Companies e-mail sensitive data to law enforcement

There’s a lack of rules governing the secure handling of law enforcement orders for data, industry experts say. Documents posted on Twitter by the Syrian Electronic Army, a collective of hackers and online activists supporting Syrian President Bashar al-Assad, included correspondence between Microsoft’s government compliance team and various law enforcement agencies around the world.

The documents contained criminal subpoenas, e-mail addresses of targets and “access keys,” presumably passwords, to the user packages Microsoft makes available to law enforcement. Other documents suggest the hackers also were able to access the account information Microsoft provides to law enforcement agencies, which includes the target’s name, location, Internet Protocol or computer address used by the target to sign-up for an e-mail account or to log-in to his e-mail account.