back to article Microsoft alters Hotmail policy amid blogger inbox probe outcry

Microsoft has moved to address concerns caused by news it rummaged through a blogger's Hotmail inbox as part of an investigation into an employee's conduct. As we've reported, even though this is a tremendous PR cock-up, Microsoft was well within its rights to dive into a blogging hack's private Hotmail account to root out an …


This topic is closed for new posts.
  1. Mikel

    All better now. Rest easy.

    They're going to employ a former federal judge and some outside counsel to officially rubber stamp their future Hotmail account snooping. That is so reassuring. For a moment there I was afraid they might just not do it any more. This is SO much better. Does the Mailbox plundering team have an official name yet? May I suggest "Global Mail Account Investigation Legal Team", or "GMAIL Team" for short?

    1. phuzz Silver badge

      Re: All better now. Rest easy.

      So now you get the same protection from Microsoft reading your emails, as you do from the US Government, except that MS will tell you if they've been peeking, whereas the government won't.

      Still, if you're stealing/leaking things from Microsoft, maybe using a Gmail/Yahoo account would have been a better choice.

      1. mrweekender

        Re: All better now. Rest easy.

        Riiiiiiiiight...., so you're saying NOW there's protection? Personally I don't believe a word of this MS bullshit. NO ONE, that's NO ONE should be allowed to rifle through anyone's email account without a) informing the account holder FIRST and b) having an appropriate court order to do so. What is this NAZI fucking Germany?

        1. tom dial Silver badge

          Re: All better now. Rest easy.

          -1 for inappropriate language. Microsoft are not the police, let alone the Gestapo, and those who store documents in public places run a risk. They might be able to mitigate that risk with encryption, maybe at the expense of convenience, but it would be better to store the email on private computers to raise the bar against private actors such as (in this case) Microsoft.

    2. joed

      Re: All better now. Rest easy.

      It's still better than evil Google reading your emails to push customized ads. Right?

  2. James Loughner

    Which will cause MS more damage?

    The early release of some test code


    The attention brought to the fact that their terms of service allow them to look at any thing they damn well please.


    And a bought and paid for judge will decide in the future if they get to peek. Really???

    1. Anonymous Coward
      Anonymous Coward

      Re: Which will cause MS more damage?

      And so much for Microsoft's marketing campaign that highlights Google's data collection obsession - they're now very much in Pot/Kettle territory.

      1. Anonymous Coward
        Anonymous Coward

        Re: Which will cause MS more damage?

        they're now very much in Pot/Kettle territory.

        Almost, but not quite.

        Google just read your emails by scanning them for keywords, and delivering an advert based on them. Automated, by software... and they're pretty open about it.

        Microsoft, on the other hand, will personally read your correspondence, copy it, and use it against you.

        Given the choice, I'd rather be scroogled than microshafted.

      2. Fatman

        Re: Which will cause MS more damage?

        And so much for Microsoft's marketing campaign that highlights Google's data collection obsession

        Which Google's PR team would be wise to exploit.

    2. big_D Silver badge

      No different

      from any other cloud service.

      At least they seem to have gone to the lawyers to see if what they wanted to do would hold up in court.

      On the one hand, it is a little disconcerting, on the other hand, it seems like they did do the investigation in a professional manner. The report from Ed Bott over at ZDNet makes a very good read.

  3. McHack

    Better read all of the MS T&C's

    If I use any MS products, thus establishing a business relationship, and MS suspects I'm using a dodgy COA, does MS have permission to rummage through my Outlook and Hotmail accounts looking for evidence of wrongdoing because of the existing relationship?

    1. Anonymous Coward
      Anonymous Coward

      Re: Better read all of the MS T&C's

      In a word, YES.

    2. Anonymous Coward
      Anonymous Coward

      Re: Better read all of the MS T&C's

      Best if you bother to spend the time to review ALL the legal agreements you subject yourself to in the course of your life. At first it may seem wasted time but after reading a dozen or so, you can run a checklist as you scan them. It has a couple of benefits as well. It lends a deserved air of caution while seeking employment. It also reduces the chance of contracting major butt-hurt as this ex-employee will feel in the near future. Oh, one more. Government types don't try to snowball me. When something seems odd, ask them to break out the regulations.

  4. Yet Another Anonymous coward Silver badge

    Never happen here

    Don't I remember something about BA spying on Virgin's bookings in the same way - and getting off because a BA owned company owned the server and a judge ruled they could do what they wanted on their own property

    1. Charles Manning

      Re: Never happen here

      "a judge ruled they could do what they wanted on their own property"

      Must have been a crap bunch of lawyers...

      A housing analogy would be that of a landlord searching through a tennant's stuff on his property. I doubt that would be acceptable in Blighty.

      1. Richard 12 Silver badge

        Re: Never happen here

        The housing/landlord thing had specific laws about it.

        The tenant may "enjoy the property without let or hindrance".

