Slashdot Mirror

← Back to Stories (view on slashdot.org)

They're Reading Your Mail: Microsoft's ToS, Windows 8 Leak, and Snooping

Posted by timothy on from the learned-it-from-watching-the-nsa dept.

After the recent Windows 8 leak by recently arrrested then-Microsoft employee Alex Kibkalo, Microsoft has tweaked its privacy policies, but also defended reading the email of the French blogger to whom Kibkalo sent the software. "The blogger in question, who remains unidentified, happened to use Hotmail—the investigation began in 2012 before Hotmail's Outlook.com transition—as his primary email account. So as part of its investigation, Microsoft peeked into the blogger's email account to read that person's correspondence with Kibkalo. ... Microsoft says it was justified in searching the blogger's email account, because it had probable cause to believe Kibkalo was funneling trade secrets to the blogger.The company also pointed out that even with its justification for searching the account, it would have been impossible to gain a court order." "The legal system wouldn't have let us" seems a strange argument to defend any act of snooping.

32 of 206 comments (clear)

  1. According to Arrington, Google reads it too by mTor · · Score: 5, Interesting

    Here's what Michael Arrington, former editor of TechCrunch, says:

    I have first hand knowledge of this. A few years ago, Iâ(TM)m nearly certain that Google accessed my Gmail account after I broke a major story about Google.

    A couple of weeks after the story broke my source, a Google employee, approached me at a party in person in a very inebriated state and said that they (Iâ(TM)m being gender neutral here) had been asked by Google if they were the source. The source denied it, but was then shown an email that proved that they were the source.

    The source had corresponded with me from a non Google email account, so the only way Google saw it was by accessing my Gmail account.

    A little while after that my source was no longer employed by Google.

    ABOUT THAT TIME GOOGLE SPIED ON MY GMAIL

    1. Re:According to Arrington, Google reads it too by sumdumass · · Score: 2

      Its interesting that no one claimed someone else planted the emails there. If they are accessing accounts then i'm not sure how they can claim no one else (including them at another time) accessedthe accounrs and sent that message in order to escape being discovered. I mean they went behind their backs so why wouldn't they go behind their backs.

    2. Re:According to Arrington, Google reads it too by K.+S.+Kyosuke · · Score: 3, Informative

      Wow, you suck at reading comprehension.

      --
      Ezekiel 23:20
    3. Re:According to Arrington, Google reads it too by 1s44c · · Score: 2

      Uhm, so Google read the email of one of its employees? Gosh!

      Google read the email of a third party that that one their employees sent an email to. Google have the ability to, and willingness to, read private email of people who use gmail who are not otherwise connected to google. Gmail isn't to be trusted.

    4. Re:According to Arrington, Google reads it too by davester666 · · Score: 2

      Sure, the TOS gives Microsoft the right to look at pretty much whatever they want, whenever they want, and it's true that Microsoft could not have got a warrant to search their own email service [because companies don't get issued search warrants, either for themselves or to permit them to search other businesses or individuals].

      What they gloss over is, Microsoft could have avoided this whole mess by getting the police/FBI to run the investigation. The FBI would have no problem getting a search warrant for the email, Microsoft hands the email to the FBI, who search through it.

      The FBI get the information they need to charge the guy and Microsoft doesn't look like a total hypocrite.

      Problem solved.

      --
      Sleep your way to a whiter smile...date a dentist!
    5. Re:According to Arrington, Google reads it too by sjames · · Score: 2

      No. Google read the email of a person who corresponded with a Google employee. The mailbox they found the mail in was not that of a Google employee.

    6. Re:According to Arrington, Google reads it too by stoploss · · Score: 3, Insightful

      All I'm hearing is that these bloggers are incompetent at protecting their sources.

      I mean, WTF? Who the hell would imagine it's safe to use a company's services when collecting insider information? I mean the data is on the company's servers, FFS. I bet real spies don't need to be told not to set up a dead drop inside, say, the Capitol rotunda or the FBI headquarters, either.

      Protip for any planning to publish dirt on Yahoo: don't use Yahoo mail to collect the information. Not that anyone still uses Yahoo mail anymore...

  2. Bad summary by whoever57 · · Score: 5, Informative

    Much as I hate to defend Microsoft, the summary mischaracterises Microsoft's statement. Microsoft is saying that it already had the right to search the mailbox, so a court would not have issued an order. It's like asking a court for permission to search your own house. The court won't issue an order, but that doesn't mean that it would be illegal to do the search.

    I don't know if Microsoft is right in its claim that it would not have been able to get a court order, but let's get the facts straight when criticising Microsoft.

