Over the last week, Microsoft has come in for quite a bit of flak for accessing the email account of a customer suspected of being involved in leaking Windows 8 data and code. It was something of a divisive issue, with some people feeling that Microsoft as well within its rights to take whatever steps necessary in the course of its own investigations into suspected theft, and others feeling it was an invasion of privacy and that the matter should have been handled by law enforcement instead.
The company has listened to the debate that followed the revelation of the action it took and today announced changes to its privacy practices. In a blog post, Brad Smith from Microsoft's Legal and Corporate Affairs department explained: "Over the past week, we’ve had the opportunity to reflect further on this issue, and as a result of conversations we’ve had internally and with advocacy groups and other experts, we’ve decided to take an additional step and make an important change to our privacy practices."
What does this mean? As of right now, Microsoft will no longer delve into customer emails or other content when conducting their own investigations. "Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required."
Although the way in which Microsoft accessed the customers email account in the case that sparked this whole debate was legal, it did raise privacy concerns for many people. Smith says that "we’ve entered a 'post-Snowden era' in which people rightly focus on the ways others use their personal information". Pointing out that Microsoft has been a strong advocate of government surveillance transparency, and balancing legal needs and privacy rights, he says it was time for Microsoft to act in the way government is expected to.
Moving forward, Microsoft wants to continue the debate about customer privacy. "What is the best way to strike the balance in other circumstances that involve, on the one hand, consumer privacy interests, and on the other hand, protecting people and the security of Internet services they use?" The company will start to work with, among others, the Electronic Frontier Foundation (one of the organizations that expressed concerns about Microsoft's actions) to work out a set of practices that will work for everyone who is part of the digital community.
So it seems as though Microsoft has been listening. How do you feel about the whole situation?