Microsoft Shared Financial Data Of Indians With US Intelligence; Indian Banks Knew This
This raises a major question mark on data privacy of Indians.
As per an exclusive report by DNA Money, it has been revealed that Microsoft, world’s 3rd largest company and one the torch-bearers of IT revolution globally, has shared financial data of Indias with US intelligence agencies.
RBI has observed this, and have questioned banks about this data sharing practice.
The most interesting aspect: Indian banks knew about this, but remained silent.
This raises several questions about data privacy of Indians, and how banks are willingly allowing global MNCs to compromise with it.
There are more than 100 million users of Microsoft’s Office 365 suite, which bundles an email client among other popular software such as Microsoft Word, Powerpoint and others.
Among these users are most of the Indian banks, which uses this software, and have come into agreement with Microsoft.
As per this agreement, Microsoft is bound to share data with US intelligence agencies, if need arises. Hence, using this clause, it seems that Microsoft has shared Indian banks’ customers data with US intelligence.
But How Am I Affected?
Say I am a customer of SBI, which is using Office 365 Suite provided by Microsoft. This means SBI employees use this cloud-based email service to communicate.
Now, if any US Intelligence agency wants me to track, and know about my financial details, then they can ask Microsoft to share my data which SBI has.
And Microsoft will willingly do so, even if they don’t have ethical or moral right to do so. But since SBI has signed a contract with Microsoft to use their Office 365 suite, they can poke into any customer’s data which resides with their cloud service and hand it over to US Intelligence agencies.
Is This A Risk For Banks?
Ofcourse! A huge, massive risk of data and privacy violation. The customer, that is me, have never allowed Microsoft to access my SBI data, but they are doing so.
RBI has understood the grave danger this possess, and this is the reason they have mentioned this is Risk Assessment Report (RAR), and have asked banks’ audit committees to respond.
In their report, RBI said, “All the mailboxes had been migrated to office 365 Microsoft cloud environment. It was gathered from the Microsoft transparency hub that Microsoft is bound to share customers’ data under US Foreign Intelligence Surveillance Act (FISA) and US national security letters as and when required by the US authorities.”
But Were Banks Aware Of This?
The most interesting aspect is that yes. All the banks which are using Microsoft’s Office 365 Suite were fully aware of this data sharing agreement of Microsoft, but remained silent.
When DNA Money contacted banks about this, then only SBI and Bank of Baroda have responded. As per SBI’s reply, no such requests to share data was made by Microsoft in 2016 and 2017; but one request was made in 2018, and it turned out that the customer was not from SBI.
Bank Of Baroda has made a generic statement: “Protecting the interests of our esteemed customers is of paramount importance to us. The bank’s ‘systems and operations’ are robust – we stand committed to protecting our customers’ interests, and we have all the necessary systems in place to ensure the same.”
Microsoft has responded on this, and have confirmed that if there is a legal procedure, they will share their users’ data.
The statement said, “No government has direct access to any of our users’ data. Data privacy is a top priority for us. We never provide customer data unless we receive a legally valid warrant, order or subpoena about specific accounts or individual identifiers that we have reviewed and consider legally appropriate and consistent with the rule of law and our Microsoft principles. Absent extraordinary circumstances, in the vast majority of cases we redirect governments to seek data directly from commercial customers or to allow us to tell our commercial customers when the government seeks their data.”
This can snowball into a major controversy, as financial data of Indians is being shared with a foreign nation, by a reputed IT company. There are so many US based cloud service providers in India, and if this can happen with Microsoft, this can happen with anyone.
We will keep you updated, as more details come in.