Cloud

Microsoft issues mea culpa in wake of Hotmail email probe, seeks to restore customer trust

Microsoft's criticisms of Google for scanning email to serve ads ring hollow with disclosures that the company probed a blogger's email account. Will Microsoft's TOS changes restore customer trust?

scrrog6.png

A former Microsoft employee, Alex Kibkalo, is facing criminal prosecution for allegedly leaking prerelease Windows 8 software to a French blogger. Kibkalo was arrested in Seattle on March 19, 2014 and charged with "theft of trade secrets" and is being held without bail. Reportedly, Kibkalo was angry over a poor performance evaluation (likely based on the stack-rank system, a widely criticized practice which Microsoft abolished late last year); however, the real story here is the way Microsoft identified Kibkalo as the alleged leaker.

A series of unfortunate events

The unnamed French blogger contacted a Microsoft employee via a Hotmail (now Outlook) account requesting verification that a program allegedly provided by Kibkalo was genuine. Upon confirmation that it was Microsoft property, an email from Kibkalo was found in the blogger's Hotmail account, along with an email notifying the blogger of files being shared with him via SkyDrive (now OneDrive). In addition, this activity was discussed on Windows Live Messenger (now discontinued), all of which is visible and searchable by Microsoft's Trustworthy Computing Investigations team.

Anyone will tell you that exchanging insider information about the company you work for using that company's own cloud infrastructure is a bad idea. At the time of the incident, Microsoft believed it had the right to read your email, as the Terms of Service state: "You consent and agree that Microsoft may access, disclose, or preserve information associated with your use of the services ... [to] protect the rights or property of Microsoft or our customers."

Without jumping into a protracted discourse about how contract law does not and cannot trump inalienable rights of an individual, the takeaway here is that Microsoft reserves the right to read the email in your Outlook account. After facing an intense level of public backlash and criticism, Microsoft has issued a mea culpa on the matter, claiming that it will refer such matters to law enforcement instead.

The initial PR response

Microsoft not reading your emails is the central focus of its "Scroogled" campaign, a jab at Google's placing of AdWords adverts on the Gmail website. Other topics of the Scroogled campaign include Google Shopping requiring online merchants to pay advertising fees to have their products offered in Shopping searches, criticizing Google for placing adverts in close proximity to search results (exactly as Bing, Microsoft's fledgling search engine does), and criticizing the Chromebook for not having Windows or Office. The Scroogled campaign also extends into apparel, for those that wish to express their corporate cheerleading with clothing.

Cognizant of the public relations disaster that this investigation has landed Microsoft in, the firm released a statement on March 21, 2014 with precisely worded statements that give the impression of "accountability theater" with reviews by "an outside attorney who is a former federal judge." In this same statement, John Frank, the deputy general counsel for Microsoft, offered a defense of Microsoft's searching the contents of a Hotmail account in the Kibkalo case. In addition, he noted that "courts do not... issue orders authorizing someone to search themselves, since obviously no such order is needed," a statement derided by Jennifer Granick of Stanford Law School's The Center for Internet and Society as "wrong... At best".

Microsoft's activity with the US federal government and law enforcement

The same day, hackers identifying themselves as members of the "Syrian Electronic Army" released documents apparently purloined from Microsoft servers detailing invoices to the US federal government for records of Microsoft account users at $50-$200 per request, totaling hundreds of thousands of dollars per month of taxpayer funds lining Microsoft's pockets.

In a statement to The Register, Microsoft dismissed the claims:

We've previously stated that Microsoft won't comment on the validity of any stolen emails or documents. Regarding law enforcement requests, there's nothing unusual here. Under U.S. law, companies can seek reimbursement for costs associated with complying with valid legal orders for customer data. As we state clearly in our Law Enforcement Requests Report, we attempt to recover some of the costs associated with any such orders. Please refer to our Trustworthy Computing blog posted on January 24, 2014 for more details.

The bit about law enforcement requests is true, and not an activity limited to Microsoft. Microsoft has the ability to read emails stored on Outlook, and requests compensation to provide this information under subpoena. In 2010, Microsoft didn't charge at all, a fact for which it was chided by the ACLU -- charging creates a paper trail for the request.

