Buried 300 words into Microsoft’s standard service level agreement is a clause that affects intellectual property and privacy.
An open letter, addressed to Microsoft president and head of legal Brad Smith, has warned that the company’s service agreement could undermine intellectual property protection
According to software licensing specialist Cerno, the provision renders commercial confidentiality and data privacy controls ineffective, if any document or other content created in Microsoft software-as-a-service (SaaS) products is emailed or shared with more than one person.
“We are calling on you today to change your standard software licence terms to prevent the ‘opensourcing’ of private and sensitive content, shared daily by your millions of users,” the Cerno letter warned.
Cerno said the Microsoft terms imply that creators give worldwide permissions to anyone who accesses confidential or private company documents using products in the Microsoft cloud, such as Office 365.
Cerno director Robin Fry said: “Such enforced abandonment of copyright and privacy controls is, in Cerno’s view, not expected by individual users or indeed by any corporate. It renders many legal rights unenforceable, for example those for infringement of copyright or breach of confidentiality. And its continuance could seriously disrupt necessary litigation to ensure that all such content is kept within the group within which it is shared.”
The service agreement also implies that email messages delivered via Outlook are automatically available for any use, and onward sharing, by recipients, Cerno warned. It said Skype calls or meetings created in private Teams groups could be distributed to anyone, no matter how sensitive the information.
For Fry, the wording of the service agreement has implications for businesses that share information with business partners, third parties, contractors and customers who may be using consumer versions of the Office 365 product.
He said he discovered the explicit reference to sharing content while checking the Microsoft licence agreement. “Whenever you look at software licensing, there are always odd things, and I couldn’t believe they wrote that,” he said.
While employees may contractually be bound by internal rules on data sharing and confidentiality agreements, the wording of the Microsoft service agreement means that recipients of documents or messages shared in Microsoft SaaS products may, in effect, believe they have the right to distribute any data that has been shared with them, similar to the way open source software is distributed, Fry said.
According to Fry, the existence of the consent placed on every contributor, in favour of all other recipients, means that claims for breach of confidentiality, infringement of copyright and breach of data privacy rules might well fail.
“People share private and commercial materials constantly, but it isn’t always the case that there’s, for instance, an employment contract in place. No one would expect that emailing a friend, or talking over a project with a group of collaborators, would mean that each recipient would be permitted to freely distribute and share onwards to anyone else worldwide,” he said.
“If you create something, you have explicit copyright protection by law, which stops the recipient from automatically copying it and distributing it, so there is no need to sign additional contracts. But all rights are taken away if someone grants a licence, which is what the Microsoft service agreement does. Microsoft has, in effect, open sourced everything you create if you then share it once with one other person using any of Microsoft’s 125+ product lines. These terms must urgently be changed,” added Fry.
“Billions of emails are sent each week using Outlook – only some are expressly restricted from onward sharing. Most users, whether personal or corporate, would be disturbed at the ‘open sourcing’ that is imposed on them by Microsoft’s terms.”
Microsoft describes Outlook as “a very strong platform for managing external contacts.” It said partner plug-ins can help to customise the Outlook environment to help manage customer interactions (eg LinkedIn cards, feedback tools etc) and OneDrive enables secure document and content sharing and collaboration. It also said guest users can be invited into Teams environments, to collaborate or communicate on specific projects or work items.
This article originally appeared on ComputerWeekly.