Microsoft Alters Outlook and Hotmail Policy After Snooping a Blogger's Inbox

66

Comments

+ Add a Comment
avatar

NavarWynn

This is the penultimate of stupidity. Frankly, if the guy was stupid enough to have sensitive correspondence, regarding thieving from MS, in his MS owned hotmail account, he deserved what he got.

Goes to show that it doesn't matter how smart you are, in this kind of crap, you are only as smart as your dumbest conspirator.

avatar

JosephColt

No corporation like Microsoft should be able to look into your accounts and view your information without legal authorization. It's a breach of privacy. Sure, they own the space, but that does not, or should not, give them the right to access our information on a whim.

If someone rented an apartment, and moved in, should the property owner be able to come into a persons apartment and go through their personal belongings because they know that the individual stole some property belonging to the owner? - No, they should contact the authorities and try to get it back legally.

I don't think Microsoft was totally in the wrong depending on what they did before talking to the authorities. As a business owner I wouldn't want corporate data to be exposed. This individual was not respecting the privacy of Microsoft, and releasing data illegally. He should definitely get jail time for what he's done. Privacy is an important thing these days to almost everyone, and both people and corporations want them. He gave up his privacy once he disregarded Microsoft privacy as an employee.

avatar

NavarWynn

Most lease agreements include authorization for the owner/property manager to inspect the premises. It is not always a requirement that you are present. Typically these DO require notice (of 24-48hrs), but since they can post notice on your door, if you are out of town for a couple days, if they wanted they could post a notice on your door, come back 48hrs later and do their inspection, all without you ever knowing about it.

avatar

JosephColt

That's really foul play there, and should(maybe it is?) be illegal. It should be verified the occupant is aware of the notice.

avatar

The Mac

It is not illegal in all the markets i have rented in.

The landlord still owns the property you are renting and needs access for repairs and to be able to give realtors access to show it.

They are not to be held hostage to your whims of not being there, intentional or not.

If you wold like to see why landlords have those protections, go watch the movie Pacific Heights.

avatar

Bullwinkle J Moose

Bullwinkle's Terms of Service

Posting Comments is a Service that I, Bullwinkle am providing to you at no charge

To read my comment's, you must first agree to these terms of service

1. You agree that Bullwinkle (That's ME) can view all your Microsoft enabled data created or provided by any Microsoft enabled service or having anything to do with Microsoft in any way if you choose to read this or any other comment by Bullwinkle J Moose

2. You agree that any agreements with Microsoft Corporation are hereby terminated and will remain null and void into perpetual perpetuity and beyond!

3. You agree that Bullwinkle J Moose is Blameless for whatever becomes of his posts and/or Terms of Service or Licensing Agreements and that the reader should assume all liabilities and costs resulting from posts made by Bullwinkle J Moose

4. You agree that by reading this post, Bullwinkle J Moose may sell any Microsoft generated, transmitted or enabled data that was created, sent or stored by you, the reader, to any Government Agency, Corporation or Individual for profit

5 You also agree that this License to Read my posts and these Terms of service can change at any time but only be changed by Bullwinkle J Moose and you agree to be held to any further changes of this agreement!

and now
a comment from Bullwinkle,

I have been screaming about the malware shoddily hidden throughout Microsoft Products including but not limited to WINDOWS, for years now

If they can't hide their malware better than that, they can't claim Trade Secret Protection when someone finds it

Who do they think they are?

avatar

MrHasselblad

And this is why Microsoft has the second largest legal department (also budget outside of that in house legal department) in the world.

To make Terms Of Service contracts that few ever bother to read, but end up signing their life away anyway.

Also interestingly enough... Versions of this contract also exist when a company can also view any employees data when using a work computer, work internet, or even work related email.

Most of the laws that exist today are not there to protect the individual.

avatar

JosephColt

In the case of what you do on a work computer, work email, and work anything I can understand them being able to see any of that data for obvious reasons.

Microsoft should have talk to authorities first if they had reliable information that could link to an insider breaking their protocols.

There are unsaid rules in life, and it should go without saying that an email provider should respect an individuals privacy.

avatar

Bullwinkle J Moose

"unsaid rules in life" ??

No, they were spelled out in my Terms of Service Agreement!
Didn't you read my terms of service agreement?

You agreed to it!

avatar

JosephColt

Yeah, but my point was it should be an unsaid rule of life that Microsoft should not access our emails without legal authorization, and respect our privacy. A TOS should never sign off someones rights which is always forced since every company has one.

avatar

The Mac

You have the right to not use their service, use someone elses, make your own, or use nothing at all.

you have no "right" to email.

avatar

jbitzer

You have no rights to a lot of things, however, had they splashed in big letters on the signup page that WE READ YOUR EMAILS SO TAKE CARE WHAT YOU SEND. No one would sign up, and you, and I, and they know that, so let's stop splitting hairs over this.

I store my email on a windows OS computer, since we've established that I don't OWN software, but merely license it, does that mean they have the right to send reports about all of my activities back to MS? It's their OS after all, not mine. I guess we should just allow any post officeworker, UPS driver, fedex man, and telephone operator to access all of our correspondence too. I mean, that's what I get for using their services, if I want privacy, I should hand deliver everything.

Oh, I guess I live in the USA, so when I have a whispered conversation, it's travelling through US airspace, better give the government logs of everything I ever say.

Individuals should expect to have no rights at all, after all, we only live by the sufferance of our supreme corporate and government rulers.

I'm glad providing a service to someone gives you the right to anything they do while using the service, who wants to make use of my handy new bank account number and passwords storing service I'm offering? it's ad supported, so free to the user!!!! sign up now!

avatar

The Mac

I dont necessarily disagree with you, im just tired of these people with their "i have a right to x" nonsense.

Its naive at best, and really irritating....

As the best example, most people i have come accross believe they have a "right" to a drivers licence. Which of course they do not, it is a privilege, not a right, and can be revoked at will.

avatar

jbitzer

Exactly, the driver's license thing irritates me to. The thing that annoys me about this is MS using the"courts don't give you orders to search something you own" No, they'd give the police a warrant, because face it, if I'm the accuser AND the investigator, nothing stops me from planting the evidence. (yes, I know it's pretty cut and dry here, but I'm talking about the precedent it sets)

The authorities should have had an investigator clone the storage, access the data, then show in court it was the same hash from the original to protect an evidence chain.

Unless that is MS is now criminal investigators, maybe he'll go to MS jail.

avatar

The Mac

That certainly sounds reasonable to me

In this case, however there seemed to be a timing issue to catch the guy before the IP was disseminated.

Its all pretty new precedent, so its going to take some time to work out the bugs procedurally.

avatar

jbitzer

I think a lot of legislators get caught up in the "new technology" aspect of it, but I look at it the same way as the various internet cons: in that, the transmission media may have changed, but at the root it's still the same old cons that have been going on forever.

avatar

angryone

The question I have is why did this guy use his Hotmail account? I mean seriously, if you worked at a bank and were skimming cash, would you deposit it in an account in that same bank? I am not justifying what the guy did, but you would think someone employed in a tech job would know enough to use an email account not hosted by the company he is trying to screw over. And there is always the option of encrypted communications. I think I know why he got a bad performance evaluation from Microsoft.

avatar

angryone

The question I have is why did this guy use his Hotmail account? I mean seriously, if you worked at a bank and were skimming cash, would you deposit it in an account in that same bank? I am not justifying what the guy did, but you would think someone employed in a tech job would know enough to use an email account not hosted by the company he is trying to screw over. And there is always the option of encrypted communications. I think I know why he got a bad performance evaluation from Microsoft.

avatar

MaximumMike

I don't know without some serious thought if I consider what Microsoft did ethical, but I find it hard to say I wouldn't have done the same thing.

For instance, if I knew a guy in my neighborhood had a reputation for running a fencing operation and observed him pushing a bike from my lawn into his garage, I wouldn't wait for the police. Not if I was the guy who installed his garage door. I would wait for him to leave and then I would go over there and open his garage and retrieve my property.

I'm not so sure that's ethical, but I'm pretty sure that's what I'd do.

avatar

dedgar

Even though your neighbor is running a fencing op, if you go get your stuff back by opening his garage door, you just committed 'Breaking and Entering'. If you then remove the bike, you have then 'Tampered with evidence'.
Turn yourself in for arrest.

avatar

MaximumMike

Either that was sarcasm or you completely failed to appreciate the point of the analogy.

avatar

Eoraptor

no, dedgar is correct. Microsoft, in this case, owns the servers on which the information resides while you do not own your neighbor's garage.

beyond that, we, as a society, have agreed not to ct as vigilantes, but to let uniformed law enforcement deal with such issues. Microsoft should have gone to prosecutors or the appropriate branch of law enforcement and said "Look, we suspect this. what should we do?" Instead they chose to say "well I have the keys, I'll just go take a baseball bat to the problem myself."

as another poster pointed out, it's no different than your landlord just letting themselves into your apartment on a whim. in pretty much every state in the union, they can only do that if they suspect a crime, and if they find evidence f such a thing, then they immediately need to leave and lock the door again and call the cops, not help themselves to the evidence.

avatar

MaximumMike

You missed the point as well. I wasn't talking about ownership, but access. The point was that sometimes if you wait for law enforcement to get your stuff back you lose your property because its gone by the time they get there and they're not going to waste their time looking for it. In the same way the damage to Microsoft would be irreversible once that scum bag made their trade secrets public.

