Microsoft's 'Spy Guide' Procedures Don't Mean Much

Lora Bentley

I've written about Google's privacy principles and Facebook's privacy policy so much lately I'm sick of them. Microsoft's privacy policies, or rather, what the company is willing to hand over to law enforcement when asked, is a different story.


In a ReadWriteWeb piece published in The New York Times, Joe O'Dell parses the company's Online Services Global Criminal Compliance Manual, a.k.a. Spy Guide, and finds there's not much the folks in Redmond won't give up if asked. He writes:

They've got a lot of data - IM logs that can help find missing kids, gaming records that can help return a stolen Xbox, e-mails that can help track down terrorists...The full list of services includes e-mail, authentication (Windows Live ID), IM, social networking (Windows Live Spaces and MSN Groups), custom domains, online file storage and gaming (Xbox Live). For each service, data is accessible through a series of web interfaces that allow law enforcement to browse through relevant data in tables or forms.

And on paper, there are also hoops one must jump through before gaining access to this data. In reality, O'Dell says, law enforcement easily bypasses those hoops and gets what it wants upon request, without warrants, subpoenas or other required documentation. He then gives this example:

Not too long ago, Sprint was revealed to have complied with 8 million LA requests for GPS data in 2009...The implications of this are staggering, but the most confounding of them all is that there could not possibly be enough warrants to justify the sum total of requests that digital companies are handed by law enforcement seeking user data.

It's yet another reminder of just how much information is out there to be harvested.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.