Login

Microsoft just exposed email's ugliest secret

outlookhotmailfinal_1020.0.jpg

If you're hiding something from Microsoft, you'd better not put it on Hotmail.

It came out yesterday that the company had read through a user's inbox as part of an internal leak investigation. Microsoft has spent today in damage-control mode, changing its internal policies and rushing to point out that they could have gotten a warrant if they’d needed one. By all indications, the fallout is just beginning.

Our data is held on their servers, routed by their protocols

But while Microsoft is certainly having a bad week, the problem is much bigger than any single company. For the vast majority of people, our email system is based on third-party access, whether it's Microsoft, Google, Apple or whoever else you decide to trust. Our data is held on their servers, routed by their protocols, and they hold the keys to any encryption that protects it. The deal works because they're providing important services, paying our server bills, and for the most part, we trust them. But this week's Microsoft news has chipped away at that trust, and for many, it's made us realize just how frightening the system is without it.

They own the servers, and there's no legal or technical safeguard to keep them from looking at what's inside

We've known for a while that email providers could look into your inbox, but the assumption was that they wouldn't. Even a giant like Microsoft is likely to sustain lasting damage, simply because there are so many options for free web-based email. Why stick with Microsoft if you trust Apple or Google more? But while companies have created a real marketplace for privacy and trust, you'll find the same structural problems at every major service. Ad-supported email means companies have to scan your inbox for data, so they need access to every corner of your inbox. (That's been the basis of Microsoft's Google-bashing "Scroogled" campaign.) Free email also means someone else is hosting it; they own the servers, and there's no legal or technical safeguard to keep them from looking at what's inside.

"We may access or disclose information ... to protect the rights or property of Microsoft."

A close look at company privacy policies only underlines the fact. As Microsoft pointed out its initial statement, "Microsoft’s terms of service make clear our permission for this type of review." Look at the company privacy policy, and you’ll see that's true: "We may access or disclose information about you, including the content of your communications, in order to ... protect the rights or property of Microsoft." That’s a straightforward description of what happened in the Hotmail case.

You’ll find similar language in the privacy policies from Yahoo and Google. Yahoo reserves the right to look through your emails to "protect the rights, property, or personal safety of Yahoo, its users and the public." Google’s language is nearly identical, saying it will access user data "if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to … protect against harm to the rights, property or safety of Google." Apple is a little better, but not much, promising to disclose user content "if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate." What counts as public importance, exactly?

What’s worse, the current laws won’t do anything to stop them. For standard law enforcement, it takes a warrant to read a person's email — but there's no such restriction on hosting providers. Peeking into your clients' inbox is bad form, but it's perfectly legal. Even if the rights weren't reserved in the terms of service, it's not clear there are even grounds for a lawsuit. Without stronger privacy laws, all companies have to worry about is bad PR.

Peeking into your clients' inbox is bad form, but it's perfectly legal

Microsoft's mole hunt isn't unprecedented either. There have been LOVEINT-style abuses of sysadmin access, as when a Google engineer was fired for spying on friends' chat logs. Last year, Harvard searched its own professors' email accounts as part of a cheating investigation. (The dean behind the search stepped down a few months later.) But those are just the instances we're aware of. In all likelihood, there are dozens of similar incidents that were simply never made public, encouraged by the open nature of third-party hosting. As long as the access is legal and technically feasible, there's no reason to think it will stop.

As long as the access is legal, there's no reason to think it will stop

Anyone living a modern and complicated life over email is left in an awkward place. The crypto crowd has an easy answer: use end-to-end encryption, locking up emails with GnuPG and online chats with programs like Cryptocat. You can hold your own keys, making sure no one can decrypt the message but the person you're sending it to, and count on open-source code reviews to expose anyone who tries to slip a backdoor into the code.

It's a good system and it works, but for most users, it's still a bunch of extra inconvenience for no obvious benefit. In the end, it's easier to blame Microsoft for violating our trust and move onto the next company, with the same data practices and the same terms of service. With Google, Apple, Yahoo, and countless other free webmail services waiting in the wings, there are plenty of options to choose from. They'd never do a thing like this... right?

The Verge
X
Log In Sign Up

forgot?
Log In Sign Up

Please choose a new Verge username and password

As part of the new Verge launch, prior users will need to choose a permanent username, along with a new password.

Your username will be used to login to Verge going forward.

I already have a Vox Media account!

Verify Vox Media account

Please login to your Vox Media account. This account will be linked to your previously existing Eater account.

Please choose a new Verge username and password

As part of the new Verge launch, prior MT authors will need to choose a new username and password.

Your username will be used to login to Verge going forward.

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.
Spinner.vc97ec6e

Authenticating

Great!

Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.