Slashdot Mirror
Microsoft Promises Not To Snoop Through Email
An anonymous reader writes "Microsoft took some much-deserved flack last week for admitting they examined the emails of a Hotmail user who received some leaked Windows 8 code. The company defended their actions at the time. Now, after hearing the backlash, Microsoft General Counsel Brad Smith says they will not do so in the future. Instead, they'll refer it to law enforcement. He wrote, 'It's always uncomfortable to listen to criticism. But if one can step back a bit, it's often thought-provoking and even helpful. That was definitely the case for us over the past week. Although our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case, the circumstances raised legitimate questions about the privacy interests of our customers. ...As a company we've participated actively in the public discussions about the proper balance between the privacy rights of citizens and the powers of government. We've advocated that governments should rely on formal legal processes and the rule of law for surveillance activities. While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us.'"
Translation: "Sorry we got caught. We'll be more careful to not get caught next time."
Microsoft != Facebook
Ok...
A feeling of having made the same mistake before: Deja Foobar
I'm reassured.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Wasn't scaremongering about Google reading your email part of their stupid ad campaign?
If Microsoft could read, couldn't they also inject crafted evidence into his account? Might be a nice way to take down opposition...
"No, but understanding is not required, only obedience."
It's 'flak'
"Scroogled" sounds like something Jerry Seinfeld would come up with.
sorry for any bad MS - Seinfeld associations that brought up, complimentary mindbleach on the table by the door.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
...then I'll believe them. Until that point I'll anticipate them reading all my email.
Other than iOS which requires being spoon-fed by special enterprise software, virtually every desktop OS supports PGP, GPG, S/MIME, or a combination of the above.
Maybe it is time to stop bellyaching about who is doing "less /var/spool/mail/ihatemymommy2012" and start working on a PGP/gpg web of trust, or just pay the small fee from a CA to use an E-mail client cert, if one wanted to go the S/MIME route?
End to end encryption is the only thing that makes sense. Even back in the early 1990s, the cypherpunks were able to grasp this concept. Trusting the mail provider, no matter how secure they are is always going to fall short.
from Google? MS just admitted they lied so that would have made the Scrroogled ad campaign a straight face lie?
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
They said:
Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.
One narrow circumstance that probably won't happen again. In all other circumstances they can read the customer's private content?
T-800: "I swear I will not kill anyone."
Yeah, right!
I believe it was Thawte did/do free certs for email for non-commercial use. I would prefer php/gpg though.
Edit: did. Ah well.
(Just kidding, Slashdot has no edit function)
Cause if there was an edit function, that would read pgp, not php :)
I feel better already!!
Just to add a bit more, though some email clients do have encryption built in, their tools for handling the certificates and encryption and trust are woefully inadequate. If a client was built from the perspective of encryption first, some ground might be gained.
Though even then, you start running into corporate mail filters etc. My brother's company (West Sussex County Council) email filter would silently reject my emails that were just *signed* by me. When I contacted their mail administrator about it, I received a very shitty reply.
I believe it was Thawte did/do free certs for email for non-commercial use. I would prefer php/gpg though.
Edit: did. Ah well.
(Just kidding, Slashdot has no edit function)
CAcert.org and StartSSL offer free client certs.
While CAcert's root is not included in browsers and mail clients (thus people you communicate with will need to install and trust the CAcert root or they'll get scary warnings), the StartSSL root is widely included. StartSSL is totally free for "Class 1" certs (domain-validated server certs or email-validated client certs) for non-commercial purposes. Class 2 certs (identity-validated server and client certs, as well as organization-validated certs for organizations) only charge money for the validation, but you can issue as many certs as you want for yourself (or your organization, if you get the org certs) at no extra cost.
How about they build an encryption API right into their service? Encrypt the message locally before it ever goes to the network. Oh, they don't want to do that. I see. So Microsoft promises to not read your mail, while retaining the ability to easily do so whenever it's convenient for them. That makes me feel so much better.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Pinkie or cross-their-heart?
You think they'll get warrants?
Note they didn't say they'd update their ToS removing their right to do it. Are we supposed to rely on their good will and pinky promise not to do so?
Microsoft don't need no steenking warrants!
-- Tigger warning: This post may contain tiggers! --
If you're going to steal IP from a company, uh... maybe... just maybe... you shouldn't use their cloud service to get and transfer the goods?
