can't make slavery illegal by putting it in an EULA because slavery is illegal. Reading email is not inherently illegal. Reading it without the permission of the owner might well be, but microsoft does have that permission (therefore they are never doing it without permission which is the the part that might be illegal). They have permission it because the user gave it to them. The law is generally fine with you granting other people permission to do things on your behalf, so long as that thing isn't illegal in itself. It's not uncommon for people to give their secretary permission to read their email, does that mean the secretary is breaking the law when they do?

Re:They checked without a warrant

[mrbester]

If a contract contains a clause that abrogates inalienable rights then that clause can be deemed as unenforceable and should be removed in order that you have a fair contract fully agreed by both parties. If that part cannot be removed then the whole contract is null and void. This is basic contract law.

Of course this relies on the agreement of a EULA forming a valid contract in the first place due to there being no signatories, other identifying marks or even a verbal agreement noted on it. A click on a button is not any of those, yet somehow it *is* a legally binding contract when the company wants it to be but never is when the other party wants it to be. And they have an army of lawyers who will bankrupt you if you don't like it.

Re:They checked without a warrant

[tgv]

Clicking a check box does not overrule the law. You ignore my "stupid analogy" because you don't have a counter-argument.

Re:They checked without a warrant

[Bite+The+Pillow]

Which law? And, since you are familiar with the rule of law, which precedent set the case law for a provider checking its own mail? And set the relevant limits on EULA clauses?

And how does that differ from a warrantless law enforcement request where the provider, who has the data, does not ask for a warrant?

Is it only a search if the provider is looking for something?

Re:They checked without a warrant

[tgv]

There is a European law that forbids email providers to use knowledge of the contents of email. Anyway, your point was: it isn't a legal question. But anything, and certainly access to personal information, can be ruled by laws, hence it is a legal question.

Anyway, your profile text speaks volumes. I'll copy it here: "If I seem a little confrontational, it's probably because you are an idiot. I will argue any side of any point if you demonstrate that you haven't put in a little thought or research into what you typed. Things I hate: - Knee jerk responses, where you have a prepared rant for a subject even if it is unrelated - Posting what "everyone knows". Here's a hint, if everyone knows it we don't need to read it - Associating everything to the news of the day. Facebook outage was obviously the NSA getting backed up? Ha ha, you're stupid. - Wasting everyone's time Finally, if I catch you parroting a talking head, you're wrong. I don't care if I agree with you - that means we're both wrong. But I'm going to call you out for it. Is this my first account here? Hardly. Only? No. This is the account where I tell you how and why you are wrong, because someone should. If I call you a fuckstick, it's probably because you are the most egregious of many mental errors on a subject, and most worthy of correct"

Re:They checked without a warrant

[l0n3s0m3phr34k]

I thought that too, until someone I know had MS show up at there door with an empty baby carriage...

Re:They checked without a warrant

And Europeans are a bunch of passive aggressive cheese munching pussies.

Corporations do NOT operate under color of law

[EmagGeek]

Microsoft has no right to act as a law enforcement entity. So, when they try to justify trespassing on someone's email account and stealing their email by saying that they had "probable cause to believe" whatever, it doesn't fly.

Maybe I should go break into my neighbor's house in the middle of the night and ransack the place because I have probable cause to believe he "borrowed" my week whacker without asking... that'd be perfectly okay, right Microsoft?

Re:Corporations do NOT operate under color of law

More then likely their TOS makes this all legal.

Re: Corporations do NOT operate under color of law

My TOS states that I can legally kill you anytime I wish! Hey you agreed, your life is now owned by me! Your rights aren't so eaisy to waive, what are you a communist? This is a country of free people protected by laws for the people! Our right to privacy is covered by the constitution! It's absolutely mail and a wire tapping criminal action! It couldn't be more clear. It really pisses me off that some will give thier freedom away so easily, damn, just damn...

Re:Corporations do NOT operate under color of law

[QuasiSteve]

So, when they try to justify trespassing on someone's email account

Which is a service provided by them. Hosted on their servers. Stored on their servers. Wait, which part of this was trespassing?

stealing their email

Reading. Unless they somehow actually moved the bits of the e-mail out of the person's account, and into theirs. Even if they made a copy, it's not stealing.

by saying that they had "probable cause to believe" whatever, it doesn't fly

Why doesn't it, though? And in what sense? A moral sense, a business internal rules and regulations sense, a legal sense?

