Microsoft Snooped on a Blogger's Email to Hunt Down a Leaker

By Mario Aguilar on at

An indictment filed in federal court a today reveals that Microsoft snooped through a blogger's Hotmail account trying to plug an internal leak of pre-release Windows 8 software. That sounds like an outrageous violation of privacy. Microsoft claims they had the legal right under its terms of service.

BI reports that that federal prosecutors filed papers against former Microsoft employee Alex Kibkalo today, alleging that he illegally transferred company secrets to an unnamed blogger. According to the indictment, the blogger came to Microsoft claiming it had inside information. The information was of particular interest because the blogger's email address had already been identified by Microsoft's private security. After clearing its plan with its legal department, Microsoft dove in, and found an email implicating Kibkalo in leaks.

That Microsoft would go poking around anyone's email without a court order is pretty infuriating, especially since Microsoft has made a big hubub about how it keeps your information private and how Google is scraping your email for advertising purposes.

But don't worry, Microsoft has a lame legal justification. Here's the statement the company provided to Business Insider.

During an investigation of an employee we discovered evidence that the employee was providing stolen IP, including code relating to our activation process, to a third party. In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries. This included the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. The investigation repeatedly identified clear evidence that the party involved intended to sell Microsoft IP and had done so in the past.

In other words, Microsoft thinks that because the security of its product, and therefore its users, had been compromised it had the right to unilaterally decide it could go in. Its legal department decided it could justify the action through its Terms of Service.

Can Microsoft legally justify snooping through a reporter's email? Sure. That doesn't change the fact that its a reprehensible violation of the trust we put in these companies. It's a good reminder that we're all a little stupid for trusting big companies with our data. If you're not a little wary about what you say in your email—maybe you should be.

Kibkalo Federal Indictment

[Business Insider]