Blowback in handling of corporate espionage case forces Microsoft to promise stronger policies protecting privacy of Hotmail account holders.
Seth RosenblattFormer Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
There are four parts to the new standard, Frank said:
"We will not conduct a search of customer email and other services unless the circumstances would justify a court order, if one were available.
"To ensure we comply with the standards applicable to obtaining a court order, we will rely in the first instance on a legal team separate from the internal investigating team to assess the evidence. We will move forward only if that team concludes there is evidence of a crime that would be sufficient to justify a court order, if one were applicable. As a new and additional step, we will then submit this evidence to an outside attorney who is a former federal judge. We will conduct such a search only if this former judge similarly concludes that there is evidence sufficient for a court order.
"Even when such a search takes place, it is important that it be confined to the matter under investigation and not search for other information. We therefore will continue to ensure that the search itself is conducted in a proper manner, with supervision by counsel for this purpose.
"Finally, we believe it is appropriate to ensure transparency of these types of searches, just as it is for searches that are conducted in response to governmental or court orders. We therefore will publish as part of our bi-annual transparency report the data on the number of these searches that have been conducted and the number of customer accounts that have been affected."
Frank also defended Microsoft's use of the "specific circumstances" to justify the "extraordinary actions" of searching a Hotmail user account. A March 17 court filing (PDF) by federal prosecutors states that the company had discovered that a blogger, unnamed in the document and not employed by Microsoft, was selling on eBay Microsoft property allegedly supplied by then-Microsoft employee Alex Kibkalo.
Microsoft internally authorized searching the blogger's Hotmail account after an investigation that Frank said involved "law enforcement agencies in multiple countries;" the issuance of a warrant to search the home of the blogger for evidence of the alleged crimes; and the discovery of what Frank called "clear evidence" that the blogger intended to sell Microsoft's intellectual property and had done so in the past.
Edward Wasserman, Graduate School of Journalism dean at the University of California, Berkeley, told The New York Times that he had "never seen a case like this."
"Microsoft essentially decided that whatever privacy expectation that its own customers supposedly had was basically a dead letter," he said. "It simply decided that in its own corporate interest, it can intrude on a person's email."