Maybe I should go break into my neighbor's house in the middle of the night and ransack the place because I have probable cause to believe he "borrowed" my week whacker without asking... that'd be perfectly okay, right Microsoft?

Horrible analogy. What if your neighbor came into your house each night, with your permission of course, you told them that they can use your computer all they like without fear of you peeking of their shoulder as it were, as long as they don't start downloading a bunch of movies, and that you reserve the right to check their internet activity if you believe they did - then find that your internet usage surged and you kept hearing the 20th Century Fox, Universal and other well-known studio themes?

Would you then, as per your own stipulation, check whether maybe they did download a whole bunch of movies - even though the person may have just been downloading Linux distros and playing those studio themes on youtube because they're a fan of movie studio themes?

If no: Why not?

If yes: How bad would you feel about doing so?

While it's all good and well to think our stuff at third parties is private - and in some cases some laws may even agree with you to an extent - I think we're all aware that in practice, anybody can be looking in.. and when the subject of the material is the proprietor of the service, doubly so.

Re:Corporations do NOT operate under color of law

"More THEN"...

You American cretin.

Don't you even understand what the words 'then' and 'than' mean? Idiot.

Re:Corporations do NOT operate under color of law

Reading. Unless they somehow actually moved the bits of the e-mail out of the person's account, and into theirs. Even if they made a copy, it's not stealing.

Oh, nice! Now it could be copyright infringement, we all know that is a much more heinous crime than anything else.

This surprises whom?

1) They're saying they don't need a court order, which is true, because it's Microsoft's property;

2) If you know or are ever likely to know anyone or know anyone who knows anyone who is an employee of any major webmail provider, you can assume your e-mail can and will be read on a whim. Can confirm this is the case at Yahoo, anyway. The question shouldn't be, "Why is this happening?" but, "Why does anyone think this doesn't happen?"

Re: This surprises whom?

Wrong. It is false that didn't need a court order. Ownership of the server is irrelevant.

Re: This surprises whom?

Ownership of the server implies agreeing to terms of use, so ownership of the server is thoroughly relevant.

Even if you didn't agree to terms, you need to identify a specific law that says I can't look through your stuff if you leave it at my house. Proceed.

Re: This surprises whom?

http://www.law.cornell.edu/uscode/text/18/2511

You've got served.

Re: This surprises whom?

Uh...

(2)(a)(i) It shall not be unlawful under this chapter for an operator of a switchboard, or an officer, employee, or agent of a provider of wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service

Try again?

Dear Microsoft,

[LookIntoTheFuture]

Fine. Read peoples' emails. Whenever you think it's necessary. But don't be surprised when people stop trusting you, and, consequently, your profits go down because of it.

Before it did look inside the blogger's account, however, the company claims it went through a "rigorous process" to justify the snooping.

Uh huh.

Personal criminal liability applies

[gweihir]

I suspect that certain MS managers and system administrators should now refrain from traveling to the EU for the next few years. Under EU law, you may not even look at email of your employees without having gotten a signed waiver on paper or a court order.

Re:Personal criminal liability applies

I am sure this is incorrect. Can you point me to your source (e.g. legislation)

Re:Personal criminal liability applies

[Baloroth]

I'm neither a lawyer nor intimately familiar with the details of this particular case, but I'm a bit confused how EU law would apply to a US based company running a US-based service (such as an outlook.com email address), regardless of the nationality of the person who signed up for said service.

Re:Personal criminal liability applies

[SeaFox]

Even if this is illegal on paper, I don't expect to see anyone who works at Microsoft be arrested for this if they go to the EU.
There are laws, and then there are laws that actually get enforced on individual people who work for big businesses. This is one of those laws that gets resolved with a fine against the corporation, not by tossing people in jail.

Re:Personal criminal liability applies

Russian citizen. French blogger.

Guess EU laws apply to at least one of them...if not both.

Re:Personal criminal liability applies

[Teun]

Microsoft offers these services as a commercial enterprise to nationals of and in other countries, separate jurisdictions from the US.

The laws of the land where they are doing business is rather relevant, this 'business' was not in the US.
It would surprise me if their local representative isn't going to be charged for this breach of confidentiality.

Re:Personal criminal liability applies

I bet you are surprised a lot.

Cyberhacked by Microsoft

When Microsoft becomes law enforcement, THEN and only then will they be entitled to say "we had probable cause." Until then, then hacked his account, just as if I had gained access to it and read his mail too.

