Microsoft recopila de forma sistemática datos a gran escala sobre el uso individual de Word, Excel, PowerPoint y Outlook

Impact assessment shows privacy risks Microsoft Office ProPlus Enterprise

On behalf of the Ministry of Security and Justice, Privacy Company carried out a DPIA on DPIA on Microsoft Office ProPlus (Office 2016 MSI and Office 365 CTR). At the request of the Ministry, we publish this blog about the findings. For questions about the research you can contact SLM Rijk (Strategic Vendor Management Microsoft Rijk), accessible via the Press Office from the Ministry of Justice, 070 370 73 45.


The SLM Rijk conducts negotiations with Microsoft for approximately 300.000 digital work stations of the national government. The Enterprise version of the Office software is deployed by different governmental organisations, such as ministries, the judiciary, the police and the taxing authority.


The results of this Data Protection Impact Assessment (DPIA) are alarming. Microsoft collects and stores personal data about the behaviour of individual employees on a large scale, without any public documentation. The DPIA report (in English) as published by the Ministry is available here


Starting today, and with the help of Microsoft, SLM Rijk offers zero exhaust settings to admins of government organisations. During the writing of this DPIA, Microsoft has committed to take a number of other important measures to lower the data protection risks.

Office 2016 and Office 365

Most government organisations in the Netherlands use versions of Office 2016 and Office 365 (or even older versions) that are installed on the computers of the government employees. The organisations store the content data locally, in their own data centres (on premise). But this will change. SLM Rijk conducts a pilot with data storage in the Microsoft cloud, in SharePoint, and in OneDrive. There is also a test with the web-only version of Office 365, where the software is no longer installed on the end-user devices. Also in the current set-ups, Microsoft collects data about the individual use of the software.

Large scale and covert collection of personal data

Microsoft systematically collects data on a large scale about the individual use of Word, Excel, PowerPoint and Outlook. Covertly, without informing people. Microsoft does not offer any choice with regard to the amount of data, or possibility to switch off the collection, or ability to see what data are collected, because the data stream is encoded. Similar to the practice in Windows 10, Microsoft has included separate software in the Office software that regularly sends telemetry data to its own servers in the United States. For example, Microsoft collects information about events in Word, when you use the backspace key a number of times in a row, which probably means you do not know the correct spelling. But also the sentence before and after a word that you look up in the online spelling checker or translation service. Microsoft not only collects use data via the inbuilt telemetry client, but also records and stores the individual use of Connected Services. For example, if users access a Connected Service such as the translate service through the Office software, Microsoft can store the personal data about this usage in so called system-generated event logs.

Difference between content, diagnostic, and functional data

Microsoft provides services over the Internet. From a technical perspective, it is inevitable that you have to provide data to Microsoft, such as the header of your e-mail and your IP address in order to be able to use the services. But Microsoft should not store these transient, functional data, unless the retention is strictly necessary, for example, for security purposes.
In this DPIA report (data protection impact assessment report), the data which Microsoft collects via Office ProPlus are divided in three categories:


  1. Content data: the content of files and communication that you store in your own datacenter or on cloud computers of Microsoft
  2. Functional data: the data you have to transmit over het Internet to be able to connect to Microsoft’s internet services
  3. Diagnostic data: the data that Microsoft stores for analysis of the usage of the services

In the report, Privacy Company uses these three categories of data in analogy with the division of communications data in ePrivacy law in Europe. This legislation distinguishes between (i) content, (ii) traffic/location data that are generated as a result of using the communication services, and (iii) data that are strictly necessary to transmit the communication, but have to be erased or anonymised immediately afterwards.


Microsoft emphasises that the company does not use these categories. Microsoft uses, amongst others, the categories of ‘Customer Data’ and ‘Personal Data’. Microsoft only uses the term Diagnostic Data for the specific telemetry data collected via the inbuilt software client in the locally installed Office software.

23.000 to 25.000 types of events

Microsoft does not (yet) offer a possibility to inspect the contents of the diagnostic data flow. Microsoft has explained that 23.000 to 25.000 types of events are sent to Microsoft’s servers, and that 20 to 30 engineer teams work with these data. The engineers can dynamically add new events to the data stream from all computers with Office ProPlus. This collection of data is much more specific than in Windows 10 telemetry. If the telemetry is set to ‘full’ in Windows 10, it involves one thousand up to twelve hundred types of events. And 10 teams with engineers. The Dutch DPA conducted an investigation in 2017 of the processing of telemetry data in the consumer and small business versions of Windows 10 (Home and Pro).


