Email is more broken than you think
If you're hiding something from Microsoft, you'd better not put it on Hotmail.
It came out yesterday that the
company had read through a user's inbox as part of an internal leak
investigation. Microsoft has spent today in damage-control mode,
changing its internal policies and rushing to point out that they
could have gotten a warrant if they’d needed one. By all indications, the fallout is just beginning.
Our data is held on their servers, routed by their protocols
But while Microsoft is
certainly having a bad week, the problem is much bigger than any single
company. For the vast majority of people, our email system is based on
third-party access, whether it's Microsoft, Google, Apple or whoever
else you decide to trust. Our data is held on their servers, routed by
their protocols, and they hold the keys to any encryption that protects
it. The deal works because they're providing important services, paying
our server bills, and for the most part, we trust them. But this week's
Microsoft news has chipped away at that trust, and for many, it's made
us realize just how frightening the system is without it.
They own the servers, and there's no legal or technical safeguard to keep them from looking at what's inside
We've known for a while that
email providers could look into your inbox, but the assumption was that
they wouldn't. Even a giant like Microsoft is likely to sustain lasting
damage, simply because there are so many options for free web-based
email. Why stick with Microsoft if you trust Apple or Google more? But
while companies have created a real marketplace for privacy and trust,
you'll find the same structural problems at every major service.
Ad-supported email means companies have to scan your inbox for data, so
they need access to every corner of your inbox. (That's been the basis
of
Microsoft's Google-bashing "Scroogled" campaign.)
Free email also means someone else is hosting it; they own the servers,
and there's no legal or technical safeguard to keep them from looking
at what's inside.
"We may access or disclose information ... to protect the rights or property of Microsoft."
A close look at company privacy
policies only underlines the fact. As Microsoft pointed out its initial
statement, "Microsoft’s terms of service make clear our permission for
this type of review." Look at the
company privacy policy,
and you’ll see that's true: "We may access or disclose information
about you, including the content of your communications, in order to ...
protect the rights or property of Microsoft." That’s a straightforward
description of what happened in the Hotmail case.
You’ll find similar language in the privacy policies from Yahoo and Google. Yahoo
reserves the right to look through your emails to "protect the rights, property, or personal safety of Yahoo, its users and the public."
Google’s language
is nearly identical, saying it will access user data "if we have a
good-faith belief that access, use, preservation or disclosure of the
information is reasonably necessary to … protect against harm to the
rights, property or safety of Google."
Apple is a little better,
but not much, promising to disclose user content "if we determine that
for purposes of national security, law enforcement, or other issues of
public importance, disclosure is necessary or appropriate." What counts
as public importance, exactly?
What’s worse, the current laws
won’t do anything to stop them. For standard law enforcement, it takes a
warrant to read a person's email — but there's no such restriction on
hosting providers. Peeking into your clients' inbox is bad form, but
it's perfectly legal. Even if the rights weren't reserved in the terms
of service, it's not clear there are even grounds for a lawsuit. Without
stronger privacy laws, all companies have to worry about is bad PR.
Peeking into your clients' inbox is bad form, but it's perfectly legal
Microsoft's mole hunt isn't unprecedented either. There have been
LOVEINT-style abuses of sysadmin access, as when a Google engineer was fired for
spying on friends' chat logs.
Last year, Harvard searched its own professors' email accounts as part
of a cheating investigation. (The dean behind the search
stepped down
a few months later.) But those are just the instances we're aware of.
In all likelihood, there are dozens of similar incidents that were
simply never made public, encouraged by the open nature of third-party
hosting. As long as the access is legal and technically feasible,
there's no reason to think it will stop.
As long as the access is legal, there's no reason to think it will stop
Anyone living a modern and
complicated life over email is left in an awkward place. The crypto
crowd has an easy answer: use end-to-end encryption, locking up emails
with GnuPG and online chats with programs like Cryptocat. You can hold
your own keys, making sure no one can decrypt the message but the person
you're sending it to, and count on open-source code reviews to expose
anyone who tries to slip a backdoor into the code.
It's a good system and it
works, but for most users, it's still a bunch of extra inconvenience for
no obvious benefit. In the end, it's easier to blame Microsoft for
violating our trust and move onto the next company, with the same data
practices and the same terms of service. With Google, Apple, Yahoo, and
countless other free webmail services waiting in the wings, there are
plenty of options to choose from. They'd never do a thing like this...
right?
