DPIA Office 365 for the Web and Mobile Office Apps Data Protection

Total Page:16

File Type:pdf, Size:1020Kb

DPIA Office 365 for the Web and Mobile Office Apps Data Protection authe DPIA Office 365 for the Web and mobile Office apps Data protection impact assessment on the processing of diagnostic data Date 30 June 2020 DPIA Office for the Web and mobile Office apps SLM Microsoft Rijk 30 June 2020 Colophon DPIA by Ministry of Justice and Security Strategic Vendor Management Microsoft (SLM Microsoft Rijk) Turfmarkt 147 2511 DP The Hague PO Box 20301 2500 EH The Hague www.rijksoverheid.nl/jenv Contact Paul van den Berg E [email protected] T 070 370 79 11 Project name DPIA report diagnostic data processing in Microsoft Office 365 for the Web and mobile Office apps (report delivered March 2020, Update June 2020) Appendix Overview telemetry data observed in iOS and Office for the Web apps Authors Privacy Company Sjoera Nas and Floor Terra, senior advisors, with the help of work student Lotte aan de Stegge www.privacycompany.eu Page 3 of 138 DPIA Office for the Web and mobile Office apps SLM Microsoft Rijk 30 June 2020 CONTENTS Colophon 3 Summary 7 Introduction 17 Part A. Description of the data processing 24 1. The processing of diagnostic data 24 1.1 About Office for the Web, the mobile Office apps and the Connected Experiences 24 1.2 Difference between content, functional and diagnostic data 33 1.3 Different types of diagnostic data 34 2. Personal data and data subjects 35 2.1 Definitions of different types of personal data 36 2.2 Diagnostic data mobile Office apps 37 2.3 Outgoing traffic to third parties mobile Office apps 40 2.4 Results access request mobile Office apps 49 2.5 Diagnostic data Office for the Web 51 2.6 Outgoing traffic to third parties Office for the Web 52 2.7 Results access requests Office for the Web 55 2.8 Diagnostic data Connected Experiences 59 2.9 Analytical services based on the system-generated log files 60 2.10 Types of personal data and data subjects 62 3. Data processing 65 4. Purposes of the processing 71 4.1 Purposes Office for the Web, Processor Connected Experiences and the Connected Cloud Services 71 4.2 Purposes mobile Office apps and Controller Connected Experiences 72 5. (Joint) controller or processor 75 5.1 Definitions 75 5.2 Contractual arrangements between the Dutch government and Microsoft 75 5.3 Data processor 75 5.4 Data controller 76 5.5 Joint controllers 80 6. Interests in the data processing 81 6.1 Interests of the Dutch government organisations 81 6.2 Interests of Microsoft 82 6.3 Joint interests 84 7. Transfer of personal data outside of the EU 84 8. Techniques and methods of the data processing 88 8.1 Azure AD log files and usage data 88 8.2 Big Data Processing 89 9. Additional legal obligations: e-Privacy Directive 90 10. Retention periods 94 Part B. Lawfulness of the data processing 99 11. Legal Grounds 99 11.1 Diagnostic data Office for the Web, Connected Cloud Services and Processor Connected Experiences 99 11.2 Telemetry data and traffic to third parties from Office for the Web 101 11.3 Mobile Office apps and Controller Connected Experiences 102 Page 5 of 138 DPIA Office for the Web and mobile Office apps SLM Microsoft Rijk 30 June 2020 12. Special categories of data 103 12.1 Transfer of special, sensitive, secret and confidential data to the USA 104 13. Purpose limitation 105 14. Necessity and proportionality 107 14.1 The principle of proportionality 107 14.2 Assessment of the proportionality 107 14.3 Assessment of the subsidiarity 109 15. Data Subject Rights 111 Part C. Discussion and Assessment of the Risks 114 16. Risks 114 16.1 Identification of Risks 114 16.2 Assessment of Risks 117 16.3 Summary of risks 126 Part D. Description of risk mitigating measures 128 17. Risk mitigating measures 128 17.1 Measures against the six high risks 128 17.2 Measures against the three low risks 131 17.3 Agreed mitigating measures Microsoft 132 Conclusions 138 Page 6 of 138 DPIA Office for the Web and mobile Office apps SLM Microsoft Rijk 30 June 2020 Summary The Microsoft Office 365 Enterprise license includes the use of three different versions of the Office software. Office can be installed on the computers and laptops of employees (Office 365 ProPlus), installed on smartphones and tablets (mobile Office apps for iOS and Android) and as online applications running in a browser (Office for the Web, previously known as Office Online). This Data Protection Impact Assessment (DPIA) is a repeated assessment of the use of the last two versions of the software: Office for the Web and the mobile Office apps. The Dutch government’s department managing strategic vendor relations with Microsoft (SLM Microsoft Rijk) has published the earlier DPIA on 23 July 2019. This DPIA contains outcomes with respect to diagnostic data processing in Office for the Web and the mobile Office apps as at 31 March 2020. Since