        But then business to business relationships have always been less stringently policed than business to consumer.

        Businesses are more or less expected to write contracts to cover this sort of thing, and only rely on the law to enforce that contract.

    2. Anonymous Coward
      Anonymous Coward

      Re: Never happen here

      "Don't I remember something about BA spying on Virgin's bookings in the same way"

      As it happens, I recently read Richard Branson's autobiography and this matter is covered. It details that specific, appalling piece of behaviour by Lord King and BA and a rather long list of other serious breaches of trust and abuses by LK and the BA staff who enthusiastically tried to bury RB personally and Virgin Atlantic specifically. No mention was made of any specific outcome of the data snooping.

      However, the appalling and consistent, libellous statements by BA and LK in particular were punished to the tune of GBP 500,000 for RB and GBP 110,000 for VA. BA settled out of court with what amounted to a full confession. They did so because they were guilty as sin with sub-zero possibility of a favourable outcome, and they knew that a court case would expose them as the slimy bastards that they provavbly are. In the airline industry BA is, and will forever be, known for what they were revealed to be in the VA/RB case (and Laker Airways before, and all the other airlines that were crushed by BAs systematic abuses).

      "Sir Freddie sued British Airways, BCal, Pan Am, TWA, Lufthansa, Air France, Swissair, KLM, SAS, Sabena, Alitalia and UTA for conspiracy to put his airline out of business by predatory pricing. They settled out of court for US$50m, which let Laker Airways pay its debts. British Airways reached a separate out-of-court agreement with Sir Freddie personally for £8m" -- Wiki.

      Of the million miles I have flown in the past decade, zero have been on BA. I cannot see that number increasing anytime soon.

      Anon, because BA (unfortunately) is a client.

      1. Yet Another Anonymous coward Silver badge

        Re: Never happen here

        It's one of the reasons I haven't flown BA in 20years - that and the old and dirty planes, crap in-flight entertainment, rude staff and their idea of customer service.

        I had to fly them recently as the only way of getting out of a certain middle eastern country - and nothing has changed.

  5. Anonymous Coward
    Anonymous Coward

    You should assume all providers will do this

    I assume Microsoft will read Hotmail if they want, Google will read Gmail, Apple will read iMessage, Facebook will look through your photos with face recognition software, etc.

    Even if you can read the T&Cs without having an aneurysm, we all know they change their T&Cs regularly, and can assume that 99.9% of changes are not in our favor. It would be a full time job to read all the updated T&Cs, privacy policies, shrink wrap licenses, etc. that we deal with in our daily lives and truly understand them. Even then apparently if the NSA tells them to jump and lie about it, they say "how high?" while telling us their feet never left the ground.

    Hate to sound like I'm defending Microsoft here, but I guess I'm way too cynical to be even slightly surprised. How stupid did that blogger have to be to use a Hotmail account when he's dealing with stolen Microsoft IP? Not as stupid as a Microsoft employee had to be to correspond with a blogger using a Hotmail account. Would it have killed them to create a GMail account and use that for this transaction?

    1. Mikel

      Re: You should assume all providers will do this

      Ah the everybody else woulda defense. Except that this thing is so abhorrent that it demands deliberate intent. It needs volition. It needs a desire to be evil.

    2. Anonymous Coward
      Anonymous Coward

      Would it have killed them to create a GMail account

      Or even used proper encryption?

    3. Anonymous Coward
      Anonymous Coward

      Re: You should assume all providers will do this

      The blogger wasn't particularly stupid in the way you think.

      He already had the Hotmail address before he knew someone would be sending him hot MS details so that was unavoidable. Where he actually screwed up was in emailing another MS employee for confirmation.

      The fact that the original stuff was sent to a Hotmail account was not something of his choosing.

  6. Richard 12 Silver badge

    Are they really sure they can do that?

    Given that they have customers in practically every legal jurisdiction, some of which have very strict privacy laws?

    I'm absolutely certain they can do this with US customers emails, but I suspect probably not EU customers due to Data Protection legislation.

    While that won't stop them, it would tend to make cases built on the data fall to bits and cause a civil complaint to be met with a criminal counter suit.

    Regardless, it was bloody stupid to make such a mockery of their own anti-Google adverts. I wonder how much money they wasted on those, and if US customers can now sue for false advertising?

  7. MachDiamond Silver badge

    Protecting their customers

    The bit in the T&C's about being able to riffle through an account on M$ services to protect their "customers" is a whooping big net. A huge percentage (bordering on 100%) of computer users could be claimed to be M$ customers. IIRC, even Apple has some licensed some M$ code that it uses on Macs.

    It wasn't too clever for the employee to be using M$ services to leak information. Sounds like the poor job review was warranted.

    What a load of poo about claiming that it means anything to have their tame former judge say that it's ok to read peoples mail since, in his opinion, a sitting judge would grant a warrant given the information M$ had on hand. While it's good to have experienced legal professionals on staff to give advice, it's not the same as going through the proper channels.

