Most Recent Posts

Index of Older Posts


Microsoft Updates Privacy Policy after taking heat for Searching Blogger’s Hotmail to Find Windows 8 Leak

On March 28th Microsoft, in a message from it's General Counsel and Executive VP, changed it's privacy policy in a very encouraging way.  Here's the background story from a blog post that I wrote some time ago but forgot to post!

And here’s an example of why you might not want your cloud storage provider to have the keys to your castle.  Microsoft, while looking for the source of a leak of Windows 8 documentation before the release of the operating system, felt it was OK to snoop through and examine the contents of a blogger’s Hotmail (owned by Microsoft) account.  Here's a link to the New York Times article.

Microsoft appears to be within their rights, according to their online services privacy agreement.  They didn’t need a court order, and the data was right their for them to look at.  Remember, they hold the encryption keys to emails and data stored on your Hotmail account, if they are encrypted at all (I can’t seem to find a clear answer on that).

Just food for thought as we consider the implications of having your data out there in the cloud, and the fact that you are implicitly trusting the providers of cloud services to "do the right thing."  Mostly they do.  But not always. 

Never assume your data is private unless you, and only you, hold the keys.

In the recent post Brad Smith makes the following statement:

Effective immediately, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property from Microsoft, we will not inspect a customer’s private content ourselves. Instead, we will refer the matter to law enforcement if further action is required.

This seems to me to be the appropriate position, and is as good as we are going to get.  I'd like to see Google come out with something similar.

But I still stand by my previous conclusion:

Never assume your data is private unless you, and only you, hold the keys.



PrintView Printer Friendly Version

EmailEmail Article to Friend

References (3)

References allow you to track sources for this article, as well as articles that were written in response to this article.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
« Who needs the NSA, we have Heartbleed! | Main | iOS Security: Incredibly good! »