Citing a Canadian anti-spam law, Microsoft last week announced that it would discontinue its security bulletin e-mail lists. From the e-mail: "In lieu of email notifications, you can subscribe to one or more of the RSS feeds described on the Security TechCenter website". Legal experts said the decision was unnecessary, as there were specific provisions in the legislation to take such email into account.
However, in an apparent reversal of its decision, Microsoft now says it will be re-starting its security notifications via email early next month. From a Microsoft's spokesperson: "On June 27, 2014, Microsoft notified customers that we were suspending Microsoft Security Notifications due to changing governmental policies concerning the issuance of automated electronic messaging. We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service (ANS) on July 3, 2014."
Perhaps it was a case of Microsoft not reading the small print, or even the large print.
(Score: 1) by present_arms on Tuesday July 01 2014, @04:42PM
as i havn't RTFA I'm assuming that Microsoft know who their customers are and who uses ANS, as every sysadmin knows you have a test server to test any updated patches before putting them on a live system, not to would be all kinds of stupid, so getting these Emails is like a "heads up" to those admins of what possible patches are coming and can then theorize as to the damage it (the patch) could possibly do, I can't see this as being spam unless they absolutely hit every email address regardless. I'm also assuming therefore that they have re-written ANS so it keeps within Canadian law.
http://trinity.mypclinuxos.com/
(Score: 3, Funny) by janrinok on Tuesday July 01 2014, @06:01PM
Why assume when I have provided an article which explains the story in more detail? ;)
(Score: 2) by frojack on Tuesday July 01 2014, @06:32PM
Actually, the story (as well as the link) is still pretty unclear as to why Microsoft panicked and announced the death of the mailing list when exactly nobody else has done so.
There is more to this story than meets the eyes. Microsoft hires some of the best lawyers available. They don't make rookie mistakes like this.
This was a trial balloon for something else.
No, you are mistaken. I've always had this sig.
(Score: 2) by Hairyfeet on Wednesday July 02 2014, @01:21AM
Maybe its like most government regs and vague as hell? From what I understood (could be wrong, a LOT of vagueness with this story) the law could bite you in the ass if there was any adverts for other products. Now its been awhile since I got the security emails (now I just use WSUS and do a trial run on my testbox to see if there is any gotchas) but IIRC they did have adverts for things like Exchange and Sharepoint so...maybe their lawyer told 'em "better safe than sorry" until they got a hold of somebody in government to clarify exactly what constitutes an ad under their definition?
Meh old MSFT has had its collective head up its own ass for so long who the hell knows what is going on over in Redmond.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 2) by RaffArundel on Wednesday July 02 2014, @01:04PM
Probably not, I do this for a living and CASL looks like that "You are suggesting..." checklist we used to see all the time at the other site. But you are incorrect, since I am in the industry, I can say that it wasn't just Microsoft shutting down lists until the lawyers could weigh in.
What most likely happened is they went through CASL prep with their marketing campaign lists without thinking that the law would impact a Security Newsletter - but it does. Someone pointed that out (arguably a simple link back to their website could be construed as commercial) and the held the email send rather than get hit with huge penalties. Being Microsoft, they would likely have a big fat target on their back.
One issue is that the government dicked around and kept changing the law through the beginning of this year. While people are "grandfathered in" to mailing lists, some places take 6 months to make the major infrastructure changes necessary to identify and comply with the law. The second issue is that there definition of "commercial email", which requires explicit opt-in is very broad, specifically in the US's CAN-SPAM law the message has to be "primarily" commercial, but in CASL the vague way it is written, having links back to your site could arguable be "engaging in commercial purposes" and if all they did was bang in their email address into a form, that could result in the rather stiff penalties.
Let's use this site as an example. I get (and actually read) the daily digest even though I have generally already read everything listed. I don't recall you making me subscribe or even check a box to receive it. You also don't know (I believe) if I live in Canada. As a result, had I signed up yesterday, it would be illegal to send me an email with a "sponsored link". My guess is that Soylent cannot afford $1M CAD and keep running - so reviewing these things are probably a better idea than being shutdown by some bureaucrat pretending to be tough on whatever...
(Score: 2) by frojack on Wednesday July 02 2014, @05:36PM
Both for Soylent and Microsoft's patch list require subscription before any email starts flowing. Yes there are boxes to check. Yes you knew what you were getting into.
As a general observation, Canadian courts are a lot less ridiculous than man US courts, and someone making a claim that someone who voluntarily subscribes to Microsoft's list after installing microsoft software, already has a business relationship with Microsoft and any mention of a microsoft product would be expected.
Since the law was NOT change between microsoft's termination announcement and the re-in-statement announcement we can only assume that the termination had never been cleared with MS Legal, and certainly not Microsoft's Canada legal team.
I can see where Microsoft would like to purge this list (It must be huge, and full of long dead email addresses). Going to an RSS feed makes much more sense, because when your sysadmin moves on to another job, his RSS feed doesn't have to be terminated, and there is no list that needs to be cleaned.
And, in full Monty Python mode, here is a Commercial Link which I throw in your general direction as a taunt: http://media.chrysler.com/homepage.do [chrysler.com]
No, you are mistaken. I've always had this sig.
(Score: 2) by RaffArundel on Wednesday July 02 2014, @07:08PM
Nope, I just checked - the subscription is part of the message options in the profile. Unless that code has changed since the earliest days, I did not opt-in that I recall. The law specifically requires the site to prove me wrong - in this case, when specifically did I opt-in? Since the code is glorious open source, feel free to point me to lines that do so. There was no action required on my part that I recall, starting yesterday I could claim I didn't and sue.
Was there some confusion in my post? I said that a subscription based list like this is always very low on the list. Chances are the tech guy was dotting i's and crossing t's and brought it up. A responsible company (feel free to make M$ jokes) does a full-stop on legal compliance issues until someone can check. Someone checked, said it was okay and it was restated. Create a conspiracy if you like, I was simply pointing out this comes as no surprise.
(Score: 2) by frojack on Wednesday July 02 2014, @10:34PM
http://soylentnews.org/my/messages [soylentnews.org]
The default for all of the message is NONE, or WEB (when you log in).
Set up a new account and prove yourself wrong.
You don't need to announce the end of a list (with a future date) then announce the continuation if all that was required was to pass it through legal.
You might simply pause the list for a day or five while legal ex-digitates.
No, you are mistaken. I've always had this sig.
(Score: 1) by present_arms on Tuesday July 01 2014, @07:11PM
Yeah it is my fault as I did the green site thing and didn't read the article then spouted off some crap :P
http://trinity.mypclinuxos.com/
(Score: 3, Insightful) by Leebert on Tuesday July 01 2014, @04:51PM
If you're going to radically edit my submission, could you at least put a period at the end of the first paragraph? :)
(Mostly just kidding; the facts changed from the time of the submission so the editing doesn't really bother me, but my OCD won't let me ignore the missing period.)
(Score: 2) by janrinok on Tuesday July 01 2014, @05:56PM
NP - thanks for pointing it out.
(Score: 5, Funny) by Tork on Tuesday July 01 2014, @06:02PM
Don't they stop and restart their mail servers once a week anyway?
🏳️🌈 Proud Ally 🏳️🌈
(Score: 1) by present_arms on Tuesday July 01 2014, @07:18PM
for the want of mod points lol
http://trinity.mypclinuxos.com/
(Score: 0) by Anonymous Coward on Tuesday July 01 2014, @08:52PM
No, they just share the same breaker as the two microwaves in the break room.