
Microsoft Says: Come Back with a Warrant, Unless You’re Microsoft - rdl
https://www.eff.org/deeplinks/2014/03/microsoft-says-come-back-warrant-unless-youre-microsoft
======
pktgen
Not defending MS at all but what is the alternative for them? What people want
is the judicial oversight. But can Microsoft really go to a court and say "hey
judge, we're Microsoft, we want a warrant for Microsoft to provide this"?

~~~
crygin
Agreed -- based on MS's statement they went through a fairly rigorous internal
procedure (of course, they could be lying, but it seems fairly unlikely
particularly given the regulatory attention MS generally has on it). I don't
fully understand what people think they "should" have done to access the
emails -- waste a court's time on a meaningless judgement?

~~~
chris_mahan
They should have called the FBI, the FBI would have requested a warrant, the
Judge would have approved the warrant, and the FBI would have accessed the
information in the user's account.

That would have been the correct way to do it.

~~~
andrewfong
That doesn't provide a remedy when you only want to launch a civil
investigation, not a criminal one. And given how frequently the criminal
process is abused to go after relatively minor crimes (e.g. Aaron Swartz),
this is probably something we shouldn't encourage.

~~~
chris_mahan
Oh, and it's better this way?

------
PythonicAlpha
As for me: MS has discredited itself with this behavior.

How can I know, that MS will not open my Word or Excel documents that I have
in the Online-Office system, because it may contain information of value to
its business -- or it may infringe on patents MS holds?

So, neither MS online mail products, nor online office systems can be trusted
any more! Any business owner should know this and withdraw from usage of any
MS owned online systems.

~~~
kvb
Are you doing things that would enable Microsoft to get a court order against
you? What parallels do you see with the actual facts of this case?

~~~
PythonicAlpha
If they could get a court order, why did they not do so?

I am really amused about the law feeling in the US. It seems to me, that in
the US it is enough that a big company thinks that it can get a court order --
in that case nothing else is needed -- don't waste the time of the courts just
go on.

Why not allow MS to also do the punishment -- don't waste any court-time!

Really cute!

To come to your question: There are cases, where you can get warrants because
you infringe patents. So, when MS thinks, that I could infringe one -- why not
search my office documents first??

Is this enough example? I would say, there could be thousands ... just imagine
a world where the lawyers of the big companies make the court decisions ...
<sarcastic>would be OK, they are making the laws anyway!</sarcastic>

~~~
kvb
Because, in the US legal system, you can't get a court order to compel
yourself to do something (as far as I am aware).

------
sergers
I would have to agree with MS.

Someone sharing proprietary info using your email platform, and its completely
in their right as per eua to look at it, then damn right they should have
reviewed the leakers account.

The guy knowingly received proprietary info.

Eff is almost like a troll sometimes

For one summer between semesters I worked for a MS call center who handled
hotmail which we could read peoples mail if wanted. We didn't as MS has great
auditing

~~~
duaneb
> Eff is almost like a troll sometimes

It's almost like they're trying to free email from being a corporate black
hole.

------
PhantomGremlin
Everyone who uses Hotmail, Gmail, Google Drive, OneDrive, Google Docs,
Dropbox, Evernote, and countless other similar services needs to keep in mind
the following quip (which I stole from somewhere on the Internet):

    
    
       Today's word: The cloud.
       Explanation: Someone else's computer.
    

I'm a user of various cloud services, but I'm not naive enough to have _any_
expectation of privacy, from either that company or from the NSA. Period. Full
stop.

~~~
joseba286
Good point, they can say whatever they want but we should just assume that our
data could fall into someone else hands at any moment..

------
Locke1689
If the EFF wants to continue pretending that they're still primarily a legal
outfit, I want one of their lawyers to prepare an actual brief or at least a
citation on this _matter of law_ on which they have deigned to hold court.

I am of course not a lawyer, but the inability of what is ostensibly a legal
advocacy group to fail to attempt a _prima facie_ case on violation of a law
is just too pathetic for me to care.

~~~
rdl
Stuff like "HTTPSEverywhere" isn't entirely a legal advocacy matter, either. I
don't think EFF needs to constrain itself to legal advocacy to be an effective
organization. Making technical and policy recommendations to private companies
and individuals (as producers and consumers) seems fine.

~~~
Locke1689
The article explicitly states a legal opinion -- that Microsoft violated the
EPCA. The author is a lawyer. Come on.

~~~
rdl
"At first blush, Microsoft’s unilateral decision to rifle through its user’s
emails sounds like a violation of the Electronic Communications Privacy Act,
ECPA. We at EFF have called for critical updates to ECPA’s privacy
protections, but the law is fundamentally designed to protect email from this
kind of snooping, albeit with some narrow exceptions."

