Microsoft puts more privacy in Passport

Microsoft Corp. last week offered another small concession to critics of its upcoming products, this time altering plans for its Passport authentication service.

The technical changes come as pressure mounts in the nation's capitol to bring a speedy conclusion to Microsoft's ongoing legal battle with the U.S. government. Members of the U.S. House of Representatives urged a quick settlement Thursday in a letter to Microsoft and the plaintiffs in the case, while Friday the Department of Justice (DOJ) and 18 states filed papers with an Appeals Court to deny Microsoft's request to delay the case as it awaits review by the Supreme Court.

Microsoft said it will make some changes to the information users are required to provide it when signing up for its Passport service, which is designed to let users visit multiple sites on the Web without having to enter their personal information each time. Passport is a key element of Microsoft Internet strategy known as .Net.

Passport is used by many of Microsoft's Web properties, such as its free e-mail service, Hotmail, as well as by a growing list of partners including Buy.com Inc. and OfficeMax.com Inc. The authentication service stores as many as 13 items of basic user information -- ranging from ZIP codes to a street address -- and also includes an "electronic wallet" component that stores information for making online purchases, such as a billing address and credit card number.

Criticism of Passport has mounted from some privacy advocacy groups, who last month filed a complaint with the Federal Trade Commission (FTC) over concerns about how the service collects data from users and how that personal information might be used in future. Hoping to ease some of that opposition, Microsoft said it will now require a user to enter only an e-mail address and password to open a new Passport account"We're saying partners will have the flexibility to decide what they ask (users) for," said Adam Sohn, a product manager in Microsoft's .Net platform group. That could range from the required e-mail and password, to more than 13 pieces of personal data. Previously, Microsoft required all Passport users to submit more thorough information about themselves.

"It's possible for folks to ask customers to give them more data, but we will make it very clear what information goes to Passport and what goes to the partners," said Sohn. He also stressed that despite noise from some critics, Microsoft makes no secondary use of the data. "We don't share it, we don't rent it, we don't publish it, we don't mine it and we don't market to it," he said.

The changes Microsoft is set to make will also affect one of Passport's add-on services, called "Passport Wallet," which automatically inserts the information required from a user to buy goods online, such as a credit card number. The wallet technology now in Passport will be broken out into a different service the company will provide in its set of 12 planned Hailstorm Web services, called My Wallet, Sohn confirmed.

The gestures to ease privacy concerns in Passport haven't changed the minds of some of Microsoft's harshest critics. Measures to reduce the information Passport collects about its subscribers don't go far enough, according to Jason Catlett, president of Junkbusters Inc., a privacy advocacy group involved with last month's FTC filing. Microsoft is still requiring users to provide an e-mail address, which will allow Microsoft to gain personally identifiable information, he argued.

While Microsoft won't be able to collect as much information about a users' behavior on the Web, it will still be able to track users' activity and combine that with personal information they collect by other methods, Catlett said. "They can still see which sites you are authenticating at, and, if they own the site, then they are getting your personal information through those records," he said.

Microsoft also said this week that Passport will support an emerging industry standard for enhancing privacy on the Internet called P3P (Platform for Privacy Preferences). The technology allows users to better manage what information Web sites can collect about them. P3P identifies Web sites that use "cookies," or pieces of code that Web sites can attach to a user's browser and use to track his or her movements on the Web.

Currently under consideration by the World Wide Web Consortium (W3C), a standards body, Microsoft is now advocating P3P for use in all of its Internet services and Web properties, Sohn said. The company is set to launch its latest Internet Explorer Web browser Oct. 25, which will include support for P3P. Partner Web sites that want to use Passport will also be required to support P3P, Microsoft said this week. Any site using P3P must attach an XML (Extensible Markup Language) document to their cookies that describes the site's privacy policy. Users are expected to be able to set controls for what level of privacy they will accept from a Web site, and block those Web sites that don't meet a users' privacy requirements.

"(The addition of P3P) is completely non-responsive to the specific allegations of illegal behavior that we charged Microsoft with," Catlett said. "They are replying with an answer, but the answer has nothing to do with the concerns."

Competitors ranging from AOL Time Warner Inc. to open source developer groups are working on other systems for single sign-on authentication. Many Internet companies are banking on the widespread adoption of such authentication services to make it easier to do business on the Web. But like earlier electronic business innovations, Junkbusters' Catlett isn't convinced it will live up to industry hype.

"I'm not sure it's (Passport) going to fly, but in case it does we have to try to protect the privacy of the people who use it," Catlett said. "It could end up being the largest surveillance mechanism in history."

Separately Thursday, 122 members of the U.S. House of Representatives backed a letter delivered to Microsoft and anti-trust regulators urging all of the parties involved to bring the pending antitrust case to a quick close. It was drafted by two members of Congress from Microsoft's home state of Washington -- Jennifer Dunn, a Republican, and Democrat Jay Inslee, representatives for the Seattle area. In the letter, House members urged the Department of Justice and the 18 states who are plaintiffs in the case to bring the case to a just conclusion.

"The best thing for consumers and our economy is a quick settlement of this costly litigation," Dunn wrote in a statement Thursday. "At a time when the economy is struggling, our government should not be putting a chill on the innovative forces that drive the new economy,"The House is showing bipartisan support for a settlement in the case. The letter said House members lauded ongoing negotiations between top Microsoft officials and the government, and encouraged "these discussions with the hope that a settlement can be reached at the earliest possible date and on reasonable terms."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Matt Berger

Computerworld
Show Comments

Father’s Day Gift Guide

Brand Post

Bitdefender 2019

Bitdefender solutions stop attacks before they even begin! Get cybersecurity that 500 MILLION users already have and trust.

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?