Microsoft defended what it called the "exceptional" step of a "limited review" of a blogger's Hotmail account as part of a larger Windows espionage case, saying it had caught the blogger selling Microsoft's intellectual property without permission.
The filing says that Microsoft triggered an internal investigation into the blogger's actions when the blogger sent the source code to an unnamed person, hoping for verification of its origins. Instead, that person tipped off then-Windows chief Steven Sinofsky, who forwarded the details to Microsoft's Trustworthy Computing Investigations department, which investigates external threats and internal information leaks.
The March 17 filing (PDF) alleges that the unnamed blogger confessed to selling Microsoft's intellectual property.
During his interview, the blogger admitted to posting information on Twitter and his Web sites, knowingly obtaining confidential and proprietary Microsoft IP from Kibkalo, and selling Windows Server activation keys on eBay.
Microsoft provided CNET with a statement defending its actions:
During an investigation of an employee, we discovered evidence that the employee was providing stolen [intellectual property], including code relating to our activation process, to a third party. In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries. This included the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. The investigation repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past.
As part of the investigation, we took the step of a limited review of this third party's Microsoft operated accounts. While Microsoft's terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances. We apply a rigorous process before reviewing such content. In this case, there was a thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites. In fact, as noted above, such a court order was issued in other aspects of the investigation.