Microsoft strikes again… I should think about OneDrive and how Microsoft handles my data. (Updated)


are you using OneDrive by Microsoft? A new case in Germany demonstrates how secure OneDrive is…

I really like OneDrive and also Google Drive, maybe you are using it too to store photos and other data. For OneDrive i’ve now a very bad feeling and i hope Microsoft can clearify this.

What happens?

Microsoft seams to perform a scan for every file uploaded to your private OneDrive account, all these files seams to be verified with a hash database or/and something similar. So in the case that you’ve uploaded a file with the same hash like a child pornography picture you are in trouble? Regarding the reports US Law enforcement agencys will be informed about this and they will inform the law enforcement agencys in your country. A german OneDrive customer got a visit from the german police in this case.

A lot of questions… You have a daughter or a son and using OneDrive with the automatic Photo sync feature.. Bad luck if you sync a beach picture in your private picture folder? You upload a image that fit’s to forbidden content in the US to your private OneDrive area? Bad luck? Your childs using an own mobile and sync content to a account related to your Office365 account.. Bad luck? Some one hacked your account and upload “Bomb plans” to your private folder? Bad luck, you’re now in a US terrorist database by accident?

Microsoft is fighting for User rights but it seams that Microsoft ignore these rights at the same time… Crazy? What about foreign law? Microsoft can you please make this a little bit more transparent for customers incl. company customers please.. What happens if the OneDrive User is related to company?

All reports related to this are currently in german but you can translate it with Google translate or similar.

Report 1 Report 2 Report 3 and if you search for it you will find a lot of more.

Update: Here is the link to the original blog by the german lawyer Udo Vetter

If Microsoft believes that this will create any trust for customers in Europe they are wrong, companies and also private customers (like myself) really don’t like someone who scan files “in general” and just report this to any foreign law enforcement agency or who ever. It’s also not important if the file was child pornography (or what someone i don’t know at Microsoft/any unknown US Guy defines to be “forbidden” or to be a content of “interest”).. The fact that private files will be scanned by default and without any suspect of a crime is the issue.

I really hope for Microsoft that they will provide a very detailed statement for the general file handling with OneDrive.

…and don’t misunterstood me, i don’t want to protect any crime but how would you like if someone from a foreign Company came into your house without any reason or point of suspect and verify every private item in your house and you don’t know what they’re doing with it. People can sale the biggest “piece of sh*t” as long they tell you it’s for law enforment or to fight terrorism. Huh… “We only will watch the bad guys but not you..”, do you really believe it? Do you feel better if you thing “Heh.. They will watch only the bad guys!”, did you ask “Who is the guy that got unlimited access to my files?” and do you know what they’re doing with it at the end of the day? The truth is, the only things they sale is fear, hate and doubt.

Update: And if you believe you do nothing wrong and you have nothing to fear… In the year 2013 150 Million Adobe accounts were hacked and this is only one figure. Also there is a clear difference between public available content and private content, for example DropBox is known to scan files for copyright protected material but.. If i offer a copyright protected file as public content and the file will be scanned it’s fine but if iam a legel owner of this file and i put it into my “private” file area, is this file now also scanned or will someone else be imformed that i do a “license” violation? Why? Where do file hosters inform users in details what they’re doing with the data or not.. To be honest.. I’ve no clue and trust looks different.

If you are a European company and you want to host files in the cloud than place it in your own datacenter/your private cloud or a hosting company located in your area where you know the law and how this law protects your data incl. the people working for this company. Do the same for any Servers hosting confidential data; this is currently the only advice i can provide to a customer. News like this are really a killer for any “public” cloud offering like OneDrive, Office365 and Azure.



P.S.: This might also work for Google Drive or any other cloud storage provider in the US, but for OneDrive we’ve now a concrete case. The article is also written in a rainbow press style related to the content… How to tell someone that the way how it works is wrong in a more polite way?