Groups Push FTC to Act on MS XP, Passport

BuckMulligan writes: "EPIC and a coalition of consumer and privacy groups have renewed their calls for FTC action to protect consumers from the privacy risks associated with Windows XP and Passport. In a letter sent to the FTC, the groups criticized the FTC for not upholding its statutory duty to protect consumers in light of the planned release of Windows XP. More information on the groups' previous FTC complaints is stored on the EPIC Microsoft Passport Page." So who here thinks the FTC is going to block Windows XP? Me neither. The other remedies requested (toward the middle of the letter) are interesting, though.

Who cares?

[jiheison]

Let MicroSoft AND XP/Passport users learn the hard way. No one with any common sense would register sensitive data with Passport, and those that do are due for a valuable lesson.

Worst case scenario: this gets cracked big time, and suddenly everyone is hip to M$'s lack of attention to security.

Re:Who cares?

[SoftwareJanitor]

What if Ford put out a car that had major problems that they knew about and yet did nothing and as a result 10,000 car accidents.

Ummm... Yea... Pinto (all models built in the early to mid 70's) -- gas tank is the floor of the hatchback which is undivided from the passenger compartment, in rear end collisions sometimes the tank would rupture filling the passenger compartment with gasoline, and in the event of a fire, an explosion. Mustang (2nd gen models) -- similar problem of gas tank serving as floor of trunk, sometimes in cases of rear end collisions the gas tank would rupture filling the trunk with gasoline, and in the event of a fire, the rear seat, being backed with fiberboard would often burn through quickly allowing fire to enter the passenger compartment. Ford vans (1980s and some 1990s models) -- gas tank placed too close to catalytic converter, often causing heat from converter to heat gas tank, and occasionally cause fires. Full size Ford/Mercury cars (Crown Victoria, Grand Marquis) -- faulty shift linkages that would occasionally cause a car to spontaneously drop to reverse if left idling with transmission in "Park" on an incline such as most driveways.

Of course in these cases, the courts have often punished Ford for product liability... Ford has had to recall and fix this sort of defects. Of course Ford, unlike Microsoft, warrants their products against defects and that they are fit for the purpose they are sold for. And unlike Microsoft's products which you only license, you actually own Ford's product when you buy it. Why doesn't the government and the marketplace hold Microsoft to the same standards?

Their facts are not right

[mosha]

> Most recently, an error on Microsoft's Certified Partners page, a Passport service, made usernames and passwords available on the Internet in plain text.(FN10) Anyone could have used this information to gain complete access to others' Passports and Hotmail E-mail accounts.

This is not true. They could see the user name and password to log in into SQL Server database on the machine that was behind firewall, not the Passport user names and passwords. That SQL Server didn't contain any information related to Passport users. And since the machine(s) was behind the firewall, nobody could access it anyway.

I doubt it

[Kailden]

I recently purchased Money 2002 and it has you sign up for a passport ID on install. Then everytime you open Money, it asks for it again.

Now, this may be just a "software choice" and not "forced on by the OS" but it still leads me to believe the FTC could care less. This problem is too ingrained in the commerce/commercialism division of capitalism, the only way to change it is by regulating it (hoping that enough congressmen/women are not totally on the side of big business) (and regulation of businesses is another big topic, and has many problems associated with it) or leaving it up to consumer choice/free market...but face it...it's hard to motivate ppl who just want to balance thier checkbook/email/browse the web and could care less about the implications....

I think there is extremism on both ends. Too much regulation and you can sqelch true innovation, or hurt businesses, or create huge goverments. But if you rely on the market and the population to chose, well, lets just say its hard to beat a intel's/microsoft marketshare with the average complacent home user who might use his computer for 3 hrs a week... because in aggregate that makes a lot more marketshare than the 10% who realize that hey there are better alternatives out there....

Re:question.

[mlong]

In WinXP how does one uninstall MSN instant messenger, I use AIM and don't know anyone on MSN IM so it has no use to me, all it does is clutter up my systray.

Look here for how...

My prediction: 3 weeks later...

[MWoody]

An FTC spokesman made the following announcement last Tuesday:

"The FTC has carefully considered the allegations against Microsoft and, more specifically, the Windows XP operating system and Passport data storage center. It is our decision that these charges are unfounded, and that Microsoft will be allowed to continue unimpeded with their designs. The reasons for our ruling are far too complex to go into at this time, but rest assured that we gave the matter considerable, unbiased contemplation. By the way, do you like my hat? It's made of money! Are you staying for lunch? We're having money!"

(Punchline uncerimoniously stolen from Penny Arcade)

Simple solution

[MartinG]

Why do you need the FTC to block Windows XP? You can block it yourself using the method known as "not buying it" if you don't like it.

