Source: Yuntou (ID: YunTouTiao)
Hessen, Germany, said that the information of teachers and students may "leak" to American spy agencies.
Schools in central Hessen, Germany, have been told that it is illegal to use Microsoft Office 365 now.
The state's data protection commissioner has ruled that using the standard configuration of this popular cloud platform will reveal the personal information of teachers and students, “may be accessible by US officials”.
This may sound like another incident in Europe that concerns data privacy or concerns about the US government's foreign policy.
But in fact, the ruling of the Hessian Office of Data Protection and Freedom of Information is the result of years of domestic debate about whether German schools and other government agencies should use Microsoft software.
In addition to the detailed information provided by German users when using the platform, Microsoft Office 365 sends telemetry data back to the United States.
Researchers in the Netherlands last year found that such data could include anything from standard software diagnostics to user content from internal applications, such as sentences from the subject line of documents and emails. The Dutch side said that all of this violates the EU's General Regulations on Data Protection (GDPR).
The German Federal Office for Information Security recently also expressed concern about telemetry data sent by the Windows operating system.
In order to alleviate Germany's privacy concerns, Microsoft has invested millions of dollars in a German cloud service; in 2017, the Hessian authorities said local schools can use Office 365. Hessian data privacy commissioner Michael Ronellenfitsch said that if the German data is still in the country, then no problem.
But in August 2018, Microsoft decided to close its German service. As a result, data from local Office 365 users is transmitted across the Atlantic again. Several US laws give the US government greater power to request data from technology companies, including the 2018 CLOUD Act and the 2015 US Freedom Act.
Austrian digital copyright advocate Max Schrems this week brought a lawsuit on data transmission between the EU and the United States to the European Supreme Court. He told IT foreign media ZDNet that it was actually very simple.
He pointed out that school students usually cannot agree. “If data is sent to Microsoft in the United States, it is subject to large-scale US surveillance laws. According to EU law, this is illegal. ”
Ronellenfitsch of Hessen explained in a statement that even if it were not, German public institutions (such as schools) had a special responsibility for their handling of personal data and their transparency on this issue.
Although discussions have been ongoing between the German authorities and Microsoft, it is still impossible to fulfill those responsibilities.
A Microsoft spokesperson told ZDNet that they are working hard to resolve this issue: "We are grateful to the Hessian Commissioner for raising these concerns and we look forward to working with them to better understand their concerns. ”
The spokesperson also pointed out that Microsoft has filed a lawsuit against the US government to protect customer data, and administrators of school and workplace accounts can limit what information is sent back to Microsoft. However, the information transfer cannot be completely turned off.
The school is by no means the only public institution in Germany that has doubts about Microsoft. Earlier this year, Vitako, the federal association of German municipal IT service providers, complained that the use of Office 365 by local councils meant that private information about German citizens (such as citizens claiming a driver's license or marriage certificate) might also be disclosed to US snoopers.
A senior IT administrator in Cologne complained that since we paid for a software license, it is natural to expect that the product requires less management and provides a higher level of security: “On the contrary, this is for the municipality. Costly risks. ”
In 2018, the German federal government department and its subordinate offices spent nearly 73 million euros (about 82 million US dollars) to buy Microsoft software licenses & mdash; — nearly 26 million euros (about 29 million US dollars) more than the budget, it is very likely It is because the license expires.
The German Ministry of the Interior said in a letter on this topic that although it is trying to use open source software and other alternatives, the German departments currently have few options besides Microsoft.
In fact, it's all part of the long-term struggle of how Europeans protect their data to avoid being peeped by the United States. The call for the German government to work harder to do a good job of “digital sovereignty” is growing.
Andreas Koenen, a senior member of the German Ministry of the Interior, advocated the use of domestic cloud services at a conference held in Berlin earlier this year, when he said: “We must consider this issue again and provide realistic funding for this. The political situation forces us to do so. ”
The legal situation will soon force Germany to do so. On Tuesday, the European Court of Justice heard a lawsuit filed by Austrian activist Schrems. In 2015, Schrems had achieved a media-focused success in the European Court of Justice, when the lawsuit he filed overturned the so-called Safe Harbor Agreement and ruled on data transmission between the EU and the United States.
The new lawsuit may question the “Privacy Shield”, which is a rule to replace the safe harbor in 2016. Since the case was accepted in Ireland, the country of origin, it may now also challenge the so-called “standard contract terms” that apply to transatlantic transmission of data.
Some of Microsoft's data transmissions are also subject to these regulations, which may cause significant disruption to international data flows.
It is expected that Luxembourg will not make a decision until mid-December. So during this time, school students in central Germany will have to cope: the Hessian Privacy Commissioner recommends that they use similar office products with on-premises licenses, and everyone is waiting for Microsoft to give feedback.