Microsoft has been under a storm of criticism lately over reading the emails of a blogger’s Hotmail account linked to an ex-Microsoft employee who leaked Windows 8 builds. Microsoft looked through the Hotmail account without getting a court order. However, this issue is slightly more nuanced than it seems. A corporation, in fact, cannot get a court order to search themselves. Microsoft Vice President and Deputy General Counsel released a statement clarifying the matter:
Courts do not issue orders authorizing someone to search themselves, since obviously no such order is needed. So even when we believe we have probable cause, it’s not feasible to ask a court to order us to search ourselves. However, even we should not conduct a search of our own email and other customer services unless the circumstances would justify a court order, if one were available.
Microsoft has issued some guidelines on looking customer data during internal investigations: Microsoft Makes Changes To Its Internal Policy Regarding Snooping Of Customer Data
In the context of this situation lets look at a narrow segment of the email privacy policies. Looking at the terms of service of Microsoft, Yahoo, and Google all three corporations have explicitly carved out the right to access communications to protect its own intellectual property.
We may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the Service; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public.
You acknowledge, consent and agree that Yahoo may access, preserve and disclose your account information and Content if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary to: (i) comply with legal process; (ii) enforce the TOS; (iii) respond to claims that any Content violates the rights of third parties; (iv) respond to your requests for customer service; or (v) protect the rights, property or personal safety of Yahoo, its users and the public.
We will share personal information with companies, organizations or individuals outside of Google if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- enforce applicable Terms of Service, including investigation of potential violations.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of Google, our users or the public as required or permitted by law.
The word “property” in this context refers to “intellectual property” which could be anything the companies may be working on. But more important is how similar the terms of service are for all three companies. As you may have been led to be believe reading other media outlets, Microsoft is not the only company that is able to read through its own customers data. In fact, Google does this explicitly and continuously to service ads.
I’ll share my thoughts on this situation in a follow-up post, but Kip Kniskern of LiveSide has written a good editorial echoing some of my thoughts: Did Microsoft Scroogle itself? Some thoughts, and the company response to the Kibkala/Canouna leaks story