News

Microsoft Changes E-Mail Investigation Policies After Arrest of Leaker

• By Jeffrey Schwartz
• March 21, 2014

A former Microsoft employee was arrested this week for allegedly stealing trade secrets and leaking Windows 8 code to an unnamed French blogger while working for Microsoft.

According to the Seattle Post-Intelligencer, which first reported on the arrest on Wednesday, Alex Kibkalo, a former Microsoft architect and a Russian national who also worked for Microsoft in Lebanon, allegedly leaked information and code to the blogger, who ended up illegally selling pirated software. He also allegedly bragged about breaking into Microsoft's campus and stealing the company's "Activation Server Software Development Kit," a proprietary system aimed at preventing unauthorized distribution of the company's software and licenses.

News of the arrest prompted Microsoft to admit it had scanned a user's Hotmail account to obtain evidence against Kibkalo. This comes at a time of growing consumer doubts about whether Microsoft and other service providers are taking enough measures to ensure the privacy of their information. Revelations made by whistle-blower Edward Snowden of the National Security Agency's surveillance efforts and accusations that Microsoft and others cooperated with the NSA have heightened those doubts, despite assurances from service providers that such cooperation was limited to rare instances where there were court orders.

In Kibkalo's case, Microsoft accessed the e-mails without a court order, but only because the company apparently did not legally need a court order to search its own service. However, Microsoft did obtain court orders for other aspects of the investigation, said Microsoft Deputy Counsel John Frank in a blog post published Thursday night.

"We took extraordinary actions based on the specific circumstances," Frank said. "We received information that indicated an employee was providing stolen intellectual property, including code relating to our activation process, to a third party who, in turn, had a history of trafficking for profit in this type of material. In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries. This included the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. The investigation repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past."

While it appears Microsoft didn't violate any laws or its own policies, some are questioning the wisdom of its actions. Frank said Microsoft is stepping up its policies for the way it handles such discovery in the future, likely in anticipation of concerns from customers and privacy advocates about the fact that Microsoft dipped into its own servers despite the probable cause of the alleged criminal activity.

"While our actions were within our policies and applicable law in this previous case, we understand the concerns that people have," he said.

Moving forward, he said Microsoft will not search customer e-mails or other services unless there is evidence of a crime that would justify a court order. In addition, Microsoft will turn to a former judge who will determine if the probable cause would justify a court order. If a court order is found to be justified, Microsoft's searches will be supervised by counsel and will be limited to searching for information centered around the suspected activity, not other data.

To ensure transparency, Microsoft will publish whatever searches it has conducted as part of its biannual transparency reports, Frank said.

"The privacy of our customers is incredibly important to us," he said. "That is why we are building on our current practices and adding to them to further strengthen our processes and increase transparency."