DNA Money, an Indian newspaper, released a report detailing how Microsoft routinely shared the financial details of Indian bank customers with US intelligence agencies.
More specifically, “the data of customers running an account with banks that have migrated to Microsoft Office 365 cloud-based email service has been found to have been shared with the US agencies,” the newspaper says.
Indian Bank Uncovered Microsoft Shared Customers’ Data with the US
The report shared in the Indian press reveals a document from the Reserve Bank of India (RBI). It shows that banks which have migrated to Microsoft Office 365 services have had their customers’ data shared with the US in order to comply with US law.
Customers may not be aware that their financial details are being shared with the US security and intelligence agencies. But Indian banks are fully aware of the development.
In other words, many banks know about Microsoft’s practices but their customers do not. It turns out that Microsoft is “bound to share customers’ data under US Foreign Intelligence Surveillance Act (FISA) and US national security letters as and when required by the US authorities.” Furthermore, the RBI discovered that the events were part of an explicitly arranged deal. In the years 2014-2016, Microsoft had received 4,000 requests about Indian customer.
Information was shared on 3,036 occasions.
In a conversation with the DNA Money newspaper, the US tech giant said that “no government has direct access to any of our users’ data.” Microsoft also said that data privacy is one of their top priorities, and that they never share customer data unless a legally valid warrant, order or subpoena is received.
“In the vast majority of cases we redirect governments to seek data directly from commercial customers or to allow us to tell our commercial customers when the government seeks their data,” Microsoft added. Even though the company didn’t specify any details or cases, it confirmed the existence of data sharing arrangements.
Just a couple of weeks ago investigators found out thatMicrosoft is not complying with the GDPR, the reason being the telemetry data collection mechanism utilized by Microsoft Office. Eight issues in ProPlus subscriptions of Office 2016 and Office 365 were outlined, as they identified a “large scale and covert collection of personal data”.
The covert data collection is possible thanks to MS Office’s built-in telemetry, and users are not aware of it. Furthermore, the authorities couldn’t find any official documentation outlining the type of data that is being collected.