The mask of privacy

The issue at hand isn't that Microsoft is pursuing legal action against an ex-employee that may have been leaking binaries, or that it complies with subpoenas for information -- any company, faced with similar circumstances, would do the same. The issue is that Microsoft's public relations team sanctimoniously declared the company does not read your emails, when it's on the record as having done so, and -- until just recently -- insisted in its EULA that the company reserved the right to do so.

Does Microsoft's conduct in the Kibkalo case change your trust level in the company? If so, has your trust level gone up or gone down? Does it crush your confidence in cloud computing? Can cloud companies compensate for privacy and security concerns? Let us know your thoughts in the comments section.

Also read

Disclaimer: TechRepublic, ZDNet, and CNET are CBS Interactive properties.

About

James Sanders is a Java programmer specializing in software as a service and thin client design, and virtualizing legacy programs for modern hardware. James is currently a student at Wichita State University in Kansas.

11 comments
lkarnis
lkarnis

Are you serious? Microsoft and trust do not belong in the same sentence together (unless one of them is negated). How could you be involved with MS in any way for any length of time (with your eyes open) and feel that you have a 'trust' relationship with them.

Harrison Valetski
Harrison Valetski

bring cortana to windows store for desktop and all is forgiven

sonyasnet
sonyasnet

No service provider can be trusted because they cannot trust anyone either. But I shall Never forgive MS for taking Hotmail away from their loyal customers. Thus, there are now no loyal customers anywhere either..

info
info

I still remember having a good laugh when an XP pop-up window asked the question, "This contains items from 'Microsoft Corporation'. Do you trust them?"

RobertMoore12
RobertMoore12

I don't trust MS any farther than I can throw the building where they are housed. Of course, if you work online your data is public for people such as this to view if they really want.

JefferyDodds
JefferyDodds

The idea that you can trust a "corporate citizen" is irresponsible naiveté.  When the chips are down a corporation is responsible to it's capitalist roots, not moral authority.  It's easy to be good when things are sunny, but when it turns dark find a person you can trust, not people and definitely not a corporation.

anders43-9e396
anders43-9e396

No it has not affected my trustlevel, it has always been low from start, when you use a "free" service you really are just paying - not with dollars and cents - but with information about yourself. 

w7hd
w7hd

Microsoft has been untrustworthy for many years.   Why do you think it will change now?  They ride roughshod over their own customers, charge them outrageous fees to provide a "service" to fix their operating system, when NO user manual exists and their "help" system is severely broken.  Getting a suggestion to research their web site when your problem is that you can't get online is rather stupid, yet I have seen this many times.  I have yet to have their help system solve ANY problem, and I've been using Windows since Windows 386 was released.  I was also on the DOS evaluation teams and wrote some of the code they used (I gave it to them as gratis code).

Seeing Ballmer leave was a breath of fresh air, reviving the hope that they would become customer-focused once more.  

What is my primary operating system?  Linux, of course.  It's fast, dependable, doesn't have to be rebooted every time a patch is released, and doesn't cost anything to use.  

After having her machine reboot in the middle of composing an email caused my wife to make a very firm request to get that Microsoft crap off her machine and put Linux on, which I did.   She has been happy ever since that incident several years ago.

Windows 8 is a customer relation disaster, and has caused MANY, MANY to refuse to use it, even when it came on their new machine.  My first task when receiving a laptop running Windows 8 was to set it to dual-boot Linux while I attempted to fumble my way through the Microsoft Windows 8 maze (with NO assistance from Microsoft).  Try convincing an IT department to install it (good luck with that).  They know what a disaster their customer support will become.  Before I retired last fall, we had already made a very firm decision NOT to install Windows 8 on client machines.  2500 requests for help with a staff of 12 didn't equate to our way of thinking.  

Have you noticed the recent spate of articles telling you how and why to install Linux on your XP machine?  There appears to be some writing on that wall.

eaglewolf
eaglewolf

@anders43-9e396

And there's the saying for 'free' services:   when you use a free service, you're not a customer - you're a product.

This holds for all the social networking sites, too, that market (squeeze) every penny they can from each and every member.   Facebook admitted once to having around 7 million underage (by admission of the member, not a forged account) users.   Yet they have no intention of deleting those accounts - they have too much marketing value.

To answer the question:  do I trust Microsoft?   No.   Do I trust the cloud?  No.   I can't see either answer changing anytime soon.

info
info

@w7hd I seem to remember a similar amount of dismay and confusion when Windows95 was released...

Editor's Picks