The Dutch DPA concluded that Microsoft violated data protection law on many counts, amongst others through the lack of transparency and purpose limitation, and the lack of a legal ground for the processing.


In response to that investigation, Microsoft made some adjustments in the spring 2018 release of the software. The Dutch DPA concluded (prior to the actual release of the software, press release in Dutch only) that the improvement plan presented by Microsoft would end all violations. The Dutch DPA did not investigate data processing via the Office software.

Microsoft as a (joint) controller and not as a data processor

Microsoft determines the purposes of the processing of the diagnostic data in the Office software, and the retention period of the data (30 days up to 18 months, or even longer if deemed necessary by Microsoft). The DPIA report shows that Microsoft processes the diagnostic data for 7 purposes, and for all other purposes Microsoft deems to be compatible with those purposes. Because Microsoft determines the purposes and the means (of the retention period), Microsoft acts as a controller, and not as a data processor.


The 7 purposes are:


  1. Security (identifying and mitigating security threats and risks as quickly as possible through updates to Office ProPlus Applications and remediation of connected services)
  2. Up to Date (delivering and installing the latest updates to the Office ProPlus Applications without disruption to the experience)
  3. Performing Properly (identifying and mitigating anomalies, “bugs,” and other product issues as quickly as possible through updates to the Office ProPlus Applications and remediation of connected services)
  4. Product development (learning to add new features)
  5. Product innovation (business intelligence, develop new services)
  6. General inferences based on long-term analysis, support machine learning
  7. Showing targeted recommendations on screen to the user
  8. Purposes Microsoft deems compatible with any these 7 purposes.

The Office ProPlus software includes the use of a number of online services. But Microsoft also offers so called ‘discretionary’ (voluntary) Connected Services, such as the online spelling checker and the translation service. Microsoft only considers itself to be a data controller when people use these discretionary Connected Services. In that case, Microsoft processes the personal data about the use of these services for all 12 purposes listen in its general privacy statement.

High data protection risks for data subjects

The DPIA report provides an extensive description of 8 high data protection risks for data subjects. The government organisations that use Office should, however, determine themselves what the specific risks are, based on the specific personal data they process. This DPIA report is meant to assist, not to replace.


During the writing of this DPIA report, Microsoft has already made commitments to SLM Rijk to make important adjustments to lower the risks. Microsoft has developed zero-exhaust settings. Microsoft also intends to provide adequate information, include a data viewer tool for the telemetry data from Office and provide an option to administrators to determine the desired level of telemetry. Additionally, SLM Rijk and Microsoft office will jointly work on the correct qualification of Microsoft as a (joint) controller or data processor.


Some residual risks can be mitigated if the government organisations will use the newly developed settings to minimise the processing of telemetry data. There are 6 remaining high risks for data subjects.


  1. The unlawful storage of sensitive/classified/special categories of data, both in metadata and in, for example, subject lines of e-mails
  2. The incorrect qualification of Microsoft as a data processor, instead of as joint controller as defined in article 26 of the GDPR
  3. Insufficient control over sub-processors and factual data processing
  4. The lack of purpose limitation, both for the processing of historically collected diagnostic data and the possibility to dynamically add new types of events
  5. The transfer of (all kinds of) diagnostic data outside of the EEA, while the current legal ground for Office ProPlus is the Privacy Shield and the validity of this agreement is subject of a procedure at the European Court of Justice
  6. The indefinite retention period of diagnostic data and the lack of a tool to delete historical diagnostical data
What can the admins do now to lower the risks?

Admins of the Enterprise version of Office ProPlus can already take a number of specific measures to lower the privacy risks for employees and other people in the Netherlands.


