Microsoft may not scan your email for keywords like Google, but your boss can

Microsoft's anti-Gmail Scroogled campaign is winding down, but the petition to tell Google to respect your privacy and stop scanning your emails received more than 115,100 signatures. Yet Microsoft's Office 365 and Exchange 2013 allow your boss to monitor your email via keyword scanning.

The Scroogled campaign in which Microsoft warned about Google disrespecting your privacy by scanning "every word of every email" to deliver ads in Gmail is now winding down. Microsoft will halt Scroogled TV, newspaper and social media ads, but its Care2 petition reached over 115,100 signatures so far to "tell Google to stop going through your emails to sell ads."

Was the campaign successful? According to Jonathan Weber, from the digital marking firm LunaMetrics, "it's a little early to say, but it appears to be backfiring." It should also be noted that "Google chose LunaMetrics as a Google Analytics Certified Partner." While it might be comparing apples to oranges, according to comScore qSearch, "Google Sites led the U.S. explicit core search market in January with 67 percent market share (up 0.3 percentage points), followed by Microsoft Sites with 16.5 percent (up 0.2 percentage points) and Yahoo."

At an RSA Conference panel filled with chief privacy officers from Microsoft, Google, Facebook and Mozilla, Google chief privacy officer Keith Enright "took the opportunity to shoot back at Microsoft's 'Scroogled' advertising campaign," calling it "misleading" and "intellectually dishonest." In return, "Microsoft's Brendon Lynch countered that it was helping consumers 'make an informed choice'."

Seth Schoen, the EFF's senior staff technologist, suggested to KQED that there is more validity in Microsoft's complaint against Google Shopping results. Regarding the Scroogled campaign, Schoen said, "What Microsoft was emphasizing is that they are not using users' data in the same way, in particular to target advertising. As far as I know that's true. But it doesn't mean that they couldn't do that."

While it is not to serve up ads, but instead meant to offer data loss prevention methods to enterprises, Exchange / Microsoft Office 365 Enterprise does enable scanning for keywords and "sensitive" data in email.

Protecting sensitive information is important, but as Ars Technica reported, "It's now simpler than ever for the boss to watch what you send in email."

According to Exchange 2013 "creating DLP policies based on templates," there are templates for monitoring email with the "rules configured to meet specific legal and regulatory requirements" regarding financial and PII data. A Microsoft tutorial explained, "The interesting part is that these rules are smart enough to detect 'valid' credit card numbers. If you simply type a random 16-digit number it will not flag it as being a credit card number! Also, no matter if you put spaces or not in-between each 4-digit set of numbers, Exchange will still detect it."

When it comes to enforcing email usage policies, Ars reported that "Exchange can easily spot the word 'resume' in a Word document and forward the message to the employee's manager, or bounce it back, silently delete it, or send it to the spam quarantine for further analysis."

For companies needing even more "control" of Office 365 email, Microsoft has "Proofpoint Enterprise Privacy" that offers encryption as well as "real-time message tracing provide the necessary tools to triage any incident and a DLP dashboard provides an overview of all current incidents and trends at a glance."

Like this? Here's more posts:

Follow me on Twitter @PrivacyFanatic

Copyright © 2013 IDG Communications, Inc.

22 cybersecurity myths organizations need to stop believing in 2022