Microsoft to stop snooping on users

Microsoft will no longer look through the accounts of users who are suspected of stealing from the company.

"Rather than inspect the private content of customers ourselves ... we should turn to law enforcement and their legal procedures," Microsoft general counsel Brad Smith said in a blog post Friday.

ADVERTISEMENT
The policy change comes after reports earlier this month that the company accessed the email content of a Hotmail user who was suspected of stealing the company's code in 2012.

"Although our terms of service, like those of others in our industry, allowed us to access lawfully the account in this case, the circumstances raised legitimate questions about the privacy interests of our customers," Smith wrote.

Smith said backlash to the 2012 investigation caused the company to rethink and update its policies regarding access to users' accounts.

"Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves," he wrote.

"Instead, we will refer the matter to law enforcement if further action is required."

The situation raised larger questions about online and user privacy, Smith wrote, pointing to a current national debate about broad privacy concerns after National Security Agency leaker Edward Snowden exposed the government's surveillance practices last year.

Microsoft and other tech companies have since pushed the U.S. government to be more transparent about its surveillance activities.

The company has "advocated that governments should rely on formal legal processes and the rule of law for surveillance activities," and "it seems apparent that we should apply a similar principle and rely on formal legal processes for our own investigations involving people who we suspect are stealing from us," Smith wrote.

In addition to its policy change, Microsoft will join other stakeholders — including online privacy advocacy groups like the Center for Democracy and Technology and the Electronic Frontier Foundation — to consider how tech companies can best balance privacy and security needs, according to Smith's blog post.

"We hope that this project can help us all identify potential best practices from other industries and consider the best solutions for the future of digital services," he wrote, calling on other tech companies to participate.