Earlier this week, an ex-Microsoft employee was charged with the theft of trade secrets in the U.S. District Court for the Western District of Washington in Seattle. Alex Kibkalo allegedly sent code and other intelligence about Microsoft products to an unnamed French blogger.
In the course of tracking down the alleged leaker, Microsoft searched through the blogger's e-mail account -- before involving law enforcement -- according to court documents.
Kibkalo was a seven-year Microsoft employee working as a software architect in Lebanon at the time of the alleged leaks. The court documents claim he was upset over a poor performance review and started spilling code and other trade secrets to the French blogger.
When the blogger allegedly took some of the code to a third party for verification, the third party contacted a former Microsoft executive. The unnamed third party was then interviewed by Microsoft's internal investigations team and revealed a Hotmail account used by the blogger. Hotmail is an e-mail service run by Microsoft, that has since been re-branded Outlook.
On Sept. 7, 2012, Microsoft's Office of Legal Compliance approved "content pulls" of the blogger's Hotmail account, according to the court documents. While searching through the e-mail account, Microsoft investigators say they found e-mails from Kibkalo to the blogger showing he had leaked unreleased code related to Windows 8.
Microsoft then interviewed Kibkalo, who the court documents say admitted to the leaks. They also interviewed the blogger who reportedly admitted to "knowingly obtaining confidential and proprietary" information from Kibkalo and selling Windows Server activation keys on eBay. The case was turned over to the FBI, which launched a criminal investigation in July 2013.
But while Microsoft's search of a user's data without a court order may raise privacy concerns, its search likely falls within the company's legal rights. The tech giant's online services privacy statement gives it broad leeway to access user communications to "protect the rights or property of Microsoft or our customers."
"In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries," Microsoft wrote to The Post in a statement confirming it had searched through the blogger's e-mail without a court order. “As part of the investigation, we took the step of a limited review of this third party’s Microsoft operated accounts. While Microsoft’s terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances."
The company asserts it applies "a rigorous process before reviewing such content, " and says this particular case involved a "thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites."
Microsoft's statement also noted that court orders were issued in other aspects of the investigation and asserted that the investigation "repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past."