then, SLM Microsoft Rijk and Microsoft agreed upon measures to mitigate the six high data protection risks set out in the table below, as further described in the paragraph ‘Mitigating measures Microsoft’ of this summary and in Section 17.3 of this report. Once these measures have been implemented by Microsoft, and provided that government administrators apply the recommended measures in this DPIA, the high data protection risks for data subjects related to the collection of data about the use of Office for the Web and the mobile Office apps identified in this DPIA will be mitigated. Outcome: six high data protection risks The outcome of this DPIA is that there are six high data protection risks and three low data protection risks in spite of the contractual, legal and organisational measures that Microsoft has taken in the spring of 2019, and since the fall of 2019 to mitigate the data protection risks. These high risks are due to the following seven circumstances: 1. When using Office for the Web, Microsoft sends personal data to two American companies that are not processors: Optimizely and Giphy. From mobile Office apps, Microsoft sends traffic to six companies, of which four are not processors. 2. Microsoft behaves as independent data controller for the processing of telemetry data about the use of the mobile Office apps and the processing of personal data in connection with the Controller Connected Experiences in the mobile Office apps and Office for the Web. Microsoft may process personal data from and about the use of the use of these services for all 17 purposes mentioned in its general privacy statement. 3. Some telemetry events from Office for the Web contain content data, such as file-, pad- and usernames. It is not clear whether Microsoft is processor for these telemetry events. 4. Administrators are not able to minimise the telemetry level in the Office for the Web services. The new central telemetry choice for the mobile Office apps has not yet been created for the Teams, Outlook and OneDrive mobile Office apps on iOS and Android. 5. The possibility to centrally turn off the Controller Connected Experiences in Office for the Web and the mobile Office apps does not yet work in the OneDrive, Outlook and Teams apps on iOS and Android and not in the Teams and OneDrive browser versions of Office for the Web. 6. Microsoft does not publish information about the telemetry that it collects via Office for the Web and the mobile Office apps. Microsoft has now made the Data Viewer Tool suitable for decoding events from three mobile Office apps Page 7 of 138 DPIA Office for the Web and mobile Office apps SLM Microsoft Rijk 30 June 2020 on iOS and Android, namely Word, PowerPoint and Excel, but not for the Outlook, Teams and OneDrive apps. 7. Microsoft, when acting as controller, has not given access to the personal data that it processes via the mobile Office apps, the Controller Connected Experiences and the telemetry of Office for the Web. The high risks and the possible countermeasures of Microsoft and of government organisations are listed below in a table. Umbrella DPIA versus individual DPIAs This DPIA was conducted by SLM Microsoft Rijk, the central negotiator for Microsoft products and services for Dutch central government organisations. However, the individual government organisations buy the licenses and determine the settings and scope of the processing by Microsoft. Therefore, this general DPIA can help the different government organisations with the DPIAs they must conduct, but this document does not replace the specific risk assessments the different government organisations must make. Only the organisations themselves can assess the specific data protection risks, based on their specific deployment, the level of confidentiality of their work and the types of personal data they process. Scope: diagnostic data, not content or functional data This report addresses the data protection risks of the storing by Microsoft of data about the use of the five most commonly used applications (Word, PowerPoint, Outlook, Excel and Teams) in Office for the Web and the mobile Office apps, in combination with the use of Connected Experiences and the cloud services SharePoint, OneDrive for Business, Exchange Online and the Azure Active Directory. These metadata (about the use of the services and software) are called ‘diagnostic data’ in this report. Technically, Microsoft Corporation collects diagnostic data in different ways, via system-generated event logs on its own cloud servers and via the telemetry client in the mobile Office apps and -since recently- also via Office for the Web. Similar to the telemetry client in Windows 10 and Office 365 ProPlus, Microsoft has programmed the mobile Office apps and Office for the Web to systematically collect telemetry data on the device, and regularly send these to Microsoft’s servers in the USA.