    --
    The real "Libtards" are the Libertarians!
    1. Re: Bad summary by Albanach · · Score: 2

      Tl;dr : You must be batshit crazy to think that was legitimate without a court order. But hey, MS said so. Must be true then. Facepalm

      So, you say they can't do it without a court order, but don't seem to address their statement that they cannot get a court order.

      So what exactly is your proposal in these circumstances?

    2. Re: Bad summary by Anonymous Coward · · Score: 5, Insightful

      That is not a universal law. In Europe your landlord can not enter the flat without the tenants permission. It is expressly forbidden.

    3. Re: Bad summary by nickmalthus · · Score: 2

      Typical corporate behavior - lobby incessantly against regulation but when caught in blatant malfeasance shirk accountability with the excuse "it may be unethical but it is not illegal"

      --
      If a nation expects to be ignorant and free, in a state of civilization, it expects what never was and never will be-T J
    4. Re: Bad summary by sribe · · Score: 5, Insightful

      A landlord can go into your apartment without your permission also.

      Wrong. Except in cases of emergency, he needs your permission. Unlike what some people think, you do get a few rights when you pay for the use of the apartment...

    5. Re: Bad summary by sjames · · Score: 3, Informative

      But he absolutely cannot open your mailbox or paw through your personal papers. Generally, landlords who enter without permission are limited to actions necessary to protect the property from damage (fire, leaking pipe, etc).

    6. Re: Bad summary by Zontar+The+Mindless · · Score: 4, Informative

      Intruder is saying he already had the right to break into the house. No need to ask for permission.

      That's right. He owns the house. And guess what. A landlord can go into your apartment without your permission also.

      That's not quite how it has worked in in my experience as a renter in the US, Australia, and Sweden.

      --
      Il n'y a pas de Planet B.
    7. Re: Bad summary by Zontar+The+Mindless · · Score: 2

      Typical corporate behavior - lobby incessantly against regulation but when caught in blatant malfeasance shirk accountability with the excuse "it may be unethical but it is not illegal"

      It's more like, "If we ask, we know that we'll be told it's illegal. Therefore, we won't ask."

      --
      Il n'y a pas de Planet B.
    8. Re: Bad summary by mysidia · · Score: 2

      I know someone who owns a house that his ex wife has been staying in. When they divorced it also resulted in a restraining order being taken out by her against him. It is his house though. So he is in the position of being unable to approach the house or her to collect rent on the house or to evict her.

      Simple solution to this. Pay an agent to serve the notice for eviction.

      These actions can still be done on his behalf by a paid employee or contractor.

    9. Re: Bad summary by l0n3s0m3phr34k · · Score: 2

      the BEST emergency maintenance was when I was dying some clothes red in my sink...apparently there was a leak into the apartment below...the maintenance guy said it really freaked the people downstairs out, looked like blood or something leaking from the walls! It had been leaking for awhile, but they hadn't really noticed until their ceiling started bleeding.

    10. Re: Bad summary by Anonymous+Brave+Guy · · Score: 2

      They can include whatever clauses they like, but they still won't override statute law.

      Under the law in my country, a landlord can't just turn up and let himself into a property you're renting from him, other than under certain specific conditions that are typically emergencies. At a minimum, there are normally some basic requirements for giving notice and visiting at a reasonable time in other cases, even where there normal landlord's rights such as being able to inspect the property to check its current condition apply.

      Given that the point here is an analogy with Microsoft just deciding to inspect someone's mail because they happen to host it, it's not a very accurate comparison. There are often specific laws covering rental/tenancy agreements, just as there are specific laws for mail sent via the US Postal Service or for common carriers. As far as I'm aware, there are no specific laws covering the kind of behaviour Microsoft has apparently engaged in here, so the question is more about contract law and any more general laws that might apply regarding privacy etc.

      --
      If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  3. Don't store unencrypted email online by gwstuff · · Score: 4, Insightful

    While this story is crazy, and MS should be spitballed for it... I don't buy that other companies that let your store your data online don't give access to your data to their employee, if only for "debugging and administrative purposes." If you want to store your data online encrypt it.

  4. Scroogled by Microsoft! by hsmith · · Score: 5, Insightful

    Here is to Microsofts shit ad campaign "Scroogled" - first they snoop on all Skype communication and now they admit to reading emails LOOKING for things.

    I fully expect the daft ad men at Microsoft to continue their pathetic ad campaign.

    Glass houses and all that.

  5. Re:I want to be shocked, but honestly I'm not by pushing-robot · · Score: 3, Funny

    Not to defend Microsoft's actions, but this does seem like exceptionally poor judgement on the part of the leaker, on par with robbing a bank and having them put the money in your safe deposit box.

