As a Managed Service Provider for hundreds of systems across dozens of companies, a CTO, and a veteran IT Professional with over 30 years of hands-on experience, I speak from the bully pulpit--

 

With the release of Windows 10, Microsoft abdicates its last bastion of legitimacy as a long-standing operating system vendor. Recent press and circulated missives in the IT community show clear dissatisfaction with many facets of Microsoft Windows 10, in particular, the abandonment of privacy. I want to spend a moment (or at least less time than I spent reading the lengthy missive on how to reduce Windows 10's privacy exposures), digressing on this most egregious of Microsoft's behaviors.

 

 

It would appear that we have now entered the era in which an OS vendor no longer believes that our workstations, laptops, and other devices subjected to the Windows OS are really our own. From the original documents we generate, to the Internet connections we pay for.

 

Over the last decade, it was one thing to watch so many users be lulled into the complacency of surrendering their anonymized Internet habits to fill a major search engine's big data servers in exchange for "free broadband" for their community or "free browsers", but for these users to be compelled by  Microsoft via Windows 10 to surrender so many other aspects of digital privacy more proximal than their search habits and Internet traffic is indeed a sea change, much akin to the threat of melting ice pack at the poles.

 

Mr. Nadela and Microsoft have abandoned all fiduciary notions that "My Computer" and its attendant OS exist to facilitate my work and that I should have the reasonable expectation that in exchange for the associated payments that make said pairing of hardware and OS my personal property, I should not have to retool the whole damned thing upon receipt so that the work product I produce, my data, will in fact remain MINE and within my personally defined and controlled demesne.

 

For balance, I will state the obvious, that many other providers of Operating System Software and embedded media applications are also big data mining our every maneuver with certain classes of digital media like music, video, and active streams of either. Apple, for example, has provably harvested enough such data from me to very accurately determine the sort of new musical artist I should like to discover. That said my musical interests have long been less private than my manuscripts, at least since the introduction of the public jukebox in my local pool hall, a known divulgence of personal musical preferences I have willingly engaged in, if for no other reason that to play something other than top 100 pop tunes while I shoot pool.

 

The following snippet, used with permission, is just one example of the substantiation available from reputable news sources:

 

Apple and Google may have ignited the trend of collecting increasing amounts of their customers’ information, but with Windows 10, Microsoft has officially joined that race. By default, Windows 10 gives itself the right to pass loads of your data to Microsoft’s servers, use your bandwidth for Microsoft’s own purposes, and profile your Windows usage. Despite the accolades Microsoft has earned for finally doing its job, Windows 10 is currently a privacy morass in dire need of reform.

The problems start with Microsoft’s ominous privacy policy, which is now included in the Windows 10 end-user license agreement so that it applies to everything you do on a Windows PC, not just online. (Disclosure: I worked for Microsoft in the days of Windows XP.) It uses some scary broad strokes:

Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary.

 

David Auerbach, writing for Slate.com Aug. 3 2015 at this link.

 

I am particularly startled by the "good faith belief that doing so is necessary" phrase.  This legal concept deserves a great big "WTF?" along with "Who is the invisible arbiter of 'necessary'?". Not to mention the likely conflict with HIPAA, SOX, et al. In sum, Microsoft shows no "good faith" here.

 

Certainly some of this non-privacy trend is a function of Microsoft's lunge toward more continuous monetization as a SaaS provider with Office 365, and along with such a transition the understanding that many users voluntarily place varying degrees of data or work product outside of their computer in Microsoft's cloud. Nonetheless, this SaaS precedent should in no way be construed so as to suggest a blanket exportation of all user data. Making "My Computer" and most of its contents a de facto extension of Microsoft's cloud must be verboten for so many, many reasons that we as IT executives should already be aware of.

 

Microsoft needs to understand that they should only have inbound access to my data at my behest and over spans of time I specify, and that my proxy when I choose to place outbound data/files in a cloud setting must be also scope-limited and time-limited. Simply put, the possible desire to place a recent work document in the cloud, does not imply that I want all of the doors and "Windows" of my computing domain thrown wide to Microsoft for at-will, possibly covert, inbound and outbound access.

 

In the end, Mr. Nadela has dug an even deeper hole than the one he inherited from his incompetent predecessor and Nadela's team, in presenting Windows 10 and its "wide-open" privacy settings, has thrown out any remaining trustworthiness, invalidating the entire organization as a provider of Operating System Software.

 

Jerry Pape, Principal

Excalibur, Inc. -- a regional MSP