Reading up on the latest tech news during the Windows 10 rollout and the launch of Intel’s Skylake processors reminded me just how far we’ve come in ceding control of our online lives to a few self-interested corporations. If I hadn’t lived through it I might be shocked, but it’s still pretty disquieting.
Now, the internet being its usual binary self, raising questions about privacy in the digital age is seen by many as equivalent to donning a tinfoil hat, but I don’t agree. Being naive about or flagrantly irresponsible with your rights is your business, but acting as if what’s happening at a cultural level is inevitable or even healthy is itself an indicator of insanity. Particularly with regard to children, and how few protections seem to be in place to allow them to have an online life that is not personally identifiable in perpetuity.
The marketing aspect of all this invasive technology is pretty straightforward. If a company talks about improving the user experience, what they mean is that the changes they’re making are for the express purpose of data rape. Likewise, when a company talks about a product as a service, what they mean is that you’re going to keep paying for the same thing over and over but never actually own anything. The Windows operating system is now a service, but because it was given to many users as a free upgrade the ongoing costs will be derived from improving the user experience — meaning harvesting massive amounts of user data, some of which may never have been available before because that data originates at the level of the operating system.
A few days ago I said I thought Microsoft might get into anti-trust trouble with the government after goading by Google or Amazon or some other miffed data scraper, but in the intervening days I’ve revised that opinion. The information grab that Microsoft is attempting is so unprecedented, and penetrates not just into the homes but the psyches of the individuals who use Microsoft’s products, that I think the federal government will be forced to intervene.
The Definition of Overreach
So what changed? Well, a few days ago it was revealed that Microsoft is now retrofitting core parts of Windows 10’s data harvesting functionality into Windows 7 and 8, via updates. While updates on those systems are not compulsory, as they are with Windows 10, the updates themselves are not being fully disclosed as to intent:
Ghacks.net has discovered four KB updates for Windows 7 and 8, each of which is described as an “Update for customer experience and diagnostic telemetry.”
It also appears that these new updates (there are four) ignore or overwrite prior user settings, without notice. It may also be the case that these updates function as a core component of the OS once installed, meaning users have no capacity to prevent the updates from sending information to Microsoft. In effect, users cannot opt out once they unknowingly opt in.
The most interesting aspect of this development is that the response from the tech press has been almost universally hostile, even though the exact same functionality was generally passed off as benign when Windows 10 was rolled out. Features — meaning particularly Cortana — which were either hailed or begrudgingly acknowledged as fair compensation for all the personal data being harvested and sent to Microsoft, are now being openly described as spyware, which is of course what they are.
The release of these updates for earlier versions of Windows is an important moment not only because it reveals just how monstrous Microsoft’s power grab truly is, but because it makes clear that this was never about new features in Windows 10, and was always about access to data, and preferably personally identifiable data. It is unprecedented in its scope, particularly by virtue of Microsoft’s dominance in the OS market, but it is not without precedent. In fact, Microsoft did the very same thing once before, and generally got away with it until market forces erased Microsoft’s advantage.
Cortana as Internet Explorer
If you’re young you may never have heard of Netscape Navigator. If you’re old enough you know that Navigator was the first truly dominant (or useful) internet browser, and that Microsoft was caught flat-footed by Netscape’s meteoric success. Microsoft countered Netscape by leveraging its monopolistic dominance of the OS market to virtually compel new users to use Internet Explorer (IE), even going so far as to assert — under oath, in the anti-trust proceedings that eventually took place — that IE was an inherent part of the Windows operating system. Because the courts were technologically naive this argument was ultimately accepted, with some restrictions.
To the extent that Microsoft tried and failed to win the internet with Internet Explorer, and certainly scraped a lot of personal information from users at the browser level, it was ultimately forced to make that capability available to other browser developers. As a result, not only did Firefox rise from the ashes of Netscape Navigator, but Microsoft’s OS had to treat all such efforts as equal. Still, it should come as no surprise that Microsoft is not simply positioning Cortana as a feature, but as an integral part of the Windows 10 OS.
Even if Microsoft insists on perpetrating that fraud, the obvious solution, which Microsoft wants to avoid at all costs, is to allow users to opt-out of sending any data back to Microsoft. While Microsoft has paid lip service to user choice in various options settings in Windows 10, it has dispersed those settings to obscure the fact that some reporting is compulsory and cannot be precluded by any means. That is of course to Microsoft’s advantage, but also puts the company in a precarious position. Asserting the right to prevent users from controlling the information on their computers is entirely different from asserting the right to information acquired or revealed through use of the internet.
Imagine if your cable company made the same claim, or your electric company, or anybody else who provides a service to your home. Granted, the computer as a device is not seen as equivalent to a utility, but given the landmark FCC Net Neutrality ruling earlier this year such a basis has been firmly established, and Microsoft’s own branding of Windows as a service would seem to support that conclusion.
While the United States lags woefully behind Europe in terms of consumer protections, particularly with regard to information and technology, it’s only a matter of time before overseas rulings affecting America tech companies start to take hold here as well. At which point the right of citizens to preclude software or hardware from sending any information anywhere without express permission may finally take up residence alongside other fundamental rights afforded by the U.S. Constitution.
The Real User Experience
It’s one thing to tell consumers that they must be wary in the marketplace. It’s another to allow consumers to be preyed upon. In the U.S. the exploitation of personal data has been going on for quite a while, even as it’s clear that information is not safe anywhere. Data from companies large and small is constantly being stolen and published or sold on the dark web, including credit card information and other financial records that can conceivably cripple a person’s life. The idea that the internet is safe, or that data accessed by one computer can be secreted from other connected computers is false.
While Microsoft is playing on consumer fears, and justifying some of the more heinous aspects of Windows 10 under the pretext (if not pretense) of security, the very fact that experts are having a hard time understanding how much information Microsoft is collecting makes it impossible to verify whether Windows 10 itself is secure. Too, if it does turn out that Microsoft has hard-coded Cortana and other data scraping applications into Windows 10 — such that disabling them breaks the OS or is overwritten by future updates — then it will be clear that users really do not have control over their own machines.
Because the typical computer user has no chance of understanding any of this it will be up to regulators — who, in the U.S., regularly defer to tech companies — to rule whether Windows 10 itself represents an untenable invasion of privacy. Until that happens, if it ever happens, it’s up to users to do their best to learn how to disable features they don’t want and harden their system against intrusions from anyone. Fortunately, there are a lot of people already working on these questions, so if you put off Windows 10 for a while many of the current uncertainties will be resolved.
As a factual matter, neither Cortana nor any other aspect of Windows 10 needs to send any information to Microsoft, nor does it need to do so without providing notice about what it’s doing. That Windows 10 was designed to obscure the scraping of customer data not only betrays its intent, it explains who is really being served by Microsoft’s focus on the user experience.
— Mark Barrett