New known privacy risks with Microsoft Office ProPlus Enterprise

*** Hopeleonie ***
*** Hopeleonie *** used Ask the Experts™
on
Hi

Our government customers are very angry with Microsoft, but I think this is nothing new as we know such problems with Windows 10.
I have to analyze this problem and advise our customers.

According to the Dutch organization that did the research for the Dutch government, we have the following infos:

-  Microsoft systematically and extensively collects data about the individual use of Word, Excel, PowerPoint and Outlook. Secretly, without informing the people. According to the Dutch organization, it is hard to find what Microsfoft collects as the data is encrypted.
-  Microsoft sends telemetry data to its own servers in the United States.

This is what I found that we can do for our customer:
- Disable Manage the privacy of data monitored by telemetry in Office
- Ban the use of Connected Services
- Not to use SharePoint Oneline
- Block OneDrive
- Lock web version of Office 365

My questions:
1) Did you deal with this case? If yes, what will Microsoft collect?
2) Is it enough to Manage the privacy of data monitored by telemetry in Office ?
3) Do I still have to go through the Report from rijksoverheid.nl  ?

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Is it enough to Manage the privacy of data monitored by telemetry in Office ?

From what I have gleaned at Microsoft MVP Global Summits, yes this suffices.

None of the data is personally identifiable.

If you are not happy with the above, you can report it as well.
Daniel PineaultPresident / Owner CARDA Consultants Inc.
Distinguished Expert 2018

Commented:
This isn't hidden, it is in the EULA.  The issue is people agree to the EULA without ever reading or understanding what they are agreeing to.  Companies seem to go out of their way to create so complex EULAs that no one dare try and read it.  When I copied MS' into Word, I believe it was 48 pages long.  Completely absurd!  It is apparent they just want people to blindly agree, which I'm sure 99% do just that.

MS is no better or worse than Apple, Google, FaceBook, ... they all do it (and some are much more invasive!).  Data = $$$.

There are numerous alternatives to get away from MS if you are truly concerned (LINUX, MAC, OpenOffice, LibreOffice, ...).

I, myself, did not upgrade to Win10 because of this very issue, and now am even happier that I didn't considering the never ending issues with Win10 and Office 2016/2019/365.  Things have changed, we're no longer living in the 80's, data collection is done everywhere.  It is now a part of life.  Sad but true.
*** Hopeleonie ***IT Manager

Author

Commented:
@both
Is there any tool to check Microsoft Office privacy settings?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Distinguished Expert 2018
Commented:
1) Did you deal with this case? If yes, what will Microsoft collect?
You cannot tell since the transmitted data is encrypted.

2) Is it enough to Manage the privacy of data monitored by telemetry in Office ?
Imagine you have a webcam that has an activity LED. Imagine you turn it off using a software switch. The activity LED will not flash anymore, but can you really be sure it is not recording?

3) Do I still have to go through the Report from rijksoverheid.nl  ?
I'll give you something better. The german BSI has investigated on telemetry data collecting. They and the BMWI have notified enterprises recently that work with restricted data (Verschlusssachen), that "BSI geht insgesamt davon aus, dass VS-NfD mit Windows 10 mit vertretbarem Aufwand nur in einer Umgebung ohne direkten Internetzugang verarbeitet werden kann, d. h. wenn direkte Verbindungen vom Client ins Internet nachhaltig unterbunden werden."

Translation:
BSI assumes that VS-NfD (german equivalent to NATO restricted) can only be processed with Windows 10 at a reasonable cost in an environment without direct Internet access, that means, if direct connections from the client to the Internet are permanently prevented.

Interesting, eh? So have fun isolating your environment from the internet.
Daniel PineaultPresident / Owner CARDA Consultants Inc.
Distinguished Expert 2018

Commented:
The issue is that all of the available information is vague, so no one truly knows what is being collect, little alone how it is being used.  MS is not being transparent, but then neither are the other companies.

With verbage like "Some of the software features send or receive information when using those features", "you agree that Microsoft may collect, use, and disclose the information", ...  But you have to go digging and have a few hours to read through everything

https://www.microsoft.com/en-us/Useterms/Retail/Windows/10/UseTerms_Retail_Windows_10_English.htm
https://privacy.microsoft.com/en-US/privacystatement
https://www.microsoft.com/en-us/servicesagreement/

The following post explains the real issue with Windows 10 http://www.devhut.net/2015/09/21/windows-10-should-i-upgrade-or-not/ beyond the never ending updates that keep breaking things.
JohnBusiness Consultant (Owner)
Most Valuable Expert 2012
Expert of the Year 2018

Commented:
Is there any tool to check Microsoft Office privacy settings?    <-- You need to go through the overall privacy settings.

Start, Settings, Privacy  and work through all the settings.

The data is aggregated and encrypted so there is not any personal danger to you.
Distinguished Expert 2017

Commented:
Amazon, Google, and Facebook as well as others of that ilk, make their money by selling personally identifiable information to people who say they want to sell you stuff.

Microsoft claims to collect the non-personally identifiable information so that it can better understand how customers in general use the Office products.  I don't know that there have been any instances where people have exposed some other nefarious use of this data.  You are asked when you install office to agree or not agree to send info to Microsoft so although the agreement is obscure, it is there.

The problem with putting stuff in EULA's is that the customer has no option.  They can refuse to sign the EULA and not be able to use the product they paid for or they can sign it, hand over their first born, and hope for the best.  People are finally waking up to this being  a problem and lobbying their governments to stop the practice.  This is especially a problem with phone apps.  The only reason a game app needs to collect your geo data and contact list is because they intend to sell the info and to be marketable, it must be personally identifiable.  That's why I don't install games or ANY "freeware" EVER on my phone or computer.  NOTHING is free and anyone who believes that software is "free" is just plain stupid.

I remind you all to read 1984.  Big Brother is watching you!  He appears to be benign in the case of Microsoft but I'm not so sure about the others.

My boss gave me a Dot for Christmas the year before last.  I opened it Christmas eve while we were opening other presents.  The grandchildren entered my email but we lost interest because it didn't seem to do anything.  Two days later when I got online again, I was getting adds for items that the girls got for Christmas.  I powered off Alexa and put her back in the box and into a closet.  I elected to not be spied upon in my own home.
*** Hopeleonie ***IT Manager

Author

Commented:
Thanks a lot

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial