A couple of weeks ago we reported on the how a court case against a disgruntled employee who had allegedly leaked an unreleased version of Windows 8 to an unnamed blogger in France had put the spotlight on Microsoft’s practices regarding the scanning of user’s private emails.
In the face of such unwelcome media attention, Microsoft had already offered the concession that it would include information about how often it accessed private customer data in such a way in its bi-annual transparency reports. Well, last Friday it went further, and announced in a blog post that, ‘effective immediately’, it would no longer search through customers’ emails and chat messages, even when wrong-doing is suspected,
‘Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.’
At the moment this constitutes a change of policy, but general counsel and executive vice president of Legal and Corporate Affairs, Brad Smith, promised that ‘in the coming months’ this would be incorporated into Microsoft’s Terms of Service, making the policy legally binding.
Privacy advocates such as the Electronic Frontier Foundation (EFF) had been very unhappy at Microsoft’s behaviour in the Alex Kibkalo case, and have celebrated the announcement as a victory. Nicole Ozer, technology and civil liberties policy director at the American Civil Liberties Union, told Wired that,
‘The public has gotten wise post-Snowden. If companies want users to trust their services, it’s time for companies to get with the program and commit themselves to privacy policies that actually do something to protect user privacy.’
Our earlier article on this also covered a case in which Google was fighting claims that its interception of emails amounted to illegal wiretapping. Wired asked Google whether it was willing to make the same commitment to user’s privacy as Microsoft just has, and Google’s general counsel, Kent Walker responded,
‘While our terms of service might legally permit such access, we have never done this and it’s hard for me to imagine circumstances where we would investigate a leak in that way.’
So that will be a no then…