European Patent Office Outsourced to Microsoft (US), Dooming Confidentiality With Back-Doored Toys Such as SharePoint and OneDrive

posted by Roy Schestowitz on Jan 24, 2024,
updated Jan 25, 2024

Not even remotely compliant with the uncompromising basics and key principles that should govern the European Patent Office (EPO). Drop the "E"?

SOME years ago, without any transparency whatsoever (back room deals, probably NDAs too), the EPO said it would outsource to Microsoft and in the wake of backlash António Campinos appointed some friends and losers to pretend to be experts in privacy or - to use their own ludicrous buzzwords of choice - "data protection" (Microsoft cannot even protect its own data). Everything in the Office of Benoît Battistelli, which had an actual Stasi (and agencies connected to the real Stasi), was rebranded "data protection" something.

Simona Barbieri was appointed as a chief liar (Data Protection Office), covering up what should constitute an investigation if not an actual arrest, and here we are after 3 years, with Microsoft (hence, NSA too) basically controlling the EPO's systems and EPO data from all around the world.

How is this even possible? Insane!

Is the EPO some boutique shop that cannot hire (or afford to hire) a pair of skilled engineers?

This reinforces the idea that multinational monopolists are in effect controlling Europe, and the EPO is just one of their de facto 'outposts'. EPO pours money into Microsoft's coffers while taking money away from staff. Are there kickbacks involved and, if so, who nets them?

Microsoft is not just a criminal company; it keeps attacking Free software while lobbying for European software patents. It attacks rivals using patents and now it controls patent offices too (in the U.S. Patent and Trademark Office (USPTO) they almost force people to use Microsoft's proprietary formats now, even as applicants).

Let's remember that today's EPO, despite knowing that software patents are problematic and likely not legal (courts throw them out), is pressuring examiners to grant them anyway.

To have a software patent (monopoly on maths) revoked in the EPO is very expensive - so expensive that few will bother. 2 days ago Unified Patents (no connection to the illegal UPC, just a similar name) said that it managed to squash a Dolby HEVC/AV1 patent from the EPO. Obviously it covers algorithms. Dolby used to blackmail GNU/Linux and probably still does using software patents, so EPO misconduct has a direct effect on European developers of Free software and integrators of GNU/Linux distros. Some of them spoke directly to us. As per Unified Patents: "On January 17, 2024, the European Patent Office announced the revocation of all claims of EP 3798988. The EP ‘988 patent is owned by Dolby International AB and is related to patents that have been declared essential to Access Advance and SISVEL’s AV1 patent pools."

Now that the EPO is controlled by Microsoft, at least at a technical level, the above granting policy is worth bearing in mind. Microsoft is illegally gaining access to all this confidential data. If that's not in violation of the tenets of the Office, what is?

The following letter from last month^* concerns Data Protection Regulations (DPR), mentioning directly "SharePoint, OpenText, OneDrive". We already explained, way back in 2021, why the "encryption" they claim to have in place is a hoax (the passphrases are sent through Microsoft for data that resides on Microsoft servers).

European Patent Office
80298 Munich
Germany

Central Staff Committee
Comité central du personnel
Zentraler Personalausschuss

centralSTCOM@epo.org

Reference: sc23139cl Date: 07/12/2023

European Patent Office | 80298 MUNICH | GERMANY

Ms Nellie Simon (Vice-President VP4)

By email:
vp4office@epo.org

Copy to:
Ms Simona Barbieri (Data Protection Office)
By email:
dpo@epo.org

OPEN LETTER

Data Protection Regulations (DPR) - Staff Committee Resources

Dear Ms Simon,

As you are probably aware, the adoption of the Data Protection Regulations (DPR) at the EPO, which entered into force in 2022, was an important step forward for the protection of personal data. Derived from it, different departments have issued data protection statements and records, in which the data protection operations are described and documented.

The Central Staff Committee (CSC) and Local Staff Committee (LSCs) want to contribute to the success of this policy. We are currently active in drafting suitable Data Protection records, together with experts of the Data Protection Office (DPO). During this task, we have realized that an important part of the challenges to define and implement a data protection policy for the staff representation comes from the difficulties to administer our current documentation. The adoption of the DPR itself added new documentation constraints for the statutory Staff Committees (SCs) (e.g. by the creation of a separate framework for the settlement of disputes, the Data Protection Board).

The Office has changed several times in the last years the archiving/publishing systems offered for SCs (e.g. new Intranet, SharePoint, OpenText, OneDrive). An important part of our documentation is distributed, managed in different local repositories, a fact that makes difficult the enforcement of coherent policies across the different operational levels. In addition, the progressive introduction of

---

software solutions in different stages of the history has led to an incomplete transition from paper archives to digital ones. From this situation, an attempt to define, at this moment, a data protection statement which fairly reflects optimal data protection practices is doomed to fail.

The CSC and LSCs have requested, along many years, the adscription of secretarial resources for assisting the respective committees in the management of the internal documentation, including the archives. The CSC and LSCs used to have assigned several full-time secretaries. However, in the last fifteen years, they were not replaced by the Office after retirement. As a result, the secretarial support has been completely removed. So far, and despite the number of repeated claims to reinstate such support, our demands have been disregarded. The Office has shown no willingness so far to progress on our requests. The matter is now for example the subject of the internal appeal RI/2022/010-xx.

We can only continue the technical work with the Data Protection experts to define our internal data protection policies once we clearly know which are the resources we can count with. The recent discussions with the experts revealed that much more resources than originally requested should be allocated to CSC/LSCs:

- secretarial support equivalent to 2,5 FTE for the CSC and LSCs,

- specialized IT support, and

- the necessary digital resources for structuring the documentation and archives, including storage, scanning, data management, encryption and anonymisation resources.

We hope that you understand that such lack of resources is delaying unnecessarily the establishment of Data Protection Statements for SCs. In view of the urgency of the matter, we would like to suggest a meeting with your services to coordinate the selection of such resources. Once we have deployed the solutions, we will be in a better position to continue with the definition and implementation of solid data protection policy for the staff representation.

We thank you for arranging such a meeting at your earliest convenience.

With best regards,

Yours sincerely,

Derek Kelly
Chairman of the Central Staff Committee
and on behalf of the Local Staff Committees

Some international lawyers contacted about this in the past. They wanted to press/explore legal action against the EPO and/or the regulatory agencies in Europe that let this be. This is corruption at the highest order and it does not help unify Europe, it merely discredits the EU, painting it as corrupt and incredulous. Brussels should be very deeply concerned about what the Mafia in Munich does to the EU's reputation. Just like Munich's municipality, it signs secret deals with Microsoft and there are bribes involved.

When you ignore public pleas and complaints for too long - if not ad infinitum - people become increasingly 'radical'. The EPO is a force of destabilisation in Europe. █

____

^* The letter told the Office the stance of the representatives, who meanwhile told staff: "Dear colleagues, Staff Committees have requested, along many years, the adscription of secretarial resources for assisting the respective committees in the management of the internal documentation, including the archives. The adoption of the EPO Data Protection Rules (DPR) itself added new documentation constraints for the statutory Staff Committees (e.g. by the creation of a separate framework for the settlement of disputes, the Data Protection Board). Staff Committees are currently working with Data Protection Experts to define their internal data protection policies. However, this work can only be finalized, once Staff Committees clearly know which are the resources they can count with. In this open letter, we request a meeting to coordinate the selection of such resources. Sincerely yours, The Central Staff Committee"