Tag: privacy

Microsoft rejects handing over emails stored overseas

PCMag reports that Microsoft rejects handing over emails stored overseas in Ireland. A New York judge ordered the email data to be handed over to the US government, while the data is stored in Ireland. The emails were requested by the US government this summer. Judge Preska approved this request in a ruling in late July. However, the green light for the government to go ahead and get the emails off the Microsoft servers in Ireland was only given last Friday. The reason for this was to allow Microsoft time to appeal the ruling.

Microsoft rejects handing over emails stored overseas

A Microsoft datacenter in Dublin, Ireland

The reason Microsoft refuses to hand over the emails is privacy. This is noted by Microsoft chief privacy officer Brendon Lynch in a blog article from August 27th. A quote from the article:

So far the courts have sided with the U.S. government, but we are appealing the latest decision. This case could have important implications outside the U.S.  Other governments could demand emails held in datacenters outside their jurisdiction. In fact, earlier this month the British government passed a law asserting its right to require tech companies to produce emails stored anywhere in the world. This would include emails stored in the U.S. by Americans who have never been to the UK.

Brendo points to Microsoft’s Digital Constitution website which shows a timeline of events, posts and surveys about the situation and how Microsoft is responding to the situation.

Microsoft is not alone in its stance on privacy online: other large technology corporations including Cisco and Apple support the company’s vision. This can be found on the ‘what others are saying‘ page on the Digital Constitution website.

Modern technology can be both a blessing and a curse for people and corporations. While it enables to communicate with everyoen everywhere, and find all the information on any subject, however obscure, it also poses security and privacy issues. While some laws and regulations have been updated over the years, legislation in general is lagging behind technology developments.

In the case of Microsoft’s refusal to hand over the emails, I believe Microsoft has a strong point when it comes to trust. If trust in a company is lost by its customers, can it ever be rewon when it comes to online services like email?

Source: PCmag

Related Posts:

Sign up for the newsletter!

German anti-stress law in the making that bans work email and phone calls outside office hours

In Germany, it’s already common at a few employers to not receive any work email and/or phone calls outside office hours. Companies that have enforced this in the past years include BMW, Volkswagen and Telekom. However, the German government, in this case the minister for Employment Andrea Nahles, is looking into the creation of an anti-stress law.

german-anti-stress-law

image via Flickr – https://www.flickr.com/photos/screamingmonkey/4839552797/

According to an interview posted on RP-online (Google Translate link), Nahles’ goal with the new law is to let all Germans have proper downtime, after work time. With modern economics and communications having people send out work emails and phone calls around the clock, the boundaries between work and private life are fading. This is dangerous when it comes to recharging one’s energy during private time, so one can go to work refreshed and healthily.

The problem with legislation like this German anti-stress law is that on the one hand, being concerned about people’s mental health and stress levels is good and important, on the other hand government involvement in situations like this can be seen as too big brother-ish.

Find out more about the details of the plans concerning this new German anti-stress law in the Google Translate-linked article here.

Related Posts:

16 million German email addresses stolen, including passwords

german-email-addresses-stolen-bsiThe BBC has reported no less than 16 million German email addresses stolen, and account passwords stolen as well by hackers. The hackers infected the computers of the victims which in turn registered those victims in a network from where their data could be stolen.

The German Federal Office of Security (BSI, Bundesamt für Sicherheit in der Informationstechnik) is investigated the matter, but no sign yet of any details of where the theft has originated from. The agency has created a website to check whether you have been hacked or not. The website can be found here. On the first day more than 300,000 people had already visited the website. With this many German email addresses stolen, it seems that the hackers have been executing their theft quite professionally.

German news site Bild (Google Translate version of article) notes that when a match is made with an email address that is entered on that website, an email will be sent to that email address. That email contains tips on what to do: if a match is made the chances are pretty high that the email address owner’s computer is infected.

The fact that more than half of the stolen email addresses ended with .de provided the insight that the attack was aimed mainly at German email address owners. 16 million addresses would cover about one fifth of the total german population.

Related Posts:

To prevent phishing scams, banks are collecting special TLD domains

icannScammers will have a harder time trying to do phishing: banks are picking up new type top level domain names (TLD) to prevent attacks.

In the land of email, phishing scams are a common sight: your bank or credit card company supposedly sends you an email, with a request to either click on a link or reply with details.

This is all a big scam of course, trying to either get you to fill in financially critical data and/or trying to break into your computer via the installation of malware on your computer after clicking a link.

Banks are battling this on many fronts, and one of it is the domain name industry. Earlier last year, new types of TLD names have become available so that there is no more limit to the type of TLD you can register.

A quote from the Wall Street Journal article:

The new addresses include extensions like dot-citi, dot-bofa and dot-barclays. The banks hope these extensions will help their online customers know they are actually dealing with the bank and not a scam website trying to pilfer personal information.

The trouble with these new TLDs like .citi, .americanexpress and .jpmorgan is that the end user doesn’t know about these TLDs yet. Things will have to move slow, both in services offered from those new domains as well as communications. If it all goes too fast, consumers might think that scammers are trying to pull a phishing scam on them instead of the actual banks trying to conduct business.

Other reasons for registering these TLDs that are mentioned are customer service and brand promotion. Having a TLD like .jpmorgan or .barclays can provide a clear endpoint for people: when visiting a domain like service.barclays they can be sure they are at their bank’s domain and not at a scammer’s site.

You can read the whole WSJ article here.

Related Posts:

US Senate votes to extend FISA Amendments Act for five years

us_senate_fisa_amendments_actThe FISA Amendments Act, which has been in effect since 2008, has been extended for another five years by a US Senate vote. The vote turned out to be 72 to 23 to extend the FISA Amendments Act for five years until December 31,2017.

The act allows the US to warrantlessly spy on phone calls and email communications made by American citizens with foreigners abroad, when there’s reason to believe that terrorism is involved.

A quote from a Mashable article on the extension:

As part of the monitoring program, the government can get court orders — which do not require probable cause, like typical search warrant — to access citizens’ phone calls as well as electronic messages such as emails, provided there is evidence those communications involve “foreign intelligence information.”

The trouble with the act is that a single FISA order can affect a large portion of the US people, without being specific on what is involved in the communications – just ‘foreign intelligence information’ is sufficient.

Read more on the FISA Admendments Act extension on the Electronic Frontiers Foundation website here (written before the Act was extended).

Related Posts: