Microsoft is facing a storm of criticism over its privacy policies after it admitted that it had read the email inbox of a blogger while investigating a leak at the company.
Alex Kibalko, who previously worked at Microsoft’s Lebanon office, reportedly leaked snippets of code belonging to an unreleased operating system after receiving a bad performance report. Kibalko sent these to an unnamed “French technology blogger” who then posted screenshots online.
In investigating these posts, Microsoft’s deputy general counsel John Frank said that the company took “extraordinary actions” – namely, scanning accounts belonging to the anonymous French blogger to find the name of the employee responsible for the leaks.
Microsoft says that their search was legal because it fell under a provision in the company’s terms of service stating that “Microsoft reserves the right to review materials posted to the Communication Services and to remove any materials in its sole discretion.”
However, the company has come under fire for performing the search without court authorisation, especially in the wake of the NSA scandals following which Microsoft expressed outrage at the government carrying out identical, unwarranted snooping.
The company has since said that it will be changing its terms of service so that a legal team will have to examine any future investigations and check whether they require a court order. Microsoft says it will submit any evidence in an investigation to an independent legal adviser to see whether a search is deemed necessary.
“The privacy of our customers is incredibly important to us,” said Frank in a statement, “and while we believe our actions in this particular case were appropriate given the specific circumstances, we want to be clear about how we will handle similar situations going forward."