10 Things I Know to be True about this Microsoft Hotmail Privacy Case

By Unknown - Wednesday, March 26, 2014 - No Comments

It's ugly. It's complicated. And it's a great opportunity for any webmail provider who isn't Microsoft

Microsoft Hotmail Privacy Case

When the news broke on Wednesday that Microsoft had tapped into the e-mail of a Hotmail user who had apparently received stolen software from Alex Kibkalo, a rogue Microsoft employee in Lebanon, I didn’t immediately write about it in this space. It’s a complicated matter, and there’s a lot we don’t know about the details — including the identity of the French blogger who allegedly received the purloined code. (There’s a theory on the web about who the person is, but Microsoft’s criminal complaint doesn’t name a name.)

Still, in the fullness of time, I have come to a few conclusions:

1. You can be sympathetic to Microsoft about the crime apparently committed against it and still deeply unhappy with its response. There are presumably all sorts of questionable, potentially illegal things going on in Outlook.com (the successor to Hotmail) and its competitors. The one sort of case in which we know that Microsoft thinks it’s O.K. for it to spy on your e-mail without a warrant is when you might be stealing its own stuff. It’s a fundamental conflict of interest, and it isn’t completely solved by the company’s new policy which states it’ll seek approval from a former judge before doing this again. (The higher court is still a Microsoft higher court.)

2. Just calling the Hotmail user “a blogger” is misleading. When I hear about a blogger tussling with a giant software company, my instinct, as a journalist, is to side with the blogger. But Microsoft wasn’t just concerned about leaked screenshots showing up online. As the criminal complaint explains, outsider with Windows source code might be able to crack the operating system’s copy protection. The complaint says that this was Kibkalo’s whole idea in leaking the code, and that the blogger admitted to having previously trafficked in Microsoft activation codes on eBay.

3. Calling the person a journalist or reporter is even more misleading. That’s what Techdirt’s Mike Masnick did, even though the case isn’t just about a leaked-screenshot blog, let alone reporting. Microsoft was worried about leaked SDK code enabling piracy of its software. Even if you’re unhappy about the actions the company took, I don’t think this case is about freedom of the press.

4. These guys were idiots. According to the complaint, Kibkalo and the outsider used Microsoft products such as Hotmail, SkyDrive and Windows Live Messenger to steal Microsoft’s software. When it comes to digital espionage, they were a gang that couldn’t shoot straight.

5. We don’t know what Microsoft has done in other instances. It says that these events which we’re discussing were extraordinary, and perhaps they were. But thanks to the court case, they’re the only ones we know about. (The company says that it will henceforth disclose the quantity of such instances and the number of user accounts impacted on a biannual basis, but unless they crop up in the courtroom, we’ll apparently never know the gist of each individual situation.)

6. We really don’t know what other webmail providers have done. Maybe nothing like this has ever happened to a Gmail user or a Yahoo Mail user. Or maybe far more troubling stuff has been going on. Who knows? Not us. (For the record, TechCrunch founder Michael Arrington says that he’s “nearly certain” that Google once dug around in his Gmail account, although his evidence is far from airtight.)

7. I’m not comfortable that I understand the legal situation. If Microsoft had successfully gotten a court order to search the blogger’s Hotmail, most outsiders would likely find its actions to be reasonable. Microsoft says that it’s impossible to get a court order to search your own servers, but the Electronic Frontier Foundation’s Andrew Crocker says that this is not the case. If Crocker is right, then the only appropriate scenario in future situations such as this is Microsoft getting a court order.

8. Once again, “Scroogled” makes Microsoft look bad, not Google. Microsoft has been telling us that the way Google scans for keywords in Gmail e-mails to serve up related ads is an outrageous privacy violation. That automated practice, which affects every Gmail account, has virtually nothing in common with Microsoft’s contention that it’s acceptable to dig into a single Hotmail account to protect the company’s intellectual property. But it craters Microsoft’s ability to be self righteous and makes the whole “Scroogled” campaign look even sillier and hypocritical than it already did. (Danny Sullivan of Marketing Land has a good post on this.)

9. This creates a fantastic opportunity for somebody. Microsoft says it reserves the right to keep on doing this, albeit under tighter rules. If Google or Yahoo or somebody else declares that it won’t rummage through your mail without court approval, period, that company would make lemonade out of Microsoft’s lemons. I’m not holding my breath, though: So far, other webmail providers haven’t even said they’ll hew to self-imposed restrictions of the sort which Microsoft now says it’ll follow.

10. In a perverse way, Microsoft has done us all a favor. The French blogger didn’t own that Hotmail account; people who use Outlook.com don’t own their accounts. Their stuff is stored on Microsoft property, and when they signed up for the service, they gave the company broad license to intrude upon it. The same is true for countless other online freebies from other companies.

If we become a more cynical bunch based on these events, it’ll be kind of sad — but it’ll also be a more appropriate attitude than blithely treating a web service as if it really belonged to you.

News Ticker