
Microsoft Will Now Deploy Two Legal Teams To Approve User-Data Searches - testrun
http://techcrunch.com/2014/03/20/microsoft-will-now-deploy-two-legal-teams-outside-former-federal-judge-to-approve-user-data-searches/
======
Namrog84
I personally think this is a good move. There isn't a lot of choices for the
company. As they indicated they can't request official search of themselves.
And short of hiring a 3rd party company to approve/disapprove there isn't much
more they can do. I think they are doing by trying to be transparent and not
hide the fact what they did. It could have all been hidden quite easily. I see
no other service not doing the same thing. Gmail with Google employees. Apple
with imail and etc... What I think is stupid is that the former employee who
was clearly violation was using Microsoft services to bad mouth them with. I
feel like he should have been using alternative emails and services if he was
going to continue his inappropriate actions.

~~~
throwaway7767
They could have reported the case to the authorities. The cops would have
sought a search warrant for the mail and had to go through the legal process
for that. That's how these things are supposed to work.

------
fiatmoney
That's quite literally schizophrenic ("split-mind"). What do they imagine will
be the disagreement rate between the two teams? What is the incentive for the
second team, which is after all employed by Microsoft, the same company that
employs the other, to disagree? This is envisioned as being for a scenario
where Microsoft's interests are directly affected, after all.

Why the hell are users even subjected to whatever mock-trial Microsoft deigns
to give them? The whole point is that there is no legal bar to them doing as
they please, so why won't they just bypass the whole procedure when it suits
them?

The only solution is a company that ties itself to the mast with verifiable
technical measures.

~~~
nknighthb
"Disagreement rate" would be as meaningless a number as conviction rates are.
A low disagreement rate could indicate the "plaintiff" is careful to make only
reasonable requests, or it could indicate the "defense" is not doing its job.
A high disagreement rate could indicate the lots of unreasonable requests, or
it could indicate reasonable requests are being unreasonably denied.

You can't even reach a conclusion as to what would constitute a high, low, or
expected rate.

~~~
MichaelApproved
You'd only get real data if you have the team go back and review the previous
cases to see if the approval rate would change.

~~~
AJ01
Why hasn't Microsoft volunteered to disclosure past data? Hiding something?
The comparison to the near framework is warranted to highlight the bite of the
proposed new framework.

------
outside1234
I don't get it. Why don't they just drop the clause that they exercised in
their privacy policy such that they need a real court order to get at the data
just like any external email address?

~~~
nknighthb
I'm having trouble even conceiving of how you could structure that. You can't
sue yourself, so to even make the case arguable in the US, you'd have to set
up the contract such that Microsoft would initiate legal process against the
customer, requesting a declaratory judgement that they would not be liable for
damages for searching the customer's data.

I don't think there's any case law on this, so the first thing the courts
would have to do is figure out if they even have jurisdiction to handle such a
novel claim. The answer to that could vary between different states' courts
and between state and federal courts. (And might even vary between federal
courts, since federal cases borrow a lot from state laws, both from the state
they sit in, and from other relevant states, like the state in which an entity
is incorporated, or the state a contract was executed in.)

(And even if you get past all that, you haven't actually stopped Microsoft
from doing anything at all. They can still search your data without going to
court in the first place if they're willing to risk being held liable for
damages for breach of contract. Those damages would not likely amount to
much.)

~~~
magic_haze
They searched the account of a French blogger, so that adds another layer of
insane complications (I'd guess both France and EU would come down pretty hard
on Microsoft, but for the wrong reasons)

------
cookingrobot
“Evidence sufficient for a court order” means a parallel justice system.

They claim they couldn't have gotten a court order to search their own
servers. Is that true? Did they try?

~~~
lawnchair_larry
I think the claim is based on the fact that if you ask any judge if you can
search yourself, the answer is automatically yes, possibly followed up with
"why are you even here?"

So they're doing the next best thing by having a mock trial, where the answer
isn't automatically "yes". They're in kind of a weird position here, but it
doesn't seem like there is a better way to do it. IANAL obviously.

~~~
robszumski
Why wouldn't they let the appropriate authorities know, have them conduct an
investigation and get a legal search warrant?

Especially if they want to charge the guy anyways. If they just wanted to know
who he was, do the hush hush internal search and fire him.

~~~
derefr
Breaking NDAs and leaking company secrets are civic, not criminal, breaches of
law; they only exist insofar as the company is empowered to sue using them.
There are no authorities who would be interested in investigating.

------
scosman
... they refer to it as a search of "our own email".

~~~
ntakasaki
They say "our own email and other services", which is short for "our own email
service and our other services".

------
Fuxy
There should be a law preventing this not some random team employed by
Microsoft.

