Bonum Certa Men Certa

EPO Breaking the Law With Microsoft and Promoting Fake 'Encryption' That Violates Confidentiality on Many Levels

Video download link



Summary: An explanation of how truly ridiculous the EPO has become, handing over to Microsoft (and to the US government) just about all of the EPO's communications in direct violation of the law, as well, so the only question now is, will the law actually be enforced soon? Contact your local MP/MEP and report this to him/her.

THE EPO is breaking the law. The António Campinos regime is just as bad as Benoît Battistelli's, even when it comes to privacy and pressuring judges to allow unlawful patents, such as software patents.



Steve Rowan - Vice President DG1 - Patent Granting ProcessIn parts of the series prior to this one, including Part II, we explained what the EPO had done and why it's illegal. I recorded a video (the one above) prior to the publication of Part II.

It's a long video, we could add a lot of links to it (I thought of many that would be relevant while recording it, but failed to take notes throughout), though the ones that seem of most relevance are Microsoft and the NSA relations, the latest Exchange fiasco (as recently as hours ago they still try to distract from it), how end-to-end encryption (e2ee) really works and some background about Stephen Rowan. The full text of the communication is reproduced below:

04.02.2021

Home > Organisation > DG 1 > The Vice-President > Announcements > 2021

Outlook Migration to the Cloud



Data encryption requirements for sending highly confidential data via Outlook

As announced in previous intranet items published in May and December 2020, our Outlook mailboxes are being transferred to the cloud. The transfer will take place in phases and cover only emails since 1 January 2021. As regards the patent grant process, only the following documents are classed as "EPO strictly confidential" and must not be sent by email without encryption: (i) application documents of unpublished applications (EP, PCT, national) (ii) search reports, search opinions, communications and decisions relating to unpublished applications (iii) search statements resulting in the disclosure of unpublished application documents (Guidelines B-III, 2.4; B-IV, 2.4) (iv) documents excluded from file inspection (documents which are marked as non-public in DI+, such as dissenting opinions, medical certificates, PACE requests, etc.) Guidance for the storage of strictly confidential information in the cloud The storage of strictly confidential documents in the cloud should be avoided, and data should not be copied unnecessarily from the EPO's specialised document management systems such as DI+. In practice, this means that, instead of e.g. copying data into an email, you should send a link to the document in the document management system (see also "How to send an email with document links or zipped attachment via Outlook"). Where sharing of strictly confidential data is necessary, the data must be encrypted before storing it in the cloud or sending a link to it via email. It is strongly recommended that you do not send the data directly in an email but instead encrypt the document, store it in the cloud, e.g. on SharePoint or OneDrive, and then send the recipients a link to the encrypted document by email. The password then needs to be shared via a separate channel, e.g. in a Teams chat, via Skype or on the telephone. Sending encrypted attachments is strongly discouraged, as they might not pass spam filters: using encrypted attachments is a very common way to infect user computers, so our email gateways do not allow encrypted attachments to be sent from or to our Outlook cloud instance. The easiest and safest way of encrypting a document is to use the built-in capabilities of the Office programs. Simply protect the document with a password, which also will encrypt the document with a strong encryption algorithm. Obviously, this password should be safe. As a rule of thumb, it should be about as complex as our login passwords, but of course not identical to a password already used. Chat is a good way to send the password, as a long random password can be easily copied and pasted from the chat into the password prompt in the Office program. Examples of how to apply encryption in popular Office programs are in the document annexed here.

Reasons and background

The level of security provided by Microsoft's cloud services is very high and will even mean an improvement in information security for our email system. In the cloud, our mailboxes will be protected by the most sophisticated systems. Email in Microsoft's datacentres is stored with a high standard of encryption, both in transit and at rest. With the help of contract terms, a data protection agreement and technical implementation, the EPO has ensured the best possible protection for the data stored using Microsoft's cloud services. Microsoft guarantees that the data itself is stored on EU servers within the jurisdiction of the European data protection rules (GDPR). Under the US Foreign Intelligence and Surveillance Act (FISA) and the US Clarifying Lawful Overseas Use of Data Act (CLOUD Act), Microsoft is obliged to grant security and intelligence agencies access to data stored in its cloud, even when stored on EU servers. However, the protection level offered by Microsoft is still sufficiently high for DG 1 processes in place for confidential data exchange not to need encryption. By contrast, to comply with the highest standards, which of course include the requirements imposed under the GDPR, encryption is needed for strictly confidential data. The guidance on the use of cloud tools therefore states that it is only strictly confidential data that must not be stored in plain form in the cloud, whereas merely confidential information can be stored there without limitations. The EPO defines "strictly confidential" in its "policy for information classification" (document attached) as: EPO strictly confidential: Information unauthorised disclosure of which could compromise or cause severe damage to the EPO or could cause damage to an identifiable individual or his or her reputation. Access control cannot be delegated by the information owner, and is restricted to registered named persons only. See here for more information. The vast majority of DG 1 documents do not fall into this category, and this is true for typical performance related data too, since even poor performance must be regarded as "normal" working behaviour and cannot be considered to actually cause damage to an individual. For strictly confidential data, additional access control measures, such as registering people with access, are already implemented where required.

04.02.21 | Author: Steve Rowan - Vice President DG1 - Patent Granting Process


In Part III, which we will publish tomorrow, lots more will be shown.

Recent Techrights' Posts

[Meme] It Takes Only Words to Destroy Malicious People and Pathological Liars
Trying to silence us is foolish. Boasting about this in public is worse than foolish; it's a legal liability.
WordPress is Unfit for Purpose in 2024
The Web itself changed a lot and the majority of Web traffic is pure junk
Nobody Knows What's in Our Fridge! Wow, Spooky!
Freedom means you can also purchase things anonymously
 