ToS not a contract

ToS are not contracts. A ToS can only specify the policy by which the service is provided to end users and does not form part of a legally binding contract between parties. A policy is merely a formal statement of a series of rules that a provider intends to follow and can be changed at any time. A ToS is not legally enforceable and the inclusion of particular rights, to either party, is not legally valid.

As such, it is clear that Microsoft committed a criminal act by accessing and reading the emails.

Oh dear...

Re:ToS not a contract

[Virtucon]

Where's Groklaw when we need it?

In the US, under the CFAA you can be prosecuted for violating a ToS.

If a prosecutor so chooses, she can use the CFAA to argue that anyone who violates a Terms of Service is committing a felony. That means every 12-year-old who uses Google Search (or Facebook, for that matter) could technically be targeted under CFAA.

It's not a great law by any means and I don't support it but until it's repealed it can ruin anybody's life.

Re:ToS not a contract

Where's Groklaw when we need it?

Thankfully dead and buried as the biased trash that it was.

Re:ToS not a contract

ToS are not contracts. A ToS can only specify the policy by which the service is provided to end users and does not form part of a legally binding contract between parties. A policy is merely a formal statement of a series of rules that a provider intends to follow and can be changed at any time. A ToS is not legally enforceable and the inclusion of particular rights, to either party, is not legally valid.

Correct.

As such, it is clear that Microsoft committed a criminal act by accessing and reading the emails.

How do you get that from the first part? They're allowed to look at e-mail on their own servers. There's no law against that.

Re:ToS not a contract

[russotto]

I believe that reading of the CFAA -- that violating the TOS is a felony -- was struck down by the 9th Circuit in the Lori Drew case. Which doesn't mean they can't try to prosecute you for it, it just means it's an uphill battle (especially in the area of the 9th circuit).

Re:ToS not a contract

Groklaw was the most truthful source of information available.

PJ was most careful about that, clearly labeling what was her opinion, and what was legal practice.

Re:ToS not a contract

There is, in electronic terms it amounts to a wiretap. There is no difference between data that resides on storage and data in transit. Its just the same thing. Facebook and Google are having cases brought against them:

http://marketingland.com/facebook-sued-under-federal-wiretapping-law-for-mining-private-messages-69461

Re:ToS not a contract

[Virtucon]

Good point on the Drew case but still the CFAA is very dangerous legislation especially in the hands of prosecutors who feel that they're going to pursue a case at whatever the cost.

Encryption

There is no longer any expectation of privacy with email. If you don't want anyone else reading it, use encryption.

BS click-bait headline

BS they are reading my mail. I am not a MS employee engaged in criminal activities.

And when using Outlook.com (that used to be hotmail.com) you have agreed to what is on that page.

http://windows.microsoft.com/en-US/windows-live/code-of-conduct

                includes content that is protected by intellectual property laws, rights of privacy or publicity, or any other applicable law unless you own or control the rights
                  thereto or have received all necessary consents.

And that is even more the case when you are an MS employee.

Slashdot is circling the drain faster and faster these days.

Everybody is reading your email

[houghi]

When comparing email to snail mail, standard email is like a postcard. Everybody who gets their hands on it can read it.

If I send a postcard and somebody else reads it, should I be upset? I think not. I should not have written it on a postcard.

Translation

We are Microsoft and we can do what we want if we want to do it.

Don't steal stuff..

[KliX]

..from the company controlling your comms! Jesus Christ these were crappy thieves!

scroogled hypocrisy

[mpicpp]

Didn't M$ run an ad campaign dissing Google for scanning email for personal information? They say "Think Google respects your privacy? Think again." http://www.scroogled.com/mail hypocrites!

Re:scroogled hypocrisy

[1s44c]

All multinationals are hypocrites. All advertising is an attempt at making people believe things that are at best only part true.

If you give your data away you don't have it anymore. Don't give Google, Microsoft, or anyone else all your private email.

Re:scroogled hypocrisy

[the+eric+conspiracy]

> private email

There is no such thing as private email.There never has been, and unless there are some big changes there never will be.

Re:scroogled hypocrisy

[Richy_T]

End-to-end encryption has been available in several of the clients for a while now. Of course, third parties can still see who is sending to who but the content can be protected.

Remember kids...

[mwvdlee]

Remember kids...
Do not store incriminating evidence on the servers of the company you're trying to screw.

Legal system?

