Daily Archives: November 26, 2020

Privacy campaigner flags concerns about Microsoft’s creepy Productivity Score now in 365

Posted on by

Microsoft’s Productivity Score has put in a public appearance in Microsoft 365 and attracted the ire of privacy campaigners and activists.

The Register had already noted the vaguely creepy-sounding technology back in May. The goal of it is to use telemetry captured by the Windows behemoth to track the productivity of an organisation through metrics such as a corporate obsession with interminable meetings or just how collaborative employees are being.

The whole thing sounds vaguely disturbing in spite of Microsoft’s insistence that it was for users’ own good.

As more details have emerged, so have concerns over just how granular the level of data capture is.

Vienna-based researcher (and co-creator of Data Dealer) Wolfie Christl suggested that the new features “turns Microsoft 365 into an full-fledged workplace surveillance tool.”

Christl went on to claim that the software allows employers to dig into employee activities, checking the usage of email versus Teams and looking into email threads with @mentions. “This is so problematic at many levels,” he noted, adding: “Managers evaluating individual-level employee data is a no go,” and that there was the danger that evaluating “productivity” data can shift power from employees to organisations.

Earlier this year we put it to Microsoft corporate vice president Brad Anderson that employees might find themselves under the gimlet gaze of HR thanks to this data.

He told us: “There is no PII [personally identifiable information] data in there… it’s a valid concern, and so we’ve been very careful that as we bring that telemetry back, you know, we bring back what we need, but we stay out of the PII world.”

Microsoft did concede that there could be granularity down to the individual level although exceptions could be configured. Melissa Grant, director of product marketing for Microsoft 365, told us that Microsoft had been asked if it was possible to use the tool to check, for example, that everyone was online and working by 8 but added: “We’re not in the business of monitoring employees.”

Christl’s concerns are not limited to the Productivity Score dashboard itself, but also regarding what is going on behind the scenes in the form of the Microsoft Graph. The People API, for example, is a handy jumping off point into all manner of employee data.

For its part, Microsoft has continued to insist that Productivity Score is not a stick with which to bash employees. In a recent blog on the matter, the company stated:

To be clear, Productivity Score is not designed as a tool for monitoring employee work output and activities. In fact, we safeguard against this type of use by not providing specific information on individualized actions, and instead only analyze user-level data aggregated over a 28-day period, so you can’t see what a specific employee is working on at a given time. Productivity Score was built to help you understand how people are using productivity tools and how well the underlying technology supports them in this.

In an email to The Register, Christl retorted: “The system *does* clearly monitor employee activities. And they call it ‘Productivity Score’, which is perhaps misleading, but will make managers use it in a way managers usually use tools that claim to measure ‘productivity’.”

He added that Microsoft’s own promotional video for the technology showed a list of clearly identifiable users, which corporate veep Jared Spataro said enabled companies to “find your top communicators across activities for the last four weeks.”

We put Christl’s concerns to Microsoft and asked the company if its good intentions extended to the APIs exposed by the Microsoft Graph.

While it has yet to respond to worries about the APIs, it reiterated that the tool was compliant with privacy laws and regulations, telling us: “Productivity Score is an opt-in experience that gives IT administrators insights about technology and infrastructure usage.

It added: “Insights are intended to help organizations make the most of their technology investments by addressing common pain points like long boot times, inefficient document collaboration, or poor network connectivity. Insights are shown in aggregate over a 28-day period and are provided at the user level so that an IT admin can provide technical support and guidance.”

Source: Privacy campaigner flags concerns about Microsoft’s creepy Productivity Score • The Register

Prolonged AWS outage takes down a big chunk of the internet

Posted on by

Amazon Web Services (AWS), Amazon’s internet infrastructure service that is the backbone of many websites and apps, experienced a multi-hour outage on Wednesday that affected a large portion of the internet. The service has been nearly fully restored as of 4:18AM ET on Thursday morning, according to Amazon.

Source: Prolonged AWS outage takes down a big chunk of the internet – The Verge

IRS contracted to Search Warrantless Location Database Over 10,000 Times

Posted on by

The IRS was able to query a database of location data quietly harvested from ordinary smartphone apps over 10,000 times, according to a copy of the contract between IRS and the data provider obtained by Motherboard.

The document provides more insight into what exactly the IRS wanted to do with a tool purchased from Venntel, a government contractor that sells clients access to a database of smartphone movements. The Inspector General is currently investigating the IRS for using the data without a warrant to try to track the location of Americans.

“This contract makes clear that the IRS intended to use Venntel’s spying tool to identify specific smartphone users using data collected by apps and sold onwards to shady data brokers. The IRS would have needed a warrant to obtain this kind of sensitive information from AT&T or Google,” Senator Ron Wyden told Motherboard in a statement after reviewing the contract.