  • Apply the new zero-exhaust settings
  • Centrally prohibit the use of Connected Services
  • Centrally prohibit the option for users to send personal data to Microsoft to ‘improve Office’
  • Do not use SharePoint Oneline / OneDrive
  • Do not use the web-only version of Office 365
  • Periodically delete the Active Directory account of some VIP users, and create new accounts for them, to ensure that Microsoft deletes the historical diagnostic data
  • Consider using a stand-alone deployment without Microsoft account for confidential/sensitive data
  • Consider conducting a pilot with alternative software, after having conducted a DPIA on that specific processing This could be a pilot with alternative open source productivity software. This would be in line with the Dutch government policy to promote open standards and open source software.

These measure are not in all cases realistic or feasible. It is not possible for the (Enterprise) customers of Office to solve all problems. With regard to the contracts and transfer of personal data to the USA, a European solution must be sought.

Sjoera Nas

13 November, 2018

Impact assessment shows privacy risks Microsoft Office ProPlus Enterprise
 
Pues claro. Como que marcas si lo permites o no al instalar. Igual que Firefox, igual que un iPhone, igual que todo. En una empresa si el gañán que hace la maqueta para desplegar a los equipos lo dejó marcado, pues nada, a recopilar datos a lo loco.

Microsoft que hace con eso. Pues mejorar interfaces, saber cómo usa la gente las aplicaciones, etc.
 
Empiezo a estar harto ya de esta ola de paranoia respecto a la "privacidad". Hartito me tienen ya... :mosqueo
 
A ver si me podéis echar una mano. Tengo un portátil ASUS UX390 con un intel i7 7500U y gráfica Intel HD 620 como es obvio. El caso es que me instalo los últimos drivers de Intel (25.20.noséqué) y desde hacía un tiempo cuando me daba cuenta, estaban desactualizados (21.20.tal) hasta que me he dado cuenta de que es el maldito actualizador de Windows 10 que me los desactualiza a la mínima. No sé cómo configurarlo para que no haga eso, ¿existe alguna manera de que Windows 10 no desactualice el driver de la gráfica?
 
A ver si me podéis echar una mano. Tengo un portátil ASUS UX390 con un intel i7 7500U y gráfica Intel HD 620 como es obvio. El caso es que me instalo los últimos drivers de Intel (25.20.noséqué) y desde hacía un tiempo cuando me daba cuenta, estaban desactualizados (21.20.tal) hasta que me he dado cuenta de que es el maldito actualizador de Windows 10 que me los desactualiza a la mínima. No sé cómo configurarlo para que no haga eso, ¿existe alguna manera de que Windows 10 no desactualice el driver de la gráfica?
Si tienes otras soluciones de seguridad puestas aparte de windows defender , y usas malwareantibytes y antiexploit de la misma casa actualizables de sus definiciones de bichos y si no haces cosas raras puedes bloquear las actualizaciones con stop updates y no te dara más la vara con tu driver grafico cambiado.
 
Si se trata de unos drivers antiguos que ya tienes descargados ó cacheados en Windows, este programa te puede ayudar: Display Driver Uninstaller (DDU) V18.0.0.3 Released. - Wagnardsoft Forum

Con él puedes limpiar todos los restos de drivers tanto en activo como antiguos que tenga Windows para la gráfica, lo que te permitirá hacer una instalación limpia de los 25.20.100.6373. Y si la opción de que Windows no actualice automáticamente los drivers no te funciona, desconecta la wifi del portátil mientras haces el proceso de limpieza e instalación.
 
Nanai, tampoco funciona. Aunque haga todo el proceso, tarde o temprano, al volver a estar conectado a internet, Windows Update se vuelve a descargar la misma versión de los drivers (21.20.16.4550) y machaca los que tenga instalados.
 
Creo que he encontrado la manera. Me he descargado una pequeña herramienta de Microsoft (https://support.microsoft.com/en-us...t-a-driver-update-from-reinstalling-in-window) que oculta algunas actualizaciones para evitar que se instalen solas. De momento, esto me ha hecho el apaño y WU no me machaca el driver y se queda quietecito...
Si la conocia , pero en mi caso me he pasado a linux , y conservo bloqueado w10 solo por un juego con stop updates uso la ver de w10 home y no se actualiza mas .

