Microsoft Refuses To Divulge Data Flows To Police Scotland (computerweekly.com)
- Reference: 0178918574
- News link: https://slashdot.org/story/25/08/28/1815208/microsoft-refuses-to-divulge-data-flows-to-police-scotland
- Source link: https://www.computerweekly.com/news/366629871/Microsoft-refuses-to-divulge-data-flows-to-Police-Scotland
> "MS is unable to specify what data originating from SPA will be processed outside the UK for support functions," said the SPA in a detailed data protection impact assessment (DPIA) created for its use of O365. "To try and mitigate this risk, SPA asked to see ... [the transfer risk assessments] for the countries used by MS where there is no [data] adequacy. MS declined to provide the assessments." The SPA DPIA also confirms that, on top of refusing to provide key information, Microsoft itself has told the police watchdog it is unable to guarantee the sovereignty of policing data held and processed within its O365 infrastructure.
>
> "Microsoft states in their own risk factors that O365 is not designed for processing the data that will be ingested by SPA," said the DPIA, adding that while the system can be configured in ways that would allow the processing of "high-value" policing data, "that bar is high." It further added that while Microsoft previously agreed to make a number of changes to the data processing addendum (DPAdd) being used for Police Scotland's Azure-based Digital Evidence Sharing Capability (DESC) -- the nature of which is still unclear -- Microsoft has advised that "O365 operates in a completely different manner and there is currently no way to guarantee data sovereignty." It further noted that while a similar "ancillary document, like that provided ... via the DESC project" could afford "some level of assurance" for international transfers generally, it would still fall short of Part 3 requirements to set out exactly which types of data are processed and how.
[1] https://www.computerweekly.com/news/366629871/Microsoft-refuses-to-divulge-data-flows-to-Police-Scotland
[2] https://slashdot.org/~Mirnotoriety
There's an important lesson here (Score:5, Insightful)
When you commit to the so-called "Cloud", you aren't just voluntarily dropping your pants and bending over a barrel, you're also consenting to a gang bang.
Re: (Score:3)
The CoPilot avatar is clearly the blob that runs down your leg after that dirty deed.
sovereign clouds (Score:2)
Microsoft has a few sovereign clouds but UK is not one of them.
Re: (Score:2)
> Microsoft has a few sovereign clouds but UK is not one of them.
If Microsoft has them, they aren't sovereign.
This is not rocket science (Score:5, Insightful)
Police forces should run their own infrastructure, preferably using products where the source code is available, and deliberately keep everything away from the general internet except for a web browser and an email client, each inside a cheeky little isolated remoteapp. None of this is particularly difficult to achieve. If the data is sensitive enough that officers can only process it inside a station, it is sensitive enough that it should not be processed online at all. If it can be processed outside of a station, then things called VPNs exist, and systems can always be centralised using national policing resources at that point.
Re: (Score:2)
> Police forces should run their own infrastructure, preferably using products where the source code is available, and deliberately keep everything away from the general internet except for a web browser and an email client, each inside a cheeky little isolated remoteapp.
Ditto for ALL levels of government, and from one-horse towns to the largest of cities. It's time to stop the tail from wagging the dog, and it's time for everyone at any level of government to stop bending their constituents over for Big Data.
Re: (Score:2)
Where are you going to come up with that many competent IT staffers? Much less the money to pay them.
Re: (Score:2)
The problem is that requires competent IT staff, which is anathema to most police forces because if they do their job correctly then police screw ups, malfeasance, corruption and incompetence gets exposed. It also costs money which they would prefer to spend on their own salaries, weapons, vehicles and other macho posturing equipment.
Re: This is not rocket science (Score:2)
All software used by all government agencies should be open source. Taxpayers payed for that shit. The people own it.
Trusting Microsoft AI? (Score:2)
> "Microsoft refusing to disclose where sensitive law enforcement data will be processed.
Given Microsoft is all in on using AI then can you really trust them not to have an AI 'help' by processing sensitive law enforcement data? This could all end badly for some innocent person.
I'd be more concerned ... (Score:2)
... about Police Scotland getting my data than MS getting it, seeing how Police Scotland goes after you for just complaining about violent thugs instead of being one.
This post is framed weird (Score:3)
I love to hate on Microsoft as much as anyone, but why is this written as "Microsoft is refusing..."? Microsoft is selling a product that isn't designed for the needs of SPD. Why on God's green Earth the SPD is proceeding with the purchase knowing full well it's a non-compliant product is beyond me, but it's certainly not Microsoft's fault assuming they deliver what they're advertising.
If the law compels me to buy an electric car, and I go buy a gas one anyway, it's not the car dealer's fault for not converting it for me.
Re: (Score:1)
> Why on God's green Earth the SPD is proceeding with the purchase knowing full well it's a non-compliant product is beyond me
It's not complicated, corruption, quid pro quo is why this very chronic problem continues.
Re: (Score:2)
They should have gone with AWS, which could have easily accommodated all their requests within their existing infrastructure, just like they do for several other governments. It's one of the reasons why they have the IRS, CIA, and NSA contracts.
Re: This post is framed weird (Score:2)
AWS doesn't have a cloud document suite. They could use Google Cloud though.
Police Works (Score:2)
Why hasn't someone developed "Police Works" by now?
An office suite with a WP, DB, Spreadsheet and slide presentation program, all integrated and such, meeting law enforcement needs?
You wouldn't even have to do it from scratch. Just fork an existing open source project and go from there.
Re: (Score:2)
I've never seen that as a valid issue, there are a shitload of old office suites like AMI or First Choice that would be perfectly adequate for this usage and their small footprint (those both installed off three or four floppies) means they could easily be hosted on a cloud server. For that matter I'm sure there are other small open source projects that could be used, if something free wasn't absolutely anathema to most government bureaucrats.
Why does any data flow to Microsoft? (Score:5, Informative)
There is absolutely no reason why a word processor, spreadsheet, database, image editor, or other such program needs to send data off-site. Why on earth do people buy a product that insists on doing this when there are perfectly adequate alternatives?
Re: (Score:2)
Because their tiny brains cannot grasp that there is office software other than Microsoft.
Re: Why does any data flow to Microsoft? (Score:2)
Data retention, sharing, and security.
Re: (Score:2)
Having all of your data onsite tends to work out badly if that site suffers a catastrophe of one kind or another.
Windows = A fat Azure client (Score:2)
It seems like it gets harder and harder to just to avoid getting files stored in One Drive.
Re: (Score:2)
The Guardian notes the police have checked CCTV and found no evidence to back this claim. BBC also states the police have found no evidence to back this claim. The video of the altercation is ambiguous at best about it.
I don't doubt it's possible, but we don't have solid evidence. Until it's been heard in court, I would reserve judgement.
Re: (Score:2)
The Daily Mail (yes, god knows) have traced the guy who seems to be a completely innocent long term immigrant / working man / father.
[1]https://www.dailymail.co.uk/ne... [dailymail.co.uk]
Note, not an "asylum seeker" from a small boat as claimed and the police say there's no evidence of him having tried to harm anyone. Mad racist trouble makers causing problems as ever.
[1] https://www.dailymail.co.uk/news/article-15040815/The-truth-migrant-Dundee-schoolgirl-brandished-knife-wrong-rabble-rousers-Elon-Musk-Tommy-Robinson-were.html