Recommended publications
  • Dipartimento Di Impresa E Management Cattedra Di Strategia
    Dipartimento di Impresa e Management Cattedra di Strategia di Impresa CORPORATE VENTURE CAPITAL ED OPEN INNOVATION: MOTORI PER LA CRESCITA INNOVATIVA AZIENDALE RELATORE Prof. Paolo Boccardelli CANDIDATO Carlo Maria Torregrossa Matricola 681361 CORRELATORE Prof. Luca Pirolo ANNO ACCADEMICO 2017/2018 INDICE INTRODUZIONE ............................................................................................................................. 3 CAPITOLO 1 – CORPORATE VENTURE CAPITAL ................................................................ 4 1.1 - Definizione, numeri e classificazione ...................................................................................... 4 1.2 - Principali tipologie di investimento ......................................................................................... 9 1.3 - Modelli e fasi di corporate venture capital ............................................................................ 11 1.4 - Il concetto di open innovation ............................................................................................... 14 CAPITOLO 2 – L’INVESTIMENTO IN INNOVAZIONE ........................................................ 23 2.1 - Start-up e corporate venturing ............................................................................................... 23 2.2 - Il fenomeno delle start-up nel mondo e in Italia .................................................................... 25 2.3 - Valutazione d’azienda: come valutare grandi imprese e start-up .........................................
    [Show full text]
  • Deploying Microsoft Windows Server Update Services
    Deploying Microsoft Windows Server Update Services Microsoft Corporation Published: June 3, 2005 Author: Tim Elhajj Editor: Sean Bentley Abstract This paper describes how to deploy Microsoft® Windows Server™ Update Services (WSUS). You will find a comprehensive description of how WSUS functions, as well as descriptions of WSUS scalability and bandwidth management features. This paper also offers step-by-step procedures for installation and configuration of the WSUS server. You will read how to update and configure Automatic Updates on client workstations and servers that will be updated by WSUS. Also included are steps for migrating from Microsoft Software Update Services (SUS) to WSUS, as well as steps for setting up a WSUS server on an isolated segment of your network and manually importing updates. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
    [Show full text]
  • Microsoft DNS
    1 a. Domain Name Service (DNS) encompassing Microsoft DNS From Wikipedia, the free encyclopedia Jump to: navigation, search Microsoft DNS is the name given to the implementation of domain name system services provided in Microsoft Windows operating systems. Contents [hide] 1 Overview 2 DNS lookup client o 2.1 The effects of running the DNS Client service o 2.2 Differences from other systems 3 Dynamic DNS Update client 4 DNS server o 4.1 Common issues 5 See also 6 References 7 External links [edit] Overview The Domain Name System support in Microsoft Windows NT, and thus its derivatives Windows 2000, Windows XP, and Windows Server 2003, comprises two clients and a server. Every Microsoft Windows machine has a DNS lookup client, to perform ordinary DNS lookups. Some machines have a Dynamic DNS client, to perform Dynamic DNS Update transactions, registering the machines' names and IP addresses. Some machines run a DNS server, to publish DNS data, to service DNS lookup requests from DNS lookup clients, and to service DNS update requests from DNS update clients. The server software is only supplied with the server versions of Windows. [edit] DNS lookup client Applications perform DNS lookups with the aid of a DLL. They call library functions in the DLL, which in turn handle all communications with DNS servers (over UDP or TCP) and return the final results of the lookup back to the applications. 2 Microsoft's DNS client also has optional support for local caching, in the form of a DNS Client service (also known as DNSCACHE). Before they attempt to directly communicate with DNS servers, the library routines first attempt to make a local IPC connection to the DNS Client service on the machine.
    [Show full text]
  • Umail Account Migration to Exchange Online Starts on June 1
    UMail account migration to Exchange Online starts on June 1 You're receiving this email because you're subscribed to UIT's public email list. Starting Tuesday, June 1, 2021, University Information Technology (UIT) will begin to gradually migrate all University of Utah and University of Utah Health faculty and staff UMail accounts from Microsoft Exchange Server (hosted on campus) to Microsoft Exchange Online (hosted online by Microsoft infrastructure). The upgrade is part of the effort to modernize the U’s communication technology and better meet the needs of those working, learning, and teaching remotely. Faculty and staff will receive a targeted email 24 to 48 hours prior to initiation of their account migration. The total time for your migration depends on the size of the mailbox(es) to be moved and amount of data to be transferred to Microsoft servers. Extremely large mailboxes can take a number of days to transfer. If you’re unable to access your UMail account through your desktop/mobile client or web browser after the migration, please refer to this IT Knowledge Base article for instructions. Please note that UMail is always accessible via Outlook Web Access (OWA) using a web browser. After your account is moved to Exchange Online, you may receive a notification that says “The Microsoft Exchange Administrator has made a change that requires you to quit and restart Outlook.” Please follow the directions. The migration includes an updated interface for OWA, which will redirect from https://www.umail.utah.edu/ to https://outlook.office.com/. The interfaces of the Outlook desktop and mobile clients will remain the same for most users, although some macOS users may automatically update to the latest version of Outlook for Mac.
    [Show full text]
  • Windows 10: Considered Harmful
    Windows 10: Considered Harmful 26 August, 2016 Last Updated: 25 September 2016 Previously I made a series of articles against Windows 10, consisting of basic explanation, open letters, and even a long-winded chance.org petition. However, I have come to realize that these various things could be better as one page rather than fragments across my website. On this page I hope to explain why the Windows 10 system is evil and also include why Windows as a whole is Considered Harmful . Sources to unreferenced items in this article can be found in the various resource links on the bottom of the page. Information can also be found in the photographs shown and with a simple web search. The primary reason against the Windows 10 system is an obvious one. The system is designed to be a system that data-mines the user. This is proven time and time again. Using a tool such as wireshark, one can clearly see that it makes encrypted connections to a variety of Microsoft servers. This uses a very weak RSA encryption that can be broken in under a minute. When a user successfully decrypted the encrypted data, he simply converted the decrypted ``.bin'' extension to ``.png'' and opened them. The image files were screen- shots of him installing the RSA decryptor tool. This was in a VM and was a fresh install. In addition to this, another user in Australia also monitored the odd connection but did not decrypt it. He noticed this when he opened a photograph in the Windows Photo App.
    [Show full text]
  • Microsoft Skype for Business
    Spectralink 84-Series Wireless Telephone Microsoft Skype for Business Interoperability Guide (Formerly Lync Server 2013) 1725-86997-000 Rev: J September 2017 Spectralink 84-Series Wireless Telephones: Microsoft Skype for Business Interoperability Guide Copyright Notice © 2013-2017 Spectralink Corporation All rights reserved. SpectralinkTM, the Spectralink logo and the names and marks associated with Spectralink’s products are trademarks and/or service marks of Spectralink Corporation and are common law marks in the United States and various other countries. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient’s personal use, without the express written permission of Spectralink. All rights reserved under the International and pan-American Copyright Conventions. No part of this manual, or the software described herein, may be reproduced or transmitted in any form or by any means, or translated into another language or format, in whole or in part, without the express written permission of Spectralink Corporation. Do not remove (or allow any third party to remove) any product identification, copyright or other notices. Notice Spectralink Corporation has prepared this document for use by Spectralink personnel and customers. The drawings and specifications contained herein are the property of Spectralink and shall be neither reproduced in whole or in part without the prior written approval of Spectralink, nor be implied to grant any license to make, use, or sell equipment manufactured in accordance herewith. Spectralink reserves the right to make changes in specifications and other information contained in this document without prior notice, and the reader should in all cases consult Spectralink to determine whether any such changes have been made.
