Following the news of the NSA and whistleblower Edward Snowden, companies and individuals alike have begun paying much closer attention to how privacy is regarded on the Internet. With reports of corporations reading their customers’ emails—as in the case of Microsoft’s recent efforts to track down the source of a software code leak—and concerns over faceless entities accessing consumers’ private information online, users are right to be a little more cautious about their Internet activity.

In the case of Microsoft, the company went a little further than just accessing someone’s account. Based on a tip that a former employee had stolen data and leaked it to a blogger, the group actually searched the employee’s emails on their servers and read entire conversations. The blogger ultimately published the information that had, in fact, been stolen by the former employee, giving Microsoft legal grounds for prosecution.

But what really raised eyebrows about the entire scenario wasn’t the theft of Microsoft’s proprietary information, but the fact that the software giant openly and blatantly admitted to reading its users’ emails. The former employee had used a Hotmail account, which is a Microsoft product, and according to Microsoft’s terms of service, this gave them permission to access, read, and ultimately use that person’s emails as evidence.

The public outcry has been interesting, to say the least. Everyone from consumer protection groups to legal experts have weighed in on the alleged violation of privacy. And while we could argue the “Big Brother” aspect to the situation all day long, ultimately…Microsoft is right. They have the legal power to do as they did, and it’s very surprising that so many people are upset about it; it means that a large portion of the online community doesn’t know what’s in those terms of service that we all blithely agree to.

While tedious and filled with legal jargon that could have even the most seasoned court officers nodding off, terms of service are very real legal protections that outline in writing what the consumers’ rights are, and what the corporations’ rights are. They can be quite surprising, as in the recent outrage over what should have been a positive and well-received offer for authors and writers.

Due to a pleasant exchange on the social media site Twitter between two authors, Amtrak took action and established a writer’s residency program. Basically taking these two up on their suggestion, Amtrak is currently taking applications from authors to give them free rail travel with the express purpose of letting them write their books while on the train. The down side? Those pesky terms of service.

Not only does the author’s private information become available through Amtrak’s TOS, the actual book that the author writes during the residency becomes Amtrak property. Whether that was intentional or simply a misspoken line in the TOS is not yet known, but a rush of authors flooded the Amtrak site to sign up and then found out after the fact that not only were they signing away the rights to the book they would presumably write, but that they had also just given permission for Amtrak to publish and use the sample writing that they submitted with their applications. Because they didn’t read the TOS before signing, many authors are crying foul and demanding their applications be deleted.

While privacy policies are an expected right, they’re not something that consumers can easily sign away. Regardless of what a company’s terms of service state, privacy is constitutionally protected; even if consumers agree to waive their right to privacy just by clicking “I Accept,” that does not make it legally so. But you will have a far easier time fighting a violation of your privacy by first knowing what’s in the agreement you just clicked.

In the case of Microsoft, while industry experts continue to speak out vehemently against the invasion of privacy, company vice president and general counsel John E. Frank said the practice is in full compliance with the law, specifically the Electronic Communications Privacy Act. However, Microsoft has already amended its practice for this type of situation to include several layers of oversight by teams of attorneys, agreeing to only take invasion action if the legal teams agree the situation warrants it.