[The+Grim+Reefer]

I wasn't aware that and EULA, or TOS could be used to violate the law or a persons rights.

I can't be the only one wondering wtf is going on in the US these days:

• Companies violate the law because the courts wouldn't give them permission?
• The police use an NDA as an excuse to violate the law
• I don't even need to get started on the NSA disaster
• Our previous president invaded two countries for... Well, we really don't have a valid reason
• The current president chooses what laws will and will not be enforced because... I don't know, he doesn't like them?
• The TSA has to be the biggest farce in the history of mankind. Does the fourth amendment even mean anything any more? Then we have "stop and frisk"

At the rate we're going, the next administration will use the bill of rights and constitution to wipe their ass and then set them on fire. Sadly, half the country will probably applaud them for it.

Corporations should be classified differently ..

[macaulay805]

This is why I've always thought that corporations equaling a private person (in the eyes of the law) was a gross error. I've been thinking for quite some time now that corporations should be reclassified as a form of government (or recognized as a government body). With that being said, all corporations should have the same restrictions placed on corporations that the US government has. No search and seizure without a warrant, nothing done without "whitelisting" (specifically granting them powers, instead of them doing whatever they want and a law restricts their actions after the fact), corporations should not have a vote (only real people), etc. Furthermore, US Government officials would be still forbidden from "taking bribes from foreign government officials" would also fix the whole ....... campaign contribution scheme. Just ideas ...

Re:Joy of joys!

where is the "Slashdot won't post this" nutcase now?

Scroogled by Evil

Terms of Service, we are Evil.. get use to it!

The legal system wouldn't have let us

[Sir_Sri]

>The legal system wouldn't have let us

Using "The French legal system will not let us spy on someone in France about charges in a country that is not France' as a justification makes sense actually. Trying to shield yourself by working with someone in a third country shouldn't shield you from domestic actions, and the French are notoriously bad about doing anything about people in france charged elsewhere, including on very serious crimes. See Roman Polanski.

Microshafted

Time for the "Microshafted" campaign to start.

That blogger is an airhead

[rainer_d]

Who receives leaks from Microsoft at an email-account owned by a division of Microsoft?
That's as if Snowden had contacted Greenwald from his BAH account.

Insane.

Re:That blogger is an airhead

Who receives leaks from Microsoft at an email-account owned by a division of Microsoft?

That's as if Snowden had contacted Greenwald from his BAH account.

Insane.

Sounds like a MS kool aid guzzler. Probably doesn't realize there are alternatives. Or maybe actually believed those Scrooged ads.

Re:That blogger is an airhead

Or a plant in which case MS took the bait.

Re:That blogger is an airhead

This guy is going to prison. Boy, he sure taught Microsoft a lesson. They really took the bait.

Re:That blogger is an airhead

Well, if he only received the code it's questionable that M$ would have checked his account, because how could they be sure that he simply wasn't full of shit. This particularly gifted induvidual actually mailed source code TO microsoft asking them to verify that it was indeed their source. If that isn't a facepalm moment I don't know what is.

What TOS are you reading?

[sgt+scrub]

Has anyone seen a TOS that does not give the company rights of ownership of you, yours, and all things associated with everything else they can cram into the TOS? I've often wondered why TOS are so wordy. I would simply write, "Do you confirm that you are our bitch and everything yours is now ours?".

Re:What TOS are you reading?

That's quite simple. If you put up the short version, people might actually understand what they are agreeing to, and refuse.
Better to trigger the TL;DR reaction, so the people don't even know what they just signed away.

Microsoft is not NSA

[LacompaCida]

Just like I don't mind police and soldiers have guns, I don't mind NSA reading internet traffic to and from foreign countries, because that's their job, and we are relying on NSA to protect us. But MS is not NSA. I will avoid MS like a plague.

Re:Microsoft is not NSA

"Microsoft is not the NSA."

Where have you been for the last 15 years or so?

A good rule of thumb...

I learned from an older co-worker at my first real job:

"Never store anything on a computer you don't want printed
out and stuck to the bulletin board in the lunchroom.

Words to live by.

"[Microsoft] had probable cause"

... so they got a warrant?

Re:Corporations should be classified differently .

