At the beginning of the pandemic Microsoft Teams was practically forced on everyone with children in Bavaria. With practically forced I mean you could either sign a document to get Teams for free or your child could not participate in online classes. A whole age group of children whose first online experience is Microsoft.
In my opinion we should start there: Instead of unrealistic bans that no one will ever enforce we should not pressure people to use privacy invading software. Instead we should teach our children the use of free and open source tools to accomplish their goals.
In settings where IT knowledge is usually lacking like in school systems, sometimes off the shelf vendor based solutions are better to administer and run than OSS or free tools. I can’t even name an open solution for Teams. The UI/UX is horrible but I’m slightly more confident in Microsoft than what I’ve seen from Zooms security and privacy.
Big Blue Button (https://bigbluebutton.org) is one. We actually used it at work for meetings but it seems they have since pivoted to be for more virtual classroom.
I agree though, even that would need decent IT talent to setup and maintain.
The problem is those free and open-source tools may simply stop existing and all the skills the students learned with those programs could become completely useless. Germany, somehow, is a decade behind most of the other Western industrial powerhouses in terms of digitizing. I think the constant flux and reluctance to just move on is holding them back.
> The problem is those free and open-source tools may simply stop existing and all the skills the students learned with those programs could become completely useless.
That's a really bad argument when history shows the inverse.
Name a FOSS program that no longer exists and I will give you 5 proprietary programs that suffered the same.
Even in the same lineage as Teams there is: Communicator, Lync and Skype for Business.
Now, they simply do not exist.
However I can still run `vim` from the 80s and OpenOffice from the mid-00's without issue, even if there is limited support: it still works.
Basic technology skills easily transfer. All office software is similar, it does not matter what you learn. And even more important than learning this or that office package are fundamental skills about knowing the basics of what a computer is, how it works and what software is and what it can do.
What german schools need is technically competent people who are able to teach their students actually relevant information. The problem is that it is quite hard to find people who are technically competent and able/willing to teach.
(This is somewhat of a structural problem, due to how the teaching profession is set up.)
The best part of my IT school education (in Germany) was when my school hired a professional software developer who taught programming for a semester. The worst part about it was that half the class clearly didn't care.
Commercial software has a higher risk of becoming unavailable, because of missing licenses, acquisitions, insolvencies and other things that simply do not affect FOSS.
I have been using Audacity, Gimp, OpenOffice / LibreOffice, Thunderbird and Firefox for many years now and I don't see them disappearing anytime soon.
> I think the constant flux and reluctance to just move on is holding them back.
The reasons are not FOSS or privacy, but underinvestment and incompetence.
From what I've read at that time here in Poland, the services weren't the problem - teachers either had a free hand in picking the platform to communicate or were told by local gov't which one to use. The problem was with some kids being able to attend this quickly deployed "cloud-run pandemic school" in first place. There were reports about the poorest families who couldn't afford a computer, whose kids had to attend class via phones or were simply called and instructed by their teachers about the curriculum. But that was eventually solved with schools renting machines and later with hybrid classes, which tried to give kids a substitute for normality.
We had already running digital services for schools - there were already remote reports with parents or logbooks, live cameras previews (tho some argued about the privacy side of such idea) but nobody expected we'll need the full remote education that fast.
Son of friends used Google Classroom; I've read about kids joining their classmates on zoom, discord or even facebook messenger
Good thing. During the epidemic the school our kids attend started to use Teams because no one managed to reliably set up BigBlueButton (not the school but some public county resource). I was the only parent to complain but after a lengthy discussion with the principal I finally gave in.
The Microsoft 365 office package cannot be used by companies, public authorities and schools in a legally compliant manner, at least not without additional technical measures. This is the conclusion of a current data protection assessment adopted by the independent federal and state data protection supervisory authorities at their 104th data protection conference. Users must take additional protective measures in any case, warns Federal Data Protection Commissioner Ulrich Kelber. (…)
The corrections are not enough for the data protection authorities. Microsoft has made "progress on individual points," Kelber acknowledges. However, the revised documents do not provide the necessary transparency as to which data can be used by the company "for its own purposes". The controllers are still unable to assess "in some places" what information and diagnostic values are still being collected and transferred to Microsoft. This also makes it impossible to check "whether all steps are lawful".
What a clickbaity headline. It's just about one state, and only for schools.
(The first sentence of that article is: "The central German state of Hesse’s local Data Protection Authority (DPA) has banned the use of Microsoft 365 in its schools")
But on the whole i'd say its warranted.
Because these judgements are precedents which bind other DPA's.
The scope of the factual findings is broad enough to say that it affects any business using 365 handling personal data. That leaves only the question of legality in the specific case. Which depends on the presence and kind of personal data present in 365.
Data privacy agencies in German federal states do not rely on precedents set by other agencies. They have authority over how the law is interpreted in their federal state.
Coming back to the gp, this title is not only clickbait, it's outright wrong. Similar decisions have been made in recent years in other federal states, nothing has changed for the national state of Germany or businesses in Germany.
It's really astonishing how governments, especially the European ones, don't cluster on open-source and self-hosted resources for all of these things. To be honest, I know the "easy answer" to this: "IT consulting firms, incompetence, bureaucracy and corruption", but even with that, it should be possible to do it with open system and not just rely on some other countries even for the software.
Indeed, maddening, especially as the wonderful https://mediasoup.org/ is developed here. Europe will never have great tech companies when the answer seems to be throwing €€€ away instead of investing locally
Huh? Rolling some bespoke conferencing solution instead of just integrating an existing commercial solution is the definition of waste.
Navel gazing at open source isn’t a great use of the limited resources of the taxpayer. There’s 100 other priorities to expend resources on, many of which have a meaningful open source component.
Neoliberalism is super entrenched here. It is almost impossible to create a state/county/municipal IT department that would actually have enough sysadmins. All such departments rely almost entirely on external suppliers. One way this happens are salary controls. It is impossible to hire someone and give him the market rate, but it is trivial to tender the work associated with such position to a random external company for thrice the market wage.
This effectively means that the critical advantage of FLOSS - just install it and see if it works for the users - is effectively killed by the red tape. Only software that someone actively sells can ever make it through.
EDIT:
And to be clear, this is not about customer support and whatnot. Number one complaint from most of the public servants who contract out IT services have been that the suppliers are not helping them, are overcharging them and in some instances they even threaten and withhold documentation and read access to their software databases.
> Meanwhile, Polish gov't uses Microsoft Teams [1] as one of ways of verifying citizens who are applying for trusted profile service.
Preface: Teams is horrible and it's super bloated for a simple chat app, but it's a mainstay for remote work along Slack and Zoom unfortunately.
It's still better than the architecture using ID.me they built for unemployment benefits during COVID which in FL was subsequently hacked and leaked all kinds of personal info (that was already leaked with Equihax). The CEO then brazenly said it was not his company's responsibility to secure for attacks from hackers!
> The DEO hired ID.me last spring, an identity verification company, in order to confirm the identities of agency clients when they access their CONNECT accounts. However, ID.me was not hired to protect against hackers. Nixon said the DEO recommends that victims of the hacking “monitor their financial accounts, and if they see any unauthorized activity, they should promptly contact their financial institution.”
This kind of nepotism has to be called out for the crime that it is, good on Hesse for taking the initiative to do so, lets see if they move to FOSS. The Libre suite does everything word used to do without all the cloud BS that makes it entirely un-useable if you have ever spent 10 mins using a Linux distro.
I just found a quote from a ID.ME rep on their subreddit [1] that 'didn't age very well' as they say in light of what happened soon after:
Security and the protection of our users is our BIGGEST concern. This is why we are very much user based. Any information that we have is sent through users. You are able to revoke your accounts at any time. We have security teams that work overtime to make sure hacks and fraudsters do not happen. Thorough investigations and screenings happen on the backend to protect our users.
And it gets worse in 2022 [2], they swapped CEOs but the MO remains in place: fleece pubic agencies and lock people out of their UI benefits.
Meanwhile in Hungary someone breached the system used by every school for kids between age 6 and 18 and walked away with everything. We are not just talking of grades but all the personal data, disabilities. Teachers HR data too. Oh and also the source code https://thedailywtf.com/articles/hungry-for-an-education
For office webapps "local servers to store customer information" is not the solution IMHO. Spreadsheets and documents in general can store arbitrary data, including personal information. If MS's customers are told that documents are stored in the USA they can't store personal information in there and I don't understand why this should apply only to schools and not to companies in general.
A solution could be creating a German company using German servers, licensing Office 365 from MS and also paying it to maintain those servers. That should put the data out of the reach of the CLOUD act.
Readit News
In my opinion we should start there: Instead of unrealistic bans that no one will ever enforce we should not pressure people to use privacy invading software. Instead we should teach our children the use of free and open source tools to accomplish their goals.
I agree though, even that would need decent IT talent to setup and maintain.
That's a really bad argument when history shows the inverse.
Name a FOSS program that no longer exists and I will give you 5 proprietary programs that suffered the same.
Even in the same lineage as Teams there is: Communicator, Lync and Skype for Business.
Now, they simply do not exist.
However I can still run `vim` from the 80s and OpenOffice from the mid-00's without issue, even if there is limited support: it still works.
What german schools need is technically competent people who are able to teach their students actually relevant information. The problem is that it is quite hard to find people who are technically competent and able/willing to teach. (This is somewhat of a structural problem, due to how the teaching profession is set up.)
