Maybe we should be shocked. Maybe we shouldn't. Amid constant news stories that the U.S. government has access to a seemingly unlimited amount of our private data, we're now learning that at least one company we trust our privacy too also think it's OK to read private emails – so long as it feels it has to.
Microsoft has been in the headlines recently because of a unique situation, but one still very much worth noting, in which a blogger was receiving tips from a, now former, employee on the company's operations. The blogger happened to be using a Hotmail address, so Microsoft figured it would just tap in and figure out who the leaks were coming from.
"We believe that Outlook and Hotmail email are and should be private," Microsoft's deputy general counsel and vice president of legal and corporate affairs John Frank said. "In this case, we took extraordinary actions based on the specific circumstances. We received information that indicated an employee was providing stolen intellectual property, including code relating to our activation process, to a third party who, in turn, had a history of trafficking for profit in this type of material."
Frank argues that Microsoft made the move to protect customers and its own IP and that it worked with "law enforcement agencies in multiple countries" because the third party person intended to sell Microsoft's trade secrets. Microsoft took part of the investigation into its own hands to dig into the "third party's Microsoft operated accounts." It says its actions were "within [its] policies and applicable law," but that's a gray area – at least to us.
Journalists by right do not have to reveal sources. In fact, as evidenced by the case of Johns-Byrne Company v. TechnoBuffalo, bloggers do fall into that shield protection arena, too. But since Microsoft owned the servers that emails were being exchanged on, it argues that it was well within its rights to dig through that information – information that should have otherwise been protected. In the aforementioned lawsuit, for example, TechnoBuffalo prevailed and we did not have to reveal our sources on a specific leak we published.
The blogger hasn't been identified, but Microsoft does still have a right to protect its IP. There's just a very fine line here – of course bloggers and journalists make money off of producing news. That is how it currently, and always has, worked. If a Microsoft employee was spilling secrets, as employees at a lot of firms are apt to do, then that's on Microsoft to control. The firm says that in the future it will be more transparent on its investigations and that it will ensure that any future searches are conducted with "supervision by counsel."
Part of this is scary, though. Thought of differently, Google, Yahoo or any other company that provides email services to say, a reporter for The New York Times, could read through his or her emails if he or she was doing something that wasn't in the company's favor. That's a fine line to cross – and it's one that most other companies wouldn't be able to do without an official government-led investigation.