Businesses can use risk management tools in Microsoft Office to covertly monitor the activities of employees on work-issued computers.
The software company provides tools in its Office 365 suite that can be used by employers to read staff emails and monitor how long they spend on calls and how many meetings they attend.
The surveillance capabilities of Microsoft’s Office suite, which is widely used by businesses across the world, were disclosed in a dissertation by a researcher at University College London (UCL).
The research shows that companies continue to exploit capabilities built into Office 365 to monitor staff computers some 18 months after Microsoft took steps to protect employees’ privacy.
The disclosure has led to calls for Microsoft to change its software to alert staff when companies use its Office 365 productivity tools to monitor identified employees.
Eliot Bendinelli, senior technologist at campaign group Privacy International, which participated in the research, said Microsoft should be more transparent about the data it enables companies to collect.
“The ability for an employer or an IT administrator to read all communications and documents, and to access data about employees’ online activities without their knowledge, is one of the most problematic features of Office 365,” he told Computer Weekly.
“The ability for an employer to read all communications and documents, and to access data about employees’ online activities without their knowledge, is one of the most problematic features of Office 365” Eliot Bendinelli, Privacy International
The company replaced its reports with aggregated data measuring how much employees were sending email, collaborating on shared documents and taking part in group chats, in a way that was not traceable to individual users.
But research by UCL computer science graduate Demetris Demetriades and Privacy international shows that employers are still able to use functions in Office 365 to monitor individual employees.
Demetriades found employers can use the governance and risk management tools in Office 365 to look at the content of emails or messages sent by specific employees and identify the activities that individual users have carried out using their work computer.
Microsoft’s “content search” and “audit” tools can be used by employers to build up a detailed picture of employees’ activities, he told Computer Weekly.
“Whatever interaction is performed through business email, the audit and content search features identify it and log it. For example, they log the time of the email, the recipient and the content of the email. If the email contains attachments or a picture, the employer can see that too,” he said.
Privacy International argues in an article about Demetriades’ researchthat these tools can be used to build up a detailed profile of an employee.
“Combining these two all-encompassing features, employers are able to draw a rather intimate picture of every employee, down to the finest of details. This includes not only a list of most of the actions they take, but also the possibility to plainly access all the content being exchanged within the organisation and external communications through email,” it said.
Monitoring Team players
IT administrators can also use the administration centre in Microsoft Teams video conference, messaging and collaboration software to assess how long employees spend on calls, how many messages they exchange and how many one-to-one meetings they take part in.
The software records which devices employees use to attend each meeting or send each message, potentially allowing employers to make inferences about employees.
For example, managers might make the assumption that an employee who joins an early morning meeting from their phone, rather than their laptop, might still be in bed.
Microsoft provides companies with aggregated data showing how employees across the organisation, or individual groups, are using Office 365 applications. It also provides them with a productivity score that shows how well employees are using Office 365 capabilities compared with similar companies.
For smaller organisations, this data can still be used to make inferences about the performance of individual employees, Demetriades and Privacy International found.
The audit and content search tools offered by Microsoft have legitimate uses, such as allowing employers to identify breaches of employment contracts, breaches of company policies on harassment and the disclosure of trade secrets.
But Demetriades and Privacy International argue there are no safeguards to protect employees from auditing tools being misused and Office 365 users are given no warning if companies choose to enable those tools.
“This lack of transparency and limitations on the employee side means they can potentially be misused and turned into a surveillance machine without employees’ full knowledge,” they claim.
‘Pseudonymised by default’
Microsoft did not contradict the UCL research, but said in a statement to Computer Weekly that it uses masked or “psuedonymised” information about users of Office 365 “by default”.
“We do not believe in using technology to spy on individual employees. Most of the Microsoft 365 analytics tools that provide insights into adoption and usage do so at the aggregate level – across groups or entire organisations” Microsoft spokesperson
Revealing identifiable user information is treated as a logged event in the Microsoft 365 compliance centre audit log, the company added.
“We do not believe in using technology to spy on individual employees. Data-driven insights have long been a critical part of how IT professionals deploy and manage solutions, provide services, meet regulatory requirements and fix problems across their organisations,” a spokesperson said.
“Most of the Microsoft 365 analytics tools that provide insights into adoption and usage do so at the aggregate level – across groups or entire organisations. These tools are an important part of helping organisations run effectively and get the most out of their investment,” the spokesperson added.
