Microsoft reacts to Outlook.com search fears

Microsoft has sought to address fears over how it searches non-employee Outlook.com accounts, after it was revealed the company searched through a blogger’s emails to find the source of leaked sensitive company information.

Software architect and former Microsoft employee Alex Kibkalo was arrested earlier this week on suspicion of leaking confidential beta copies of Windows 8 to a blogger.

It transpired through court documents that Microsoft managed to track down the alleged leaker by accessing the Hotmail account (now Outlook.com) of the recipient blogger.

“After confirmation that the data was Microsoft’s proprietary trade secret … Microsoft’s Office of Legal Compliance (OLC) approved pulls of the blogger’s Hotmail account,” the court filing reads.

“An email from Microsoft employee ALEX KIBKALO was found within the blogger’s Hotmail account, which established that KIBKALO shared confidential Microsoft information and data with the blogger,” it continues.

The revelation that the suspicion of the unnamed blogger’s involvement had led to his email being accessed by Microsoft without any notification has caused concern among Outlook.com users.

In response, Microsoft has pledged to “evolve” its searching practices, but has nevertheless defended its actions.

The company has claimed in a statement signed by its deputy general counsel, John Frank, that it believes in the privacy of users’ Outlook and Hotmail accounts.

However, it acknowledged its actions in this case were “extraordinary … [and] based on specific circumstances and concerns about product integrity that would impact our customers”.

The organisation has said it will add another layer of legal verification and advice to its process before carrying out a search, in an attempt to allay users' fears.

In addition to its existing practice of consulting its own legal team, the company has said it will now seek the advice of an external lawyer who is a former federal judge.

“We will conduct … a search only if this former judge similarly concludes that there is evidence [of criminal behaviour] sufficient for a court order,” the company said.

Microsoft has said it will also seek to be more open about its conduct, saying it will add the number of searches carried out and the number of customer accounts affected to its twice-yearly transparency report.

“The privacy of our customers is incredibly important to us, and while we believe our actions in this particular case were appropriate given the specific circumstances, we want to be clear about how we will handle similar situations going forward.

“That is why we are building on our current practices and adding to them to further strengthen our processes and increase transparency,” the statement concludes.

Jane is deputy editor at b2b tech publications ITPro, Cloud Pro, and ChannelPro. She’s started out with the brands as a staff writer specializing in cloud computing. She went on to become senior writer and reports editor, managing the content and creation of ITPro’s quarterly whitepapers. During this time, she broadened her expertise to include cybersecurity, data centers and enterprise IT infrastructure. In 2016, she became features editor, managing a pool of freelance and internal writers, while continuing to specialise in enterprise IT infrastructure, data centers, and business strategy.

In October 2021, she became the sites’ deputy editor and now has a more strategic role, although she is still a specialist in enterprise IT infrastructure and business strategy.

Jane holds an MA in journalism from Goldsmiths, University of London, and a BA in Applied Languages from the University of Portsmouth. She is fluent in French and Spanish, and has written features in both languages.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.