You may call that vigilantism if you like, but some things are irreplaceable, like a family heirloom, for instance, or a rare photograph, or some unsmoked tobacco an ancestor had kept from his time in the Civil War, or your 6th grade science project. There are some things you can't get back once some scum bag takes them and gets rid of them. It may not be legal, be many people would prefer to face the consequences of "tampering with evidence" over losing something precious and never being able to get it back.

Perhaps for you morality is entirely wrapped up in obeying the law, but I doubt that is the case. I bet you've broken the law for something trivial like speeding when you were late for work. But you can quickly condemn the man who breaks the law to protect his own property, something law enforcement fails at miserably.

avatar

JosephColt

It's really depends on the context of the situation.

Material goods, even if someone has emotional attachments are just items, and are not important no matter what they are. Human lives on the other hand are important, and irreplaceable.

Let's say you break into your neighbors garage to recover a family heirloom you had stolen by your neighbor. Like previously mentioned that is breaking and entering alongside tampering with evidence.

Now, your neighbor calls the police after he spotted you, or another neighbor called the police after seeing you break into a home. The police would arrive and arrest you, but then the person who robbed you can press charges, and you would be hard pressed to prove that item was yours or that he broke into your property.

Of course if a human life is in danger that is a totally different situation, and you should call the police immediately. If you know that persons life is in immediate danger you should take the necessary steps if it involves breaking down a door.

I know it's pretty messed up, but you have no right to enter his home just because he committed a petty crime. You will face several years in jail for breaking and entering alone, receive a criminal record, be seen as untrustworthy socially, damage your chance career wise, and a sentence for theft as well.

In Microsoft case, there is a bit of a gray area, but they did work with law enforcement. In this specific situation only I would say they are in the right because the criminal broke Microsoft privacy on their own property while working for them while likely under a signed agreement not to reveal sensitive data.

avatar

MaximumMike

As usual, you miss the point... even though I have elaborated on it several times.

avatar

JosephColt

I am pretty sure I understood your point.

You would break into the garage to recover your goods even though you are committing a crime.

Just because you installed a garage door does not mean you have access to the other side, or the right to use it unless there is an exceptionally extreme situation.

avatar

MaximumMike

No, you missed the point entirely. Thanks for playing.

avatar

JosephColt

I sort of doubt that. I'd like to know exactly what your point is then.

You claimed you would go into the garage to recover items despite it being unethical, illegal, and a breach of privacy just because you happen to have installed his door and have the capability to go through easily. Since you have that access you believe you can become a vigilante to "do the right thing."

avatar

MaximumMike

It was an analogy. The point of an analogy is never the analogy itself, but to help in clarifying the original sentiment. But you're just hung up on the legality of the analogy, which really has nothing to do with anything. If you can't think it through for yourself, there's really no point in my explaining it to you.

avatar

JosephColt

I know it's an analogy to help clarify the original point, but I am discussing the analogy which is clarifying the original point. The legal and ethical discussion of your analogy can correlate to the original point, so it does have to do with everything.

avatar

Zinc Whiskers

The real question is "how often has it happened already...and how many of those cases actually resulted in criminal charges"?

avatar

glpeter90

They were wrong. They should have gone to court, got a warrant. Then they would have been right. Really a short lessen here.

avatar

The Mac

did you not read this article?

the courts cannot grant a warrant for property owned by the applicant.

avatar

JCSFBAY81

Both parties were wrong. Ms should never have the right to access someone's email out of suspicion and the employee should never stolen intellectual property. If this went to a court I'd imagine theyd find both parties guilty of consipracy.
Now if ms pulled this information off this former employees ms workstation by reviewing browsing history, etc then ms had all the right in the world as he was commiting a crime on a ms supplied computer while using it to steal intellectual property. Accessing his personal email through hotmail which they own and operate is treading a fine line.I'm far from a legal expert but that's the only way I'd see this being done legally.