Microsoft should alert employees to monitoring
Although Microsoft mentions in its privacy policy that Office 365 can be used by organisations to “access and process your data”, including “the contents of your communications and files”, it is unlikely to be noticed by employees who may have to consent to the software their company is using.
Microsoft does not limit how employers can use its “audit” and “content search” tools, which means they could potentially misuse them to spy on employees without consent.
If employers do not disclose which Office 365 capabilities are turned on, employees have no way of knowing “whether their every action with Office 365 is being monitored or even if their communications are being read by someone”, the privacy group argued.
Screenshot from Microsoft’s privacy policy section
Demetriades said Microsoft could do more to prevent employees being spied on by their employer, such as introducing a dedicated dashboard accessible to all employees that lists which productivity apps have been enabled or disabled and what data the organisation is collecting and under what circumstances.
Microsoft should also notify Office 365 users when companies turn the “audit” and “content search” features on, and if administrators disable the option to conceal usernames in Office 365 to generate reports about named individuals, he added.
“I am not saying these features should be removed completely, because they are good for productivity, but they should be used to provide aggregate information,” said Demetriades.
There are other ways to see whether individual employees are being productive rather than using these metrics, he added.
Employers have legal responsibilities
Under UK data protection law, employers are responsible for ensuring they comply with the law when using software to monitor employees.
Companies need to ensure that monitoring employees at work is proportionate, and if it is proportionate, whether they can justify collecting data on employees without informing them first, said IT lawyer Dai Davies.
“The real problem is that there is no black and white answer. What is proportionate in one situation is not proportionate in another,” he said.
For example, it is probably proportionate and lawful for a retailer to install a hidden camera where there are grounds to suspect a staff member of pilfering from a till. However, it would not be proportionate for a company to record the key strokes made by every secretary employed by the organisation to identify the least productive typists.
“Monitoring everyone is much more problematic than monitoring a few people. One of the problems with Microsoft Office 365 is that it allows monitoring of every employee and is therefore harder to justify,” said Davis.
He said Microsoft had failed to acknowledge that employers could combine data gathered from Office 365 with other data they hol on their staff.
Legitimate reasons for monitoring employees
David Wilson, CEO of Fosway Group, an analyst specialising in the human resources industry, said there were legitimate reasons why companies might want to monitor employees.
These include monitoring workplace apps to identify patterns of use or monitoring email to identify intellectual property theft or workplace harassment.
“It is hard to argue that a company should not be allowed to access staff emails or browsing history if there are business-critical or legal reasons. The issue is more one of governance and ensuring that monitoring capabilities are not abused” David Wilson, Fosway Group
“It is hard to argue that a company should not be allowed to access staff emails or browsing history if there are business-critical or legal reasons. The issue is more one of governance and ensuring that monitoring capabilities are not abused,” he said.
For example, pharmaceutical companies ask employees for consent to use software to automatically screen their emails and social media to see whether rival companies are mentioned to ensure that employees do not accidently leak confidential information to a competitor.
The same software could be used to identify employers who have applied for jobs with competing companies.
Office 365 simulation
Demetriades used a trial version of Office 365 to simulate a company network made up of two users and a systems administrator as part of his research project for a masters in information security at UCL.
“I set up an admin account, which represented the employer, and I added two user accounts, which represented employees,” he told Computer Weekly. “I used my laptop and my phone, and I logged each user in on one device, and I tried to interact with simple messages and set up meetings to collect data. The platform tracked the data and it started to generate the graphs and the metrics.”
Demetriades, a software engineer, said it would be “very easy” for an employer to select and read emails sent by a particular employee.
Microsoft boosted Office 365 privacy in 2020
Microsoft announced plans to remove user names from its Productivity Score tool in a blog post in December 2020, in response to criticism that the feature could be misused by employers.
“No one in the organisation will be able to use Productivity Score to access data about how and individual user is using apps and services in Microsoft 365,” it said in the post.
The company also changed the interface of its software to make it clear the purpose of Productivity Score was to monitor the adoption of technology within the organisation rather than to monitor individual employees.
But Demetriades’s research shows that Office 365 can still be used by employers to monitor that activities of their staff.
Microsoft said in its statement that there were scenarios where IT professionals need access to “user-level information” to identify and fix problems or to track software licences.
“Access to these reports is restricted to only a few IT-focused roles. Moreover, Microsoft generally takes the step of concealing user, group and site information by default,” a spokesperson said.
