Microsoft alters Hotmail policy amid blogger inbox probe outcry Microsoft has moved to address concerns caused by news it rummaged through a blogger's Hotmail inbox as part of an investigation into an employee's conduct. As we've reported, even though this is a tremendous PR cock-up, Microsoft was well within its rights to dive into a blogging hack's private Hotmail account to root out an …
They're going to employ a former federal judge and some outside counsel to officially rubber stamp their future Hotmail account snooping. That is so reassuring. For a moment there I was afraid they might just not do it any more. This is SO much better. Does the Mailbox plundering team have an official name yet? May I suggest "Global Mail Account Investigation Legal Team", or "GMAIL Team" for short?
So now you get the same protection from Microsoft reading your emails, as you do from the US Government, except that MS will tell you if they've been peeking, whereas the government won't.
Still, if you're stealing/leaking things from Microsoft, maybe using a Gmail/Yahoo account would have been a better choice.
Riiiiiiiiight...., so you're saying NOW there's protection? Personally I don't believe a word of this MS bullshit. NO ONE, that's NO ONE should be allowed to rifle through anyone's email account without a) informing the account holder FIRST and b) having an appropriate court order to do so. What is this NAZI fucking Germany?
-1 for inappropriate language. Microsoft are not the police, let alone the Gestapo, and those who store documents in public places run a risk. They might be able to mitigate that risk with encryption, maybe at the expense of convenience, but it would be better to store the email on private computers to raise the bar against private actors such as (in this case) Microsoft.
they're now very much in Pot/Kettle territory.
Almost, but not quite.
Google just read your emails by scanning them for keywords, and delivering an advert based on them. Automated, by software... and they're pretty open about it.
Microsoft, on the other hand, will personally read your correspondence, copy it, and use it against you.
Given the choice, I'd rather be scroogled than microshafted.
from any other cloud service.
At least they seem to have gone to the lawyers to see if what they wanted to do would hold up in court.
On the one hand, it is a little disconcerting, on the other hand, it seems like they did do the investigation in a professional manner. The report from Ed Bott over at ZDNet makes a very good read.
Best if you bother to spend the time to review ALL the legal agreements you subject yourself to in the course of your life. At first it may seem wasted time but after reading a dozen or so, you can run a checklist as you scan them. It has a couple of benefits as well. It lends a deserved air of caution while seeking employment. It also reduces the chance of contracting major butt-hurt as this ex-employee will feel in the near future. Oh, one more. Government types don't try to snowball me. When something seems odd, ask them to break out the regulations.
The housing/landlord thing had specific laws about it.
The tenant may "enjoy the property without let or hindrance".
But then business to business relationships have always been less stringently policed than business to consumer.
Businesses are more or less expected to write contracts to cover this sort of thing, and only rely on the law to enforce that contract.
"Don't I remember something about BA spying on Virgin's bookings in the same way"
As it happens, I recently read Richard Branson's autobiography and this matter is covered. It details that specific, appalling piece of behaviour by Lord King and BA and a rather long list of other serious breaches of trust and abuses by LK and the BA staff who enthusiastically tried to bury RB personally and Virgin Atlantic specifically. No mention was made of any specific outcome of the data snooping.
However, the appalling and consistent, libellous statements by BA and LK in particular were punished to the tune of GBP 500,000 for RB and GBP 110,000 for VA. BA settled out of court with what amounted to a full confession. They did so because they were guilty as sin with sub-zero possibility of a favourable outcome, and they knew that a court case would expose them as the slimy bastards that they provavbly are. In the airline industry BA is, and will forever be, known for what they were revealed to be in the VA/RB case (and Laker Airways before, and all the other airlines that were crushed by BAs systematic abuses).
http://news.bbc.co.uk/onthisday/hi/dates/stories/january/11/newsid_2520000/2520189.stm
"Sir Freddie sued British Airways, BCal, Pan Am, TWA, Lufthansa, Air France, Swissair, KLM, SAS, Sabena, Alitalia and UTA for conspiracy to put his airline out of business by predatory pricing. They settled out of court for US$50m, which let Laker Airways pay its debts. British Airways reached a separate out-of-court agreement with Sir Freddie personally for £8m" -- Wiki.
Of the million miles I have flown in the past decade, zero have been on BA. I cannot see that number increasing anytime soon.
Anon, because BA (unfortunately) is a client.
It's one of the reasons I haven't flown BA in 20years - that and the old and dirty planes, crap in-flight entertainment, rude staff and their idea of customer service.
I had to fly them recently as the only way of getting out of a certain middle eastern country - and nothing has changed.
I assume Microsoft will read Hotmail if they want, Google will read Gmail, Apple will read iMessage, Facebook will look through your photos with face recognition software, etc.