That said - this is exactly what is wrong with cloud computing.

avatar

glpeter90

I did read the article. Read my lips, "they were wrong". If you think hosting, is owning, then, you are wrong. They were serving as a host. If you keep your diary in a lock box at the bank, the bank can't just go read it because they have access to it.

avatar

MaximumMike

Yea, but if you rob the bank and put the cash in your lock box they ought to be able to go get their cash. If you didn't want them to read your diary while they were in there, you probably shouldn't have stolen from them in the first place.

avatar

glpeter90

What you are saying is if MS thinks you did them or anybody else wrong,
and they have access to your email, they can read it ? You work for the NSA ?

avatar

MaximumMike

No, that's not what I'm saying at all. It's no big secret that I'm probably the most avidly vocal opponent of the NSA on this site. I don't think it's ok to snoop through people's emails just because you can.

However, I do have mixed feelings in this case. If I ran a multi-billion dollar company like Microsoft and someone was using my own free services to steal my trade secrets, I would probably lay my normal ethics aside long enough to protect my interests. I realize this represents a bit a of a moral dilemma, hence my statement that I have mixed feelings about it.

Furthermore, one would wonder about the intelligence of someone unethical enough to steal Microsoft's trade secrets and yet foolish enough to use a Microsoft service to do it.

But what I'm really wondering is if you think your right to privacy extends so far as to allow you to commit crimes while those who abide by the law sit idly in respect of your privacy and watch your crimes take place, or if perhaps you think that common sense would dictate that when it is plain you have committed a crime that others will take action regardless of your right to privacy?

avatar

jbitzer

No, the company should not be able to violate a personal box. If they have suspicions and evidence of a crime, they should allow the authorities to investigate, get the warrant, and prosecute the crime, or should they be allowed to put the guy in to MSJail, because after all, it's their property, they should mete out justice too?

avatar

jbitzer

No, the company should not be able to violate a personal box. If they have suspicions and evidence of a crime, they should allow the authorities to investigate, get the warrant, and prosecute the crime, or should they be allowed to put the guy in to MSJail, because after all, it's their property, they should mete out justice too?

avatar

MaximumMike

It is worth mentioning that in this specific case the article claims that Microsoft worked closely with authorities over a period of months. I'm not sure what legal boundaries Microsoft crossed in this case, if any. But they certainly didn't go in all gunslinger-vigilante and just snatch up the guys email account. Or the article doesn't read that way at least.

avatar

Brand___X

Yes the article does state that MS worked closely with authorities over a period of months. The article does not clarify if that work with authorities was pre or post email account invasion.

The article also quotes MS as saying "Microsoft goes on to state that courts do not issue orders authorizing someone to search themselves. Therefore if Microsoft believes it has probable cause, there's no court process to follow to search through information on servers located on its own premises."

If this is true, it will be interesting to see how this plays out..

avatar

The Mac

considering the touchy subject of privacy these days, i would think not as well. They certainly wouldn't want the bad PR.

avatar

The Mac

Yes they can. They own the storage medium, its their property.

avatar

jbitzer

Good to know, I'm going to go down to my properties I own and start looking through my tenant's belongings so I can kick them out if i find anything in there I don't like. My property after all, they have no expectation of privacy.

avatar

The Mac

you are prohibited from doing that by housing law.

Your tennants absolutely have reasonable expectation of privacy.

As an employee, you are not "Renting", and a a user of a provided service, you are not renting either.

see my more detailed post below.

avatar

glpeter90

He was a former employee, no longer working for MS. The only reason MS was able to read his mail was because he used their free outlook email. At that point he is a tenant. And they were renting him his outlook email housing, via advertizing. Did you read the article ? Do you know anything about the law ?

avatar

The Mac

no, he is not.

He is a user of a service, subject to that service's EULA.

you cannot rent a free service. Rent requires a periodic payment in return for the use of a product or space.

It seems you know nothing about law.

avatar

MaximumMike

Just because someone provides you a free service doesn't mean you forfeit your constitutional rights at the door. Also, just because someone allots you some space on a server doesn't mean that tenant laws apply to you. Somewhere in between the two positions is the truth that most people have a reasonable expectation of privacy in their email and that there should be a reasonable level of protection of that privacy. I hardly think that theft would be covered.

avatar

glpeter90

And is seems you know nothing about everything. And that comment was not directed at you Mike, you were not rude like McDonald's boy.