I reported the criminal complaint about ex-Microsoft employee Alex Kibkalo over on DataBreaches.net, but one aspect of the case has raised privacy concerns – that Microsoft searched the contents of his Hotmail account for evidence that he was providing trade secrets to a blogger who had been leaking information about Windows. There was no indication that they had obtained a subpoena to do so, either. Peter Bright reports:
The blogger contacted the third party using a Hotmail account. After confirming that the source leak was, indeed, authentic, Microsoft’s Trustworthy Computer Investigations (TWCI) team investigated the Hotmail account in an attempt to identify the blogger and his source. In doing so, they discovered e-mails from Kibkalo. Further digging revealed that Kibkalo created a virtual machine on Microsoft’s corporate network which he used to upload stolen information to SkyDrive.
The Microsoft investigation raises a potentially alarming privacy issue. The complaint says that TWCI asked Microsoft’s Office of Legal Compliance prior to reviewing the contents of the Hotmail inbox and that OLC authorized the request. The terms of service that cover the company’s online services do indicate that Microsoft reserves the right to access communications to protect the company’s rights and property and to turn over content to comply with valid legal requests.
Read more on Ars Technica, where they obtained a statement from Microsoft explaining what happened and why. I doubt all privacy advocates will find their explanation satisfactory.