The AMD Radeon RX 6900 XT has been an interesting GPU this generation. It’s both cheaper than the competing Nvidia GeForce RTX 3090—and sometimes faster, too. It’s now been refreshed with the RX 6950 XT, a late entrant into the tumultuous GPU market. Nvidia has also done its part with the GeForce RTX 3090 Ti, which brings impressive performance, albeit with a high cost and power draw at 450W TDP.
With the original RTX 3090 price recently decreasing slightly, it makes for an interesting comparison against the newer AMD RX 6950 XT. The RTX 3090 Ti offers more performance, but is significantly outside of the price bracket of the RX 6950 XT. Is this AMD refresh enough to push performance for AMD ahead of Nvidia, even in the murky waters of ray tracing? More importantly, does it move the needle for high-end gamers enough for them to switch their allegiance from Nvidia to AMD? Let’s find out!
Sapphire RX 6950XT
Brad Chacos
Nvidia RTX 3090 vs. AMD 6950XT: Price
Relax. You can easily find both GPUs in stock now at most retailers, and generally at close to MSRP. The GPU market has experienced a significant downturn during the last several months, with prices quickly dropping from their stratospheric levels.
The AMD RX 6950XT comes in at a $1,099 MSRP for the reference model, and some third-party models range from $1,199 to $1,299. A modest bump from the $999 6900XT pricing—but it does not mean they’re a great deal. With the declining GPU market and murmurs of the next-generation GPUs coming out this year, it has significantly dampened demand and enthusiasm for this level of GPU.
The Nvidia RTX 3090 has also experienced much lower demand, resulting in quickly falling pricing. While you’re still unlikely to find a $1,499 Founders Edition at MSRP, most models such as those from the EVGA RTX 3090 lineup have experienced a significant price drop, coming in as low as $1,609 for the Black series. (The 3090 Ti debuted at $1,999, a big increase over the RTX 3090—and it’s already being discounted at many retailers, too)
The pricing on the used market is even lower, however, with RTX 3090s dipping close to the $1,200 mark in many cases.
Neither model is a great price-to-performance choice this late into the release cycle, however. Most high-end gamers who don’t have a top-tier GPU will likely be best served by waiting for the next generation this year.
The AMD RX 6950 XT is the latest to test its mettle against Nvidia.
Thiago Trevisan
Nvidia RTX 3090 vs. AMD 6950XT: Performance
AMD certainly threw in a surprising performance with the original 6900 XT—it was able to match or beat the RTX 3090 in certain games and scenarios. Has the RX 6950 XT finally crossed the Rubicon in all performance areas? Not quite. When it comes to ray tracing performance, the RTX 3090 is still out ahead. (Check out Brad Chacos’ review for a deeper dive on the new AMD refreshes.)
Thiago Trevisan
In games such as Watch Dogs Legion with traditional rasterization, we can see the AMD RX 6950 XT performing as well or better than the RTX 3090 (especially at lower resolutions). This trend continues in other games such as Horizon Zero Dawn, where it’s able to keep up with the RTX 3090. Game after game, both GPUs trade blows and are highly competitive with each other.
Both GPUs have party tricks up their sleeves for performance, too. AMD has Smart Access Memory that can boost performance when coupled with a Ryzen CPU, along with Radeon Super Resolution. This will give it significant boosts in many games, besting the RTX 3090 in some cases, as shown below in Horizon Zero Dawn. Nvidia also has DLSS technology that does wonders for keeping graphical fidelity and high frames simultaneously—which is a gamer changer when paired with ray tracing.
AMD RSR Advantages
Thiago Trevisan
What happens when we introduce ray tracing? That’s where Nvidia’s RTX 3090 still holds an advantage over AMD. The 6950 XT does not have upgraded ray tracing hardware when compared to the 6900 XT, keeping it behind the Nvidia RTX GPUs in this case.
It can be argued that there are diminishing returns for ray tracing visuals and performance, with varying results. The technology puts insane strain on performance, lowering frame rates significantly until you claw some back with the help of an upscaling technology like DLSS or AMD’s FSR. The visual impact doesn’t always make losing that performance worthwhile, either. But when it comes to the “halo” GPUs like these, ray tracing can be part of the reason you get a high-end GPU in the first place; you want to turn all the eye candy up to Ultra, including ray tracing. Paired with Nvidia’s DLSS, the performance penalty can be mitigated, and the visuals enjoyed fully.