[dbIII]

US Government officials would be still forbidden from "taking bribes from foreign government officials"

Are they forbidden? Nobody took Ford to task for accepting (in person) a donation to the Republican Party from the Indonesian President in Jakarta on 7 December 1975. That's just one example from something that came up on a different story yesterday. The technicality is such things are a "gift", theoretically with no strings attached and they are not to the person directly. A foreign company (technically nearly every large US company is one for tax reasons, but that's getting off track) can still easily be a conduit for cash from a foreign power to a political party without breaking any rules. If you want a good example Saudi Arabia is a current one.

he should just shoot everyone involved

then they'll never snoop on his email again. problem solved.

Privacy vs. Intellectual Property

[MBC1977]

I'm kinda on the fence with this one. On the one hand personal privacy is important and should be defended, however the offending party did use (a) company email and (b) they also own / control the Hotmail / Outlook mail servers. Given the amount of financial loss that could have occurred (yes I realize it might not be that large given it is Windows 8 / 8.1, lol) I'm not entirely certain Microsoft was in the wrong here.

Again, each country's law may vary with respect to privacy, but I can't see that defending one's intellectual property would be (should be) subservient.

Email snoop win extended to Exchange/Outlook?

[lesuth]

If M$FT wins this privacy issue, can they extend it to Exchange and get their servers and Outlook clients to report in with snoop data?

Morals of the HP Board are pervasive

First we break the Law.. then we justify it..

Re:Joy of joys!

[flyneye]

I wasnt quite that overcome, but did have a ROFLMAO thinking that I use hotmail as my spamcatcher email for those inconvenient software installs,membership applications, product inquiries and everything else that gets you on a mailing list. Its a horrible cesspit of ads , offers, spam, shit and brimstone. I ENCOURAGE MICROSOFT TO READ IT ALL THOROUGHLY (as well as any NSA,CIA,NBC,CBS,NAACP,NFL or equally stodgy agencies who have their nose in my asscrack)
YEah Baby! Lick my rigid shimmering throbbing column of spam! Microsoft rocks!

Why did you take the money from the bank?

Why did you take the money from the bank? "Because the legal system wouldn't have let us." And my (mis)trust in microsoft is reaffirmed. Go ahead, use their stuff in your business, but they won't snoop on what you are doing and sell your trade secrets to your competition. No they won't. No. "Because the legal system wouldn't have let us."

Can. Cannot. You keep using those words.

Can. Cannot. You keep using those words.

I do not think they mean what you think they mean.

The reason we need a legal system, laws, regulations, enforcement and OVERSIGHT is because, unlike the fantasy utopia of libertarian philosophy in the real world people do all sorts of jackass, immoral, and unconscionable things that they SHOULD not do, but are in no way effectively prevented from doing. In fact they are encouraged because they tend to benefit from their actions,

When in power you can do a lot more than you should, or should be allowed to do.

Corporate USA doesn't believe...

Corporate USA doesn't believe in the spirit nor the word of the Constitution of the United States of America. This is because all the accountants & administrators & stockholders who run these corporations don't believe in it either. Otherwise why would we have a growing serfdom in USA while the corps cry for more H1B visas so there is less & less leverage on the demand side by workers? Yes, it's back to the good old days of "the cartels, pools and trusts which had begun to stifle competition and produce monopolistic organizations in the American economy" for which the Sherman Antitrust Act passed congress. USA Congress of the 2000's hasn't the humanity to address the issue even as history repeats...

"Unless we think we could get a court order"

[Keybounce]

Quote: Microsoft says it will not search a user's email or other Microsoft service "unless the circumstances would justify a court order, if one were available."

In other words, they are saying that they are the judicial review, the judge, and the jury, and then the executioner -- they decide the process, they determine who will review the case, they decide who will make the judgement, and then they will read your email.

The first three bullet points in that list of reform processes basically says, "We will either use an employee, or a paid contractor, to review the situation to decide if this will continue". And if the reviewer says "Stop", well, they might use a different reviewer next time.

There is no independence. No double checking. No review. No safety at all.

As bad as Google might be claimed to be, this is Microsoft's bare expose: Even in the face of admitting a problem, they won't actually do anything to fix it.

Did Google mess up with the predecessor to Google Plus -- their first attempt at social networking with the ability to make real comments, real content, no silly 140 character limit, etc.? Yep -- and they had a fix in their ToS and code for that program within two days. (Sorry I don't remember the name. I actually liked it better than this new bleep(*) they have.

The difference: Google may be aware that datamining can break privacy. Microsoft says from page 1, they will break your privacy.

(*): Due to the courts and the FCC, my right of free speech has been revoked.