Microsoft India Disregards Privacy in India in name of Software Audit

Started by Abool, May 28, 2015, 05:01:44 AM

Previous topic - Next topic

Abool

Microsoft India has been conducting audits on several small businesses in India. They don't divulge as to how exactly they conduct the software audit. They depute a local rep to the company (usually with prior intimation). Once the auditors are inside the premises, they don't specify what they are going to do, but only ask for complete systems access. What was observed was that they had done forensics on each computer for past installations and inspected system and application logs, events, etc. This was done for each computer. They also use control panel and inspect things like s/w and h/w components installed in the systems. The auditor will not tell you what he's doing, but if you are knowledgeable, you will know that he is doing forensics on the systems (in the sense, that he is inspecting the logs/events/installed or uninstalled s/w etc). This is all done even without informing you what he's doing.

This only makes one to doubt how much Microsoft cares for privacy and confidentiality of other individuals and businesses.

I was told that after getting the report, they would pursue to buy any software that was used (but removed subsequently) or is being used if you don't have valid license from an authorized reseller in India.

One may ask as to why you need to allow an auditor to visit your premises? The answer is that they (Microsoft) say the matter would be escalated to their legal department if the audit is not allowed. Most small businesses don't have the capacity (like hiring a lawyer to reply to their legal enquiries, etc) to counter such a big company, and simply allow them to conduct an audit. It might so happen that some office s/w was installed without license (by some computer repair person, which you probably never used), and things would get complicated.

In the whole process, it is surprising how Microsoft is disregarding the Privacy and Confidentiality of the users (some times non users too) of its software in the process of doing software audit.