Microsoft to stop issuing email notifications for bulletins, advisorie

[Guest]

Just woke up and found this in my inbox...
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

********************************************************************
Title: Microsoft Security Notifications
Issued: June 27, 2014
********************************************************************

Notice to IT professionals:

As of July 1, 2014, due to changing governmental policies concerning
the issuance of automated electronic messaging, Microsoft is
suspending the use of email notifications that announce the
following:

* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins

In lieu of email notifications, you can subscribe to one or more of
the RSS feeds described on the Security TechCenter website.

For more information, or to sign up for an RSS feed, visit the
Microsoft Technical Security Notifications webpage at
http://technet.microsoft.com/security/dd252948.

<snip>

WTH!!! What government is responsible for this?

 

EDIT: OK. it's Canada.

Why is MS being so stupid then? According to that article people that signed up to receive these emails are exempt.

Edited June 27, 2014 by -X-

[submix8c]

GHAK!!!

Follow-up -

http://windowsitpro.com/security/microsoft-forced-discontinue-email-notification-system-security-alerts

Restates what you said but leaves an implication. Wonder if this is just Canadian recipients?

[dencorso]

Why is MS being so stupid then?

They released Win 8. Then 8.1... Do you really believe they still can act sensibly?

[jaclaz]

It seems to me like you are all reading the news the other way round.

The "new" Law in Canada http://www.kattstearns.com/casl_sending_messages_clients/ (which does not seem to me particularly innovative, at least from EU point of view, only assigning rather steep fines) prohibits sending e-mail notifications without explicit consent (which is good).

So, anyone with more than two working neurons would think:

1) OK, I have the e-mail addresses of a zillion Canadian users to which I am now sending notifications wothout an explicit consent.

2) OK, I have one week time before the Law is operative

3) Let me use this occasion to send all of them an e-mail asking for explicit consent, this way I will have the required by Law explicit consent and do for free and in a way that would not raise any of the usual conspiracy theories suspects a perfect way to update and verify my database of Canadian e-mails and possibly see if I can sneak into the communication some explicit consent for something else and/or add a poll of some kind that may come useful later.

 

Now, MS claims that  because of this new Law wants to change the delivery of the news and make it through a stupid RSS feed.

 

Unless they are completely demented (possible) or they have suddenly become the flagpole of privacy on the Internet (also possible, though somewhat less probable), this flatly means that *somehow* the new delivery method either allows to work around the Law or provides more or better data for their databases.

 

Choose one.

 

jaclaz 

[Guest]

But point 3 is not what's happening. This is the entire email...

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

********************************************************************
Title: Microsoft Security Notifications
Issued: June 27, 2014
********************************************************************

Notice to IT professionals:

As of July 1, 2014, due to changing governmental policies concerning
the issuance of automated electronic messaging, Microsoft is
suspending the use of email notifications that announce the
following:

* Security bulletin advance notifications
* Security bulletin summaries
* New security advisories and bulletins
* Major and minor revisions to security advisories and bulletins

In lieu of email notifications, you can subscribe to one or more of
the RSS feeds described on the Security TechCenter website.

For more information, or to sign up for an RSS feed, visit the
Microsoft Technical Security Notifications webpage at
http://technet.microsoft.com/security/dd252948.



Other Information
=================

Follow us on Twitter for the latest information and updates:
http://twitter.com/msftsecresponse

Recognize and avoid fraudulent email to Microsoft customers:
=============================================================
If you receive an email message that claims to be distributing
a Microsoft security update, it is a hoax that may contain
malware or pointers to malicious websites. Microsoft does
not distribute security updates via email.

The Microsoft Security Response Center (MSRC) uses PGP to digitally
sign all security notifications. However, it is not required to read
security notifications, security bulletins, security advisories, or
install security updates. You can obtain the MSRC public PGP key at
https://technet.microsoft.com/security/bulletin/pgp.

To receive automatic notifications whenever Microsoft Security
Bulletins and Microsoft Security Advisories are issued or revised,
subscribe to Microsoft Technical Security Notifications on
http://technet.microsoft.com/security/dd252948.


********************************************************************
THE INFORMATION PROVIDED IN THIS MICROSOFT COMMUNICATION IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

To manage or cancel your subscription to this newsletter,
visit the Microsoft.com Profile Center at
<http://go.microsoft.com/fwlink/?LinkId=245953> and then
click Manage Communications under My Subscriptions in the
Quicklinks section.

For more information, see the Communications Preferences section
of the Microsoft Online Privacy Statement at:
<http://go.microsoft.com/fwlink/?LinkId=92781>.

For the complete Microsoft Online Privacy Statement, see:
<http://go.microsoft.com/fwlink/?LinkId=81184>.

