Dear Microsoft CEO Satya Nadella:

Herein, I would like to describe to you the process of remedying a Microsoft Office 2013 issue for one of my clients.

This client was running MsO2013 on Win7x64. The license was apparently an Office365 Home subscription that a previous technician had set up, and the subscription had expired. MsOffice was giving an unlicensed error in Outlook preventing the user from using Outlook, crippling his business.

To resolve this issue, I logged in to his Microsoft Office account online and attempted to renew the subscription. His credit card had expired so I needed to provide a new one. I did so, but the checkout process wouldn't recognize the new card, even after I refreshed the browser. I logged out, logged back in, and still: the Microsoft checkout process for renewal wouldn't recognize the new card, even though I could manage my payment options through Microsoft and see it there.

Frustrated, I had the client purchase the full license at $230 from Amazon. I stepped through the licensing assignment process to his Microsoft Office account which was successful, and I then activated the product using his email address. Office acknowledged the available license. Still, an unlicensed status still came up in Outlook.

The customer was now furious - and the customer had been down for > 1 day - the next option I had to was to uninstall your product and reinstall fresh from the portal distro. I uninstalled the MsO2013 product and reinstalled using the online portal to the machine. I opened Word and confirmed that the licensing was good, tied to his Office account. I setup his mail again in Outlook. Well over 1.75 hours (>$270 billed to my client) of combined support time for _installing_ and _licensing_ a productivity application.

This frustration with attempting to purchase, download, license, and use your products is why it makes it so difficult to recommend you.

• Why should anyone who legitimately purchased your product through a subscription be denied access to using it should the subscription expire?
• Why didn't the online checkout process recognize the new credit card?
• Why did you force me to purchase the full product?
• Why didn't the existing install accept the new licensing key/link to the Office user, even though it confirmed activation? 

If it's this difficult for a professional to install and license your products, how do you think normal users feel? That feeling is likely at the core of why you've laid off 7,500 more workers this year, in addition to the 33,000 you did in the last 18 months, because nobody likes that feeling. That feeling of frustration is what prevents me from getting the "warm fuzzies" about Microsoft, and often persuades me to recommend competitor products, because - with them - it doesn't take 1.75 hours to install and license a productivity application. 

Mr. Nadella, does Microsoft want to be a consumer electronics company that competes with the likes of Apple on the streets with retail consumers, or, do you want to be an enterprise IT company that builds reliable software that can be deployed in businesses? Right now, I don't know who you are, but you're increasingly moving away from being an enterprise IT company that I could potentially recommend to my SMB clients.

Thank you for your time.

R

What is Privacy?

This image of a button makes it look so easy,  doesn't it?

Well, first off, privacy doesn't exist. Privacy is a subjective feeling in that there's no specific measurement anyone can use to suggest absolute privacy; what is private to one party may be inherently public to another.  

All the word means that it's a state or condition that we believe is free from observation or eavesdropping. In terms of technology strategy, privacy reflects the confidence we have in systems to protect confidential information about individuals.

Let's break a few of those components down for a minute.

• Confidence. Yet another subjective feeling, confidence reflects how assured we feel that our safeguards are thorough, comprehensive, and resilient to attack. Example: we have confidence in a deadbolt on our front door to protect us from an intruder; we have confidence that a locked file cabinet will prevent unauthorized inspection of classified data. Confidence reflects only our intellectual and emotional trust in our safeguards.
   
• Systems. These are the policies, processes, training, controls, and automation that we've put in place to guarantee outcomes, to provide us with greater assurance that privacy can be maintained. Systems help ensure confidence.
   
• Individuals. In technology, we collect information all the time. That information is usually aggregated and reflects many anonymous data points that help paint a picture over a problem. This kind of data and its collection yields competitive advantage: we want this data, need it, collect it, and utilize it, to maximize profitability for shareholders. That's different than the information of individuals which is specific and representative of personal details that uniquely identifiable. It's about understanding what uniquely identifiable information we maintain and what we're responsible for.

So, in terms of information sciences, we look at privacy as an artificial and subjective construct. It's not an absolute thing - flip a switch, a button to press, and, hey: your stuff is private! Rather it's a feeling that we have that the systems we've put in place give us the confidence that information about individuals remains confidential.

The degree to which that feeling can extend is relative.

• If you want a feeling of maximum assurance and the highest confidence, we must come to thoroughly understand the information of individuals we maintain, and, to implement very rigorous systems to control it.
   
• If you want reasonable assurance and reasonable levels of confidence, we implement the bare minimum of systems to protect and control the information in our care. 
   
• If you're unsure of what information you're responsible for, and, aren't aware of the systems put in place to protect it, then your confidence is misplaced - you're blindly believing everything is okay. You've taken no action to understand what you're responsible for, then you can't have any reasonable expectation of privacy.

Further, privacy isn't a defined thing in the United States. It isn't even a right. There isn't a consensus in this country of what degree of systems are sufficient, what specific information about individuals should be confidential*; there's nothing written into the Constitution or Bill of Rights that guarantees citizens a right to privacy (in fact, just the opposite, with the 1st Amendment); aside from a smattering of Federal and State laws, case law has attempted to define what privacy actually means. In this country, there is a limited legal framework that defines what is private and what your obligations are (as a business owner) to maintain it.

So privacy isn't a right; what information about individuals should be private hasn't been universally defined; safeguards to elevate confidence haven't been universally defined; privacy is just a subjective feeling. 

Beyond that, there is not an absolute economic imperative behind privacy.  It won't improve shareholder equity; it won't return on investment. You're simply investing in safeguards. And for individuals, implementing inconvenient systems to safeguard their privacy may be perceived as too tedious or time consuming. Why should any business or individual what to do something that costs money, delays action, or causes irritation, when the payoff seems so limited?

So surely, privacy doesn't exist. It's a feeling that resides only in our minds.

Yet, ephemeral as privacy may be, the recent data breach from the Federal OMB affecting 7-percent of all Americans should remind everyone that the threats are real and the impacts are material. Indeed, a return on privacy does exist in the form of damages, losses, trust, and reputations. 

The question is: in witnessing this massive failure of privacy within the Federal Government, will you - today - overcome your base assumptions about your company's safeguards, verify their integrity, and implement stronger safeguards, as to validate the confidence that you have in systems that keep the personal private information of individuals confidential? Will you change your habits as an individual? Or, will you keep doing what you've always been doing, presuming your systems and habits should never have to change?

R

* With exception to some classified forms of information determined by Federal and State Governments. Example: Data subject to the Federal Privacy Act, FERPA, HIPAA, GLB, Matter Subject to State Data Breach Laws, etc. These pieces of information have been defined as classified and there are system requirements to raise our confidence levels.