    [Show full text]
  • How to Install SSL Certificates on Microsoft Servers
    How to Install SSL Certificates on Microsoft Servers Dan Sullivan How to Install SSL Certificates on Microsoft Servers Dan Sullivan Chapter 4: Installing SSL Certificates in Exchange Server, SharePoint, and SQL Server ........ 57 Common Operations ....................................................................................................................................... 57 Step 1: Prepare the Microsoft Management Console ................................................................... 57 Step 2: Acquiring an SSL Certificate .................................................................................................... 59 Certificates from Trusted Third‐Party Providers ..................................................................... 59 Generating a Self‐Signed Certificate ............................................................................................... 60 Installing SSL Certificates in Microsoft Exchange Server ................................................................ 63 The Need for SSL in Exchange Server ................................................................................................. 63 Is an Extended Validation SSL Certificate Right for You? ........................................................... 63 Acquiring and Installing an SSL Certificate in Microsoft Exchange Server ........................ 63 Acquiring an SSL Certificate in Microsoft Exchange 2010 .................................................... 64 Installing an SSL Certificate in Microsoft Exchange 2010 ....................................................
    [Show full text]
  • Windows Server Update Services 3.0 SP2 Deployment Guide
    Windows Server Update Services 3.0 SP2 Deployment Guide Microsoft Corporation Author: Anita Taylor Editor: Theresa Haynie Abstract This guide describes how to deploy Windows Server Update Services 3.0 SP2 (WSUS 3.0 SP2). You will find a comprehensive description of how WSUS functions, as well as descriptions of WSUS scalability and bandwidth management features. This guide also offers procedures for installation and configuration of the WSUS server and how to configure client workstations and servers that will be updated by WSUS. Also included are steps for setting up a WSUS server on an isolated segment of your network and manually importing updates. Copyright Notice Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
    [Show full text]
  • 8.4 Windows 8 Sync 30
    By Christian Cawley http://www.cmcawley.co.uk/ Edited by Justin Pot share: This manual is the intellectual property of MakeUseOf. It must only be published in its original form. Using parts or republishing altered parts of this guide is prohibited without permission from MakeUseOf.com Think you’ve got what it takes to write a manual for MakeUseOf.com? We’re always willing to hear a pitch! Send your ideas to [email protected]; you might earn up to $400. YOUR GUIDE TO WINDOWS 8 Table Of Contents 1. What You Need to Know About Windows 8 6 1.3 Windows 8 Devices 7 1.4 Metro vs. Desktop 7 1.5 The Touchscreen Controversy 8 2. The Windows 8 User Interface 9 2.1 Understanding Metro 9 2.2 Navigating 9 2.3 Tiles and Live Tiles 10 2.4 What If I Don’t Like Metro? 10 3. Mouse, Keyboard or Fingers? 11 3.1 Navigation with the Keyboard 11 3.2 Using a Mouse 12 3.3 The Original Pointing Device 12 3.3.1 Open the Charm Bar: Swipe from the right 13 3.3.2 Switch Apps: Swipe from the left 13 3.3.3 Snap Apps: Swipe slowly from the left 13 3.3.4 Show Running Apps: Swipe from left-and-back 13 3.3.5 Close Apps: Pull down from the top 13 3.3.6 Display Additional Menus: Swipe down 13 3.3.7 Select: Swipe down on the tile 13 3.3.8 Zoom: Pinch 13 3.3.9 Move Back and Forth Through Web Pages: Swipe left/right in Internet Explorer 13 3.4 Bringing It All Together 14 4.
