This article is more than 1 year old
Privacy campaigner flags concerns about Microsoft's creepy Productivity Score
Watching, always watching
Microsoft's Productivity Score has put in a public appearance in Microsoft 365 and attracted the ire of privacy campaigners and activists.
The Register had already noted the vaguely creepy-sounding technology back in May. The goal of it is to use telemetry captured by the Windows behemoth to track the productivity of an organisation through metrics such as a corporate obsession with interminable meetings or just how collaborative employees are being.
The whole thing sounds vaguely disturbing in spite of Microsoft's insistence that it was for users' own good.
As more details have emerged, so have concerns over just how granular the level of data capture is.
Esoteric metrics based on analyzing extensive data about employee activities has been mostly the domain of fringe software vendors. Now it's built into MS 365.— Wolfie Christl (@WolfieChristl) November 24, 2020
A new feature to calculate 'productivity scores' turns Microsoft 365 into an full-fledged workplace surveillance tool: pic.twitter.com/FC3N6KkIR3
Christl went on to claim that the software allows employers to dig into employee activities, checking the usage of email versus Teams and looking into email threads with @mentions. "This is so problematic at many levels," he noted, adding: "Managers evaluating individual-level employee data is a no go," and that there was the danger that evaluating "productivity" data can shift power from employees to organisations.
Earlier this year we put it to Microsoft corporate vice president Brad Anderson that employees might find themselves under the gimlet gaze of HR thanks to this data.
He told us: "There is no PII [personally identifiable information] data in there... it's a valid concern, and so we've been very careful that as we bring that telemetry back, you know, we bring back what we need, but we stay out of the PII world."
Microsoft did concede that there could be granularity down to the individual level although exceptions could be configured. Melissa Grant, director of product marketing for Microsoft 365, told us that Microsoft had been asked if it was possible to use the tool to check, for example, that everyone was online and working by 8 but added: "We're not in the business of monitoring employees."
Christl's concerns are not limited to the Productivity Score dashboard itself, but also regarding what is going on behind the scenes in the form of the Microsoft Graph. The People API, for example, is a handy jumping off point into all manner of employee data.
"The people API returns data of a single entity, person, which includes typical data of an individual in today's business world"— Wolfie Christl (@WolfieChristl) November 24, 2020
"Relevance is noted in a relevance score of each person ... based on the user's communication and collaboration patterns and business relationships" pic.twitter.com/qUNeUwy96v
For its part, Microsoft has continued to insist that Productivity Score is not a stick with which to bash employees. In a recent blog on the matter, the company stated:
To be clear, Productivity Score is not designed as a tool for monitoring employee work output and activities. In fact, we safeguard against this type of use by not providing specific information on individualized actions, and instead only analyze user-level data aggregated over a 28-day period, so you can't see what a specific employee is working on at a given time. Productivity Score was built to help you understand how people are using productivity tools and how well the underlying technology supports them in this.
In an email to The Register, Christl retorted: "The system *does* clearly monitor employee activities. And they call it 'Productivity Score', which is perhaps misleading, but will make managers use it in a way managers usually use tools that claim to measure 'productivity'."
He added that Microsoft's own promotional video for the technology showed a list of clearly identifiable users, which corporate veep Jared Spataro said enabled companies to "find your top communicators across activities for the last four weeks."
Employers/managers can analyze employee activities at the individual level (!), for example, the number of days an employee has been sending emails, using the chat, using 'mentions' in emails etc.— Wolfie Christl (@WolfieChristl) November 24, 2020
Microsoft promo video:https://t.co/68sCJaFs9f
Via Heise:https://t.co/hklmHtbF75 pic.twitter.com/Fabgi6koTN
We put Christl's concerns to Microsoft and asked the company if its good intentions extended to the APIs exposed by the Microsoft Graph.
While it has yet to respond to worries about the APIs, it reiterated that the tool was compliant with privacy laws and regulations, telling us: "Productivity Score is an opt-in experience that gives IT administrators insights about technology and infrastructure usage.
It added: "Insights are intended to help organizations make the most of their technology investments by addressing common pain points like long boot times, inefficient document collaboration, or poor network connectivity. Insights are shown in aggregate over a 28-day period and are provided at the user level so that an IT admin can provide technical support and guidance." ®