Microsoft has announced what it calls a more privacy-friendly version of its Productivity Score enterprise feature, following backlash from security experts who condemned it as a “full-fledged workplace surveillance tool.”
The Productivity Score feature, which was launched as part of the Microsoft 365 productivity suite on Oct. 29, aimed to provide enterprises with data about how employees were utilizing technology. The idea behind the feature is to provide employees with a “score” based on metrics collected from their usage of Microsoft 365 products. For instance, an employee who uses Microsoft Teams, Outlook or Skype more might have a higher score.
However, following privacy concerns about the feature, the tech giant announced on Tuesday several changes to Productivity Score. “At Microsoft, we believe that data-driven insights are crucial to empowering people and organizations to achieve more,” Jared Spataro, corporate vice president for Microsoft 365, said in a blog post Tuesday. “We also believe that privacy is a human right, and we’re deeply committed to the privacy of every person who uses our products.”
The changes come after privacy advocates criticized the tool as an overreach of data collection by enterprises – and by Microsoft itself. David Heinemeier Hansson, co-founder of project management tool Basecamp called the tool “the most invasive work-place surveillance scheme yet to hit mainstream,” while technologist Wolfie Christl said “this is so problematic at many levels.” Christl pointed out that any evaluation of group “productivity” data represents a disturbing shift of power in data privacy from employees to organizations.
“Employers are increasingly exploiting metadata logged by software and devices for performance analytics and algorithmic control,” said Christl in a tweet last week. “[Microsoft] is providing the tools for it. Practices we know from software development (and factories and call centers) are expanded to all white-collar work.”
In response to these concerns, Microsoft has made two overarching changes to Productivity Score. First, the feature will remove user names – and their associated actions – from the product, meaning that organizations will no longer be able to track individual activities over a 28-day period.
“Going forward, the communications, meetings, content collaboration, teamwork, and mobility measures in Productivity Score will only aggregate data at the organization level—providing a clear measure of organization-level adoption of key features,” said Spataro. “No one in the organization will be able to use Productivity Score to access data about how an individual user is using apps and services in Microsoft 365.”
A second change will modify the user interface to make it clearer that Productivity Score is a measure of organizational adoption of technolog and not individual user behavior.
“Over the last few days, we’ve realized that there was some confusion about the capabilities of the product,” said Spataro. “Productivity Score produces a score for the organization and was never designed to score individual users. We’ll make that clearer in the user interface and improve our privacy disclosures in the product to ensure that IT admins know exactly what we do and don’t track.”
Concerns around workplace surveillance of employees has increased after the coronavirus pandemic forced many organizations to go remote. In June research, Gartner analysis revealed that 16 percent of employers were using technologies more frequently to monitor their employees through methods – such as virtual clocking in and out, tracking work computer usage, and monitoring employee emails or internal communications/chat. Other emerging services and tools that increased in popularity during COVID-19 created concerns about employee data privacy rights – such as Sneek, a group web conference software that lets companies take screenshots of their employees every five minutes.
“Purveyors of a variety of new and repurposed surveillance technologies seek to help employers mitigate the risks of workplace COVID infections,” Katitza Rodriguez and Svea Windwehr, with the Electronic Frontier Foundation (EFF), warned in September. “But many of these technologies pose severe threats to workers’ privacy and other fundamental rights. ”
Put Ransomware on the Run: Save your spot for “What’s Next for Ransomware,” a FREE Threatpost webinar on Dec. 16 at 2 p.m. ET. Find out what’s coming in the ransomware world and how to fight back.
Get the latest from John (Austin) Merritt, Cyber Threat Intelligence Analyst at Digital Shadows, and other security experts, on new kinds of attacks. Topics will include the most dangerous ransomware threat actors, their evolving TTPs and what your organization needs to do to get ahead of the next, inevitable ransomware attack. Register here for the Wed., Dec. 16 for this LIVE webinar.