This is one big advantage of the RTX 3090 versus the newer 6950 XT—maximum performance and visuals matter when you’re spending way over $1,000 for a GPU. AMD’s ray tracing hardware is a generation behind Nvidia’s implementation, while its DLSS rival, FSR 2.0, is great but still in its infancy, with only a handful of games supporting the fledgling technology at this point. That means ray tracing is best experienced at 1440p resolution on the 6950 XT, while you can usually crank ray traced games even at 4K on the 3090. If you’re not interested in ray tracing however, the 6950 XT is a mighty fine choice for significantly less cost.
Let’s not forget that the RTX 3090 is certainly better geared towards content creation and other workstation use cases, as well. With a whopping 24GB of GDDR6x VRAM, it will handily beat the 16GB RX 6950 XT in most content creation tasks. The 3080 Ti would be a more reasonable competitor to the 6950 XT in this case as a pure gaming solution.
Nvidia RTX 3090 vs. AMD 6950 XT: Power and other things to know
The RTX 3090 packs a TDP of 350W, with many third-party models eclipsing 400W. The RX 6950 XT comes in a 335W TDP, which is reasonable for the performance that it puts out. Remember, the 3090 Ti is already up to 450W TDP—so next-generation offerings will likely go up significantly in requirements.
You’ll want a minimum of a 750W power supply for both, but we’d recommend you up that even higher for future proofing—as high-quality power supplies tend to last a long time.
You’ll need a case with good airflow for both these options, and better clearance than lesser GPUs require. (They’re often wrapped in a nice, thick, beefy air coolers to keep their temperatures in check.)
Which is the better option for water cooling? We’d argue that the RTX 3090 is, since it likely will have a wider range of water blocks available on the market. Plus, with its steaming-hot VRAM, it often benefits more from taking a deep swim versus the typically cooler RX 6950 XT.
So, is the 6950 XT enough to best the RTX 3090?
The 6950 XT is a slightly more powerful addition to the high-end AMD lineup, putting up an impressive performance versus the RTX 3090. It’s simple: If you’re playing at higher resolutions and want to use ray tracing, Nvidia still holds an advantage here. DLSS and the Nvidia encoders are also great technologies that serve people well.
If you’re after pure frame rate goodness—without as much ray tracing, the 6950 XT can be often a much better choice than the RTX 3090, especially in sub-4K resolutions. AMD offers great technologies such as FSR, Smart Access Memory to really up the performance too.
So, who wins? Unfortunately, the 6950 XT comes in too late in the release cycle to be relevant in the rapidly declining GPU market, making it an expensive option. The aging RTX 3090 is a similar story. Its high price was never a very good option for purely gaming—making better use for hybrid content creators/gamers instead. The RTX 3090 Ti is an even worse value proposition this late into the story, making it only relevant for a few high-end enthusiasts who don’t mind the price tag.
3090 Ti: The symbol for diminishing returns in an ever changing market. Beautiful, but flawed!
IDG
The verdict: This is a good ole’ fashioned standstill. We’d wait out the market a few months as both will experience even steeper declines in price with the introduction of the next generation. Otherwise, if you really must have one now, the decision will come down to ray tracing preference and resolution you’re playing at. Both GPUs will give you good, all-around performance for years to come—but neither are a great choice right now as the GPU market is rapidly changing this year.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
People commonly ask colleagues for feedback from time to time. But that can be fraught with challenges. After all, how are you to know if they’re genuinely being honest? This is why folks turn to Helpfull when they need honest and constructive reactions and reviews.
The Helpfull Feedback Platform provides creators and businesses easy access to unbiased and detailed criticism for logos, images, text, and more. Create your survey, upload the content you want to be reviewed, and choose your demographics. Within minutes you’ll get constructive feedback from users, so you’ll know what works and, more importantly, what doesn’t.
You might find Helpfull particularly valuable if you’re an app developer or work in QA. QA Specialist Karla Q writes, “Helpfull is a great service to use if you need feedback in real time. In a very interactive and fun way that makes you excited to view the results.”
With the Helpfull Premium Plan, you’ll get two free questions per test and 50 credits per month. Additionally, you can export results to PDF or Excel for further analysis, they offer support via phone or the web, and it’s also compatible with all operating systems. And since a one-year subscription is on sale for only $39, it’s easy to fit the cost within virtually any budget.
