Microsoft puts more privacy in Passport

Microsoft Corp. last week offered another small concession to critics of its upcoming products, this time altering plans for its Passport authentication service.

The technical changes come as pressure mounts in the nation's capitol to bring a speedy conclusion to Microsoft's ongoing legal battle with the U.S. government. Members of the U.S. House of Representatives urged a quick settlement Thursday in a letter to Microsoft and the plaintiffs in the case, while Friday the Department of Justice (DOJ) and 18 states filed papers with an Appeals Court to deny Microsoft's request to delay the case as it awaits review by the Supreme Court.

Microsoft said it will make some changes to the information users are required to provide it when signing up for its Passport service, which is designed to let users visit multiple sites on the Web without having to enter their personal information each time. Passport is a key element of Microsoft Internet strategy known as .Net.

Passport is used by many of Microsoft's Web properties, such as its free e-mail service, Hotmail, as well as by a growing list of partners including Inc. and Inc. The authentication service stores as many as 13 items of basic user information -- ranging from ZIP codes to a street address -- and also includes an "electronic wallet" component that stores information for making online purchases, such as a billing address and credit card number.

Criticism of Passport has mounted from some privacy advocacy groups, who last month filed a complaint with the Federal Trade Commission (FTC) over concerns about how the service collects data from users and how that personal information might be used in future. Hoping to ease some of that opposition, Microsoft said it will now require a user to enter only an e-mail address and password to open a new Passport account"We're saying partners will have the flexibility to decide what they ask (users) for," said Adam Sohn, a product manager in Microsoft's .Net platform group. That could range from the required e-mail and password, to more than 13 pieces of personal data. Previously, Microsoft required all Passport users to submit more thorough information about themselves.

"It's possible for folks to ask customers to give them more data, but we will make it very clear what information goes to Passport and what goes to the partners," said Sohn. He also stressed that despite noise from some critics, Microsoft makes no secondary use of the data. "We don't share it, we don't rent it, we don't publish it, we don't mine it and we don't market to it," he said.

The changes Microsoft is set to make will also affect one of Passport's add-on services, called "Passport Wallet," which automatically inserts the information required from a user to buy goods online, such as a credit card number. The wallet technology now in Passport will be broken out into a different service the company will provide in its set of 12 planned Hailstorm Web services, called My Wallet, Sohn confirmed.

The gestures to ease privacy concerns in Passport haven't changed the minds of some of Microsoft's harshest critics. Measures to reduce the information Passport collects about its subscribers don't go far enough, according to Jason Catlett, president of Junkbusters Inc., a privacy advocacy group involved with last month's FTC filing. Microsoft is still requiring users to provide an e-mail address, which will allow Microsoft to gain personally identifiable information, he argued.

While Microsoft won't be able to collect as much information about a users' behavior on the Web, it will still be able to track users' activity and combine that with personal information they collect by other methods, Catlett said. "They can still see which sites you are authenticating at, and, if they own the site, then they are getting your personal information through those records," he said.

Microsoft also said this week that Passport will support an emerging industry standard for enhancing privacy on the Internet called P3P (Platform for Privacy Preferences). The technology allows users to better manage what information Web sites can collect about them. P3P identifies Web sites that use "cookies," or pieces of code that Web sites can attach to a user's browser and use to track his or her movements on the Web.

Currently under consideration by the World Wide Web Consortium (W3C), a standards body, Microsoft is now advocating P3P for use in all of its Internet services and Web properties, Sohn said. The company is set to launch its latest Internet Explorer Web browser Oct. 25, which will include support for P3P. Partner Web sites that want to use Passport will also be required to support P3P, Microsoft said this week. Any site using P3P must attach an XML (Extensible Markup Language) document to their cookies that describes the site's privacy policy. Users are expected to be able to set controls for what level of privacy they will accept from a Web site, and block those Web sites that don't meet a users' privacy requirements.

"(The addition of P3P) is completely non-responsive to the specific allegations of illegal behavior that we charged Microsoft with," Catlett said. "They are replying with an answer, but the answer has nothing to do with the concerns."

Competitors ranging from AOL Time Warner Inc. to open source developer groups are working on other systems for single sign-on authentication. Many Internet companies are banking on the widespread adoption of such authentication services to make it easier to do business on the Web. But like earlier electronic business innovations, Junkbusters' Catlett isn't convinced it will live up to industry hype.

"I'm not sure it's (Passport) going to fly, but in case it does we have to try to protect the privacy of the people who use it," Catlett said. "It could end up being the largest surveillance mechanism in history."

Separately Thursday, 122 members of the U.S. House of Representatives backed a letter delivered to Microsoft and anti-trust regulators urging all of the parties involved to bring the pending antitrust case to a quick close. It was drafted by two members of Congress from Microsoft's home state of Washington -- Jennifer Dunn, a Republican, and Democrat Jay Inslee, representatives for the Seattle area. In the letter, House members urged the Department of Justice and the 18 states who are plaintiffs in the case to bring the case to a just conclusion.

"The best thing for consumers and our economy is a quick settlement of this costly litigation," Dunn wrote in a statement Thursday. "At a time when the economy is struggling, our government should not be putting a chill on the innovative forces that drive the new economy,"The House is showing bipartisan support for a settlement in the case. The letter said House members lauded ongoing negotiations between top Microsoft officials and the government, and encouraged "these discussions with the hope that a settlement can be reached at the earliest possible date and on reasonable terms."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Berger

Show Comments


Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >


Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >


Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >


Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?