[German]Microsoft comes again under pressure in the USA and Germany due to privacy concerns about Windows 10 and Office 365. The Electronic Frontier Foundation (EFF) has launched a “Fix It Already!” campaign, in which Microsoft also appears with Windows 10. And digital experts from German cities and municipalities are rebelling because of the almost uncontrollable transfer of comprehensive user data from Windows 10 and Office 365 to Microsoft’s cloud.
EFF criticize Microsoft for Windows 10 Home
The Electronic Frontier Foundation (EFF) has launched a “Fix It Already!” campaign in the US to push tech companies to adapt unwanted features to increase product security. One of the companies in the focus of the campaign is Microsoft. The background: Microsoft transfers the keys for data medium encryption in Windows 10 to its own servers. In concrete terms, the EFF, which set up this page, is concerned with the Device Encryption function under Windows 10 Home Edition.
Windows 10 Home Edition comes with an integrated device encryption solution, but only for some users. So-called “device encryption” only works if the devices have specific hardware and users log on with a Microsoft account. This means that users must trust Microsoft with the encryption keys. According to EFF, this is a bad encryption design from Microsoft: users should never have to give their encryption keys to a third party.
Other versions of Windows 10 do not require key backup on Microsoft servers. Some Windows 10 home users may find it helpful to store a backup key on Microsoft’s servers. Then they can recover the contents of their computers, even if they forgot their passwords. But other users may have concerns and may not be technically proficient enough to remove the backup key and generate a new one.
EFF’s demand: For this reason, Microsoft should update Windows 10 Home Edition so that all users are able to encrypt their devices with built-in tools. These tools should not require pull-ups to remove and modify Microsoft’s uploaded keys so that the devices cannot be decrypted without the user’s consent. (via)
Windows 10/Office 365: Farewell to digital sovereignty
German municipal IT service providers fear a loss of data sovereignty with Windows 10 and Office 365 and see tangible problems with regard to the use of these products in municipal administration. The digital sovereignty is at risk, says the federal working group of German digital experts of cities and municipalities. Within it’s magazine “Vitako aktuell”, the edition 01/2019 contains a main topic ‘Digital Sovereignty – The Data at a Glance’. Within the editorial Dr. Ralf Resch, Vitako managing director, wrote:
Why, for example, should companies based outside the EU be allowed to collect personal data, transfer entire subject lines of an e-mail to third countries and possibly link them to other personal user data? Obviously, because nobody prevents them from doing so. However, this violates the principles of digital sovereignty – and here too changes are emerging.
Resch discusses the study on the data protection conformity of Windows 10 and Office 365 from the Netherlands (see Dutch report says Microsoft Office is not GDPR compliant). He wrote within it’s editorial:
Both software solutions in their current form contradict the European data protection basic regulation (GDPR). The conclusion of the Vitako technical working group on Windows 10 also goes in this direction. In addition, Microsoft’s support policy and the difficulty in controlling the transmission of user data to the manufacturer make the operating system a costly uncertainty factor for local authorities.
That is already a fat shot against Microsoft by the Vitako technical working group. The background: Among municipal IT service providers there is growing concern about data sovereignty, especially with regard to current Microsoft software products. The American IT giant is also mastering computer systems in public administration with Windows and the Office Suite.
With Windows 10 introduced in 2015 and Office 365, according to the Vitako article, tangible problems are now emerging. Both products, as is well known, rely on cloud computing and transatlantic traffic. And both products in their current form violate the European data protection basic regulation – the Vitako article refers to the investigation of the Dutch Ministry of Justice
Requirements of municipal IT service providers
It is also clear to the Vitako authors that Microsoft dominates the market and that not all Windows/Office systems can be switched off immediately. But the examples LiMux (Munic migrate from Linux to Windows/Office) as well as the exit of the Lower Saxony tax authorities from Linux to Windows and Office are rather the wrong way to go. As soon as you choose Microsoft Office 365 or the Azure Cloud services, the commitment often becomes a dependency. There is a threat of a lock-in effect.
Finding alternative solutions is a realistic task for the article author and is difficult, time-consuming and cost-intensive. But it is written that Microsoft has almost achieved a monopoly position, at least with Dutch authorities. This enables Microsoft, for example, to raise prices or push customers to purchase additional features. With this background, Vitako calls for industrial policy initiatives that help to reduce dependence on individual suppliers. The article formulates very clear expectations of the municipal service providers and orders for action to the public IT of all federal levels.