A federal court case filed in Seattle this week revealed Microsoft searched a customer's private email and instant messaging accounts to get evidence that a former employee leaked confidential information in 2012, The New York Times reports.
According to the Times, Microsoft accused an employee of stealing company trade secrets--software code for the Windows operating system--and then leaking them to a French blogger. To determine the employee's identity, the company looked at the blogger's Microsoft-operated Hotmail and instant message accounts. The employee was arrested and charged with theft of trade secrets.
The Electronic Communications Privacy Act allows companies like Microsoft to read and disclose customers' communications if the actions are in an effort to protect the company's rights or property. But the case shows how a business can take actions that, while legal, may come at the expense of customers' private data and communications. Jennifer Granick, an attorney and director of civil liberties at the Stanford Center for Internet and Society, told the Times that Microsoft's investigation was "stupid" and will be interpreted by customers as a brazen breach of trust.
Nate Cardozo, a staff lawyer with privacy rights group the Electronic Frontier Foundation, said that many companies have terms of service that allow for this type of snooping into personal accounts, but it very rarely occurs.
"To see Microsoft using this right to essentially look through a blogger's email account for evidence of wrongdoing and then turn it over on a silver platter for law enforcement, it is extremely undesirable," Cardozo told the paper.
John E. Frank, a Microsoft vice president and deputy general counsel, said in a statement that in the future it will submit evidence of a crime against the company to a lawyer and then get a court order if it wishes to examine private communications.
"The privacy of our customers is incredibly important to us, and while we believe our actions in this particular case were appropriate given the specific circumstances, we want to be clear about how we will handle similar situations going forward," Frank said.
News also broke recently that Microsoft has been charging the FBI hundreds of thousands of dollars a month for data on its customers. A group of hackers known as the Syrian Electronic Army found months of invoices sent from the software company's Global Criminal Compliance team to the FBI's Digital Intercept Technology Unit, The Verge reports.
How important is protecting customer data to your company? Let us know in the comments below.