EU Parliament Blocks Outlook Apps For Members Over Privacy Concerns

jfruh writes Microsoft last week released Outlook apps for iOS and Android, but one group that won't be getting to use them is members of the European Parliament. They've been advised by their tech staff that the apps are insecure and that they shouldn't download them — and if they have, they should change their Outlook passwords.

The magic 8 ball

[Overzeetop]

The magic 8 ball could have told them that.

Pretty much a given?

[gstoddart]

With all the news stories about how America can (and will, and does) force companies to hand over what's in their clouds ... why the hell any member of the EU Parliament would think that using anything from Microsoft isn't a stupid idea is beyond me.

Unless you own every piece in that communication chain, you more or less have to start treating Microsoft as an entirely un-trustworthy entity ... because for legal and privacy purposes, they pretty much are.

I think MS (and other American cloud providers) are going to start finding themselves very unwanted ... because they literally can't be trusted.

They can't be trusted because they do stupid things like this, and because they want to monetize everything, and because they're more or less covered under the PATRIOT Act.

In deeming themselves above everybody's laws, and entitled to all data ... America is essentially no longer trustworthy.

Re:Pretty much a given?

[cavreader]

Please give an example of a country that is? And the EU (and a whole bunch of other countries)works hand in hand with the NSA collecting and sharing data. Why do you think the EU politicians stopped their vitriolic accusations in record time? Could it be that their own intelligence agencies pulled them aside and quietly told them they were cooperating with the NSA so shut the hell up? The naivety displayed by the people raging about the NSA in particular and America in general is breath taking. By failing to recognize that there are other very powerful and intrusive state security agencies involved in the mix makes any complaints are meaningless.

Re:Pretty much a given?

[drinkypoo]

I'm given to understand they had some high ideals.

That's mostly propaganda, and a misunderstanding of the nature of the founding fathers. A small handful of them clearly had high ideals. But how can you take people seriously when they declare that all men are created equal and declare that they are starting a democracy, then fail to give the vote to over half the population? The truth is that they were creating a government in which they themselves (and their ilk) would hold the reins of power, and to this day the nation (like the world) is controlled by those who are both wealthy and racially privileged. It's a government by, of, and for money.

Re:Pretty much a given?

[drinkypoo]

Wut. Why the hell is this drivel modded up

The same reason my comment was modded down, and four other of my unrelated comments too, for good measure: Jingoism. My country, right or wrong. Well, the USA is my country, and I want it to be better. These dildos who mod anything critical of the USA down exemplify the kind of asshole who is the problem with this country. MERICAFUCKYEAH, don't tell me it's not perfect or I'll shoot you

Re:Why?

[clorkster]

Why make it download emails from a Exchange server and then reupload it to some out-of-organization server?

According to the article this is not the reasoning that is being given for banning the app. As with any aggregator app that runs on a phone, there are many rather plain reasons why data such as emails and attachments would be temporarily stored on the app provider's servers.

The real issue that is being objected to here is that the app double-encrypts login credentials for various email providers using both a unique-per-client key that they generate and a key that is derived from the specific piece of hardware accessing the data. This encrypted data is then stored in "the cloud". The counterpoint to this methodology is gmail's use of OAuth to avoid storing any credentials - regardless of the sophistication of the encryption scheme - in a public cloud setup.

EU: Send Beer (OK, money too)

[bill_mcgonigle]

why the hell any member of the EU Parliament would think that using anything from Microsoft isn't a stupid idea is beyond me.

Well, because they want the feature set. The EU should start dumping truckloads of money on Inverse and Samba until the open source solution is superior.

Sogo is close to being done (the hard bits like single instance modifications of repeating events aren't) and Samba4 is teetering on stilts; though it works in ideal circumstances, lots of problems aren't handled and there is missing functionality.

It's actually worse than that!

[s.petry]

Read TFA. Microsoft is doing what EVERY SINGLE SECURITY PROFESSIONAL TELLS YOU NOT TO DO! Caching passwords on a remote server. I don't care how many times you claim to encrypt the password, and I don't care what encryption algorithm they claim to use. You never, ever under any circumstances cache a users password. This is simply inexcusable and Microsoft deserves every bit of heat they get for this.

If I was told that a client sent an auth string and received a Kerberos ticket that got cached, I would not have the same opinion or harsh criticisms. This is plain old idiocy and laziness!