Did Microsoft leave Hotmail open for Dictators?

Did Microsoft leave Hotmail open for Dictators?

Summary: That was the claim made by the Electronic Frontier Foundation. The truth may be more complex.

SHARE:

On Friday, March 25th, Jillian C. York, a writer for Al Jazeera English, claimed on her personal blog that a Syrian Hotmail could not turn on (Hypertext Transfer Protocol Secure (HTTPS) on Hotmail and, "he was … blocked from turning on the 'use HTTPS automatically' setting." Eva Galperin, a Electronic Frontier Foundation staffer followed up, and found that the "always-use-HTTPS option in Hotmail for users in more than a dozen countries, including Bahrain, Morocco, Algeria, Syria, Sudan, Iran, Lebanon, Jordan, Congo, Myanmar, Nigeria, Kazakhstan, Uzbekistan, Turkmenistan, Tajikistan, and Kyrgyzstan, had been turned off." This meant anyone using Hotmail in these countries could have their e-mail read by their government-controlled ISPs.

Since then, Microsoft, on one of its technical help sites, has denied that it had deliberately disabled HTTPS for some of its users. The statement reads: "We are aware of an issue that impacted some Hotmail users trying to enable HTTPs. That issue has now been resolved. Account security is a top priority for Hotmail and our support for HTTPS is worldwide - we do not intentionally limit support by region or geography and this issue was not restricted to any specific region of the world. We apologize for any inconvenience to our customers that this may have caused."

Inconvenience? The wrong e-mail being read by the powers that be in some of these countries could lead to a one way trip to the closest firing squad.

To the best I can tell, from checking Microsoft support groups, there were no reports of wide-spread HTTPS outages. On the other hand, even now, the vast majority of people are blissfully unaware of the danger of their e-mail or social network messages being intercepted by either governments or just snoopy people using tools like Firesheep. Smart users, no matter where you may live, should adopt secure Internet options to keep their online activities private. Most people though, I'm sorry to say, never even pay attention to whether they're protected or not.

Hotmail at least has an HTTPS option. However, secured Hotmail works only on the Hotmail Windows Live Web site. You can't use HTTPS security with Hotmail if you access it through Microsoft Outlook Connector, Windows Live Mail, or Windows Live for Windows Mobile and Nokia.

That still better than many other popular communication Web sites which still don't offer their users any option. To the best of my knowledge, only Google's Gmail, of the major online mail services, offers HTTPS security by default.

Secure protocol or not, though, a government can still play games with a user's e-mail. Google recently accused the Chinese government of interfering with Gmail service.

The problem with Hotmail security may not lie entirely with Microsoft. Earlier this week, I was told by a source in Syria that he was unable to use HTTPS  to link to any Web site. Some of Syria citizens are now demonstrating against its decades-old dictatorship It could as no surprise if Syria's government is trying to keep a closer eyes on would-be dissents while not making Egypt former government's strategic mistake of turning off the Internet.

I've checked in with both Arbor Networks and Renesys, two companies that provide high-end Internet services and track international Internet issues, to see what they knew about Syria, or other countries, blocking HTTPS use. Neither though have gotten back to me in time for this report.

See Also:

Libya turns off the Internet and the Massacres begin

Bahrain’s death toll grows and its Internet slows

Freedom Box: Freeing the Internet one Server at a time

How the Internet went out in Egypt

Topics: Microsoft, Browser, Collaboration

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • Not defending MS ... but ....

    Encryption products are controlled by export laws.
    wackoae
  • RE: Did Microsoft leave Hotmail open for Dictators?

    How's this different from any other country or any other email service? Just because they say you are protected (or your privacy) doesn't mean you are. After all, big brother IS watching you.
    statuskwo5
  • Avoid hotmail NOW!

    Just because they turned it on again doesn't mean they're not giving an unencrypted feed via a different route.

    Their terms of service lets them send your data based on local legal requested, including that of dictators, monarch, military leadership who make their own laws.

    Plus Microsoft has business in those countries, so it has a lot to lose by failing to comply with requests.

    Turning off HTTPS may have been the way they hoped to avoid embarrassing demands from Gadaffi to turn over data on Libyans to identify people for execution for example.

    So DO NOT USE email services where they have software sales in that country because there is too much leverage over the service provider.

    Microsoft are still in China, they have the trust of the Chinese dictators. That speaks volumes.
    guihombre
    • As do you continued biased against Microsoft

      @guihombre <br>You sound as though you have some hidden agenda that you do not wish us to know, or ever, share with those of us here. You may make a claim, though we will always wonder how truthful that will be.<br><br>It appears you attempt to take any news in regards to Microsoft and twist it negatively.<br><br>Why not wait and see what the truth actually is, not your version of it?
      Tim Cook
      • RE: Did Microsoft leave Hotmail open for Dictators?

        @Mister Spock
        <i>"It appears you attempt to take any news in regards to Microsoft and twist it negatively."</i>

        It appears you attempt to take any news in regards to Microsoft and twist it positively. :)
        Return_of_the_jedi
      • RE: Did Microsoft leave Hotmail open for Dictators?

        @Mister Spock
        Where were you in the 80's defending M$. Oh, you weren't born then. My bad.
        Return_of_the_jedi
  • RE: Did Microsoft leave Hotmail open for Dictators?

    Do you really want to bet your life or liberty on HTTPS?

    https://www.eff.org/deeplinks/2011/03/iranian-hackers-obtain-fraudulent-https
    njoho
  • I just hope hotmail dosn't become a tool of the CIA

    like Gmail.
    iPad-awan
    • RE: Did Microsoft leave Hotmail open for Dictators?

      @iPad-awan <br>like Windows. "NSA key to Windows an open question." I'm sure you know the answer, hence you use Windows.
      Return_of_the_jedi
    • RE: Did Microsoft leave Hotmail open for Dictators?

      @iPad-awan

      But, with Gmail you are guaranteed to be spied on by Google. And we all know they "do no evil".
      jorjitop
  • what a useless discussion

    you talk https with hotmail - and THEN? the email you send gets transported to the recipient by SMTP and pulled of the mailbox by POP3 all clear text by design ...
    Dum0nt
  • What a dishonest piece of junk journalism

    This is a new low for you, Steven. Either you wrote this piece based exclusively on hearsay with no investigation whatsoever, or you are being deliberately dishonest.<br><br>Fact: There was a <b>bug</b> where accounts which had not already been set to default to https could not be switched to <i>default</i> to https.<br><br>Fact: This affected cultures around the the world, not just oppressive regimes in the middle east.<br><br>Fact: Anyone could still just https. Accounts which had already been switched to default to https were still using https <i>from within those countries</i>. Accounts which could not be switched to <i>default</i> to https because of this bug <u>could still connect using https</u>. This was only what the account <u>defaulted</u> to.

    <i>"To the best I can tell, from checking Microsoft support groups, there were no reports of wide-spread HTTPS outages."</i>

    Are you supposed to be a tech writer? After linking and quoting several articles which clearly states that this was an application issue trying to set an option you are still looking for "https outages"? Have you any idea about what you are writing about or is this just too juicy to pass up on?

    And watching the screenshot on the EFF site, what does it say just above the error message? Look:

    <b>If you only need a temporary HTTPS connection, enter "https" in front of the web addres instead of http</b>

    It was never a https issue. Get real. No better. Get honest!
    honeymonster
    • RE: Did Microsoft leave Hotmail open for Dictators?

      @honeymonster

      You do know this is the guy that Fake Steve Jobs always referred to as Steven J. Vaughn-Cut-and-Paste, right?
      aep528