• United States



Microsoft raises privacy issues with tweaked TOS to share data across the cloud

Sep 03, 20125 mins
Data and Information SecurityMicrosoftSecurity

After Google made wide sweeping changes to its TOS and privacy policy, Microsoft gloated about how it was better than Google on privacy. But perhaps the Redmond giant was waiting to see how that played out for Google? The new Microsoft service agreement follows Google's lead and allows it to share your data over all its cloud services.

Once upon a time, or about two weeks ago, when talking about the new and why versatility in cloud storage is so important, Microsoft stated, “We believe that your files are not just bits to be synced—and they’re certainly not to be scanned to serve advertising. Your files represent possibilities.”

So it’s interesting that the new Microsoft service agreement states:

When you upload your content to the services, you agree that it may be used, modified, adapted, saved, reproduced, distributed, and displayed to the extent necessary to protect you and to provide, protect and improve Microsoft products and services.

For example, we may occasionally use automated means to isolate information from email, chats, or photos in order to help detect and protect against spam and malware, or to improve the services with new features that makes them easier to use.

Et tu, Microsoft? It does not say your content will be scanned to serve ads, but the portion about “improve the services with new features” leaves the door wide open and could potentially mean anything in the future. That opens new possibilities for Microsoft. In fact, the new wording hints that Microsoft can extract content from chats, emails, photos, or files to tweak Bing search results. How very Google-like of Microsoft. Yet unlike Microsoft, Google has an account dashboard for users; it also responded to the heat of changing its TOS by allowing users to access a Google Account Activity Report.

The old content portion of Microsoft’s service agreement stated:

You understand that Microsoft may need, and you hereby grant Microsoft the right, to use, modify, adapt, reproduce, distribute, and display content posted on the service solely to the extent necessary to provide the service.

Andrew Nicol, a New-York based lawyer, told VentureBeat that the changes are “bad for users.” He added:

“Your data could ultimately be used for something that has no relationship at all to the purpose for which you provided it. For example, people are now mostly comfortable with the idea of Google scanning your email in order to display relevant search results in Gmail. But what if Microsoft started scanning your Office documents and displaying related ads in your Bing searches?”

Microsoft’s new TOS also includes wording changes under “Privacy.” Here’s the old service agreement stance on Privacy vs. the new service agreement Privacy portion. The older one says Microsoft “may access or disclose information about you;” the new wording says “Microsoft may access, disclose, or preserve information associated with your use of the services, including (without limitation) your personal information and content, or information that Microsoft acquires about you through your use of the services.”

It also addresses how Microsoft will cough up your cloud data when “law enforcement, government entities, and private litigants” request the content. The “legal demands and requests” are “usually requested pursuant to the normal legal process of the country or locality where the activity occurred.” It would be interesting to know how Microsoft complies when the requests are not “usual” or normal. Does that imply handing over your Microsoft cloud content to assist law enforcement without a warrant? Microsoft already spies on its users for free, whereas Google and Yahoo at least charge something ($25 and $29 respectively).

Also in bold capital letters, the new Microsoft agreement states: IF YOU LIVE IN THE UNITED STATES, SECTION 10 CONTAINS A BINDING ARBITRATION CLAUSE AND CLASS ACTION WAIVER. IT AFFECTS YOUR RIGHTS ABOUT HOW TO RESOLVE ANY DISPUTE WITH MICROSOFT. PLEASE READ IT. Basically if you live in the U.S. and continue to use Microsoft cloud services, you cannot sue via a class action lawsuit; the waiver means any legal dispute with the Mighty M “will be resolved before a neutral arbitrator.”

If you don’t like it, then you can terminate your account by going to Account Services. “The updated agreement will take effect on October 19, 2012. If you continue to use our services after October 19th, you agree to the terms of the new agreement or, of course you can cancel your service at any time.” If you use “your Microsoft account and many of our online products and services for consumers, such as Hotmail, SkyDrive, Bing, MSN,, Windows Live Messenger, Windows Photo Gallery, Windows Movie Maker, Windows Mail Desktop, and Windows Writer” after that time, then you automatically agree to abide by the new Microsoft TOS.

Like this? Here’s more posts:
  • Rise of the AI Overlord: Machines monitor, automatically detect suspicious behavior
  • Anonymizer tied to company selling TrapWire surveillance to governments
  • Owned in 60 seconds with ZackAttack: From network guest to Windows Domain Admin
  • Emerging technology: Cool or creepy innovation?
  • Perfect, persistent, undetectable hardware backdoor
  • Unblinking surveillance stare: Army’s 7-story flying football field-sized blimp
  • Virtual avatar CBP agent Elvis screens travelers for lies at the border
  • Citizen Lab discovers mobile malware: FinFisher spyware variants target smartphones
  • Leak Police have gone crazy: Danger Room under fire for leaking imaginary weapon
  • Microsoft & NYPD launch an all-seeing Big Brother crime & terrorism prevention system
  • Hacking Humanity: Human Augmentation on the Horizon
  • WikiLeaks dumps Stratfor email dirt on TrapWire, a CIA-connected global spying system
  • Stealthy Wi-Fi Spy Sees You Through Walls Thanks to Your Wireless Router
  • Massive Leak: Project HellFire Hackers Dump 1 Million Accounts from 100 Sites

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.