Microsoft has sought to address fears over how it searches non-employee Outlook.com accounts, after it was revealed the company searched through a blogger’s emails to find the source of leaked sensitive company information.
Software architect and former Microsoft employee Alex Kibkalo was arrested earlier this week on suspicion of leaking confidential beta copies of Windows 8 to a blogger.
It transpired through court documents that Microsoft managed to track down the alleged leaker by accessing the Hotmail account (now Outlook.com) of the recipient blogger.
“After confirmation that the data was Microsoft’s proprietary trade secret … Microsoft’s Office of Legal Compliance (OLC) approved pulls of the blogger’s Hotmail account,” the court filing reads.
“An email from Microsoft employee ALEX KIBKALO was found within the blogger’s Hotmail account, which established that KIBKALO shared confidential Microsoft information and data with the blogger,” it continues.
The revelation that the suspicion of the unnamed blogger’s involvement had led to his email being accessed by Microsoft without any notification has caused concern among Outlook.com users.
In response, Microsoft has pledged to “evolve” its searching practices, but has nevertheless defended its actions.
The company has claimed in a statement signed by its deputy general counsel, John Frank, that it believes in the privacy of users’ Outlook and Hotmail accounts.
However, it acknowledged its actions in this case were “extraordinary … [and] based on specific circumstances and concerns about product integrity that would impact our customers”.
The organisation has said it will add another layer of legal verification and advice to its process before carrying out a search, in an attempt to allay users' fears.
In addition to its existing practice of consulting its own legal team, the company has said it will now seek the advice of an external lawyer who is a former federal judge.
“We will conduct … a search only if this former judge similarly concludes that there is evidence [of criminal behaviour] sufficient for a court order,” the company said.
Microsoft has said it will also seek to be more open about its conduct, saying it will add the number of searches carried out and the number of customer accounts affected to its twice-yearly transparency report.
“The privacy of our customers is incredibly important to us, and while we believe our actions in this particular case were appropriate given the specific circumstances, we want to be clear about how we will handle similar situations going forward.
“That is why we are building on our current practices and adding to them to further strengthen our processes and increase transparency,” the statement concludes.
