'We've heard the feedback...' Microsoft 365 axes per-user productivity monitoring after privacy backlash

Redmond rips out usernames, says it will focus on customer orgs, not staffers


If you heard a strange noise coming from Redmond today, it was the sound of some rapid back-pedaling regarding the Productivity Score feature in its Microsoft 365 cloud platform.

Following outcry from subscribers and privacy campaigners, the Windows giant has now vowed to wind back the functionality so that it no longer produces scores for individual users, and instead just summarizes the output of a whole organization. It was feared the dashboard could have been used by bad bosses to measure the productivity of specific employees using daft metrics like the volume of emails or chat messages sent through Microsoft 365.

When we looked at a preview of the feature in May, Microsoft's director of product marketing Melissa Grant and corporate veep Brad Anderson were at pains to insist the software goliath wasn't in the business of closely monitoring their customers' employees. Anderson last year advocated using telemetry to detect iffy connectivity, poor configuration, and garbage hardware, to identify ways to improve staff productivity as opposed to measuring individual workers' actions.

spy

Privacy campaigner flags concerns about Microsoft's creepy Productivity Score

READ MORE

However, when Productivity Score made its debut in Microsoft 365, punters and privacy warriors alike were alarmed at the granularity of its data capture. While Microsoft insisted the technology was all about painting a picture of the way a whole organization uses Microsoft 365 resources and services – such as number of documents shared via OneDrive and emails created overall – Austria-based digital-rights activist Wolfie Christl told us: "The system clearly does monitor employee activities."

Indeed, a glimpse at Microsoft's own promotional video for the dashboard – which is still up at time of writing – showed metrics collected by Microsoft 365 down to the individual level: Amy sent emails over 22 days, Tom used Yammer for three days, etc. It's something that could be switched off by an administrator yet still potentially available nonetheless.

"We've heard the feedback," said Jared Spataro, corporate veep for Microsoft 365 on Tuesday, before announcing the following changes to head off the brewing privacy storm:

We’re removing user names from the product. During preview, we added a feature that showed end-user names and associated actions over a 28-day period. In response to feedback over the last week, we’re removing that feature entirely. Going forward, the communications, meetings, content collaboration, teamwork, and mobility measures in Productivity Score will only aggregate data at the organization level—providing a clear measure of organization-level adoption of key features. No one in the organization will be able to use Productivity Score to access data about how an individual user is using apps and services in Microsoft 365.

...and...

we’re modifying the user interface to make it clearer that Productivity Score is a measure of organizational adoption of technology—and not individual user behavior. Over the last few days, we’ve realized that there was some confusion about the capabilities of the product. Productivity Score produces a score for the organization and was never designed to score individual users. We’ll make that clearer in the user interface and improve our privacy disclosures in the product to ensure that IT admins know exactly what we do and don’t track.

Yes, what could have possibly given anyone the idea, not least any confusion, that Productivity Score was "designed to score individual users?"

Screenshot from Microsoft's Productivity Score video

Still from Microsoft's video promoting its Productivity Score dashboard ... Click to enlarge

The above image is from Microsoft's YouTube video touting the features of Productivity Score, including a breakdown of people's use of email and chat.

"We always strive to get the balance right," Spataro continued, "but if and when we miss, we will listen carefully and make appropriate adjustments."

By the way, APIs exist to pull all manner of data out of the Microsoft Graph and, while Productivity Score will now work at the level of an organization rather than down to the individual level, the furore has highlighted just how much data is lurking beneath the surface in Redmond's super-cloud. ®

Similar topics

Broader topics


Other stories you might like

  • Experts: AI should be recognized as inventors in patent law
    Plus: Police release deepfake of murdered teen in cold case, and more

    In-brief Governments around the world should pass intellectual property laws that grant rights to AI systems, two academics at the University of New South Wales in Australia argued.

    Alexandra George, and Toby Walsh, professors of law and AI, respectively, believe failing to recognize machines as inventors could have long-lasting impacts on economies and societies. 

    "If courts and governments decide that AI-made inventions cannot be patented, the implications could be huge," they wrote in a comment article published in Nature. "Funders and businesses would be less incentivized to pursue useful research using AI inventors when a return on their investment could be limited. Society could miss out on the development of worthwhile and life-saving inventions."

    Continue reading
  • Declassified and released: More secret files on US govt's emergency doomsday powers
    Nuke incoming? Quick break out the plans for rationing, censorship, property seizures, and more

    More papers describing the orders and messages the US President can issue in the event of apocalyptic crises, such as a devastating nuclear attack, have been declassified and released for all to see.

    These government files are part of a larger collection of records that discuss the nature, reach, and use of secret Presidential Emergency Action Documents: these are executive orders, announcements, and statements to Congress that are all ready to sign and send out as soon as a doomsday scenario occurs. PEADs are supposed to give America's commander-in-chief immediate extraordinary powers to overcome extraordinary events.

    PEADs have never been declassified or revealed before. They remain hush-hush, and their exact details are not publicly known.

    Continue reading
  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading

Biting the hand that feeds IT © 1998–2022