Microsoft puts more privacy in Passport

Microsoft Corp. last week offered another small concession to critics of its upcoming products, this time altering plans for its Passport authentication service.

The technical changes come as pressure mounts in the nation's capitol to bring a speedy conclusion to Microsoft's ongoing legal battle with the U.S. government. Members of the U.S. House of Representatives urged a quick settlement Thursday in a letter to Microsoft and the plaintiffs in the case, while Friday the Department of Justice (DOJ) and 18 states filed papers with an Appeals Court to deny Microsoft's request to delay the case as it awaits review by the Supreme Court.

Microsoft said it will make some changes to the information users are required to provide it when signing up for its Passport service, which is designed to let users visit multiple sites on the Web without having to enter their personal information each time. Passport is a key element of Microsoft Internet strategy known as .Net.

Passport is used by many of Microsoft's Web properties, such as its free e-mail service, Hotmail, as well as by a growing list of partners including Inc. and Inc. The authentication service stores as many as 13 items of basic user information -- ranging from ZIP codes to a street address -- and also includes an "electronic wallet" component that stores information for making online purchases, such as a billing address and credit card number.

Criticism of Passport has mounted from some privacy advocacy groups, who last month filed a complaint with the Federal Trade Commission (FTC) over concerns about how the service collects data from users and how that personal information might be used in future. Hoping to ease some of that opposition, Microsoft said it will now require a user to enter only an e-mail address and password to open a new Passport account"We're saying partners will have the flexibility to decide what they ask (users) for," said Adam Sohn, a product manager in Microsoft's .Net platform group. That could range from the required e-mail and password, to more than 13 pieces of personal data. Previously, Microsoft required all Passport users to submit more thorough information about themselves.

"It's possible for folks to ask customers to give them more data, but we will make it very clear what information goes to Passport and what goes to the partners," said Sohn. He also stressed that despite noise from some critics, Microsoft makes no secondary use of the data. "We don't share it, we don't rent it, we don't publish it, we don't mine it and we don't market to it," he said.

The changes Microsoft is set to make will also affect one of Passport's add-on services, called "Passport Wallet," which automatically inserts the information required from a user to buy goods online, such as a credit card number. The wallet technology now in Passport will be broken out into a different service the company will provide in its set of 12 planned Hailstorm Web services, called My Wallet, Sohn confirmed.

The gestures to ease privacy concerns in Passport haven't changed the minds of some of Microsoft's harshest critics. Measures to reduce the information Passport collects about its subscribers don't go far enough, according to Jason Catlett, president of Junkbusters Inc., a privacy advocacy group involved with last month's FTC filing. Microsoft is still requiring users to provide an e-mail address, which will allow Microsoft to gain personally identifiable information, he argued.

While Microsoft won't be able to collect as much information about a users' behavior on the Web, it will still be able to track users' activity and combine that with personal information they collect by other methods, Catlett said. "They can still see which sites you are authenticating at, and, if they own the site, then they are getting your personal information through those records," he said.

Microsoft also said this week that Passport will support an emerging industry standard for enhancing privacy on the Internet called P3P (Platform for Privacy Preferences). The technology allows users to better manage what information Web sites can collect about them. P3P identifies Web sites that use "cookies," or pieces of code that Web sites can attach to a user's browser and use to track his or her movements on the Web.

Currently under consideration by the World Wide Web Consortium (W3C), a standards body, Microsoft is now advocating P3P for use in all of its Internet services and Web properties, Sohn said. The company is set to launch its latest Internet Explorer Web browser Oct. 25, which will include support for P3P. Partner Web sites that want to use Passport will also be required to support P3P, Microsoft said this week. Any site using P3P must attach an XML (Extensible Markup Language) document to their cookies that describes the site's privacy policy. Users are expected to be able to set controls for what level of privacy they will accept from a Web site, and block those Web sites that don't meet a users' privacy requirements.

"(The addition of P3P) is completely non-responsive to the specific allegations of illegal behavior that we charged Microsoft with," Catlett said. "They are replying with an answer, but the answer has nothing to do with the concerns."

Competitors ranging from AOL Time Warner Inc. to open source developer groups are working on other systems for single sign-on authentication. Many Internet companies are banking on the widespread adoption of such authentication services to make it easier to do business on the Web. But like earlier electronic business innovations, Junkbusters' Catlett isn't convinced it will live up to industry hype.

"I'm not sure it's (Passport) going to fly, but in case it does we have to try to protect the privacy of the people who use it," Catlett said. "It could end up being the largest surveillance mechanism in history."

Separately Thursday, 122 members of the U.S. House of Representatives backed a letter delivered to Microsoft and anti-trust regulators urging all of the parties involved to bring the pending antitrust case to a quick close. It was drafted by two members of Congress from Microsoft's home state of Washington -- Jennifer Dunn, a Republican, and Democrat Jay Inslee, representatives for the Seattle area. In the letter, House members urged the Department of Justice and the 18 states who are plaintiffs in the case to bring the case to a just conclusion.

"The best thing for consumers and our economy is a quick settlement of this costly litigation," Dunn wrote in a statement Thursday. "At a time when the economy is struggling, our government should not be putting a chill on the innovative forces that drive the new economy,"The House is showing bipartisan support for a settlement in the case. The letter said House members lauded ongoing negotiations between top Microsoft officials and the government, and encouraged "these discussions with the hope that a settlement can be reached at the earliest possible date and on reasonable terms."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Berger

Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?