La tranquilidad esta en mi linux mint y con mi nvidia y intel dual reconocidas y con sus drivers , es otro mundo

W10 es un desastre o mejor cajon de desastres

Enviado desde mi SM-J710F mediante Tapatalk
 
Efectivamente, hasta yo, que soy pro Linux total y he tenido que volver a Win10 por un par de obstáculos insalvables, estoy hasta los huevos.
 
Sigo sin entender porqué alguien pro-linux entra constantemente aquí a vender su mandanga. Sinceramente, no lo entiendo. Que nos deje en paz con un S.O de mierda, mal programado, con millones de bugs, colador de spyware y todo lo que quiera decir, en serio. YA CANSA.

Que no me importa que me "espien". NOSOTROS somos el producto. Tengo Google Home instalado por toda la puta casa. Me oye hasta el tato. ¿Y QUE ME IMPORTA A MI?. Si con ello logro mi propósito, pues QUE MAS DA, coño.

Estoy hasta los huevos de tanta conspiranoia absurda, tanta privacidad loca. Tengo a alguien que tiene su ordenador aislado por completo del mundo "por si le entran virus", ¿PERO QUE VIRUS NI QUE GAITAS?. De verdad, me pone enfermo el temita.
 
Puta mierda de producto el Windows ese. Cajón de miseria, no da más que problemas, así les de un ataque al corazón a todos los desarrolladores. Así les va...

1542359071609.png
 
Yo sigo diciendo lo mismo. Windows tiene fallos a mansalva, porque lo de la actualización de octubre es culpa suya. Pero no podemos aplicar una política para Windows, diciendo que Microsoft caca y luego en iOS te sacan una actualización, a las dos semanas dejan de firmar la anterior y resulta que estar a la última es lo mejor. Otra cosa es que te obliguen a actualizar sí o sí y en equipos de producción a nivel empresa sea un infierno.

Por otra parte, seguiré defendiendo mi opinión: un PC, lleve el sistema operativo que lleve salvo un equipo cerrado como un Mac, es un puzzle gigante en el que todos han de estar funcionando perfectamente. Hoy en día hay actualizaciones de firmware y drivers de todo, hasta del disco duro. Cuando montas un equipo, cada componente lleva su agente verificando constantemente que hay actualizaciones. ¿La gente mantiene esto a rajatabla o pasa de todo? Porque el sistema operativo no es más que el motor del coche. Si tú no mantienes las ruedas en buen estado, el sistema operativo te la puede liar, pero no es su responsabilidad.

Mi recomendación para la mayoría de usuarios: compra un equipo de marca tipo HP, Dell, etc. Esos equipos traen un software único que revisa firmwares y drivers. Y te desentiendes. La mayoría de equipos del mercado son de marca, por ese motivo Windows tiene tanta cuota de mercado y los fallos no son tan exagerados a nivel global como podamos comentar aquí.
 
Es exactamente lo mismo que estaba pensando escribir. Ya tiene mérito por parte de Windows tener que lidiar no solo con los millones de cazurros que lo usan (porque probablemente el eslabón más débil del S.O es su usuario), sino los millones de configuraciones con las que tiene que lidiar, algunas realmente locas "porque sí".

En un ecosistema de MILES DE MILLONES de Windows instalados, que fallen "miles" es lo más habitual, vamos. Sobre todo si el factor usuario es el gran desencadenante de ello.
 
Pero que cojones!! Pues no me viene un técnico a decirme que la tarjeta de red Realtek de toda la vida no está soportada por el Windows 10. ¡¡Pero que cojones!! En que clase de mundo vivimos.

Pues en uno en el que el 90% de los "informáticos" no tienen ni idea y lo más avanzado que han leído en su vida es Xataka ;)
 
Es por la paranoia que les ha entrado últimamente con la privacidad. No soportarán algún protocolo, o chorradas similares, y se las cepillan. O el fabricante no quiere pasar los drivers por WHQL para que te compres nuevas, que también puede ser.
 
Xataka?. Si es la principal fuente de información de cuñaos, no me jodas. Lo que tengo que lidiar yo en otros temas por culpa de esos GAÑANES. Y todos estos cuñaos 3.0 dándoselas de ilustrados, eh, cuidao, que da igual si eres profesional del tema y llevas 30 años en el, ¡yo se mas que tú porque leo Xataka! :mparto:mparto:mparto:mparto
 
Arriba Pie