Former Microsoft employee sentenced to prison after leaking company secrets

After an investigation that angered privacy activists, former Microsoft software architect Alex Kibkalo will serve three months in prison before being deported to Russia. 

Joe Belfiore, vice president of the operating system group at Microsoft, holds up a pair of mobile phones featuring the new Windows 8.1 at the Build conference in San Francisco.

Reuters

June 13, 2014

A former Microsoft employee will serve three months in prison and pay $100 before he is deported to Russia after leaking company secrets to a French blogger. 

Alex Kibkalo, a Russian national, made headlines in March when he was arrested for allegedly leaking software code for an edition of the Windows 8 operating system to a French blogger. He also leaked key Microsoft anti-piracy technology.

Mr. Kibkalo reportedly took this action as retribution for a negative performance report he received from Microsoft. Kibkalo was fired in 2012 from Microsoft's Lebanon office where he had been working as a software architect. He was subsequently arrested by the FBI on March 19, 2014 in Bellevue, Wash. He was in the United States from Moscow, where he lives, to attend a technology conference. He pleaded guilty to the charges on March 31. 

Tracing fentanyl’s path into the US starts at this port. It doesn’t end there.

In a hand-written letter to the judge handling his case, Kibkalo expressed regret for his actions and made clear his intention to carry on with his work in software security. 

"I was making a wrong decision to discuss certain company projects with external party. As of now, I deeply regret that I have shared that information," he says in the letter. "Of course, I would be looking for another interesting full time job, preferably in software security again." 

At the time, what most stood out about Kibkalo's arrest was not so much that he was accused of leaking company secrets, the simple act of which would not ordinarily garner high-profile media attention, but rather the way Microsoft conducted the investigation. The software giant was able to figure out Kibkalo's identity by reading the e-mails and instant messages of the French blogger, who was using Microsoft-operated accounts for his personal messages. 

A complaint filed against Kibkalo reveals that upon learning that Kibkalo had divulged trade secrets, Microsoft's Office of Legal Compliance approved the retrieval and reading of the blogger's messages. 

Microsoft's actions sent off a wave of alarm as privacy activists chafed at the company's willingness to access the private account of one of its customers without obtaining a court order. Since then, Microsoft has said that, in the future, it will consult an outside lawyer to determine if a crime committed against the company warrants a court order prior to searching an individual's private messages. But Microsoft believes it does not actually need a court order to search its own company's servers, according to a statement made by John Frank, a Microsoft vice president and deputy general counsel, in a statement to The New York Times

Coming at a time of heightened awareness of government surveillance of private phone calls and messages, the way Microsoft handled this investigation contributes to the increasing discussion over just what kind of privacy users can expect from private companies.