1. Redmond Protocols Plugfest 2016 Neil B Martin Windows Protocol & Privacy ECG Security & Privacy June 2016

2. Introduction Privacy challenges Telemetry Published Windows Telemetry Protocols Windows Server 2016 and System Center 2016 Telemetry

3. Privacy – Challenges Privacy has been an increasing challenge to address particularly between EU and US On October 6, 2015, the European Court of Justice issued a judgment declaring as “invalid” the European Commission’s Decision 2000/520/EC of 26 July 2000 This has caused fragmentation of regulations governing data protection in EU and US So called Privacy Shield still under discussion http://europa.eu/rapid/press-release_IP-16-216_en.htm Umbrella agreement signed but not ratified as yet http://ec.europa.eu/justice/data-protection/files/dp-umbrella-agreement_en.pdf The General Data Protection Regulation (GDPR) is a Regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU). Comes into effect 25 May 2018

4. Cultural Overtones US Privacy Here is what we are planning on doing with your data Scottish/Australian Privacy Get off my patch Other places The government owns your data In short When comparing it is not all apples with apples

5. Trust Microsoft of course has had some lets says harsh monikers in the past Quite difficult to gain trust with some labels Some assume telemetry is snooping/spying Hopefully we have moved on Microsoft does understand that Trust has to be earned and easy to lose These protocol events are a good example of where trust changed for the better over time. We are now publishing information on Windows Client and Server telemetry

6. Diagnostic and Usage Data(Telemetry) Diagnostic and Usage Data - Telemetry At Microsoft it is a process that measures and reports data about Microsoft software as it runs on customer systems and applications When used effectively allows improvement of products and services Industry is lacking in good taxonomy and vocabulary The data at times does fall under privacy regulations Sometimes by design – suitable provisions need to be in place Sometimes by accident – best avoided Legal Domains Point of collection (user machines) Point of Data Processing (enterprise locations, Microsoft Cloud data centers, etc..)

7. Who do you want to call? Calling Home Windows both client and server SKU call back to Microsoft for various reasons Often cloud service related Synching photo’s, Cortana, Bing etc…. Causes suspicion Windows 10 and Windows 2016 does make use of extensive telemetry Call a Friend Maybe that is friend or foe Firmware often does a version check, so maybe a disk will perform a firmware check by calling the vendors home Don’t call aka - Zero Emissions We do have customers that ask for no calling No single way to say no telemetry to all components

8. Calling Home Windows has a large number of protocols No news there then WSPP (Windows Server Protocol Program) – approx. 200+ MCPP (Microsoft Client Protocol Program) – approx. 300+ Public Protocols – approx. 500+ Azure EndPoint Protocols 20+ Telemetry Not just O/S, Office, Skype, 3 rd party apps, all collect telemetry Each telemetry system has its own opt-in, control, and governing EULA But may use same transport protocol No single off switch for all traffic to Microsoft An all off for traffic does kill functionality Different products have different telemetry so currently we have no single off switch for either data or telemetry

9. Example Endpoints Many endpoints that Server and Client communicate with are not telemetry, for example: sls.update.microsoft.com Triggered by Windows Update Service (WSUS) and supplies the URL for the server to sync against crl.microsoft.com Windows obtains certificate revocation lists via this URL fs.microsoft.com Windows obtains fonts on demand from this URL

10. Telemetry Protocols Other Telemetry protocols exist but are currently not publicly documented TitlePublic Protocol Spec NameDoc - Microsoft Corporate Error Reporting Version 1.0 ProtocolMS-CER[MS-CER]:Corporate Error Reporting V.1 Protocol Corporate Error Reporting V.2 ProtocolMS-CER2[MS-CER2]: Corporate Error Reporting V.2 Protocol Software Quality Metrics (SQM) Client-to-Service Protocol V1MS-SQMCS [MS-SQMCS]: Software Quality Metrics (SQM) Client-to-Service Version 1 Protocol Software Quality Metrics (SQM) Client-to-Service Protocol V2MS-SQMCS2 [MS-SQMCS2]: Software Quality Metrics (SQM) Client-to-Service Version 2 Protocol Telemetry Protocol XML SchemaMS-TPXS[MS-TPXS]: Telemetry Protocol XML Schema Remote Desktop Protocol: Telemetry Virtual Channel ExtensionMS-RDPET[MS-RDPET]: Remote Desktop Protocol: Telemetry Virtual Channel Extension Device Health Attestation ProtocolMS-DHA[MS-DHA]: Device Health Attestation Protocol Wi-Fi Display Protocol ExtensionMS-WFDPE[MS-WFDPE]: Wi-Fi Display Protocol Extension

11. Telemetry Publications Published information on Windows Telemetry We published new/updated public documents. Credit to a large cast of x-division collaborators for pulling these together. Configure Windows telemetry in your organization https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-telemetry-in- your-organizationhttps://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-telemetry-in- your-organization Configure Windows 10 devices to stop data flow to Microsoft https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-10-devices-to- stop-data-flow-to-microsofthttps://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-10-devices-to- stop-data-flow-to-microsoft Window Server Blog Post https://blogs.technet.microsoft.com/windowsserver/2016/05/06/telemetry-insights-for-windows-server-2016-and- system-center-2016/ https://blogs.technet.microsoft.com/windowsserver/2016/05/06/telemetry-insights-for-windows-server-2016-and- system-center-2016/ Windows Server 2016 and System Center 2016 Telemetry https://aka.ms/winservtelemetry

12. Summary Telemetry Opportunities for the future Privacy and Telemetry vocabulary and taxonomy (standards?) Approach to telemetry levels e.g. all off switch Acceptable approaches Acceptable uses Reasonable safe guards We use telemetry to learn about usage and improve products We really do care about Customer privacy and security.privacy and security We want to be transparent about our telemetry process and will continue to work on this.