EU Parliament Blocks Outlook Apps For Members Over Privacy Concerns

jfruh writes Microsoft last week released Outlook apps for iOS and Android, but one group that won't be getting to use them is members of the European Parliament. They've been advised by their tech staff that the apps are insecure and that they shouldn't download them — and if they have, they should change their Outlook passwords.

The magic 8 ball

[Overzeetop]

The magic 8 ball could have told them that.

Pretty much a given?

[gstoddart]

With all the news stories about how America can (and will, and does) force companies to hand over what's in their clouds ... why the hell any member of the EU Parliament would think that using anything from Microsoft isn't a stupid idea is beyond me.

Unless you own every piece in that communication chain, you more or less have to start treating Microsoft as an entirely un-trustworthy entity ... because for legal and privacy purposes, they pretty much are.

I think MS (and other American cloud providers) are going to start finding themselves very unwanted ... because they literally can't be trusted.

They can't be trusted because they do stupid things like this, and because they want to monetize everything, and because they're more or less covered under the PATRIOT Act.

In deeming themselves above everybody's laws, and entitled to all data ... America is essentially no longer trustworthy.

Re:Pretty much a given?

[drinkypoo]

I'm given to understand they had some high ideals.

That's mostly propaganda, and a misunderstanding of the nature of the founding fathers. A small handful of them clearly had high ideals. But how can you take people seriously when they declare that all men are created equal and declare that they are starting a democracy, then fail to give the vote to over half the population? The truth is that they were creating a government in which they themselves (and their ilk) would hold the reins of power, and to this day the nation (like the world) is controlled by those who are both wealthy and racially privileged. It's a government by, of, and for money.

Re:Why?

[clorkster]

Why make it download emails from a Exchange server and then reupload it to some out-of-organization server?

According to the article this is not the reasoning that is being given for banning the app. As with any aggregator app that runs on a phone, there are many rather plain reasons why data such as emails and attachments would be temporarily stored on the app provider's servers.

The real issue that is being objected to here is that the app double-encrypts login credentials for various email providers using both a unique-per-client key that they generate and a key that is derived from the specific piece of hardware accessing the data. This encrypted data is then stored in "the cloud". The counterpoint to this methodology is gmail's use of OAuth to avoid storing any credentials - regardless of the sophistication of the encryption scheme - in a public cloud setup.

It's actually worse than that!

[s.petry]

Read TFA. Microsoft is doing what EVERY SINGLE SECURITY PROFESSIONAL TELLS YOU NOT TO DO! Caching passwords on a remote server. I don't care how many times you claim to encrypt the password, and I don't care what encryption algorithm they claim to use. You never, ever under any circumstances cache a users password. This is simply inexcusable and Microsoft deserves every bit of heat they get for this.

If I was told that a client sent an auth string and received a Kerberos ticket that got cached, I would not have the same opinion or harsh criticisms. This is plain old idiocy and laziness!