The point being two moral wrongs make a right?
No, it's exactly the point. Because how many mail folders did they go through before finding the "right" one? Do you think if they did that we'd ever hear about just how many mailboxes they opened without the consent of the content owner and violated their privacy? Do you think it's ok that a company (not even a government, but a mere, ordinary COMPANY) should get away with digging through your emails at a hunch? We think you might have done something we don't like, so we simply dig through your belongings, to hell with your privacy, to hell with how you feel about some strangers digging through your stuff, we do what we WANNA.
What's next? Your landlord opening your home with a key he retained because he heard a rumor that you might have gotten visits from a drug dealer, so he simply marches over at 6am, opens your door, digs through your clothing and your sex tox collection then shrugs when he doesn't find anything and goes without even a "whoopsie, sorry"?
That's ok, too, I guess?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
With all the braying about "scroogling", and the fact that we've all known Microsoft had both the capacity and intent to do the same damned thing ... can we simply start calling this Moogling?
Sorry, but when you run a campaign about how everything is an add and they're looking through your email ... and then everything you do is an ad and they look through your email, well, people might notice.
Lost at C:>. Found at C.
but seriously, do you think the other majors are much better? There is anecdotal evidence galore that most IT companies cooperated to a greater or lesser degree, with the NSA, law enforcement, and so forth. Also that they use/used their technical capabilities to investigate whenever and wherever they have had a concern.
Brad Smith at least sounds like a human being and not someone reading a prepared statement. And he's moving in the direction we all say we want. While I agree that we need to watch for implementation of these statements, I don't think we should reject the statements themselves. That's just cutting off our noses to spit our faces.
Reward good behaviour and punish the bad. That's just basic psychology. And for those who think that MS is simply evil, I believe they turn their backs on changing the behaviour of a major IT player. Not to mention degrading the meaning of the word evil.
I had similar happen back in 2010 when a would-be employer called back and started threatening me about legal ramifications about sending them malware, and send me a $7000 "cleaning" invoice from Geek Squad.
Further discussion found that the HR person thought the ribbon icon that shows a signed E-mail was malware that seized his machine, so the company called GS to have every computer in the business "fixed".
...great about this actually. I just need a cup of tea to enjoy's Microsoft's downwards spiral,
... of fucking assholes. Seriously. How on earth can their PR department sleep at night? By ignoring the facts? By ignoring what they know? It should be a law, that people in those positions should be held liable for what they contribute to - privacy invasion.
This story was a good lesson for people. This is why you don't use third party services for your mail. Or for anything else important really. If its not on your own server don't use it. You can't trust someone giving you a free service, I won't trust anyone giving me a low cost solution either.
When an organization says this was terrible and will never happen again, the absolute minimum people should demand is the following: The person making the decision was fired. They were offered no special severance. Any severance given was publicly stated. The person was named publicly. A statement is issued that no consideration of any kind was offered to the employee either directly or indirectly.
This may seems rather involved, but is completely necessary in these political-like situations. Otherwise the designated fall guy gets to fall upward into a cushy job offered by ad associated company. And no real pain is felt by the people responsible.
Who's the braintrust that decided to use a Hotmail account to coordinate the stealing of Windows source code? Ignoring the expectation of privacy for a moment, that was just plain dumb.
Especially (or even?) in Slashdot.
1) encrypt it... on the client side? with which key? the sender? how whould then the recipient read it ?
2) good bye spam filters
I've never considered Microsoft 'evil.' Self-centered and only looking out for only it's own interests,ya but that's pretty much par for the course with most corps and people. I still hold corporations and people accountable. I always have. Just as with Yahoo giving the PRC the contents of an email account resulted in the closing of my accounts with them, so that is what has happened with Microsoft. These weren't the 7 GB freebies either. I'll wait and watch to see if their is an actual behavioral change, are corresponding change in the ToS/EULA. Promises don't mean a thing here. Change.
"[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
And Adolf Hitler promised Stalin he would not to go to war with Russia. We all know how that turned out.
When Hotmail-Boy invades your privacy, that should probably be called MicroScrewing. But unlike Google that want to hit you with all sorts of advertising, you can sleep more soundly knowing that Hotmail-Boy is just trying to build a criminal case against you.
