Yes, Microsoft is within its rights to peek in your Hotmail
A side story that got lost in yesterday's revelation that authorities arrested a former Microsoft employee for allegedly leaking Windows 8 trade secrets to a French blogger is how Microsoft was able to track down its suspect. Simply put, the blogger was using a Hotmail account, so Microsoft granted itself access to his inbox. Based on the emails it read, Microsoft had a culprit, but was this a breach of privacy?
According to Microsoft, its terms of service make it clear that it has the right to look at a user's Hotmail or Outlook when circumstances dictate, and that's what it did in this instance.
"In this case, we took extraordinary actions based on the specific circumstances. We received information that indicated an employee was providing stolen intellectual property, including code relating to our activation process, to a third party who, in turn, had a history of trafficking for profit in this type of material. In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries," Microsoft explained in a blog post. "This included the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. The investigation repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past."
However, Microsoft goes on to state that courts do not issue orders authorizing someone to search themselves. Therefore if Microsoft believes it has probable cause, there's no court process to follow to search through information on servers located on its own premises.
Microsoft says it will only do this kind of thing "in the most exceptional circumstances," and in this particular case, there was a "rigorous process before reviewing" the blogger's content. That might not be enough to make Hotmail and Outlook users feel as though their privacy is being taken seriously, so Microsoft added some additional policies.
The first new policy is that it will only conduct a search of customer email and other services if the circumstances would justify a court order, if one were available. Secondly, it will use a legal team separate from the internal investigating team to look at the evidence and determine if a crime would be sufficient to justify a court order. Third, in the event of a search, it will be confined to the matter under investigation. And finally, Microsoft will ensure transparency by revealing in its bi-annual transparency report the number of searches that have taken place.