Saturday, March 30, 2019
Home / Tech News / Legal / Microsoft’s Violation to catch Windows 8 Source Leaker

Microsoft’s Violation to catch Windows 8 Source Leaker email should be private, Microsoft said in a recent blog post that then went on to explain why it violated that belief in privacy for at least one user.

Recently, a former Microsoft employee was arrested in Seattle, charged with theft of trade secrets. The ex-employee, Alex Kibkalo, is accused of leaking parts of Windows 8 to a French-language blogger.

The blogger in question, who remains unidentified, happened to use Hotmail–the investigation began in 2012 before Hotmail’s transition–as his primary email account. So as part of its investigation, Microsoft peeked into the blogger’s email account to read that person’s correspondence with Kibkalo.

Microsoft says it was justified in searching the blogger’s email account, because it had probable cause to believe Kibkalo was funneling trade secrets to the blogger.The company also pointed out that even with its justification for searching the account, it would have been impossible to gain a court order.

“Courts do not, however, issue orders authorizing someone to search themselves, since obviously no such order is needed,” Microsoft Deputy General Counsel John Frank explained in the blog post. “So even when we believe we have probable cause, there’s not an applicable court process for an investigation such as this one.”A

Before it did look inside the blogger’s account, however, the company claims it went through a “rigorous process” to justify the snooping.

“There was a thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites,” Frank said.

The company’s terms of service apparently make this kind of snooping just fine; however, the company plans to make its pre-snooping process even more rigorous for potential future cases.

Here are the highlights:

  • Microsoft says it will not search a user’s email or other Microsoft service “unless the circumstances would justify a court order, if one were available.”
  • A legal team separate from the internal investigating team will assess the evidence, as it did in the Kibkalo case. The investigation will only continue if the separate legal team believes there is evidence of a crime that would justify a court order.
  • If the separate legal team believes the investigation should continue, Microsoft will consult “an outside attorney who is a former federal judge.” If the “former judge” also believes there is sufficient evidenceA for a court order, then the search will happen.A
  • Any searches that take place will be confined to material relating to the investigation and nothing else.
  • The number of user searches of this type will be included in Microsoft’s bi-annual transparency report.

Instead, a comprehensive overhaul of laws protecting online privacy are in order. That way, the next time Microsoft does need to sift through a user’s account to search for wrongdoing, obtaining a court order would not seem ridiculous–but instead be standard procedure.

Article originally appeared on

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Megaupload plan to return after 5 years

The huge file-sharing website, Megaupload is scheduled to relaunch, five years after being raided and …