By the way, when Microsoft called for Safari users to boycott Google for privacy violations and switch to Bing, they probably should have also noted that Bing's privacy statement required Bing users to also agree to the Google Analytics privacy policy. So, they want you to boycott Google by agreeing to yet another Google privacy policy.
Thank goodness Microsoft is working so hard to protect our privacy. With friends like them ... *sigh*
Wow, someone at Microsoft thinks they have some credibility left after all these years. Proof that newbie PR interns do have some value.
Everything in the Universe sucks: It's the law!
Don't you rather have you mail server serve you: - relevant, targeted ads - or warrants.
Another fantastically insightful post without an author to attribute it to.
Suborbital [spaceflight] is the special olympics of spaceflight. - Rei
I realize in the modern world it's impossible to not do business with MS, but I can move in that direction. I will do so now because two recent events show the nature of the company.
As most of you know, Bill Gates (who now claims to be sort-of detached from his company) came out against Snowden. He used a fake argument, so the motive must be money - money from the government taking from the people.
And now, of course, we know MS thinks nothing of perusing private emails. Although this may be allowed in the fine print of the TOS, it's not the part of the advertised-image MS projects, and MS's repeated defense that doing so was within the law won't help it on the ethical front.
I know many of you have serious monetary disputes with MS, and that is where your MS-disdain springs from. I previously ignored those disputes because I was too lazy to learn the details. But I see your point now without going into the details. A monster company with no ethics is a true monster.
(||) Nehmo (||)
The difference is that, with the right key information, one can be decoded, the other cannot.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
Do you think it's ok that a company (not even a government, but a mere, ordinary COMPANY) should get away with digging through your emails at a hunch?
Well the rules are tighter for a government than companies for a reason. You have an easy(-ish) choice who to contract for email. Your say in who governs is much smaller. Especially at the federal level. And the government has more authority they could abuse.
But overall I'd say yes it was 'ok' for Microsoft to do what they did because the user agreed to a contract that said it was ok for Microsoft to do what they did. I blame the user, and the billions of other users who agree to such contracts allowing them to become the norm. It would be one thing if companies or governments were forcing people into these contracts. (You can't vote without a hotmail account. You can buy food without a facebook account.) It another when people agree to trade away things like privacy for a free email account. It's awful but this person has no more right to complain than the guy who basejumps for fun and get injured due to a mishap. In both cases they have the information up front to understand the risk and choose to proceed anyway.
I'm just angry that some many people have been this irresponsible that now the few who don't want to be so irresponsible are looked upon as freaks. Things should change about how private information is handled, but the answer isn't to have the government rewrite the contracts people irresponsibly agreed to. The answer is for people to start acting like grown ups and change the demand in the market.
The problem is that at some point it gets impossible to bypass corporations for some things, and that's when they need to be held responsible at the same level as governments.
To give you an example: To get a job around here, you need a bank account (that's actually a legal requirement to avoid money laundering, no cash for you, your wage goes to your account). Banks around here require you to have a permanent residency to get an account (not strictly a legal requirement, but there is simply no bank where you could get an account without a place to call your home). To get someone to let you a flat, you need a job (you won't find a landlord that would let you rent without a note from your employer that shows you'll be able to pay the rent).
See the vicious cycle? None of them is a government agency, so they are all within their rights to do what they do, nobody is required to do business with you. But should you ever go unemployed and/or homeless, you're fucked and have no chance to EVER get out of that again.
Sometimes private entities must be held responsible at the same level as governments. Especially if they offer a service that touches your ability to survive, to sustain yourself, your privacy or your intimacy.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Another fantastically insightful post without an author to attribute it to. -- Why are all the good posts submitted as --AC?
Because they don't want to lose their jobs, etc., etc. ;-)
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
Your word means nothing. We already had that promise and you broke it. No we don't want another empty promise. You promised Windows 98 would be faster, and the only thing it was faster at was crashing, using up all a computer's memory to encourage upgrades, and catching viruses. You been promising that for decades. Why should this promise be any different?
Sadly, a Libertarian cannot force his views on another, and freedom cannot spread as does the cancer known as religion.
Could you elaborate a little?
If you're working somewhere that you can get fired over posting an opinion Slashdot, you shouldn't be surfing slashdot @ work (Original Post @ 4:46PM).
Suborbital [spaceflight] is the special olympics of spaceflight. - Rei
Oh. Just got it ;)