A former Microsoft employee has been arrested and is now facing accusations that he stole trade secrets from the software giant. Alex Kibkalo allegedly leaked pre-release updates for Windows RT and a Microsoft-internal Activation Server SDK to a French blogger.

Russian national Kibkalo worked for Microsoft both in Russia and in the company's Lebanon office. Angered by a poor performance review, he retaliated against the company by leaking its software, according to the FBI's criminal complaint. Kibkalo shared the information with an unspecified French blogger, encouraging that blogger to seek a hacker's guidance in using the activation SDK to create a fake activation server.

The FBI claims in the complaint that the blogger posted screenshots of the unreleased software and attempted to sell Windows Server activation keys on eBay.

Microsoft learned of the alleged theft in September 2012. The blogger asked a third party to verify the stolen SDK, according to the FBI's court papers. Instead of doing so, that third party informed Microsoft senior executives of the leak, prompting Microsoft's own investigation.

The blogger contacted the third party using a Hotmail account. After confirming that the source leak was, indeed, authentic, Microsoft's Trustworthy Computer Investigations (TWCI) team investigated the Hotmail account in an attempt to identify the blogger and his source. In doing so, they discovered e-mails from Kibkalo. Further digging revealed that Kibkalo created a virtual machine on Microsoft's corporate network which he used to upload stolen information to SkyDrive.

Microsoft interviewed Kibkalo over the leak, and he admitted to sharing the software, company memos, and documents. The company then fired him.

Kibkalo was arrested on Wednesday. Prosecutors filed an order to have him detained due to his ties with Russia and associated flight risk; this order wasn't opposed by Kibkalo.

The Microsoft investigation raises a potentially alarming privacy issue. The complaint says that TWCI asked Microsoft's Office of Legal Compliance prior to reviewing the contents of the Hotmail inbox and that OLC authorized the request. The terms of service that cover the company's online services do indicate that Microsoft reserves the right to access communications to protect the company's rights and property and to turn over content to comply with valid legal requests.

Nonetheless, actually using that right is unlikely to impress privacy advocates, and it seems inconsistent with Microsoft's "Scroogled" campaign that criticizes Google for using private communications data for commercial purposes. We've asked the company if it can offer any clarification on this point, but there was no response at the time of writing.

Update #1: Microsoft has responded to our request for comment:

During an investigation of an employee we discovered evidence that the employee was providing stolen IP, including code relating to our activation process, to a third party. In order to protect our customers and the security and integrity of our products, we conducted an investigation over many months with law enforcement agencies in multiple countries. This included the issuance of a court order for the search of a home relating to evidence of the criminal acts involved. The investigation repeatedly identified clear evidence that the third party involved intended to sell Microsoft IP and had done so in the past. As part of the investigation, we took the step of a limited review of this third party’s Microsoft operated accounts. While Microsoft's terms of service make clear our permission for this type of review, this happens only in the most exceptional circumstances. We apply a rigorous process before reviewing such content. In this case, there was a thorough review by a legal team separate from the investigating team and strong evidence of a criminal act that met a standard comparable to that required to obtain a legal order to search other sites. In fact, as noted above, such a court order was issued in other aspects of the investigation.

While Microsoft is far from unique in including such provisions in its terms of service, it's rare for these terms to be openly used.

Update #2: Microsoft has issued a further statement indicating that it will change its policies to add some transparency to such requests. Deputy General Counsel John Frank wrote:

We believe that Outlook and Hotmail e-mail are and should be private. Today there has been coverage about a particular case. While we took extraordinary actions in this case based on the specific circumstances and our concerns about product integrity that would impact our customers, we want to provide additional context regarding how we approach these issues generally and how we are evolving our policies. Courts do not issue orders authorizing someone to search themselves, since obviously no such order is needed. So even when we believe we have probable cause, it’s not feasible to ask a court to order us to search ourselves. However, even we should not conduct a search of our own e-mail and other customer services unless the circumstances would justify a court order, if one were available. In order to build on our current practices and provide assurances for the future, we will follow the following policies going forward: To ensure we comply with the standards applicable to obtaining a court order, we will rely in the first instance on a legal team separate from the internal investigating team to assess the evidence. We will move forward only if that team concludes there is evidence of a crime that would be sufficient to justify a court order, if one were applicable. As an additional step, as we go forward, we will then submit this evidence to an outside attorney who is a former federal judge. We will conduct such a search only if this former judge similarly concludes that there is evidence sufficient for a court order. Even when such a search takes place, it is important that it be confined to the matter under investigation and not search for other information. We therefore will continue to ensure that the search itself is conducted in a proper manner, with supervision by counsel for this purpose. Finally, we believe it is appropriate to ensure transparency of these types of searches, just as it is for searches that are conducted in response to governmental or court orders. We therefore will publish as part of our bi-annual transparency report the data on the number of these searches that have been conducted and the number of customer accounts that have been affected. The only exception to these steps will be for internal investigations of Microsoft employees who we find in the course of a company investigation are using their personal accounts for Microsoft business. And in these cases, the review will be confined to the subject matter of the investigation. The privacy of our customers is incredibly important to us, and while we believe our actions in this particular case were appropriate given the specific circumstances, we want to be clear about how we will handle similar situations going forward. That is why we are building on our current practices and adding to them to further strengthen our processes and increase transparency.

Dan Goodin contributed to this report.