    What next? The phone companies will start collecting our call information? Ummm. Yeah.

    If it's free, you are the product. TANSTAAFL!

  8. Gray

    A clarification of policy ...

    ... thus the phrase "private hotmail account" becomes an oxymoron.

  9. Amorous Cowherder

    That's there business, surely?

    If MS own Hotmail, MS wrote the T&Cs and you're too lazy or too busy to read them, buried in there it says "Sod you, we can do what we like with anything that passes into our systems! So tough!", then there's not a lot you can do is there!

    I'm no MS shill but if you agree to abide by the rules on the clubhouse door, don't whinge when the clubhouse owner decides to use them.

    1. Anonymous Bullard

      Re: That's there business, surely?

      Not quite. The law trumps T&Cs.

    2. Anonymous Coward
      Anonymous Coward

      Re: That's there business, surely?

      "'re too lazy or too busy to read them"

      Very holier than thou, how about you tell us three bits of popular software you use and we'll give you a quick pop quiz about the terms and conditions of them without you looking it up to see if you read them and can remember them?

      I'll start by asking about services I know you use.

      The Register: (without looking)

      [Q] Which one of these bits of personal data do they not give an example of that they may collect, process and use?

      [A] Email address, Telephone, Mobile number, Fax Number

      [Q] What is the title of the Rackspace page you are expected to read for Privacy policy?

  10. Anonymous Coward
    Thumb Down

    We have altered the T&C's

    Pray we don't alter them any further !

  11. Anonymous Coward
    Anonymous Coward

    The Adventures Of Trying To Close Your MS Email Account...

    I've been trying for months but I'm caught in the infinite loop below. Does anyone know a workaround?

    MS' own solution is this... You email them all of your personal info all over again and maybe they'll look into it. That's not very attractive for those actively trying to erase themselves. I closed all Google and Yahoo accounts and had no similar probs. Its a nano sized protest, but I hope others follow and put a dent in the privacy universe. Account Settings -> Close Account:

    1. "You need to deactivate your or Hotmail account. Once you've done that, your Microsoft account will be closed automatically after a period of inactivity"

    2. "Deactivate your Outlook account - This option isn't available for your account"

  12. Anonymous Coward
    Anonymous Coward


    I mean, nobody who values privacy would expect free (or paid for) inbox to be safe from prying eyes, would they? So they don't email zipped (stolen) NSA files, or White House blueprints, or stolen code, or anything they would incriminate them, via such open channels.


    Oh, I see... well, perhaps I have overestimated the levels of common sense applied these days :)

  13. bigtimehustler

    Perfectly within their rights because of the terms of service? This is not true worldwide, most countries accept that their own law trumps that of any terms of service. It is not as straight forward as saying its in the terms so they can do what they like. Take for example a telecoms provider, if they updated their terms to say they could listen in on my communications, they still could not do so, it would be classed as an illegal wiretap in the US and would be illegal in most European countries too. A lot of these laws apply to all personal communication.

  14. Nigel 11

    How much more snooping

    How much more snooping will it take, before the world moves en masse to PGP or other securely encrypted e-mail?

    At present, assume that your e-mail is going to be read by everyone with more than a casual interest in what you are saying. That way you won't be surprised when it is.

    The snoops will overreach and kill their golden goose one day. I'm surprised it isn't today.

  15. Bladeforce

    At Microsoft we value..

    our privacy

  16. Anonymous Coward
    Anonymous Coward

    Just got hotmailed

    Just like being scroogled but worse.

  17. Stevie

    The Currently Agrieved Party

    That would be Microsoft, wouldn't it?

    I mean, we *are* talking about a breach of the terms of service, terms of employment, professional ethics and just plain common sense here, aren't we?

    Or do we think it's a good thing for the IT and IT consulting professions to encourage people who steal from their employer?

  18. sjo

    Scroogled ! Hotmailed ? Outlooked ? Microsofted ??

    So much for the scroogled ad campaign

    1. Fatman

      Re: Scroogled ! Hotmailed ? Outlooked ? Microsofted ??

      Scroogled ! Hotmailed ? Outlooked ? Microsofted SHAFTED ??


  19. Old Handle

    That good I guess, but how about actually getting a real court order instead of a pretend one? My understanding is they're given out like candy nowadays anyway.

  20. Frank N. Stein

    This statement comes from Microsoft General Counsel. Anyone trust his word on this? But wait. Some external ex judge will bless it and that makes it right?

  21. Anonymous Coward
    Anonymous Coward

    You will become one with the BORG ..

    "We only wish to raise quality of life for all species"

  22. Steve Knox
    Paris Hilton

    Typical Microsoft

    Create a complicated and opaque process to replicate the functionality of an already existing simple and relatively transparent one.

    If the bar is "sufficient to warrant a court order", then why not just get a court order!?

This topic is closed for new posts.

Other stories you might like