Microsoft adopts first international cloud privacy standard

This is a great move. Of course, there&#x27;s the massive loophole on the last point that they really can&#x27;t do anything about:<p>&gt;The standard requires that law enforcement requests for disclosure of personally identifiable data must be disclosed to you as an enterprise customer, unless this disclosure is prohibited by law.<p>Since the policy of several governments seems to be &quot;collect everyone&#x27;s data and don&#x27;t inform anyone about it under penalty of law,&quot; it&#x27;s a pretty weak protection. Seems like the only way around it is removing centralized keys. Even if you trust your own government with the data, there are probably other ones you don&#x27;t trust and you have no control over that will collect your data if they have any opportunity to do it.

&gt; The British Standards Institute (BSI) has now independently verified<p>Yeah great, show your proprietary code to a third party company and everyone is just going to immediately trust you.<p>Plenty of other cloud storage services offer <i>real</i> reasons to trust the backing store, called the code is open. I can audit it, my neighbor could audit it, and every corporate user is liable to audit it. I have no reason to ever trust an arbitrary third party I have never had reason to trust in the past who is now trying to guarantee your cloud is secure, when competitive options are letting me do my own auditing, if I wish.<p>Is there anything else this is comparable too - where a company has the gall to say &quot;another company looked at our black box and said it was good, so trust us alright guys?&quot;. When cars or houses or roads or food get certified for something you always have the capacity to reproduce the certification process yourself as a verification measure. You cannot do that to proprietary software, especially when its on some foreign server somewhere running who knows what version of it.

Still, note what they don&#x27;t say that the user data will be encrypted before transferred to the cloud, or even more important for Europeans, that the European data would be managed strictly in Europe. Interestingly, the money received in Europe is without problem for all these big companies so managed to not end in the US (avoiding the taxes), the data, it seems still not important?

Should there ever be any reason to trust your privacy to proprietary software running on a third party&#x27;s server? Or is this &quot;privacy standard&quot; they are conforming to just another form of security theatre?

A company that slurps all contacts and calendar entries from customers&#x27; smartphones without their explicit consent and without a way to opt out from it is talking about privacy.

The IT industry clearly needs systems so that companies can work well together, and these systems need to work well in all countries. The ISO process for IT standards was designed to promote interoperability, portability, and cultural and linguistic adaptability, using a consensus process. We believe strongly in these goals, but the current process is not designed to achieve them. The OOXML proposal has exposed serious flaws in ISO process–especially in the fast-track process–and we believe these flaws need to be fixed.<p>The credibility of ISO is at stake.<p><a href="http://magazine.redhat.com/2008/03/24/iso-approval-a-good-process-gone-bad/" rel="nofollow">http:&#x2F;&#x2F;magazine.redhat.com&#x2F;2008&#x2F;03&#x2F;24&#x2F;iso-approval-a-good-pr...</a><p>Either way, the ISO&#x27;s current state is likely to be seen as a quagmire when viewed through history&#x27;s lens.<p>Microsoft did not respond to several calls requesting comment.<p><a href="http://archive.wired.com/software/coolapps/news/2007/08/ooxml_vote" rel="nofollow">http:&#x2F;&#x2F;archive.wired.com&#x2F;software&#x2F;coolapps&#x2F;news&#x2F;2007&#x2F;08&#x2F;ooxm...</a><p>We begin therefore where they are determined not to end, with the question whether any form of democratic self-government, anywhere, is consistent with the kind of massive, pervasive, surveillance into which the Unites States government has led not only us but the world.<p>This should not actually be a complicated inquiry.

&quot;There is no cloud, just other people&#x27;s computers.&quot;<p>FSFE Sticker: <a href="https://blogs.fsfe.org/mk/files/2014/11/there-is-no-cloud-pack.jpg" rel="nofollow">https:&#x2F;&#x2F;blogs.fsfe.org&#x2F;mk&#x2F;files&#x2F;2014&#x2F;11&#x2F;there-is-no-cloud-pa...</a>

Can anybody clarify what privacy I as a Bing, outlook, windows mobiles user get from this ? It mentions enterprise customer, does this means, these standards doesn&#x27;t apply to users of above mentioned services ?

This might actually mean something had it been a company from a country where there wasn&#x27;t secret courts that can create secret subpoenas.

Microsoft a forerunner on global privacy. .NET open sourced and (soon) running on Linux and Mac. Things certainly do change.

Is there any way I can legally read the standards document without paying the prohibitive fee?

How &quot;real&quot; is this standard? I mean it seems to be set by the GCHQ motherland.