Microsoft has avoided the scrutiny of privacy issues that have caught rivals by collaborating with regulators and advocating its own solutions.


Quietly but with confidence, Microsoft is back.

For the first time in almost a decade, this is the most valuable company in the world, while his rival Apple stumbles. He has been praised for his intelligent focus in AI and cloud computing services in recent years and for his acquisition of the popular GitHub software development platform. And we have almost completely avoided the privacy issues and monopolistic tendencies that have hindered Facebook, Google, and Amazon, which has caused these companies to deal with negative daily headlines, disgusting lawsuits, and in failure of their leaders in the US Congress.

Microsoft sells targeted ads against search results. Users have complained about the security of their data in the cloud. The company has not received the same level of control and its leaders have been referred to Congress for years.

It's the fact that Microsoft, which belongs to LinkedIn, has been emulated: he was recently interviewed in Ireland about the use of email addresses of 18 million non-members to buy targeted ads on Facebook. And European governments have raised concerns about storing user data in the cloud via Office 365 and how Microsoft plans to address these issues. And thanks to a partnership with Facebook, Microsoft's Bing search engine was able to see the names of "virtually all" Facebook users without their consent until 2017. And this week again, Microsoft announced an agreement with Kroger for the implementation of retail experiences, in which will present personalized digital advertising for each customer, which will raise confidentiality issues as well as potential reductions of jobs in the retail business.

There are several reasons why Microsoft's practices have not attracted the same level of vigilance from regulators – and the company's history is an important part of it.

"They've been around the block, they've been the wrongdoer before, and they've already learned to play very well with the regulators," Jennifer King, director of privacy protection at Stanford Law's Center for Internet and Society. School. , tells Quick business. "This is one of the reasons why you do not see Microsoft's leaders being brought to Congress: they have a long-standing relationship, through lobbyists, policymakers, they've been in this space for decades. "

In fact, it has been more than two decades since the young CEO Bill Gates testified before the US Congress and he sought to know if the "dizzying growth" of the company affected the competition in the software industry. And he was sued by the federal government, which accused him of running a monopoly, in a bitter and contentious affair that took years to settle.

These confrontations taught Microsoft many lessons, including how to anticipate regulators' concerns, reorganize the business to address antitrust concerns, and make confidentiality an integral part of its organizational structure.

"Microsoft has taken these steps very seriously and has truly transformed the organization," King said. "They have virtually restructured their entire organization for nearly 20 years to allow people to address privacy issues from a legal perspective, software, usability and IT interactions built into the business. whole of the company. This is unlike any other technology companies. "

After a series of antitrust investigations by the Federal Trade Commission and the US Department of Justice (DOJ), Microsoft has received a number of consent decrees, with regulators scrutinizing practices, prices, and market share growing of Microsoft. In 2000, a court decided to split the company, which was subsequently overthrown.

CEO of Microsoft Satya Nadella [Photo: Dan Taylor/Heisenberg Media]"This is the original gangster of great technology, known to have sucked the air provided by its competitors in the 1990s. [Netscape] with implicit subsidies, "says Scott Galloway, a professor at New York University's Stern School of Business and one of the most vocal critics of advanced technology. "If the DOJ had not stopped Microsoft, we might not have Google today, preferring Bing as the dominant search engine."

And Microsoft has taken steps to resolve privacy issues. In 2016, France ordered the company to stop tracking users of Windows 10 and the Electronic Frontier Foundation has criticized it for referring to Microsoft all sorts of telemetry data, including localization, text input, touch input and the sites you visit. The company responded by combining more transparency – revealing the information collected about Windows 10 users – and giving them more control by allowing them to choose between a basic level or a full level of data collection.

"Microsoft has not (yet) given reason to Congress to call them to testify at Capitol Hill. While major technologies have been the subject of a scandal in 2018, Microsoft remains unscathed, "he notes. "While we continue to bark on the moon about Facebook and Apple, Microsoft is still plugging. It's impressive. "

Satya Nadella, the current CEO of the company, who took on this role five years ago, also received praise for overcoming the challenges of the latest wave of regulatory oversight and privacy.

"The technology CEO of the year award goes to Satya Nadella, who has proven herself to be a competent and responsible leader, able to protect society and its users from conflict," said Galloway, welcoming leadership and insight of the executive.

Navigation in roadblocks in Europe

But that does not mean that the broader discussion about user privacy and data collection has not affected them, especially as the company grows and adds more and more online communities like GitHub to its world of products and services.

In recent months, an army of European regulators and government agencies have highlighted some practices of collecting user data from the parent company on LinkedIn and elsewhere, even as the company was pushing ahead. new initiatives, further expanding its scope and market. permanent.

By all accounts, Europe has been more proactive than the United States in polling the US tech giants and asking them tough questions about their privacy and consumer data practices. And Microsoft has voluntarily extended Europe's demanding GDPR rights to its global customer base, although it is unclear how it could be held liable for violations of voluntary rules in the United States.

In a November report, the Irish Data Protection Commissioner explained how LinkedIn US, which serves as data processor to LinkedIn Ireland, had "processed choppy email addresses of about 18 million non-LinkedIn members and targeted these people on the Facebook platform in the absence of instruction. of the data controller. "

As a result of this audit, the Irish regulator told LinkedIn "to stop pre-computing and delete all personal data associated with this treatment".

The regulators discovered that the company was targeting non-LinkedIn members in violation of existing provisions. LinkedIn said it compiled with the demands of the regulator.

"We fully cooperated with the 2017 Data Protection Commission's investigation into a complaint about a European advertising campaign. We found that the overall processes and procedures we had in place had not been followed, "said Kalinda Raina, privacy officer at LinkedIn. "We have taken appropriate action and made internal changes to help prevent this from happening again."

As a result of this audit, LinkedIn stated that this had put an end to the so-called "pre-calculation" practice, which previously allowed new members to discover their links by joining LinkedIn.

"Alarming" concerns about privacy have led to changes

Data privacy issues are not limited to LinkedIn.

According to an audit commissioned by the Dutch Ministry of Justice and Security, Microsoft has stored sensitive data from Office users, including e-mail subject lines and e-mail. complete sentences executed via a spelling and grammar checker or the translation tool. privacy issues and no opt-out options that allow users to see their data collected. The agency reached an agreement with Microsoft on Oct. 26, which included changes to meet customer preferences.

Although the Dutch Ministry of Justice and Security is not the country's regulator, its report identifies several deficiencies in Microsoft's practices.

"Clandestinely, without informing users, Microsoft offers no choice regarding the amount of data, the ability to disable collection, or the ability to see what data is being collected because the data flow is encoded," said Privacy Company, the company of storage and file sharing launched by Internet tycoon Kim Dotcom, who drafted the report for the Dutch Ministry.

Regarding telemetry issues for Office 365 and Windows, Microsoft promises to do more.

"We have worked over the past year to give customers more choice and transparency in diagnostic data shared with Microsoft, and we will do more in the coming months," said Julie Brill, Associate General Counsel and Vice President of the Society for the Protection of Privacy. regulatory affairs, in a statement to Quick business. "There are often trade-offs between disabling diagnostic data and our ability to ensure product security, reliability, and functionality. So we work constantly so that customers understand the impact of each option. Our approach has always been designed around customer feedback and we value their continued contribution. "

Concerns about the widespread use of Microsoft products by government agencies and how these data are stored off-site are not limited to Europe.

In China, most of the Western social media sites such as Facebook and Twitter are blocked, while LinkedIn has flourished and currently has 41 million users. To survive in the country, LinkedIn worked with Beijing to set up a joint venture with local partners and to regularly remove politically sensitive publications and profile pages, such as those related to the Tiananmen Square massacre. .

Just last week, New York-based Chinese activist Zhou Fengsou, who was a student leader in the Tiananmen protests, was informed that his page had been blocked.

"While strongly supporting freedom of expression, we acknowledged at our launch that we had to comply with the requirements of the Chinese government to operate in China," the company told Zhou in a message.

In addition, privacy and consumer data monitoring bodies say US government agencies and regulators are lagging far behind Europe.

Microsoft seems to recognize the responsibility.

"Each of our solutions strengthens our smart cloud core and our state-of-the-art intelligent platform," said Nadella in the latest call for results. "We are not only optimistic about the opportunity that presents itself to us and our customers, but we also recognize our responsibility."

The increased focus on cloud computing adds an increased urgency to the question of how data is compiled and used as a product line and Microsoft partnerships in the private and public sectors.

"Privacy considerations are fundamental to any acquisition. Start by looking for like-minded partners, "says Julie Brill of Microsoft in response to questions. "We can always do more about privacy at Microsoft and the same goes for anyone we buy."

Walk ahead on military contracts

Like other tech giants, including Amazon and Google, Microsoft has been a long-time government supplier, but largely avoided the headlines, as technology workers intensified their activism and were outraged by the way their products were used. In November, the Redmond, Washington-based company outbid the US market on behalf of a large number of high-tech companies and defense subcontractors for $ 480 million. It is committed to providing HoloLens augmented reality devices. The US military will use Microsoft technology to "increase lethality by improving the ability to detect, decide, and engage with the enemy."

The company is still in the running for the Joint Enterprise Infrastructure Infrastructure (JEDI) project, a $ 10 billion contract to provide cloud services to the Department of Defense and reinforce Microsoft's commitment to the US government.

Unlike Google, Microsoft has continued its efforts with government contracts that have sparked criticism among technology employees.

Earlier this month, Microsoft's president and chief legal officer, Brad Smith, had expressed ethical concerns about the use of artificial intelligence by the military, but he reiterated his commitment to work with the Pentagon, claiming that "it is more productive to engage than how the technology is used."

And unlike Google, Microsoft does not seem to be bothered by employee criticism, as a recent blog post published in October by company staff members urged the company's management not to bid on. for the US military project JEDI. In June, 300 employees threatened to resign because of its contract with the US Immigration and Customs Service (ICE), which remains active.

"They have been around longer than most other companies. They are therefore very adept at playing the game of the government, especially considering what they have learned from different governments against them, "said Lauren Weinstein, a Los Angeles-based technology consultant. Angeles and co-founder of People for Internet Responsibility.

Anticipate future concerns

In the future, the company will try to be proactive with respect to potential new data privacy regulations and other rules applicable in Silicon Valley, which are generally expected as there is a consensus bipartite for such monitoring of the technology sector.

Last month, in a blog, Microsoft voiced concerns about the potential for abuse of facial recognition technologies. Earlier this year, a study identified racial and gender discrimination in facial recognition of AI. In this message, the company said: "We should not wait for governments to act," and pledged to create guarantees to treat the technology in the first quarter of 2019. We do not know what it means for Microsoft's Azure facial recognition technology, which he has been busy promoting on his site.

The company has recently distinguished itself from its competitors by supporting the French government's initiative "Call for trust and security in cyberspace", an international effort to regulate the Internet and fight against censorship and hate speech. online. Absent obviously among the signatories: the American government.

Microsoft certainly seems too aware of the importance of focusing on user control in its new products. She recently launched a partnership with Mastercard to create a "digital identity," noting that this tool will allow users to "verify their digital identity with whoever they want, when they want it." We still do not know how this initiative will move in the areas of finance, commerce and digital. and government services will help create a "decentralized" identity, raising new concerns about Microsoft's reach and access to user data, as well as how it is collected and used.

Arthur Patel, senior manager of the Identity Engineering Program at the company, insists that "Microsoft does not have and will not have access to Mastercard's customer data."

In a statement, Joy Chik, vice president of the identity division of Microsoft's intelligence and intelligence group, said, "We believe that people should be able to control their identity and digital data, and we're excited to start with work with Mastercard. to give life to new decentralized identity innovations. "

For now, it's probably up to Europe to keep Microsoft and its tech rivals under control. As Quick businessMark Sullivan said he was not explaining congressional action on personal data protection this year, or that it will be questioned in 2020. And Galloway said the US regulation is "absolutely" late on Europe.

"Compared to the United States, Europe tends to apply stricter antitrust rules and protections of consumer privacy," he said. "I think we are heading towards an inverted D-day. Just as we saved Europe in the middle of the 20th century, they will save us from the tyranny of technology. "