By Heini Järvinen

Under Microsoft’s terms of service, the company gives itself the right to do almost anything at any time and for any reason. This ranges from the bizarre – they reserve the right to withdraw participation in Bing ads “at any time for any reason or for no reason” – to the ridiculous – their “code of conduct” bans “full or partial human nudity” (cover your arms!) and “nudity of non-human forms” (the famously trouserless Donald Duck would be in trouble).

The wording of their terms of service is so vague that it offers pretty much no predictability. You can assume that naked arms will not lead to your account being deleted by Microsoft. Similarly, you can assume that Microsoft won’t arbitrarily avail of the right that it awards itself to “access, disclose, or preserve information associated with your use of the services, including (without limitation) your personal information and content”.

Remarkably, at the same time as giving itself the right to arbitrarily gain access to its own customers private communications, Microsoft has positioned itself as a leader in the fight against arbitrary interference by governments in individuals’ private communications. As a leading member of the Global Network Initiative, it was involved in drafting and publicising the “principles” of that organisation. One of these principles is that “everyone should be free from illegal or arbitrary interference with the right to privacy and should have the right to the protection of the law against such interference or attacks.”

This week, it emerged that Microsoft availed of its open-ended “right” to access the personal communications of its customers, when it accessed a blogger’s account in order to trace the source of a possible leak of sensitive customer software. In this case, Microsoft found what it was looking for. But what happens when they don’t find what they are looking for? What is the point in producing a transparency report about government access to data when the company can – potentially on the basis of informal requests from government- access the data in ways which would fall outside the definition of a normal court order.

There are even indications that Microsoft is getting confused regarding what its terms of service actually say. On the one hand, the terms of service are clear that “Microsoft does not claim ownership of the materials you provide to Microsoft”. On the other hand, one of the justifications that Microsoft gave for not following normal legal procedures was that (according to several news reports), “courts do not issue orders authorizing someone to search themselves”. So, the data in your Hotmail inbox are simultaneously owned by Microsoft and not owned by Microsoft.

In reality, companies can not put whatever they want in terms of service. Activity which would be in breach of basic legal principles do not suddenly become legal because someone clicked at the end of a very long legal text saying “I agree”. Data protection law and minimum standards for contracts (such as specified in the 1993 Unfair Contract Terms Directive) continue to apply. This may not always be obvious to users who are told that they have signed away their rights.

This is not specifically a Microsoft problem, it is a problem that runs rife through the online industry. Increasingly, this is also becoming a problem for the companies themselves. As shown by the Global Network Initiative contradiction above – it will simply never be credible for companies to argue that governments may not arbitrarily interfere with communications as long as they insist on giving themselves the right to arbitrarily interfere with communications. Simple.

ENDitorial: Microsoft’s vision for regulation of communication by private companies (04.07.2012)
https://edri.org/edrigramnumber10-13microsoft-self-regulation-example

GNI Principles
http://www.globalnetworkinitiative.org/principles/index.php

EDRi-gram: Microsoft services agreement (27.08.2012)
http://windows.microsoft.com/en-us/windows-live/microsoft-services-agreement

Microsoft Live Code of Condct
http://windows.microsoft.com/en-us/windows-live/code-of-conduct

(Contribution by Joe McNamee – EDRi)