SoylentNews is people
SoylentNews
from the sunshine-is-the-best-disinfectant dept.
So far this is only in Switzerland, but there is every reason to suppose it will come up in Germany and other countries. In Switzerland, on the request of the Pirate Party, the governmental data protection office is having a look at Windows 10 (article in German, Here is a Google translation).
If the office determines that Windows 10 violates Swiss privacy laws, they can recommend changes to Windows 10. If Microsoft were to refuse to make those changes, the office would have the option of banning Windows 10 within the country. As the article points out, a similar process forced Google to make substantial changes to StreetView, so it can be effective.
Personal opinion: Switzerland is too small by itself. However, if the Pirate Party in Germany, France and elsewhere could initiate similar actions, Europe as a whole could force real change. And, hey, it will show that the Pirate Party hasn't totally lost its way.
Original Submission
(Score: 3, Interesting) by skullz on Wednesday August 26 2015, @07:27PM
Win10 is probably a ready-made HIPPA violation too.
That is a very good point. I'll admit, I enjoy using Cortana and Windows 10 but if I were typing my SSN / health info into a website I would hope it was protected to some level. The website (if it was supposed to be HIPPA compliant) would but what about the browser? I'm not sure where the "this is not HIPPA, this is now HIPPA" line is but I suspect when it enters the medical system. So your phone / browser isn't required, but the "storing" website does. Otherwise any browser that stores field values has to be HIPPA compliant, as well as any addon for spell check that does a server callback, Skype addons, etc.
(Score: 0) by Anonymous Coward on Wednesday August 26 2015, @08:31PM
s/HIPPA/HIPAA [wikipedia.org]/
(Do not apply regex to discussions about decapod crustaceans [wikipedia.org].)
(Score: 1, Insightful) by Anonymous Coward on Wednesday August 26 2015, @08:54PM
Did not mean for regular users, I meant for healthcare providers - the desktop at the nurse's station for example. You can't have that computer sending every keystroke to MS. If MS has a way to make Win10 HIPAA compliant for their commercial customers, we should be able to apply the same changes to personal systems.
(Score: 1, Insightful) by Anonymous Coward on Wednesday August 26 2015, @08:55PM
It's not just about the sites you visit. Imagine a computer in a medical establishment running Windows10 (or Win8 / Win7 with these updates). Even enterprise reports back to M$ telemetry servers, but we're not sure what just yet.
(Score: 5, Insightful) by edIII on Wednesday August 26 2015, @10:39PM
You've brought up a pretty good point beyond HIPPA I think.
If Microsoft is keylogging *everything*, then it stands to reason that the collectors themselves must comply with *all* laws such as HIPPA. Whatever federal laws exist must be complied with as well, in addition to the laws of *every* country that Windows 10 will be released in. No wonder that Russia is moving to ban Windows down all the way to Windows 7, which is coincidentally how far these shenanigans are being pushed down.
I sincerely doubt the collectors could ever comply with all of the laws, and in many cases just running Windows 10 may be a breach of contract for a business. I've seen language in some contracts that spells out the efforts required to secure business data, and quite often uses the term "reasonable efforts". I cannot possibly conclude that continuing to use Windows 10, without additional contracts to secure business data with Microsoft as a SAAS provider, would be in accordance with my contractually obligated duties to my clients business data. It's not reasonable at all to allow Microsoft to log *every* keystroke, and is in fact quite stupid and insane. I'm sure my clients would instantly ask what contractual protections do I have with Microsoft beyond the undoubtedly one-sided EULA that doesn't protect their interests, nor does it establish strong penalties for Microsoft in the event of a breach.
Not to mention that some of my clients have very strong feelings about the cloud and the security of their business data. If they're asking me to isolate all of their systems and prevent their business data from ever entering the cloud, well that just became effectively impossible with Microsoft.
Well before this, I already concluded that I would ban any device through policy or software that runs Apple/Google spyware code. However, that was simple to avoid. Just don't use Siri or the stupid spell checker. That can be disabled to prevent data leakage. Microsoft has enabled business data leakage at the lowest levels possible, while being coy about it and pointing towards some non-existent and meaningless legal protections and promises. I went to look up the updates that turn on the telemetry, and Microsoft popped something up right away asking if I had "questions" about Windows 10. Already pushing propaganda about how their updates are somehow not nefarious.
Technically, lunchtime is at any moment. It's just a wave function.