For legal Information, see:
<http://www.microsoft.com/info/legalinfo/default.mspx>.

This newsletter was sent by:
Microsoft Corporation
1 Microsoft Way
Redmond, Washington, USA
98052

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8

wsFVAwUBU62m6t9+6n7wt0BtAQivPg//Q0FlRWUBy7U+Nj6AboJZT3JG8xi2M+n1
5WYvAbQvwFkpSUMaeuPLNeN6JfqDnIUqVncVcm5mG7prhEwxlb8KFAOX5A0Xgaq6
Om8mAyQKU8NFKWBkPMqE2Y7QWgRDgCsJLju3MZmou/hEuL6R4QDl1wW35KtO57fr
558IQTDP3mDJPFAB3uEAcaRZsspN55eJPMOiYkimFn+VhEPki7bKkIVwl6HJsNMI
+XqSpnwI6/FVzKD5qt8hP5HeMUHMnfuwfpK2Nd0w2dl8DC1DwtS1YVhT59d1iJA4
EbJHk8PHYdg7nu6pTbW7OcARP7J/dAXvpM3Bw6I6miE+m2/zA6eOFH859Q+AWdhr
0uALgJwmmni+8rgKQz96xx4uDGxxLVICuYa331TDHa3eYX7EqH7rwrhHKh0Vu4wa
LIHMdqMyNDvT4Kxu7iIm5Y2iPqpTOxJez+Go3gEslMqQlEZuzS2Yj6DS7k5OD/Nl
FaSBSo4SNMVB3laxfitlnfrVrcYEgZvRgEC44FRoslCfBnNI3u6G98KGknN6Phcm
EjwY0t9NGzozrr65HGR/plbbpgwPUhmLKjw3phZM/L4ETZK0BsteR+9vmh9JBwbJ
78Cmuo7kfFQ+rP/+7fF/QrxDf6UZp7p8LT1H2q9biR7LZpxarFmPwOaoTkKmNV+a
EzDn7uqCbIg=
=TBE7
-----END PGP SIGNATURE-----

 

[jaclaz]

The "choose one" was not one among 1)/2)/3) but rather:

 

 

Unless they are completely demented (possible) or they have suddenly become the flagpole of privacy on the Internet (also possible, though somewhat less probable), this flatly means that *somehow* the new delivery method either allows to work around the Law or provides more or better data for their databases.

 

jaclaz

[Guest]

I don't want to keep arguing this point but I didn't say that your 1,2 and 3 where choices. Rather, that point 3 is not accurate.

In 3 you say that its to get consent and verify their email database when the email does not ask for any consents nor does it ask users to verify their emails. It simply states that they are stopping the email and if you want the info that the emails contained, you can get it through our RSS feeds.

 

On another note, notice that is says they are "suspending", not stopping for sure. So this may all blow over after they have a better legal analysis of the situation.

[jaclaz]

Sorry , that is where the misunderstanding was , that was a conditional sentence, what "anyone with more than two working neurons would think", I gave for acquired that :

 

They released Win 8. Then 8.1... Do you really believe they still can act sensibly? 

 

no more than one neuron (only partially working ) was involved in the above.

 

Surely it doesn't represent the actual contents of the letter , that would represent the contents of an hypothetical letter IF they were "normal".

 

The problem with MS decisions is that you can never say if they are motivated by excessive stupidity or by such a high level of (legal) smartness that is far beyond our level of understanding.

 

jaclaz

[Guest]

Neil Schwartzman, executive director of the Coalition Against Unsolicited Commercial Email (CAUCE), said CASL contains carve-outs for warranty and product safety and security alerts that would more than adequately exempt the Microsoft missives from the regulation.

 

Indeed, an exception in the law says it does not apply to commercial electronic messages that solely provide “warranty information, product recall information or safety or security information about a product, goods or a service that the person to whom the message is sent uses, has used or has purchased.”

 

“I am at a complete and total loss to understand how the people in Redmond made such an apparently panicked decision,” Schwartzman said,” noting that Microsoft was closely involved in the discussions in the Canadian parliament over the bill’s trajectory and content. “This is the first company I know of that’s been that dumb.”

 

Microsoft Kills Security Emails, Blames Canada — Krebs on Security

Edited June 30, 2014 by -X-

[Guest]

It's over. 

“On June 27, 2014, Microsoft notified customers that we were suspending Microsoft Security Notifications due to changing governmental policies concerning the issuance of automated electronic messaging. We have reviewed our processes and will resume these security notifications with our monthly Advanced Notification Service (ANS) on July 3, 2014.” – a Microsoft spokesperson.

Did they really need this long to analyze this? Everyone except them knew the law was a non-issue since it's opt-in.