Saying the US federal government isn't doing enough to ensure consumer privacy, the Electronic Privacy Information Center (EPIC) has sent an open letter to the attorneys general in all 50 US states to stop what it claims are Microsoft's unfair and deceptive business practices surrounding the company's Passport service.
In the letter to the attorneys general, the consumer privacy group said it chose to go to the states because of its frustration with the lack of action by the Federal Trade Commission (see story). "We have repeatedly urged the Federal Trade Commission to investigate this matter in two separate filings, but the commission has failed to act," said the letter, which was signed by Marc Rotenberg, EPIC's executive director, Chris Hoofnagle, legislative counsel and Nathan Mitchler, law clerk.
In a telephone interview Tuesday morning, Hoofnagle said the first time the FTC pursued a company for negligent privacy violations was this month. In contrast, the states have a long history of investigating and prosecuting privacy violations, he said.
Among EPIC's objection to Passport are:
-- It can be used to profile user's browsing and shopping behaviors.
-- Microsoft has said it wants all Internet users to hold a Passport account.
-- Passport's security flaws could expose subscribers' personal information, including credit card numbers.
-- By tying Passport to other services, such as Hotmail and online customer support, Microsoft has already acquired more than 200 million Passport accounts.
Attempts to reach Microsoft this morning were unsuccessful, but in the past the company has denied claims by EPIC and other groups that Passport engages in deceptive business practices and unfairly gathers personal information. In addition, Microsoft has charged that these groups, and specifically EPIC, are playing to the news media rather than working with the company to resolve problems.
However, Hoofnagle said Microsoft has begun to push Passport on a variety of different fronts to gain subscribers. For instance, he said, some functions of Microsoft Money applications, its personal finance software, are only available now to Passport subscribers. An increasing number of Web sites that have partnerships with Microsoft have also begun to require Passport registration, thus removing consumer choice, he said.
Hoofnagle also said that because it has been shown that Passport has some security flaws, Microsoft's claim that all information is private and secure is a deceptive business practice and the company should stop making such claims.
While EPIC doesn't expect an immediate response to its letter to the state attorneys general, Hoofnagle said it was the best strategy the group could pursue. The states have much tougher privacy legislation, he said, pointing to a California law that bans unconstitutional seizures of private information by both governments and businesses as an example.
He also said that the state officials may be more willing to act because being seen as a protector of consumer rights is always a benefit at election time, and most of the states attorneys general are elected.