"This latest attack marks a return to Microsoft’s longtime practices. And it’s no coincidence that Microsoft’s newfound interest in attacking us comes on the heels of the SolarWinds attack and at a moment when they’ve allowed tens of thousands of their customers — including government agencies in the U.S., NATO allies, banks, nonprofits, telecommunications providers, public utilities, police, fire and rescue units, hospitals and, presumably, news organizations — to be actively hacked via major Microsoft vulnerabilities. Microsoft was warned about the vulnerabilities in their system, knew they were being exploited, and are now doing damage control while their customers scramble to pick up the pieces from what has been dubbed the Great Email Robbery. So maybe it’s not surprising to see them dusting off the old diversionary Scroogled playbook."

--Google's Official Blog this week

Video download link



Summary: Today's video examining the report, which includes hard evidence, of Microsoft's privacy violations (never mind privacy failures due to security breaches, which have become more than routine)

THE NINTH part of the ongoing series has just been published. Cited in this part was this report [PDF] from/for Dutch authorities. We've made a local copy of this report and produced an HTML version (it's long!) as we typically do when it comes to historically significant documents. They tend to vanish after less than a decade (not just broken links but lack of copies anywhere except the Internet Archive).

It is no secret that Microsoft keeps breaking the privacy laws, it keeps losing control of its data (due to security reasons, not just deliberate neglect and law-breaking), and it always gets away with it, somehow, owing to political clout. Look no further than yesterday's report about those billionaires grifting billions of dollars (taking away money from taxpayers in the name of "relief"), this time because of their very own failures at security. It's incredible, isn't it? It's just about as ridiculous as that sounds; they're being rewarded for breaking the law and making bad products at the expense of the public, which shoulders the cost induced by corporate failure (some might call this "communism"). Here's a quick reminder that Microsoft's total incompetence is being excused using racist tactics (based on claims later disproved) and a new article entitled "Microsoft could reap more than $193m in new US cyber spending" by Joseph Menn, Christopher Bing and Raphael Satter. To quote:

Microsoft stands to receive nearly a quarter of Covid relief funds destined for US cybersecurity defenders, angering some lawmakers who don't want to increase funding for a company whose software was recently at the heart of two big hacks.

Congress allocated the funds at issue in the Covid relief bill after two enormous cyber attacks leveraged weaknesses in Microsoft products to reach into computer networks at federal and local agencies and tens of thousands of companies.

One breach attributed to Russia in December grabbed emails from the Justice Department, Commerce Department and Treasury Department.

Notice the attempts to blame nations rather than the company that makes faulty products.

Either way, the EPO has outsourced to a vendor notorious for security failures. Azure was recently cracked, Microsoft's own systems and network got breached (they belatedly admitted this), and just about everyone deploying Exchange for E-mail got pale in the face. Trillions of E-mail messages are floating everywhere, waiting for yet-unknown victims of espionage, blackmail and so on.

The video discusses what it means for António Campinos to outsource the EPO's data, including data associated with EPO staff and stakeholders, to Microsoft. This Microsoft iscandal is a lot worse than Benoît Battistelli's Microsoft scandal (giving preferential treatment for Microsoft, which lobbies the EPO for illegal European software patents).

Part 10 of the series will be published later today, focusing again on the GDPR. We've meanwhile noticed that in Twitter the FFII and Mr. Schrems talk about the series. There are already consequences, which is why the EPO was fast to issue face-saving communications to all staff. ⬆

Image credit: the Dutch report on Microsoft's privacy violations [PDF]. Notice "ActiveX" in there.