The charge is that they violated the spirit but not the letter of ECPA

------
mbreese
For Microsoft, this is very much a win the battle, lose the war situation.
While they were perfectly within their legal rights to access the Hotmail
account, it was horribly bad optics. It just looks bad. And it's stuff like
this that makes cloud services a hard sell to a large demographic.

So while this may blow over, people will be more paranoid that Microsoft will
decide that they have the right to look at your data, just because it exists
on their servers.

Google isn't much better in this regard. Amazon so far is better positioned
because they don't offer any other private "consumer" services that they'd
want to review. But really unless you have the hardware in your physical
possession, you will always be subject to these problems.

------
FD3SA
This is equivalent to USPS opening your mail because they were tipped off of
wrongdoing against their company, with no evidence whatsoever. Do you have a
problem with that? Well too bad, its "their" mail.

Randian utopia at its finest.

~~~
mahyarm
What does this have to do with ayn rand or libertarians?

~~~
chc
Many Randians believe that a free and unregulated capitalist market is the
best solution to most problems. This is being put forth as an example of a
problem with allowing private corporations such a central role in society
without any oversight beyond the "invisible hand" of the market.

~~~
xtreme
In this example no government oversight would probably work much better. If a
carrier starts opening your mails, they would lose their customer base and
other services would come up. Also, you could probably stipulate this in the
terms of service so that you can have a legal recourse if the carrier violates
the contract. With government intervention, all carriers would be subject to
government bullying, legal or otherwise. Which scenario would you prefer?

~~~
okasaki
I think it's been shown many times that the depth of consumer considerations
of technical and ethical issue is about as deep as a puddle. Most of people
simply have neither the background nor time to understand them, and simply
assume that whoever's on top is doing things right.

------
cheeze
Which is exactly what you agreed to when you signed up for their service.
Privacy and Microsoft are mutually exclusive.

~~~
sliverstorm
Kind of the way it is with every service, unless you take extra measures to
protect yourself. E.g., PGP, careful selection of data you upload, or just not
using any cloud services in the first place.

~~~
PythonicAlpha
No, normal online providers will have terms that they don't infringe into your
privacy rights.

~~~
sliverstorm
Oh, so you mean unlike Microsoft they _pretend_ they don't infringe on your
rights. :)

~~~
PythonicAlpha
There are many online-services, where there is no such right given to the
hosting company to read the data contained in the service. I would say, that
such a statement is rather uncommon (may be changed by the eMail providers MS
and Google).

And: In my opinion, they just pretend! In my country, such a behavior could
well be contested in court in my opinion, because we normally have strong
rights protecting communications.

------
droopybuns
Honestly, this whole thing has been such a glorious example of the absolute
stupidity and tone-deafness of M.S.

It is mind-boggling that they could have shared the kinds of details they did
with the press about their behavior.

"We busted a criminal. Along the way, we shat in the corner. We got the
criminal really good."

How in the world could they have missed that second sentence? It's just
incredible. My mouth is agape.

------
higherpurpose
What worries me is that FBI or NSA could've established a sort of relationship
with Microsoft, where they don't even need to get court orders or warrants,
because they can get them from "Microsoft" voluntarily, and Microsoft can just
take the data from the users without any other judicial step, and give it to
them. Wouldn't this type of loophole work in theory? I wonder if this is what
the Snowden documents meant about Microsoft and NSA's "team sport":

[http://www.theguardian.com/world/2013/jul/11/microsoft-
nsa-c...](http://www.theguardian.com/world/2013/jul/11/microsoft-nsa-
collaboration-user-data)

------
briantakita
"with intent to convert trade secrets belonging to Microsoft, specifically
Microsoft's Activation Server Software Development Kit, to the economic
benefit of someone other than Microsoft" "All in violation of Title 18, United
States Code, Section 1832(a)(2), (a)(4), and 2."

[http://www.law.cornell.edu/uscode/text/18/1832](http://www.law.cornell.edu/uscode/text/18/1832)

So had Alex Kibkalo simply published this in the public domain, there would be
no criminal case?

~~~
otterley
Unlikely. I don't think a reasonable court would conclude that one has to have
a specific beneficiary in mind to satisfy the prong of intent to benefit a
third party.

------
myrandomcomment
What MS did is in there terms of service. If you do not like it use do not use
Hotmail. It is really that simple.

------
PythonicAlpha
I ask myself, why the rights of the (big) owners of "Intellectual Property"
are strengthened all the time, but the rights of the small owners of Private
information are reduced and reduced.

Something I just can't comprehend.

~~~
josteink
Had you hosted your own email service on your own servers, your rights would
be perfectly protected. Nobody is stopping you from doing this.

However, this guy used a company's email-service to try to leak proprietary
business info about the same company.

You can't seriously expect to get away with that.

------
sytelus
[http://www.scroogled.com/mail](http://www.scroogled.com/mail)

Cough... cough...

