Microsoft is spying on Hotmail users emails, claim they don't need a warrant
Microsoft Corp., which has skewered rival Google Inc. for going through customer emails to deliver ads, acknowledged Thursday it had searched emails in a blogger's Hotmail account to track down who was leaking company secrets. (without a warrant)
Microsoft says comeback with a warrant unless you're Microsoft, click here to read more.
John Frank, deputy general counsel for Microsoft, which owns Hotmail, said in a statement Thursday that the software company "took extraordinary actions in this case." In the future, he said, Microsoft would consult an outside attorney who is a former judge to determine if a court order would have allowed such a search.
The case involves former employee Alex Kibkalo, a Russian native who worked for Microsoft as a software architect in Lebanon.
According to an FBI complaint alleging theft of trade secrets, Microsoft found Kibkalo in September 2012 after examining the Hotmail account of the blogger with whom Kibkalo allegedly shared proprietary Microsoft code. The complaint filed Monday in federal court in Seattle did not identify the blogger.
"After confirmation that the data was Microsoft's proprietary trade secret, on September 7, 2012, Microsoft's Office of Legal Compliance (OLC) approved content pulls of the blogger's Hotmail account," says the complaint by FBI agent Armando Ramirez.
Besides the email search, Microsoft also combed through instant messages the two exchanged that September. Microsoft also examined files in Kibkalo's cloud storage account, which until last month was called SkyDrive. Kibkalo is accused of using SkyDrive to share files with the blogger.
Frank said in his statement that no court order was needed to conduct the searches.
"Courts do not issue orders authorizing someone to search themselves," he said. "Even when we have probable cause, it's not feasible to ask a court to order us to search ourselves."
So it's not feasible to abide by our constitution? If Microsoft can willfully ignore our constitution without any repercussions, DO CITIZENS HAVE ANY RIGHTS OR IS IT ALL A CHARADE?
Hotmail's terms of service includes a section that says, "We may access or disclose information about you, including the content of your communications, in order to ... protect the rights or property of Microsoft or our customers."
Redmond, Washington-based Microsoft has taken a defiant stand against intrusions of customer privacy, in the wake of National Security Agency systems analyst Edward Snowden's revelations of government snooping into online activities.
General counsel Brad Smith said in a blog post in December that Microsoft was "especially alarmed" at news reports of widespread government cyber-spying.
Microsoft also has a long-running negative ad campaign called "Scroogled," in which it slams Google for scanning "every word in every email" to sell ads, saying that "Google crosses the line."
http://www.huffingtonpost.com/2014/03/21/hotmail-spying_n_5003855.html
NSA employee brags about how “cool” & “awesome” it is spying on innocent people:
The latest news from The Intercept involves yet another Snowden leaked document, in which an NSA official uses what certainly looks like LiveJournal (complete with "current mood" lines at the end of posts) to informally and gleefully discuss targeting sys admins in order to get access to the networks they maintain. It's not a secret that the NSA does this. That became clear last fall, when earlier Snowden docs revealed how GCHQ and NSA had targeted a Belgacom sysadmin to get access to important Belgacom clients, including the EU Parliament. What's interesting here is the breezy dismissive discussion by this NSA guy -- and the fact that it looks like LiveJournal really gives you this parallel universe view. The tone and arrogance on display isn't particularly different from various private sector hackers. It's just that this guy has access to more powerful tools and the government behind him. Take, for example, this early post in which he brags about how totally cool it is that the NSA collects way more data than it needs:
That's incredible. He's flat out admitting (unlike all the public statements from NSA defenders) that it's great to have all that excess data way beyond what the NSA needs, because you can find all sorts of extra stuff. That's exactly the concern plenty of people have raised -- and which the NSA and its defenders have dismissed.
As The Intercept report notes, the guy admits that he targets sysadmins merely as a means to an end -- to reach the people who use various systems.
The document consists of several posts – one of them is titled “I hunt sys admins” – that were published in 2012 on an internal discussion board hosted on the agency’s classified servers. They were written by an NSA official involved in the agency’s effort to break into foreign network routers, the devices that connect computer networks and transport data across the Internet. By infiltrating the computers of system administrators who work for foreign phone and Internet companies, the NSA can gain access to the calls and emails that flow over their networks.
The NSA wants more than just passwords. The document includes a list of other data that can be harvested from computers belonging to sys admins, including network maps, customer lists, business correspondence and, the author jokes, “pictures of cats in funny poses with amusing captions.” The posts, boastful and casual in tone, contain hacker jargon (pwn, skillz, zomg, internetz) and are punctuated with expressions of mischief. “Current mood: devious,” reads one, while another signs off, “Current mood: scheming.”
The rather cavalier attitude towards hacking into sysadmins' accounts should be sending off alarm bells across the country.
Click here to read the six pages & here to read more.
http://www.techdirt.com/articles/20140320/17523326643/nsa-official-uses-livejournal-like-board-to-brag-about-hunting-sysadmins.shtml
(Update) Microsoft subsequently issued a statement regarding how they spy on Hotmail:
Deputy General Counsel & Vice President, Legal & Corporate Affairs, Microsoft
We believe that Outlook and Hotmail email are and should be private. Over the past 24 hours there has been coverage about a particular case, so we want to provide additional context and describe how we are strengthening our policies.
In this case, we took extraordinary actions based on the specific circumstances. We received information that indicated an employee was providing stolen intellectual property, including code relating to our activation process, to a third party who, in turn, had a history of trafficking for profit in this type of material. In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries. This included the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. The investigation repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past.
Courts do not, however, issue orders authorizing someone to search themselves, since obviously no such order is needed. So even when we believe we have probable cause, there’s not an applicable court process for an investigation such as this one relating to the information stored on servers located on our own premises.
As part of the investigation, we undertook a limited review of this third party’s Microsoft operated accounts. While Microsoft’s terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances. We applied a rigorous process before reviewing such content. In this case, there was a thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites. In fact, as noted above, such a court order was issued in other aspects of the investigation.
While our actions were within our policies and applicable law in this previous case, we understand the concerns that people have. Therefore, we are announcing steps that will add to and continue to strengthen further our policies in any future situations involving our customers. Specifically:
We will not conduct a search of customer email and other services unless the circumstances would justify a court order, if one were available. (BUT ONE WASN'T AVAILABLE & IT DIDN'T STOP YOU!)
To ensure we comply with the standards applicable to obtaining a court order, we will rely in the first instance on a legal team separate from the internal investigating team to assess the evidence. We will move forward only if that team concludes there is evidence of a crime that would be sufficient to justify a court order, if one were applicable. As a new and additional step, we will then submit this evidence to an outside attorney who is a former federal judge. We will conduct such a search only if this former judge similarly concludes that there is evidence sufficient for a court order.
Even when such a search takes place, it is important that it be confined to the matter under investigation and not search for other information. We therefore will continue to ensure that the search itself is conducted in a proper manner, with supervision by counsel for this purpose.
Finally, we believe it is appropriate to ensure transparency of these types of searches, just as it is for searches that are conducted in response to governmental or court orders. We therefore will publish as part of our bi-annual transparency report the data on the number of these searches that have been conducted and the number of customer accounts that have been affected.