Last week we wrote about initial news reports that Microsoft had searched and disclosed the contents of a blogger’s Hotmail account as part of an internal investigation into the alleged theft of Microsoft source code and other trade secrets. Since then, EFF has been in touch with Microsoft to discuss our objections to the company’s policy regarding its access to user content. Today Microsoft announced a change to that policy:
Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.
We commend Microsoft for its willingness to reconsider its policies, and we think it made the right decision. As many have noted, while the specific circumstances that led to this case may have been unusual, the underlying issues are common to the industry. For example, Google’s general counsel recently denied accusations that it searched a journalist’s Gmail account in order to find a leaker but asserted that Gmail’s terms of services “might legally permit such access.”
We’ve said it repeatedly: It is wrong for companies to use terms of service to reserve vast, unnecessary rights to access and disclose user content. This remains the case even when companies don’t exercise all of these rights, or when they do so only in “exceptional circumstances.” Simply having onerous terms as written is the problem.
To address this industry-wide issue, Microsoft has proposed a project that will propose a set of reforms related to companies’ access to and disclosure of consumers’ personal content. The project intends to bring together other Internet companies along with EFF and the Center for Democracy and Technology (CDT) and other organizations. We look forward to working with these groups to bring more privacy, security and freedom to users.