Security protections have been tightened at many of the major online services, as firms like Google and Microsoft pledge to protect their users against unwanted prying eyes. But while many people fret about unwarranted government access to their data, the Internet firms themselves play by their own set of rules.
Some of the heat directed lately at the U.S. National Security Agency was focused this week on Microsoft instead. On Wednesday, Microsoft revealed that it had taken a peek at a French blogger's personal Hotmail emails as part of a company investigation into trade-secret leaks.
[ Also on InfoWorld: Microsoft reviews policies after admitting search of customer email. | Get your websites up to speed with HTML5 today using the techniques in InfoWorld's HTML5 Deep Dive PDF how-to report. | Cut to the key news for technology development and IT management with the InfoWorld Daily newsletter, our summary of the top tech happenings. ]
Microsoft said it had a right to do so, because its policies allow it to search personal emails to protect its intellectual property. In this case, a former Microsoft employee allegedly leaked Windows RT updates to the blogger via email. Microsoft's terms of service state that it's forbidden to use the company's services to upload or otherwise make available files that contain software or other material protected by intellectual property laws.
Microsoft responded to the criticism by pledging to update its procedures to make them more "transparent." In the future, it said, a separate legal team at Microsoft will review any evidence and proceed "only if that team concludes there is evidence of a crime that would be sufficient to justify a court order, if one were applicable." It will then submit the evidence to an outside attorney -- a former federal judge -- and conduct a search only if that person agrees with its conclusions.
But Microsoft's explanation of why it needs to pursue this route is itself telling. "Courts do not issue orders authorizing someone to search themselves, since obviously no such order is needed," it explained. "So even when we believe we have probable cause, it's not feasible to ask a court to order us to search ourselves."
In other words, there are no laws preventing Microsoft from looking at the data in its own services, so only Microsoft can decide when it's appropriate.