[…]

Venntel sources its location data from gaming, weather, and other innocuous looking apps. An aide for the office of Senator Ron Wyden, whose office has been investigating the location data industry, previously told Motherboard that officials from Customs and Border Protection (CBP), which has also purchased Venntel products, said they believe Venntel also obtains location information from the real-time bidding that occurs when advertisers push their adverts into users’ browsing sessions.

One of the new documents says Venntel sources the location information from its “advertising analytics network and other sources.” Venntel is a subsidiary of advertising firm Gravy Analytics.

The data is “global,” according to a document obtained from CBP.

[…]

Source: IRS Could Search Warrantless Location Database Over 10,000 Times

GM launches OnStar Insurance Services – uses your driving data to calculate insurance rate

Posted on by

Andrew Rose, president of OnStar Insurance Services commented: “OnStar Insurance will promote safety, security and peace of mind. We aim to be an industry leader, offering insurance in an innovative way.

“GM customers who have subscribed to OnStar and connected services will be eligible to receive discounts, while also receiving fully-integrated services from OnStar Insurance Services.”

The service has been developed to improve the experience for policyholders who have an OnStar Safety & Security plan, as Automatic Crash Response has been designed to notify an OnStar Emergency-certified Advisor who can send for help.

The service is currently working with its insurance carrier partners to remove biased insurance plans by focusing on factors within the customer’s control, which includes individual vehicle usage and rewarding smart driving habits that benefit road safety.

OnStar Insurance Services plans to provide customers with personalised vehicle care and promote safer driving habits, along with a data-backed analysis of driving behaviour.

Source: General Motors launches OnStar Insurance Services – Reinsurance News

What it doesn’t say is whether it could raise insurances or deny them entirely, how transparent the reward system will be or what else they will be doing with your data.

Struggling electric jet startup Zunum sues Boeing for fraud, misuse of trade secrets, poaching talent

Posted on by

In 2017, Zunum Aero was flying high. The Kirkland, Washington-based aviation startup came out of stealth mode with bold plans to build a fleet of 12-seat hybrid electric jets for short, regional hops between cities. The company, which had received millions of dollars from the venture arms of Boeing and JetBlue, said it would be ready to fly by 2022.

Not long after, those dreams came crashing down to earth. In 2018, Zunum ran out of cash, forcing it to lay off nearly all of its employees and vacate its headquarters. It struggled to raise additional funds that it needed to get its plans back in motion. And now, Zunum is striking back at one of its former investors. The company filed a lawsuit in Washington Superior Court this week accusing aerospace giant Boeing of fraud, technology theft, breach of contract, and misappropriation of trade secrets.

Zunum said that Boeing “colluded with other key aerospace manufacturers and funders” to sabotage its efforts to raise additional cash and tried to poach Zunum’s engineers during the process. The startup claims that Boeing saw its superior technology and potential to disrupt air travel as a threat to its own dominance in the aviation world and sought to undermine it. Using its due diligence as an investor as subtext, Zunum said Boeing gained access to its business plan and proprietary technology, and “exploited” Zunum for its own benefit.

“Boeing saw an innovative venture, with a dramatically improved path to the future, and presented itself as interested in investing and partnering with Zunum,” the company claims in court filings. “But instead, Boeing stole Zunum’s technology and intentionally hobbled the upstart entrant in order to maintain its dominant position in commercial aviation by stifling competition.”

It’s rare that a startup would sue one of its investors after failing to deliver on its promises. But Zunum said its setbacks weren’t because of bad technology or a faulty business plan. Rather, the company claims it was sabotaged by Boeing, which misused its position as an investor to pillage its talent and patents before eventually scuttling the company’s ability to continue to raise money.

Zunum also names HorizonX, Boeing’s venture capital arm, and French engine supplier Safran as co-defendants. The company is seeking compensatory and punitive damages. A spokesperson for Boeing said the lawsuit was without merit and that the company would “vigorously” contest it in court.

[…]

Zunum puts the blame on Boeing. The Chicago-based company repeatedly reneged on promises for additional funds and dissuaded other investors from putting money in, the lawsuit alleges.

“Boeing also kept Zunum beholden to it for much-needed capital and market validation, stringing Zunum along with the prospects of an anchor investment and providing leadership on further fundraising,” the lawsuit says. “Although Zunum also sought investments elsewhere, Boeing actively interfered with and undermined those business relationships while inducing Zunum to continue its reliance on Boeing by holding out the prospect of a strategic partnership or merger.”

[…]

“Zunum discovered that Boeing was secretly developing a replica prototype of Zunum’s flagship aircraft design, staffed by the very same engineers and other professionals whom Boeing had assigned to conduct extensive due diligence on Zunum, under non-disclosure and non-use obligations,” the lawsuit reads.

Source: Struggling electric jet startup Zunum sues Boeing for fraud and misuse of trade secrets – The Verge