I recently raised specific questions with my Member of the UK Parliament concerning Microsoft downloading Windows 10 files and updates for windows 8.1, which didn't reveal their true nature, onto my computer without my consent.
Below is the reply my MP received from the CEO )UK) of Microsoft.
25 November 2015
Dear (Member of Parliament)
Thank you for your letter of 28 October, forwarding the concerns of your constituent, Willington, on the subject of Windows 10. I have addressed Willington's questions below. Should you have any further enquiries, I would of course be happy to discuss them with you.
Downloads of Windows 10
Willington raises a question about consent to downloads of Windows 10. To be clear, Windows 10 update installation files were only downloaded to the computers of users who have taken an affirmative action. Specifically, all users who received the Windows 10 update fit within one of the categories below:
Users who actively chose to receive all recommended updates. When installing earlier versions of Windows (including Windows 7 and 8.1 Update), Windows users were asked to choose how they wanted to set up the Windows Update service; users could choose to install all “recommended updates”, or to be prompted before downloading and/or installing each individual recommended update. Users could then also change their Windows Update preferences after their initial installation of Windows. A number of users who actively chose to receive all recommended updates received the Windows 10 update.
Users who otherwise actively sought out or initiated the installation of Windows 10. In addition, certain users who chose other settings for receiving Windows updates (for example, users who selected the option to receive notifications before downloading Windows updates), also obtained the Windows 10 update through other affirmative actions. For example, users could go to www.microsoft.com and download Windows 10. Other users in this category deliberately triggered a download via the Windows Update applet in the Control Panel in order to receive Windows 10 after launch day, or deliberately opted to install Windows 10 after receiving a notification that an upgrade to Windows 10 was available.
Windows data collection
Willington also raises a question about a lack of transparency in relation to updates of Windows 7 and 8.1. Microsoft does allow users to choose to accept updates automatically, and many users choose this option to streamline their experience. But we also provide users with notice and choice about such updates. These updates do not embed spyware on users’ systems, as Willington suggests.
When installing Windows 7 or 8.1 – or at any time afterwards – users can set Windows to automatically install important and recommended updates, or to install important updates only. If users do not want updates to be installed automatically, they can also choose to be notified when updates apply to their computers instead. Then, after receiving each notification, users can choose whether to download and install updates themselves on a case-by-case basis, only following receipt of notifications. We explain how users can change these settings here: http://windows.microsoft.com/en-gb/windows/turnautomatic-updating-on-off#turn-automatic-updating-on-off=windows-7.
To give an example of our updates, starting in May 2015, Microsoft issued a series of updates through Windows Update for Windows 7 SP1 and Windows 8.1 that introduced an additional telemetry feature called the Diagnostic and Telemetry service. The Diagnostic and Telemetry service update is described in detail here: https://support.microsoft.com/en-gb/kb/3022345. This feature collects diagnostic information about functional issues on Windows 7 SP1 and Windows 8.1 systems, but only those that elect to participate in Microsoft’s Customer Experience Improvement Programme (CEIP), which is optin. CEIP’s purpose is to collect information about how our customers use Microsoft programmes and about some of the problems they encounter. Microsoft uses this information to improve the products and features customers use most often and to help solve problems. As noted, participation in the programme is voluntary, and CEIP has helped us improve our software to better meet the needs of Microsoft customers. Windows 7 and Windows 8.1 users can make changes to their CEIP participation (including turning it off completely) in the Windows Customer Experience Improvement Program settings page by opening Control Panel in Windows and selecting Action Centre > Change Action Centre settings > Customer Experience Improvement Program settings. Please see https://www.microsoft.com/products/ceip/en-gb/default.mspx for detailed information about CEIP, what information it collects and how users may opt-in and opt-out of its use. The Privacy Statement for CEIP may be found here: https://www.microsoft.com/products/ceip/en-gb/privacypolicy.mspx.
Voice and keystroke data
Willington also queries our voice and keystroke data collection practices. The Diagnostic and Telemetry service update that was distributed to Windows 7 SP1 and Windows 8.1 users is not capable of collecting input data for personalisation (either voice data or keystroke data) on Windows 7 and Windows 8.1.
By contrast, the Diagnostic and Telemetry service in Windows 10 is capable of collecting certain voice and keystroke data, and we are transparent with users about this capability. For example, information about that data collection can be found in the Windows 10 Speech, Inking and Typing FAQ. This is linked to from the Speech, inking and typing tab of the Privacy Settings control panel and we also make information about this collection available when Windows 10 is installed.
Where this collection is enabled, we collect this data for a number of reasons, including to correctly recognise user pronunciation, improve character recognition for handwritten words, and to provide users with a personalised dictionary and text completion suggestions.
We apply special security measures to this data. In particular we put this data through rigorous, multipass scrubs to remove sensitive or identifiable fields (e.g., email addresses, passwords, and alphanumeric data), and chop strings into very small bits and strip them of sequence data to prevent the information from being identified or put back together. The user may also use a Stop Getting to Know Me button in the Privacy Settings control panel to clear this type of data from the device.
I hope these answers address your constituent’s concerns.
Michel van der Bel CEO Microsoft UK
Whilst a reply was gratefully appreciated, their response did not cover the specific questions I raised with my MP and highlighted certain inconsistencies, some of which are contradictory to statements made by Executives at Microsoft HQ and Technical journalists. As such, I have asked, and they have agreed, a highly regarded PC publication to analyse and investigate. The results, together with proof, will be forwarded to my Member of Parliament.
I am sure that all of you will have an opinion about the reply my MP received. I consider it a 'Damage limitation' response which contains the Truth, but only part of the truth.