    --
    How can I believe you when you tell me what I don't want to hear?
  6. Personal criminal liability applies by gweihir · · Score: 4, Interesting

    I suspect that certain MS managers and system administrators should now refrain from traveling to the EU for the next few years. Under EU law, you may not even look at email of your employees without having gotten a signed waiver on paper or a court order.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    1. Re:Personal criminal liability applies by SeaFox · · Score: 2

      Even if this is illegal on paper, I don't expect to see anyone who works at Microsoft be arrested for this if they go to the EU.
      There are laws, and then there are laws that actually get enforced on individual people who work for big businesses. This is one of those laws that gets resolved with a fine against the corporation, not by tossing people in jail.

  7. Re:They checked without a warrant by raburton · · Score: 2

    > Does ownership of the network override the laws of the country the network is in?

    It's not a legal question at all. If you use the service you have accepted their terms and so have given them permission to do this.

    > If they had opened physical mail, this would be a criminal charge. But because it's digital, somehow ownership of the service exempts them from having to obey any kind of privacy laws.

    The fact it's digital doesn't make it a special case, if you agreed to let them open your physical mail they could do that too.

    > Dangerous and shows why you should not trust anything online.

    You shouldn't trust anyone on line, that's true. However this isn't the best example of that, but it is a good example of why you should read the T&C of anything you sign up to.

  8. Re:They checked without a warrant by ArcadeMan · · Score: 2

    Companies can write all the terms they want, they shouldn't be able to override the laws already in place.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  9. Re:They checked without a warrant by tgv · · Score: 3, Insightful

    > It's not a legal question at all. If you use the service you have accepted their terms and so have given them permission to do this.
    That *is* a legal question. If the EULA says: we own your first born, is that so just because you checked a box on a web site? Nope. There are laws governing the reading of email, and Microsoft has to obey those rules like everyone else.

  10. Remember kids... by mwvdlee · · Score: 4, Insightful

    Remember kids...
    Do not store incriminating evidence on the servers of the company you're trying to screw.

    --
    Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  11. Re:scroogled hypocrisy by 1s44c · · Score: 2

    All multinationals are hypocrites. All advertising is an attempt at making people believe things that are at best only part true.

    If you give your data away you don't have it anymore. Don't give Google, Microsoft, or anyone else all your private email.

  12. What TOS are you reading? by sgt+scrub · · Score: 2

    Has anyone seen a TOS that does not give the company rights of ownership of you, yours, and all things associated with everything else they can cram into the TOS? I've often wondered why TOS are so wordy. I would simply write, "Do you confirm that you are our bitch and everything yours is now ours?".

    --
    Having to work for a living is the root of all evil.
  13. Re:They checked without a warrant by mrbester · · Score: 2

    If a contract contains a clause that abrogates inalienable rights then that clause can be deemed as unenforceable and should be removed in order that you have a fair contract fully agreed by both parties. If that part cannot be removed then the whole contract is null and void. This is basic contract law.

    Of course this relies on the agreement of a EULA forming a valid contract in the first place due to there being no signatories, other identifying marks or even a verbal agreement noted on it. A click on a button is not any of those, yet somehow it *is* a legally binding contract when the company wants it to be but never is when the other party wants it to be. And they have an army of lawyers who will bankrupt you if you don't like it.

    --
    "Wait. Something's happening. It's opening up! My God, it's full of apricots!"
  14. Re:I want to be shocked, but honestly I'm not by NoKaOi · · Score: 2

    Not to defend Microsoft's actions, but this does seem like exceptionally poor judgement on the part of the leaker, on par with robbing a bank and having them put the money in your safe deposit box.

    That's true. And in your analogy, the bank couldn't just open up your safety deposit box. In that case, law enforcement would have to obtain a warrant in order to open your safe deposit box. The question is not wether the leaker made a bad call by sending it to the blogger's hotmail account, it wether Microsoft had the right to search the blogger's (it wasn't even the employee's account) emails.

    "Courts do not, however, issue orders authorizing someone to search themselves, since obviously no such order is needed," Microsoft Deputy General Counsel John Frank explained in the blog post. "So even when we believe we have probable cause, there’s not an applicable court process for an investigation such as this one."

    Preventing this situation is exactly why private entities aren't allowed to get court order for searches...because that's law enforcement's job! If they truly had probably cause, then the legal course of action would have been to present that probably cause to law enforcement, which law enforcement could then use to obtain a court order. Since the guy got arrested, this obviously went beyond a civil matter. I hope to hell that this evidence is thrown out of court as being inadmissible, because it needs to be made clear that this type of behavior is not legal. Then again, MS probably figures if the federal government doesn't have to follow the law to search private emails, then why should they?

  15. Re:They checked without a warrant by tgv · · Score: 2

    Clicking a check box does not overrule the law. You ignore my "stupid analogy" because you don't have a counter-argument.