The best part of my IT school education (in Germany) was when my school hired a professional software developer who taught programming for a semester. The worst part about it was that half the class clearly didn't care.
Commercial software has a higher risk of becoming unavailable, because of missing licenses, acquisitions, insolvencies and other things that simply do not affect FOSS.
I have been using Audacity, Gimp, OpenOffice / LibreOffice, Thunderbird and Firefox for many years now and I don't see them disappearing anytime soon.
> I think the constant flux and reluctance to just move on is holding them back.
The reasons are not FOSS or privacy, but underinvestment and incompetence.
We had already running digital services for schools - there were already remote reports with parents or logbooks, live cameras previews (tho some argued about the privacy side of such idea) but nobody expected we'll need the full remote education that fast.
Son of friends used Google Classroom; I've read about kids joining their classmates on zoom, discord or even facebook messenger
The corrections are not enough for the data protection authorities. Microsoft has made "progress on individual points," Kelber acknowledges. However, the revised documents do not provide the necessary transparency as to which data can be used by the company "for its own purposes". The controllers are still unable to assess "in some places" what information and diagnostic values are still being collected and transferred to Microsoft. This also makes it impossible to check "whether all steps are lawful".
https://www.heise.de/news/Datenschutzkonferenz-Microsoft-365...
(The first sentence of that article is: "The central German state of Hesse’s local Data Protection Authority (DPA) has banned the use of Microsoft 365 in its schools")
But on the whole i'd say its warranted. Because these judgements are precedents which bind other DPA's.
The scope of the factual findings is broad enough to say that it affects any business using 365 handling personal data. That leaves only the question of legality in the specific case. Which depends on the presence and kind of personal data present in 365.
They aren't legally binding. Neither are they in practice. The German DPAs alone are famous for bickering between one another.
Coming back to the gp, this title is not only clickbait, it's outright wrong. Similar decisions have been made in recent years in other federal states, nothing has changed for the national state of Germany or businesses in Germany.
[1] - https://moj.gov.pl/uslugi/engine/ng/index?xFormsAppName=Wnio... (in Polish)
It's really astonishing how governments, especially the European ones, don't cluster on open-source and self-hosted resources for all of these things. To be honest, I know the "easy answer" to this: "IT consulting firms, incompetence, bureaucracy and corruption", but even with that, it should be possible to do it with open system and not just rely on some other countries even for the software.
Navel gazing at open source isn’t a great use of the limited resources of the taxpayer. There’s 100 other priorities to expend resources on, many of which have a meaningful open source component.
This effectively means that the critical advantage of FLOSS - just install it and see if it works for the users - is effectively killed by the red tape. Only software that someone actively sells can ever make it through.
EDIT:
And to be clear, this is not about customer support and whatnot. Number one complaint from most of the public servants who contract out IT services have been that the suppliers are not helping them, are overcharging them and in some instances they even threaten and withhold documentation and read access to their software databases.
Preface: Teams is horrible and it's super bloated for a simple chat app, but it's a mainstay for remote work along Slack and Zoom unfortunately.
It's still better than the architecture using ID.me they built for unemployment benefits during COVID which in FL was subsequently hacked and leaked all kinds of personal info (that was already leaked with Equihax). The CEO then brazenly said it was not his company's responsibility to secure for attacks from hackers!
> The DEO hired ID.me last spring, an identity verification company, in order to confirm the identities of agency clients when they access their CONNECT accounts. However, ID.me was not hired to protect against hackers. Nixon said the DEO recommends that victims of the hacking “monitor their financial accounts, and if they see any unauthorized activity, they should promptly contact their financial institution.”
This kind of nepotism has to be called out for the crime that it is, good on Hesse for taking the initiative to do so, lets see if they move to FOSS. The Libre suite does everything word used to do without all the cloud BS that makes it entirely un-useable if you have ever spent 10 mins using a Linux distro.
I just found a quote from a ID.ME rep on their subreddit [1] that 'didn't age very well' as they say in light of what happened soon after:
Security and the protection of our users is our BIGGEST concern. This is why we are very much user based. Any information that we have is sent through users. You are able to revoke your accounts at any time. We have security teams that work overtime to make sure hacks and fraudsters do not happen. Thorough investigations and screenings happen on the backend to protect our users.
And it gets worse in 2022 [2], they swapped CEOs but the MO remains in place: fleece pubic agencies and lock people out of their UI benefits.
0: https://www.bocaratontribune.com/bocaratonnews/2021/07/hacke...
1: https://www.reddit.com/r/IDmeSupport/comments/n3exk9/comment...
2: https://www.techdirt.com/2022/01/24/biometric-tech-company-i...
What's wrong with that?
Microsoft is trusted vendor
Headline is somewhat... hysterical.
A solution could be creating a German company using German servers, licensing Office 365 from MS and also paying it to maintain those servers. That should put the data out of the reach of the CLOUD act.