stock.adobe.com

Questions raised over Office 365 shared content policy

Buried 300 words into Microsoft’s standard service level agreement is a clause that affects intellectual property and privacy

An open letter, addressed to Microsoft president and head of legal Brad Smith, has warned that the company’s service agreement could undermine intellectual property protection.

According to software licensing specialist Cerno, the provision renders commercial confidentiality and data privacy controls ineffective if any document or other content created in Microsoft software-as-a-service (SaaS) products is emailed to or shared with more than one person.

“We are calling on you today to change your standard software licence terms to prevent the ‘open sourcing’ of private and sensitive content, shared daily by your millions of users,” the Cerno letter warned.

Cerno said the Microsoft terms imply that creators give worldwide permissions to anyone who accesses confidential or private company documents using products in the Microsoft cloud, such as Office 365.

Cerno director Robin Fry said: “Such enforced abandonment of copyright and privacy controls is, in Cerno’s view, not expected by individual users or indeed by any corporate. It renders many legal rights unenforceable, for example those for infringement of copyright or breach of confidentiality. And its continuance could seriously disrupt necessary litigation to ensure that all such content is kept within the group within which it is shared.”

The service agreement also implies that email messages delivered via Outlook are automatically available for any use, and onward sharing, by recipients, Cerno warned. It said Skype calls or meetings created in private Teams groups could be distributed to anyone, no matter how sensitive the information.

Open sourcing all shared creations

For Fry, the wording of the service agreement has implications for businesses that share information with business partners, third parties, contractors and customers who may be using consumer versions of the Office 365 product.

“Such enforced abandonment of copyright and privacy controls is not expected by individual users or any corporate. It renders many legal rights unenforceable, for example those for infringement of copyright or breach of confidentiality”
Robin Fry, Cerno

He said he discovered the explicit reference to sharing content while checking the Microsoft licence agreement. “Whenever you look at software licensing, there are always odd things, and I couldn’t believe they wrote that,” he said.

While employees may contractually be bound by internal rules on data sharing and confidentiality agreements, the wording of the Microsoft service agreement means that recipients of documents or messages shared in Microsoft SaaS products may, in effect, believe they have the right to distribute any data that has been shared with them, similar to the way open source software is distributed, Fry said. 

According to Fry, the existence of the consent placed on every contributor, in favour of all other recipients, means that claims for breach of confidentiality, infringement of copyright and breach of data privacy rules might well fail.

“People share private and commercial materials constantly, but it isn’t always the case that there’s, for instance, an employment contract in place. No one would expect that emailing a friend, or talking over a project with a group of collaborators, would mean that each recipient would be permitted to freely distribute and share onwards to anyone else worldwide,” he said.

“If you create something, you have explicit copyright protection by law, which stops the recipient from automatically copying it and distributing it, so there is no need to sign additional contracts. But all rights are taken away if someone grants a licence, which is what the Microsoft service agreement does. Microsoft has, in effect, open sourced everything you create if you then share it once with one other person using any of Microsoft’s 125+ product lines. These terms must urgently be changed,” added Fry.

Outlook provides users with the ability to use third-party plug-ins such as LinkedIn cards, and feedback tools to help manage customer interactions. OneDrive enables secure document and content sharing and collaboration, while guest users can be invited into Teams environments, to collaborate or communicate on specific projects or work items. 

However, Fry warned: “Billions of emails are sent each week using Outlook – only some are expressly restricted from onward sharing. Most users, whether personal or corporate, would be disturbed at the ‘open sourcing’ that is imposed on them by Microsoft’s terms.”

Read more about software licensing

  • Avoid springing a money leak in your Office 365 tenant by keeping closer tabs on several areas and following more frugal practices.
  • Microsoft will allow users to make certain purchases in Power Platform – Office 365 admins should know what this entails and how it will affect them.

Read more on Software licensing

Join the conversation

3 comments

Send me notifications when other members comment.

Please create a username to comment.

I don't agree that this language is an intellectual property grab by Microsoft. It's more a warning about the consequences of sharing content than a demand that it be shared. It says you "understand" that if you share content with someone, they may be able to use, save, record,...reproduce,...share and display your content without compensating you. It's really a CYA paragraph for Microsoft--they don't want to get sued because some confidential content showed up in a public place after an Office 365 user shared it and is now trying to escape responsibility by blaming MS for poor security. It doesn't say you are giving MS the right to redistribute your content, including stuff that may be confidential, or that you are giving up your rights to such content even if it is not shared.
BTW, I'm not an MS fan boy--I take about $60 million out of their pockets every year by working with customers to reduce costs. My biggest weapon against MS is usually the contract language, so I think it's important to read it carefully and correctly.
Cancel
Microsoft's wording is clear:

'When you share Your Content with other people, you expressly agree that anyone you’ve shared Your Content with may, for free and worldwide, use, save, record, reproduce, broadcast, transmit, share, display, communicate (and on HealthVault delete) Your Content. 

If you do not want others to have that ability, do not use the Services to share Your Content.'

So, it's not a warning: it's the grant of a license.

As ever, it's critical to read the wording promulgated by the software vendor - rather than allow for assumptions as to what their intention might be. 


Cancel
Dear Mr Fry

could I please ask whether you have had any response from the Microsoft corp. in regard to the matter, and if so, whether they have expressed an in tention to change or clarify the wording ? 
I am asking as I have concerns that this potential granting of a license for shared content per this license wording could be seen to contravene GDPR guidelines regarding access to confidential data.

Many thanks
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close