Microsoft's new Terms of Service take shots at Google but leave loopholes

Microsoft has changed its service agreement to be less intrusive but retained the option of scanning users' data

If you keep track of Microsoft's Terms of Service agreements (I know, it's like logging the growth of grass in your back yard), you know that the TOS went through a limited but embarrassing revamp in March after Microsoft admitted it scanned a blogger's Hotmail account in response to the Kibkalo Windows 8 leaks. Russian Alex Kibkalo, nicked at a conference in Bellevue, drew a prison sentence of time-served-plus-one-week, followed by extradition. We pay penance with yet another MS TOS update.

As the Scroogled campaign made abundantly clear, Microsoft's view of its approach to privacy varies greatly with Google's "we can look at anything (except Apps for Education Gmail and paid services) to dish out ads" stance. There's a fair amount of gray area at the edges, though, that the new MS Terms of Service leave fuzzy.

There have been several notable TOS changes in this round. An example: The old Microsoft Services Agreement, effective Oct. 19, 2012, had this to say about the privacy of data stored with the various Microsoft services:

For example, we may occasionally use automated means to isolate information from email, chats, or photos in order to help detect and protect against spam and malware, or to improve the services with new features that makes them easier to use. When processing your content, Microsoft takes steps to help preserve your privacy.

The new version narrows the commitment significantly:

We don't use what you say in email, chat, video calls or voice mail, to target advertising to you. We don't use your documents, photos or other personal files to target advertising to you.

Take that, Google.

Nonetheless, the new version falls short of a blanket hands-off statement. Microsoft admits it gathers information about you as part of the Microsoft Account signup process and it may combine information obtained with data from other sources to target advertising to you.

While Microsoft says it won't scan your email in order to serve up targeted ads, it certainly reserves the right to scan your email for other reasons. In some respects, that's perfectly reasonable; malware scans come immediately to mind. But Microsoft has at least one ghost in the closet, scanning email for its own purposes. We come back to the Kibkalo case.

The old, 2012 version of the TOS says this:

Content that violates this agreement, which includes the Microsoft Anti-Spam Policy and the Microsoft Code of Conduct or your local law isn't permitted on the services. Microsoft reserves the right to review content for the purpose of enforcing this agreement. Microsoft may block or otherwise prevent delivery of any type of email, instant message, or other communication to or from the services as part of our effort to protect the services or our customers, or otherwise enforce the terms of this agreement.

Although I can't find specific reference to that wording in Microsoft's defense of its scanning Hotmail messages in conjunction with the Kibkalo case, that last paragraph seems to justify Microsoft deputy general counsel John Frank's statement that "while Microsoft's terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances."

That same statement from Frank, posted on TechNet in late March, goes on to say:

We are announcing steps that will add to and continue to strengthen further our policies in any future situations involving our customers. Specifically We will not conduct a search of customer email and other services unless the circumstances would justify a court order, if one were available. To ensure we comply with the standards applicable to obtaining a court order, we will rely in the first instance on a legal team separate from the internal investigating team to assess the evidence. We will move forward only if that team concludes there is evidence of a crime that would be sufficient to justify a court order, if one were applicable. As a new and additional step, we will then submit this evidence to an outside attorney who is a former federal judge. We will conduct such a search only if this former judge similarly concludes that there is evidence sufficient for a court order.

I couldn't find any remotely similar wording in the new Services Agreement.

I also didn't see any disclosure that Windows 8.1's "Smart Search" allows Microsoft to track the contents of every search you make, even if you're just searching your computer. Bing searches, of course, go into Microsoft's big ad-generating bucket. Many people don't realize that Windows 8.1 Smart Searches do, too.

And I didn't see any discussion of the way Microsoft uses your personal information -- demographic, age, whatever -- and ties it to your activities in Windows when you log in to Windows 8 with a Microsoft Account. Ditto for tracking your whereabouts.

While Microsoft has made a definitive, plain-English commitment to what it can do with your information, it doesn't mention what it can do with other peoples' info, nor does it describe the actions of third parties. For example, if someone sends an email to your Hotmail account, can Microsoft use the info in the email to craft personalized ads for you? For the sender? Re-read Microsoft's statement carefully.

If Microsoft contracts with third parties to provide advertising -- as it has with Yahoo, at least in the context of Yahoo search -- do the rules apply to the contractor, too?

That said, Microsoft's new TOS is a breath of fresh air: It's mercifully short on legalistic mumbo-jumbo, and it's straightforward (except for those gray areas). Although Microsoft could hardly be termed the Anti-Google -- I offer Smart Search as exhibit No. 1 -- it's still much less intrusive than Google, and it deserves to crow about that fact.

Microsoft's new Services Agreement takes effect on July 31. If you use any of Microsoft's services after that point, you're assumed to have accepted the new terms.

This story, "Microsoft's new Terms of Service take shots at Google but leave loopholes," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies