Kudos: Microsoft Changes Policy, Promises Not To Inspect Customers' Content
from the good-move dept
Last week, we wrote about Microsoft’s ridiculous decision to search through a reporter’s Hotmail email account after realizing that reporter had an unauthorized copy of Windows 8. The whole thing seemed like a huge overreaction by the company — in trying to track down an almost meaningless leak that was unlikely to have any real impact on anything, the company effectively alerted the world that you had no real privacy in your email. The move was even more ridiculous since Microsoft has more or less bet its email farm on a marketing campaign about how it respects your privacy more than others. Microsoft’s first response to this was exceptionally weak. While it announced a “change” in policies, it was still the same basic policy, that effectively (and misleadingly) claimed that it could and would continue to search anyone’s email if the company had evidence that you might reveal a leaker.
Apparently — and somewhat surprisingly — it appears that Microsoft and its legal team took the criticism seriously. Microsoft’s General Counsel Brad Smith has now put out a new blog post announcing a complete change in policy, promising that it will not unilaterally look through any Microsoft user’s content in search of “stolen” intellectual property:
Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.
Furthermore, the company will officially change its terms of service to reflect that change in policy. On top of that, it is starting a (somewhat undefined) project with EFF and CDT to work on “best practices” concerning privacy. Smith’s apology is quite heartfelt, which is also rare from a big company:
It’s always uncomfortable to listen to criticism. But if one can step back a bit, it’s often thought-provoking and even helpful. That was definitely the case for us over the past week. Although our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case, the circumstances raised legitimate questions about the privacy interests of our customers.
In part we have thought more about this in the context of other privacy issues that have been so topical during the past year. We’ve entered a “post-Snowden era” in which people rightly focus on the ways others use their personal information. As a company we’ve participated actively in the public discussions about the proper balance between the privacy rights of citizens and the powers of government. We’ve advocated that governments should rely on formal legal processes and the rule of law for surveillance activities.
While our own search was clearly within our legal rights, it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us. Therefore, rather than inspect the private content of customers ourselves in these instances, we should turn to law enforcement and their legal procedures.
Personally, I wish the announcement and policy change went a bit further — beyond just “intellectual or physical property,” but making it clear across the board that, absent a reasonable warrant signed by a judge, Microsoft will not allow anyone to access anyone’s content. But, perhaps we’ll get there some day. In the meantime, Microsoft does deserve some kudos for changing positions. Most large companies would try to just let this issue fade away rather than proactively address it.