Monday 24 March 2014

Microsoft defends ability to access Hotmail and Outlook data

Security threats - password theft
Microsoft has defended its power to trawl users' Outlook and Hotmail accounts in the wake of a high-profile case that saw a former employee arrested for leaking Windows 8 code.
On Thursday it was reported that former employee Alex Kibkalo was arrested, after a probe by Microsoft’s own Trustworthy Computing Investigations (TWCI) division found evidence in his Hotmail account that he had sent code to a blogger based in France.
The charging sheet from the FBI on the arrest acknowledged that Microsoft allowed its internal investigation team to access Kibkalo’s account, after a source had told upper management about the possibility of data being leaked illegally.
“The source indicated that the blogger contacted the source using a Microsoft Hotmail email address that TWCI had previously connected to the blogger. After confirmation that the data was Microsoft’s proprietary trade secret, on 7 September 2012 Microsoft’s Office of Legal Compliance (OLC) approved content pulls of the blogger’s Hotmail account,” the sheet read.
The ability to access and scan the details of users' emails could have raised privacy concerns among the millions of Microsoft email service users, but the firm said it had only taken these “extraordinary actions” due to the importance of the case.
John Frank, deputy general counsel for Microsoft, wrote in a blog post: “While Microsoft’s terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances. We applied a rigorous process before reviewing such content.
“In this case, there was a thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites. In fact, as noted above, such a court order was issued in other aspects of the investigation.”
Frank added that Microsoft had not sought a court order to search the accounts as it would not actually be possible to gain such an order for a search of its own data stored on its own property.
However, he continued: "We will not conduct a search of customer email and other services unless the circumstances would justify a court order, if one were available."
He also said Microsoft would publish data on how often it uses accout-search powers in its bi-annual transparency reports. “The privacy of our customers is incredibly important to us. That is why we are building on our current practices and adding to them to further strengthen our processes and increase transparency,” he added.
The case comes amid heightened awareness of the privacy users should have with their online accounts and data in the fallout from the PRISM scandal that has engulfed the tech world since last summer.

No comments:

Post a Comment