The Big Brother Award 2023 in the category "Lifetime Achievement" goes to Microsoft, because with their market dominance, the company forces people, companies and government agencies to continually transmit data, and therefore to allow themselves to be spied upon, as a regular part of their digital activities.
When talking about American data mongers, then mostly Google and Meta or Facebook, perhaps also Amazon or increasingly Apple, is meant. These companies are rightly accused of collecting data on a global scale and using them commercially, particularly for advertising, without regard for data protection. Microsoft regularly stays under most people’s radar, although the company’s strategy on data, in our eyes, is more dangerous. It is concentrating less on short-term advertising profits, and more on making people, companies and government agencies dependent on their services.
The company has not only established their suite of office software as a standard, but after pushing out the competition, their users are now also forced to use Microsoft’s cloud service. The result: Microsoft has almost complete control over all data-related activities.
Microsoft previously received the Big Brother Lifetime Award in 2002 for their Digital Rights Management technology.1 In 2018, we gave the company the BBA in the category “Technology”, because Windows 10 continually sends data to the headquarters in the USA.2 Now the company has further restricted the independence of their users with Office 365 and its connected services. For that it deserves the next Lifetime Award.
The corporation controls not only a large portion of private and business communication, but is increasingly in command of our consumer and leisure activities. They are set on expanding into gaming, and want to buy video game developer Activision Blizzard for US$ 69 billion3 in order to open the door to the so-called metaverse.4 The end customers will be entertained with all sorts of desktop streaming services. With its investment in OpenAI for US$ 10 billion, Microsoft has entered the so-called artificial intelligence business and is trying to supplant Alphabet or Google’s almost complete monopoly of Internet search by integrating the chatbot ChatGPT in their search engine Bing. Microsoft offers pre-written answers to people, which reduces their ability to think critically and independently.5
Part of Microsoft’s business model is to throw software of increasing complexity at the market, so that the users require increasingly powerful devices. The newest trick is to make software supposedly more “intelligent” with AI. The hardware industry, i.e. CPU manufacturers such as AMD or Intel, are the first to profit from this.6 At the same time, Microsoft is forcing the users to work with Software as a Service, that is the cloud offerings from Microsoft – Azure. The software runs on neither private PCs nor larger business computers. According to Panos Panay, Chief Product Officer (CPO), it is Microsoft’s goal to “blur the line between cloud and edge”7 and therefore move control of the data to Microsoft’s cloud. Microsoft, that started by offering software products, now has 30% of the worldwide cloud market.
One would think that politicians had recognised the dangers that come with this. Even the old CDU/CSU/SPD government wanted to free itself of the digital dependence on foreign companies and monopolies, but, in their own words, did not want to follow a “Big Bang” approach. Practically nothing has come of this. In 2018, 96% of federal agencies used Microsoft Office and Windows, and 69% Windows Server.8 Businesses similarly rely almost exclusively on Microsoft products. For instance, Germany’s flagship car manufacturer VW is practically completely dependent on Microsoft. Windows is used in more than three quarters of all companies.9
In 2022, the Senate of Berlin overturned the decision to supply all teaching staff in Berlin with business software, compliant with data protection regulations, from a local company – and moved everything to Microsoft Exchange. The explanation was that this would be cheaper and more compatible with the devices used by the teaching staff. 10,000 of the 34,000 teaching staff had already been equipped with access to the new systems of the local company.10 It is questionable whether Microsoft is cheaper in the short term. It is obvious that the long term dependence on Microsoft only benefits the corporation.
In November 2022, after years of discussion with Microsoft, the Conference of German Data Protection Commissioners unanimously decided that it was impossible to bring Microsoft 365 in line with data protection regulations. In every monthly update, thousands of software changes are made that are not comprehensible, let alone documented. The contract terms dictated by Microsoft are not clear. The company does not explain which subcontractors are employed and also given access to personal data.11 Even after multiple updates to the documents describing the processing of data in the cloud, it is not clear which data the company uses for its own purposes. It is impossible for either data protection experts, or users, to confirm whether all steps are in accordance with the law.12 At the end of March 2023, the Federal Cartel Office instituted proceedings against Microsoft on suspicion that the company is abusing its market dominance.13
It is regularly submitted that Microsoft and other large tech companies provide their users more cybersecurity. This daring theory was rebutted yet again on 25 January 2023, when Microsoft services worldwide went down due to a bug in the network configuration of the cloud offering of Azure.14 In 2021, the Federal Office for Information Security (BSI) found that a known and serious bug was present in 98% of all Microsoft Exchange systems they checked. In response, the BSI issued a red warning.15 Undoubtedly, Microsoft can pay a great deal of money for IT security. At the same time, their complex software is more and more susceptible to external attacks and outages. Moreover: clouds and systems with such identical software are hackers’ favourite targets because of the potentially huge extent of a successful attack. In an Internet blackout, nothing will work in the cloud.
