After Microsoft moves its servers back to the USA, German state's privacy commissioner advises schools not to use Office 365

Originally published at: https://boingboing.net/2019/07/11/hesse-nein-danke.html

1 Like

Wasn’t the German government allowed to spy on its own citizens or has something changed since this was a thing?

Different things: The ruling you mention allows German law enforcement agencies to intercept data from internet nodes (specifically DE-CIX), when that data belongs to German citizens. (I forgo the rant why that is technically nonsense…) The advice Cory mentions is because now some US agency might request data of German citizens. I don’t like getting spied on by anyone, but getting spied on by the US is more unsettling to me than being spied on by my own government.

3 Likes

Yeah i do know they’re different things, my question was if anything had changed on the ruling i linked to since i know things can change quickly sometimes, and not being German its not something i would usually stay on top of.

Ah, sorry. DE-CIX filed a lawsuit (precisely: Verfassungsbeschwerde) in October 2018 at the Federal Constitutional Court (Bundesverfassungsgericht). IANAL, but I think this means the ruling of the Federal Administrative Court (Bundesverwaltungsgericht) from May is suspended until this case is decided.

Feed this article to a translator of your choice for more information :slight_smile:

5 Likes

Thanks! I’m just peripherally aware of some of these developments and i like to track them when i can since it can be pertinent in tangentially related topics (like this one).

That’s just the state of Hessen though. Other German states are unfortunately becoming more Microsoft-friendly. https://www.zdnet.com/article/windows-scores-a-win-over-linux-as-another-state-decides-to-switch/

1 Like

I’d be curious to know more about Microsoft’s always-tortuous product planning here.

Their o365 data location page says that Germany is still a thing, with two locations; but their little press piece says that they started a cloud-something for Germany in 2015; but are currently not accepting new customers for it, and doing security updates only; with the shiny new o365 Germany becoming an option in Q4 2019 and 2020.

Does anyone know what happened to the 2015-era offering that makes putting it on life support, before the replacement is ready, and prodding existing customers to try to get them to move, attractive? It suggests that divergence between the Germany special case and their mainline code became too great; but it’s not obvious why “HDDs will live in Germany and for legal purposes some German company will operate the place” would require any changes beyond localization.

Seems like there’s probably a story, whether of haste, hubris, or spite; of how it came to this, and presumably a weird mutant stepchild of azure-stuff that they want to dispose of as quickly as possible; rather than just doing the seemingly-obvious thing and keeping the German operation a more or less identical copy of their other locations. This awkward transition from their original offering, whatever exactly it was, to the shiny, new, not-actually-fully-built-yet one is unlikely to be pleasing anyone(see TFA) so they aren’t doing it for their amusement; and there has to be a good backstory if things got weird enough that they can’t just quietly nudge operations there back toward uniformity.

It’s especially odd when they have a second arms-length foreign outpost (Office 365 operated by 21Vianet in China); and that one has no analogous reports of a discontinuity of operations; despite presumably having at least the same difficulties of 3rd party operation, jurisdictional differences; and localization.

1 Like

I am not sure who operates the Office 365 service, but the knack for Azure in Germany was, that Microsoft passed all operation of the service to T-Systems (i.e. Deutsche Telekom), which would technically protect the data from the CLOUD Act. The location in Magdeburg that is mentioned in the link is the same as for their other cloud offerings.

The problem is, that according to this article (heise News, in German) this product was not well received, and it’s probably “just” a business decision to phase it out. Another article on the same site discusses the inherent conflict between the US CLOUD Act and the European GDPR. If Microsoft operated Office 365 on top of T-Systems Azure, I guess they where in a catch-22.

1 Like

This topic was automatically closed after 5 days. New replies are no longer allowed.