[Video] Daniel Pocock Warning About Someone Like Elon Musk Buying and Misusing Twitter Almost 7 Years Ago
Daniel Pocock spoke about Facebook and Twitter while attending the UN Forum on Business and Human Rights in Geneva, Switzerland
Dead Blog ('Hoisted By His Own Petard')
The saying "people who live in glass houses shouldn't throw stones" is also applicable here
Debian Voters Clearly Supportive of Richard Stallman (Founder of GNU/Linux), But Debian Leaders Keep Giving Voting Rights to Microsoft Staff
It can be seen that the pro-Stallman positions are dominant
[Meme] Remember That Microsoft and Trump Already Have a "Targets List"
Microsoft loves Trump bailouts
Service Notice: IRC Downtimes RESOLVED
We believe we've solved this entirely (or hope so), but it may take another week to know for sure
Linux 'Not Inclusive' 6.12 (Trumpism Inside Linux Foundation Affirmed)
They can make a codename for this release: Linux 'Not Inclusive' 6.12
The Open Source Initiative (OSI) is Dead. Cause of Death: Microsoft Bribes.
At the core, Linux Foundation and OSI adopted lies as a business model
Joan Meyer correctly linked Gideon Cody raid on Marion County Record to Kristallnacht
Reprinted with permission from Daniel Pocock
Trans People Misused to Attack a Project or Developer Who Has Nothing to Do With Them
And why that truly hurts all trans people
Our 18+ Years of Freedom-Fighting
We always fight back
Gemini Links 11/11/2024: Men Losing Grip and "You're Relaxing Wrong"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, November 10, 2024
IRC logs for Sunday, November 10, 2024
Freedom Must Always Be Fought For (All the Time)
Ridicule of "freedom fighters" in the digital realm is typically orchestrated by dictators or wannabes.
Gemini Links 10/11/2024: Taking Jokes and Writing Dense Assembly
Links for the day
Links 10/11/2024: Meaning of Life and iPhone ‘Inactivity Reboot’
Links for the day
Links 10/11/2024: Microsoft Adds Surveillance to Notepad and Paint, TikTok Shutdown Order
Links for the day
Gemini Links 10/11/2024: Scrawlspace and California
Links for the day
Links 10/11/2024: Politics, Economics, and Ticketmaster Issues
Links for the day
Linux Foundation: We've Shut Down the Mailing Lists and Fired Everyone at Linux.com So We Can Spend Money Buying Puff Pieces and Paying Clickfraud/Spammers
deeply rogue
The 'Other' Bruce... on Openwashing at OSI (and Not Bruce Perens, the OSI's Co-founder)
Openwashing people (connected to Microsoft) already do "open weights"
Gemini Links 10/11/2024: A Writer's Block, VIM Tips and Tricks
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, November 09, 2024
IRC logs for Saturday, November 09, 2024
[Meme] Linux Foundation Cuts
money is spent by the million on highly dubious things
Politics Becoming Way Too 'Toxic'
'Toxic' political discourse ought to be covered, but reducing the toxicity of coverage itself (e.g. inaccurately covering things to incite "the left" and "the right") is still challenging
"Paperless Office" (Incompatible With the Law) as a Threat to Workers' Health at the EPO, Europe's Second-Largest Institution and Largest Patent Office
"Software Ergonomics need to be brought back to the agenda at a high level!"
Linux Foundation is Rebuilding the Berlin Wall (to Keep Russians Out of Linux)
So the Linux Foundation is basically acting a bit like oppressive Soviets
Linux Foundation is a Scam Like 'Crypto' (So is the Company of Jim Zemlin's Wife, Bakkt)
To us, the Linux Foundation is just a massive scam
Remembering and Respecting Fallen Ones by Avoiding or Stopping Wars (and Boycotting Companies That Want Wars)
The people who die tend to be the least privileged and connected
EPO is Blasting Its Own Foot (There Will be No EPO Left)
If the EPO carries on shooting its own foot, there will be nothing left of it
There's Always a Way to Improve
Self-improvement is a perpetual task
Joel Espy Klecker, unpaid, terminally ill youth labor & Debian knew it
Reprinted with permission from Daniel Pocock
List of Debian lies and deception
Reprinted with permission from Daniel Pocock
Links 09/11/2024: More Mass Layoffs and Concerns About Musk Working Like Trump Aide
Links for the day
Gemini Links 09/11/2024: Operating the Temple System and SeaweedFS
Links for the day
[Teaser] [Meme] Central Occupational Health, Safety and Ergonomics Committee (COHSEC) at European Patent Office (EPO)
These are not teenage gamers
Links 09/11/2024: Further Restrictions on Social Control Media, CASIO Cracked Again
Links for the day
Why Brown CIT Oughtn't Be Named After Thomas J. Watson (Like Many Faculties Ought Not be Named After Bill Gates)
In their own words
Reminder That Mass Layoffs Are Going on All Month This Month at IBM
The "silent" layoffs continue until the end of this month if not longer
[Meme] Just Blame Whoever Takes Advantage of Your Back Doors
The media will even sympathise with malicious and/or incompetent companies if they blame "Russia"
This Remembrance Sunday We Must Also Remember That Some 'Security Companies' Want More Cyberwar
Some companies profit from the cyberwar; hence, their objective is not to end the war
Non-Tech Enshittification: Post Office Perils and the Czech is in the Mail
We still hope that the parcel will be recovered (maybe at customs) or will be sent back some day
[Meme] Don't Try This at Home (But a Datacentre Might be OK)
Quit outsourcing to Social Control Media
There's No Free Lunch in Video Hosting
they say there's no free lunch; if you aren't paying for hosting and serving of "your" videos, you're not the customer and those videos, once uploaded, aren't quite yours anymore
Parroting Microsoft Talking Points About Computer Security
This past summer Richard M. Stallman (RMS) openly complained in a public event that the term "security" had come to mean all sorts of ridiculous things, including the very oppose of real security
Visits to OpenAI's Site Plunged by More Than 67% in the Past Half a Year Alone
'autocorrect on steroids' is mostly worthless
Pocock Running for Office Again
Pocock dealt with all sorts of 'politics' in Free software and, unlike many politicians, he has a background in science and technology
[Meme] Turning the EPO Into a Speculation Bank, Monetising It by Breaking the Law, Playing Real Estate (and Mortgage) Financial Games
travesty
Real Estate and Workplace Problems at the European Patent Office, Which Grants Fake Patents Under the Guise of "Law"
Report on the 54th meeting of the Munich LOHSEC of 20 June 2024
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, November 08, 2024
IRC logs for Friday, November 08, 2024
Links 09/11/2024: Politics, Climate, and Why Physical Cash is Crucial
Links for the day
Gemini Links 09/11/2024: Minerals, Rants, and Maintaining Planetary Balance
Links for the day