Even if you can read the T&Cs without having an aneurysm, we all know they change their T&Cs regularly, and can assume that 99.9% of changes are not in our favor. It would be a full time job to read all the updated T&Cs, privacy policies, shrink wrap licenses, etc. that we deal with in our daily lives and truly understand them. Even then apparently if the NSA tells them to jump and lie about it, they say "how high?" while telling us their feet never left the ground.
Hate to sound like I'm defending Microsoft here, but I guess I'm way too cynical to be even slightly surprised. How stupid did that blogger have to be to use a Hotmail account when he's dealing with stolen Microsoft IP? Not as stupid as a Microsoft employee had to be to correspond with a blogger using a Hotmail account. Would it have killed them to create a GMail account and use that for this transaction?
The blogger wasn't particularly stupid in the way you think.
He already had the Hotmail address before he knew someone would be sending him hot MS details so that was unavoidable. Where he actually screwed up was in emailing another MS employee for confirmation.
The fact that the original stuff was sent to a Hotmail account was not something of his choosing.
Given that they have customers in practically every legal jurisdiction, some of which have very strict privacy laws?
I'm absolutely certain they can do this with US customers emails, but I suspect probably not EU customers due to Data Protection legislation.
While that won't stop them, it would tend to make cases built on the data fall to bits and cause a civil complaint to be met with a criminal counter suit.
Regardless, it was bloody stupid to make such a mockery of their own anti-Google adverts. I wonder how much money they wasted on those, and if US customers can now sue for false advertising?
The bit in the T&C's about being able to riffle through an account on M$ services to protect their "customers" is a whooping big net. A huge percentage (bordering on 100%) of computer users could be claimed to be M$ customers. IIRC, even Apple has some licensed some M$ code that it uses on Macs.
It wasn't too clever for the employee to be using M$ services to leak information. Sounds like the poor job review was warranted.
What a load of poo about claiming that it means anything to have their tame former judge say that it's ok to read peoples mail since, in his opinion, a sitting judge would grant a warrant given the information M$ had on hand. While it's good to have experienced legal professionals on staff to give advice, it's not the same as going through the proper channels.
What next? The phone companies will start collecting our call information? Ummm. Yeah.
If it's free, you are the product. TANSTAAFL!
If MS own Hotmail, MS wrote the T&Cs and you're too lazy or too busy to read them, buried in there it says "Sod you, we can do what we like with anything that passes into our systems! So tough!", then there's not a lot you can do is there!
I'm no MS shill but if you agree to abide by the rules on the clubhouse door, don't whinge when the clubhouse owner decides to use them.
"...you're too lazy or too busy to read them"
Very holier than thou, how about you tell us three bits of popular software you use and we'll give you a quick pop quiz about the terms and conditions of them without you looking it up to see if you read them and can remember them?
I'll start by asking about services I know you use.
The Register: (without looking)
[Q] Which one of these bits of personal data do they not give an example of that they may collect, process and use?
[A] Email address, Telephone, Mobile number, Fax Number
[Q] What is the title of the Rackspace page you are expected to read for Privacy policy?
I've been trying for months but I'm caught in the infinite loop below. Does anyone know a workaround?
MS' own solution is this... You email them all of your personal info all over again and maybe they'll look into it. That's not very attractive for those actively trying to erase themselves. I closed all Google and Yahoo accounts and had no similar probs. Its a nano sized protest, but I hope others follow and put a dent in the privacy universe. Account Settings -> Close Account:
1. "You need to deactivate your Outlook.com or Hotmail account. Once you've done that, your Microsoft account will be closed automatically after a period of inactivity"
2. "Deactivate your Outlook account - This option isn't available for your account"
I mean, nobody who values privacy would expect free (or paid for) inbox to be safe from prying eyes, would they? So they don't email zipped (stolen) NSA files, or White House blueprints, or stolen code, or anything they would incriminate them, via such open channels.
...
Oh, I see... well, perhaps I have overestimated the levels of common sense applied these days :)
Perfectly within their rights because of the terms of service? This is not true worldwide, most countries accept that their own law trumps that of any terms of service. It is not as straight forward as saying its in the terms so they can do what they like. Take for example a telecoms provider, if they updated their terms to say they could listen in on my communications, they still could not do so, it would be classed as an illegal wiretap in the US and would be illegal in most European countries too. A lot of these laws apply to all personal communication.
How much more snooping will it take, before the world moves en masse to PGP or other securely encrypted e-mail?
At present, assume that your e-mail is going to be read by everyone with more than a casual interest in what you are saying. That way you won't be surprised when it is.
The snoops will overreach and kill their golden goose one day. I'm surprised it isn't today.
That would be Microsoft, wouldn't it?
I mean, we *are* talking about a breach of the terms of service, terms of employment, professional ethics and just plain common sense here, aren't we?
Or do we think it's a good thing for the IT and IT consulting professions to encourage people who steal from their employer?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
