The German government has begun work on a Windows 10-based workstation for federal employees.
According to Heise Online, the German government decided in May 2015 to develop the Bundesclient, or federal client. The development began last month and the target rollout date for the standardized workstation is in 2019.
A spokesman for the federal interior ministry (BMI) confirmed to ZDNet that the "initial" operating system for this federal client will be Windows 10.
He said the development is being coordinated by Germany's BSI information security agency and the federal commissioner for data protection and freedom of information, BfDI. However, details are deliberately sketchy.
"There is already a concept for the Bundesclient," the spokesman said. "A security infrastructure has been designed to counter potential risks. [However,] the details of this security infrastructure cannot be discussed, as the knowledge of the concrete measures would help unauthorized people attack the security mechanisms of the Bundesclient."
The Bundestag, Germany's federal parliament, famously came under cyberattack in 2015, forcing it to go offline for three days. German intelligence later blamed Russia for the attack, which appeared to have been an attempt to install spyware on federal systems.
The BMI is not just remaining silent on the security details of the Bundesclient, it also won't talk about the cost of the project, arguing that this would affect the tenders that are underway to help build it. Several companies will be involved, it said.
Heise reported that the interior ministry has agreed with Microsoft that it will get downgrade rights, allowing it to continue using older versions of Windows 10 even if the software giant pushes out updates.
The client is being designed for multiple device types, including mobile, the ministry spokesman said, adding that it would be usable for data classified up to 'VS, Nur für den Dienstgebrauch'. This is the equivalent of the 'restricted' or 'official' classification used by other governments.
There have been longstanding concerns over data transmission by Windows 10 back to Microsoft's servers.
A couple of months ago, the Dutch data-protection authority said Microsoft was breaking privacy law by not making clear to users how it was scooping up and transmitting their personal data. This data is generally telemetry information that Microsoft uses to identify and fix flaws in its software, but the practice may be of concern to some government users.
The Bavarian data protection authority reported in September that Windows 10 could comply with the privacy obligations of data controllers in the private sector, but only "special versions" would be appropriate.
In Windows 10 Enterprise, the authority found, there are enough group policy settings to stop most data traffic, but it was not possible to deactivate certain telemetry and security functions.
According to the BMI's spokesman, the German government is not developing a special version of Windows with Microsoft. "The IT security and data-protection requirements are supported through the federally conceived security infrastructure," he said.
Microsoft had not responded to a request for comment at the time of writing.