Brad Smith, General Counsel & Executive Vice President, Legal & Corporate Affairs for Microsoft writes:
Last Thursday, news coverage focused on a case in 2012 in which our investigators accessed the Hotmail content of a user who was trafficking in stolen Microsoft source code. Over the past week, we’ve had the opportunity to reflect further on this issue, and as a result of conversations we’ve had internally and with advocacy groups and other experts, we’ve decided to take an additional step and make an important change to our privacy practices.
Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.
In addition to changing company policy, in the coming months we will incorporate this change in our customer terms of service, so that it’s clear to consumers and binding on Microsoft.
For this reason, we’ve reached out to the advocacy community to undertake a project that brings together a variety of stakeholders to help identify, flesh out and discuss these important issues. The Center for Democracy and Technology (CDT) has agreed to convene stakeholders and the Electronic Frontier Foundation will be a key participant. We hope that this project can help us all identify potential best practices from other industries and consider the best solutions for the future of digital services. We’ve agreed to help support this effort and will participate wholeheartedly. We hope that other companies will join in as well. Ultimately, these types of questions affect us all, and they will benefit from even more of the thought-provoking discussions that the events from last week have encouraged.
Read more on Microsoft on the Issues, and huge kudos to Microsoft for this change of policy. Seriously, this is a huge step forward and a role model for other companies that have similar TOS that permit themselves access to user accounts to protect their intellectual property.
h/t, Chris Soghoian