The war for talent between agencies and brands’ in-house agencies has cooled. Even so, for adland talent who’ve made the move in-house, some say they are looking to go back to agencies after feeling creatively stifled. It’s not the easiest strategy to execute.
In the latest edition of our Confessions series, in which we trade anonymity for candor, we hear from an in-house creative strategist about their experience, why they want to go agency-side now and how pay is keeping them from doing so.
This conversation has been lightly edited and condensed for clarity.
What’s the in-house experience like?
I’ve been in-house for about a year. It’s very one-sided. The difference between agency and in-house is that with agencies, there [are] a lot of opinions and ideas [outside of the brand message] that go into creative. With in-house, you have the brand’s message and all creative is reflective of the brand’s message. With in-house, regardless of trends in the market, it’s a lot of ‘we’re going to stick to this one way of doing things’ mentality. It’s a lot of opinions about what the creative should be based on what it has been before. It makes it hard to introduce something fresh. It makes it hard to hire or be a new hire. If you’re not actually going to adhere to advice from new hires, what’s the point in getting new people? Are you just bringing people on board for a second opinion? That’s what it feels like.
Sounds like you don’t have the creative control you desire.
It feels like more of a second opinion role than to get something to manage or control. [Where I am now] it feels like we’re leaning more into what [our strategy] used to be than thinking about what we could be. That’s a big issue with in-house. With agencies, like I said, there’s a lot more trial and error. With in-house, a lot more of this is what we’re doing, these are the funds we have and this is what has worked in the past. In reality, a lot of what worked in the past, when you put it back into the market, it’s not going to work anymore.
Why do you think it’s more challenging to get to a new creative strategy in-house?
With agencies, you have multiple perspectives. You’re working on multiple brands. You can see something working for another brand and talk to your client about it. You can pivot. You have the background and perspective to [pitch that pivot]. When you’re in-house, you only have the knowledge of your brand and what’s working for you.
Are you looking to go back to agencies?
Personally, I am looking to go from in-house to agency but I get paid a lot more being in-house than what I’ve been offered at agencies. I’ve been in interviews with agencies where they’re telling me that I’ll be learning [programs I already know how to use] so that’s why the pay is less than what it should be. There are agencies I’ve interviewed with who ask me to move to New York for less than what I make now and make that work. [With inflation,] there’s no reason why salaries aren’t also increasing.
So you’d like to make the jump creatively but it’s hard when the compensation isn’t up to what in-house offers?
It’s hard. I’ve been lowballed, too. They’ll post a salary for a position, go through the interviews and then offer less than what’s listed on the salary description. What was the point of putting the salary range there? I feel like people are putting salary ranges on job descriptions just to attract people with the experience that they are looking for but by the time they make the offer, it’s not what they said it would be. It’s offensive.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement
1 year
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Cookie
Duration
Description
d
3 months
This cookie tracks anonymous information on how visitors use the website.
YSC
session
This cookies is set by Youtube and is used to track the views of embedded videos.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Cookie
Duration
Description
__gads
1 year 24 days
This cookie is set by Google and stored under the name dounleclick.com. This cookie is used to track how many times users see a particular advert which helps in measuring the success of the campaign and calculate the revenue generated by the campaign. These cookies can only be read from the domain that it is set on so it will not track any data while browsing through another sites.
_ga
2 years
This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gcl_au
3 months
This cookie is used by Google Analytics to understand user interaction with the website.
_gid
1 day
This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Cookie
Duration
Description
ab
1 year
This domain of this cookie is owned by agkn. The cookie is used for targeting and advertising purposes.
CMID
1 year
The cookie is set by CasaleMedia. The cookie is used to collect information about the usage behavior for targeted advertising.
CMPRO
3 months
This cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMPS
3 months
This cookie is set by Casalemedia and is used for targeted advertisement purposes.
CMST
1 day
The cookie is set by CasaleMedia. The cookie is used to collect information about the usage behavior for targeted advertising.
IDE
1 year 24 days
Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
KADUSERCOOKIE
3 months
The cookie is set by pubmatic.com for identifying the visitors' website or device from which they visit PubMatic's partners' website.
KTPCACOOKIE
1 day
This cookie is set by pubmatic.com for the purpose of checking if third-party cookies are enabled on the user's website.
mc
1 year 1 month
This cookie is associated with Quantserve to track anonymously how a user interact with the website.
test_cookie
15 minutes
This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE
5 months 27 days
This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
Ethereum3 months ago