    [Show full text]
  • Automated Malware Analysis Report For
    ID: 446205 Sample Name: Open_Purchase_Order_Report_by_Supplier_- _ProReport_188165628308.xlsx Cookbook: default.jbs Time: 00:16:48 Date: 09/07/2021 Version: 32.0.0 Black Diamond Table of Contents Table of Contents 2 Windows Analysis Report Open_Purchase_Order_Report_by_Supplier_- _ProReport_188165628308.xlsx 3 Overview 3 General Information 3 Detection 3 Signatures 3 Classification 3 Process Tree 3 Malware Configuration 3 Yara Overview 3 Sigma Overview 3 Jbx Signature Overview 3 Mitre Att&ck Matrix 4 Behavior Graph 4 Screenshots 4 Thumbnails 4 Antivirus, Machine Learning and Genetic Malware Detection 5 Initial Sample 5 Dropped Files 5 Unpacked PE Files 5 Domains 5 URLs 5 Domains and IPs 7 Contacted Domains 7 URLs from Memory and Binaries 7 Contacted IPs 7 General Information 7 Simulations 8 Behavior and APIs 8 Joe Sandbox View / Context 8 IPs 8 Domains 8 ASN 8 JA3 Fingerprints 8 Dropped Files 8 Created / dropped Files 8 Static File Info 9 General 9 File Icon 10 Network Behavior 10 Network Port Distribution 10 UDP Packets 10 Code Manipulations 10 Statistics 10 System Behavior 10 Analysis Process: EXCEL.EXE PID: 6512 Parent PID: 800 10 General 10 File Activities 11 File Written 11 Registry Activities 11 Key Created 11 Key Value Created 11 Disassembly 11 Copyright Joe Security LLC 2021 Page 2 of 11 Windows Analysis Report Open_Purchase_Order_Repo…rt_by_Supplier_-_ProReport_188165628308.xlsx Overview General Information Detection Signatures Classification Sample Open_Purchase_Order_Re No high impact signatures. Name: port_by_Supplier_- _ProReport_188165628308
    [Show full text]
  • Introduction to Microsoft Products and Product Licensing Licensing
    Volume Introduction to Microsoft Products and Product Licensing Licensing INTRODUCTION: A CLIENT SERVER NETWORK In a business environment, you would expect to find a "Client Server Network" where the users' computers (the clients) are connected to a server (or servers) in order to allow for file sharing, sharing of resources (such as printers), email, and centralized management and security. The client machines need a client operating system (such as Microsoft® Windows 10), and then any required client applications (such as Microsoft® Outlook®). Similarly, each server needs a server operating system (Windows Server®) and then any required server applications (such as Microsoft® SQL Server®). This reference card is not a complete list of all the Microsoft technologies, but just the more common ones, and unless otherwise stated, you can assume that each license is a separate purchase. More detailed licensing information is available in other reference documents in this series. CLIENT OPERATING SYSTEMS CLIENT APPLICATIONS Windows 10 is the latest version of Microsoft's client operating The most common client applications used in a business (such as Microsoft® system, replacing Windows 8.1 and Windows 7. Word and Outlook) are most likely to be licensed as a Microsoft Office suite There are several editions of Windows 10. Businesses would normally rather than as individual applications. Several different Microsoft Office 2016 use either Windows 10 Pro or Windows 10 Enterprise. suites are available (containing different individual Office applications) but Windows 10 is licensed by device. This means that a license must be Office 2016 Professional Plus and Office 2016 Standard are the editions most likely to be found in a business environment since they are the only suites acquired for each device on or from which the software is used or accessed (locally or remotely over a network).
    [Show full text]
  • Agrofuels in the Americas.Pdf
    Agrofuels in the Americas. Edited by Richard Jonasse, PhD. Copyright © 2009 Institute for Food and Development Policy. All rights reserved. Food First Books 398 60th Street Oakland, CA 94618 510-654-4400 www.foodfirst.org Cover and text design by Richard Jonasse Production: Richard Jonasse Acknowledgements: This project began a little over a year ago with five of the authors sitting around a table at Food First in Oakland, CA. They included Annie Shattuck, Isabella Kenfield, Jessica Aguirre, Gretchen Gordon, Ellen Tarby, and myself. Beyond the wonderful work of the authors herein, we would like to thank Eric Holt-Giménez for providing his insights and many key paragraphs to most of the pieces herein. Annie Shattuck, had a hand in every article. Marilyn Borchardt provided tremendous support, humor, feedback, and commentary. Martha and Rowena shared their kindness and mung beans. There have been a number of people here who have stepped in to help with research, fact checking, translation, proofreading, citation hunting, fact-finding, and general commentary. These include: Annie, Marilyn, Martha, Jessica Aguirre, Jody Zaitlin, Karla Pena, Tamara Wattnem, Leonora Hurtado, Loren Peabody, Zack Zimbalist, Matt Dintenfass, Angie Rodriguez, Maria Barrera, Ellen Tyler, Amanda El-Khoury, Mihir Mankad, Jasmine Tilley, William Wroblewski, and Matt King. About the Author: Richard Jonasse is currently a Research Fellow at Food First in Oakland, CA. His research interests lie in development issues, including International Finance Institutions, food sovereignty, labor/human rights, and environmental sustainability. He has a Masters Degree in Telecommunication and Film from University of Oregon, and a Ph.D. in Communication (emphasis in technology studies) from U.
    [Show full text]