There is an added element of controversy in Microsoft’s concentration on its cloud business, because data transmitted to the USA is also at the mercy of the security agencies and secret services there. On 16 July 2020, in a verdict on Privacy Shield, the European Court of Justice found again that the data protection laws in the USA are too lax and have no safeguards against mass surveillance by government agencies.16
In order to continue to dominate the EU market, Microsoft is increasingly offering its services via European data centres. At the beginning of 2023, Microsoft started their so-called “EU Data Boundary” in order to attract more trust in 365, Azure and so on. Microsoft is currently building and extending 17 data centres in Europe. But this doesn’t change anything about the situation that US government agencies demand access to this data via the Cloud Act and the Foreign Intelligence Surveillance Act.17 These laws oblige Microsoft to provide the US security agencies with any data they hold, including that overseas, and to stay silent about having done so.
In 2024, Microsoft is planning an extra cloud offering for German government agencies, operated ostensibly by the German company SAP.18 It is unclear whether control over the data can then really be guaranteed.
Marianne Janik is CEO of Microsoft Germany. In an interview, she said her alternative dream job would have been defence minister. Janik maintains that the US Cloud Act is in accordance with the law and lays the blame for the gaps in the digital transformation in Germany partly at the feet of “nasty data protectionists”. It remains to be seen whether the “nasty” was meant ironically.19 Microsoft always pretend that data protection is their own priority. In reality, the company’s only goal is to tempt, to even force us into its cloud. It has become almost impossible to use the software without a personal account, and even more impossible to install it on a computer disconnected from the Internet. Microsoft has become a domineering machine that is robbing us of our digital sovereignty.
Congratulations Marianne Janik, CEO of Microsoft Germany.
1 https://bigbrotherawards.de/2002/lebenswerk-microsoft (only available in German at the time of writing)
3 German source: Bier, Activision Blizzard: Muss sich Microsoft bei der Übernahme von Call of Duty verabschieden? 13 Feb 2023, https://www.gamestar.de/artikel/activision-blizzard-muss-microsoft-call-of-duty-abtreten,3389909.html
4 German sources: Freund, Spieltrieb, SZ 02 Feb 2022, 10; Martin-Jung, Bloß nichts verpassen, SZ 20 Jan 2022, 17; Mega-Deal setzt Sony unter Zugzwang, SZ 20 Feb 2022, 21; Brühl/Martin-Jung, Eine Wette im Wert von fast 70 Milliarden Dollar, SZ 19 Jan 2022, 15.
5 German source: Hurtz, Bingen statt googlen, SZ 09 Feb 2023, 17; Heaven, Microsoft gegen Google gegen alle: Wie ChatGPT einen neuen Suchkrieg auslöste, www.heise.de 17 Feb 2023, Short link: https://heise.de/-7517615.
6 German sources: Weiß/Mantel, Microsoft bei AMD auf der CES: KI wird alles verändern, wie einst die Maus, www.heise.de 05 Jan 2023, short link: https://heise.de/-7449226; Martin-Jung, Besserer Schutz vor Hackern, SZ 06 Oct 2021.
7 Quoted by Weiß/Mangel (see above)
8 German source: Bundestagsdrucksache. 19/29476.
10 German source: Vieth-Entus, Anbieterwechsel empört Abgeordnete, 08 Mar 2022, https://www.tagesspiegel.de/berlin/vier-legislaturperioden-aber-kein-durchbruch-die-unendliche-geschichte-der-berliner-schulerdatei-417175.html
11German source: DSK, Festlegung der Konferenz der unabhängigen Datenschutzaufsichtsbehörden des Bundes und der Länder, as of 24 Nov 2022, https://www.datenschutzkonferenz-online.de/media/dskb/2022_24_11_festlegung_MS365.pdf; Weichert CuA 2/2023, 31 ff.
14German source: Muth, Störungen bei Microsoft, SZ 26 Jan 2023, 5, 1.
15BSI, report on IT security, 2021 – BSI-Lagebericht 2021: Bedrohungslage angespannt bis kritisch, press release of 21 Oct 2021; earlier source: Muth, Schwachstelle bei Microsoft, SZ 09 Mar 2021, 18.
16 ECJ 16 Jul 2020 – C-311/18, Schrems II.
17German source: Bremmer, Microsoft zieht virtuelle EU-Datengrenze, 15 Dec 2022, https://www.computerwoche.de/a/microsoft-zieht-virtuelle-eu-datengrenze,3613485.
19 German source: Martin-Jung/Werner, Interview mit Janik, „Wir bleiben in Deutschland unter unseren Möglichkeiten“, SZ 23 Nov 2022, 18.