It seems to be taking some people quite a while to figure it out, but I've tried it and I can tell you it certainly works. It's considerably more effective than the method called "grubmle and moan to your friends about microsoft and then go out and buy their products" that most people seem to be using.

Re:Simple solution

[Happy+Monkey]

Now there's an effective boycott! Buy the product, but refuse to use it!

support

[jrennie]

After reading the letter, make sure to scroll through all of the signatures at the bottom. If you haven't yet done so this year, open up your check book and contribute to your favorite of these organizations. These consumer organizations can only continue to push the FTC if we support them.

Jason

Re:Too Little, Too Late, Too much Money..

[killthiskid]

The FTC privacy site is here. I quote:

Advances in computer technology have made it possible for detailed information about people to be compiled and shared more easily and cheaply than ever. That's good for society as a whole and individual consumers. For example, it is easier for law enforcement to track down criminals, for banks to prevent fraud, and for consumers to learn about new products and services, allowing them to make better-informed purchasing decisions. At the same time, as personal information becomes more accessible, each of us - companies, associations, government agencies, and consumers - must take precautions to protect against the misuse of that information.

Here is their check list of pro-privacy iniatives:

• Creating a National Do-Not-Call List
• Beefing Up Enforcement Against Spam
• Helping Victims of ID Theft
• Putting a Stop to Pretexting
• Encouraging Accuracy in Credit Reporting and Compliance with the Fair Credit Reporting Act
• Enforcing Privacy Promises
• Increasing Enforcement and Outreach on Children's Online Privacy
• Encouraging Consumers' Privacy Complaints
• Enforcing the Telemarketing Sales Rule
• Restricting the Use of Pre-acquired Account Information
• Enforcing the Gramm-Leach-Bliley Act (GLBA)
• Holding Workshops

It seems that at the very least, privacy is on the radar of the FTC... are they doing all they could? Of course not, not with big business pushing them around.

I don't necessarily even see where Passport would fall into one of the catagories above, although it is by not means a complete list.

All sorts of groups are calling foul about MS/Passport. I don't think it will go un-noticed.

Passport is optional anyway

[throx]

First, security details are a non-issue. None of the proposed remedies even address the security concerns.

Just reading through the proposed remedies I have to ask whether these complaints are just there for the sake of bashing Microsoft and propping up competitors:

"An investigation into the information collection practices of Microsoft through Passport and associated services"
...we don't trust them, investigate them!!

"Order Microsoft to revise the XP registration procedures so that purchasers of Microsoft XP are clearly informed that they need not register for Passport to obtain access to the Internet"
...it was clear enough to me when I installed XP that the Passport registration was separate from internet access, after all you have to be connected to the internet before you can register with Passport!!

"Order Microsoft to block the sharing of personal information among Microsoft areas provided by a user under the Passport registration procedures absent explicit consent"
...why just Microsoft? Shouldn't the companies registering this complaint also volunteer their own information sharing policies? Smacks of hypocrasy to me.

"Order Microsoft to incorporate techniques for anonymity and pseudo-anonymity that would allow users of Windows XP to gain access to Microsoft web sites without disclosing their actual identity"
...you mean like a fake hotmail account? No one's done that before!

"Order Microsoft to incorporate techniques that would enable users of Windows XP to easily integrate services provided by non-Microsoft companies for online payment, electronic commerce, and other Internet-based commercial activity"
...what's wrong with the other companies? Can't they write code anymore?

"Provide such other relief as the Commission finds necessary to redress injury to consumers resulting from Microsoft's practices as described herein"
...there's been damages? Sheesh!

not to mention the real kicker:

"Begin an investigation to determine whether Passport complies with the requirements of the Children's Online Privacy Protection Act."

Oh my GOD!!! Think of the CHILDREN!!!

I'm sorry, but I just don't buy this one as a legitamate complaint. None of these remedies sit anywhere close to fixing any known problem with Passport. Naturally the most obvious remedy is to open the protocol and allow third parties to implement their own Passport servers but that would be too obvious, wouldn't it?

I'm so tired of this uninformed opinion

[drew_kime]

Its too late for any action

XP is already out of the gate.

Read up on anti-trust precedent. Google on 'Kodak Polaroid instant', or just follow this link [kodak.com]. Or this one [perdue.edu].

In the largest award ever in a patent-infringement case, a Federal judge ruled yesterday [October 1990] that the Eastman Kodak Company must pay the Polaroid Corporation $909.4 million for infringing Polaroid's patents for instant photography.
...
Both companies are widely held. Kodak, which has annual sales of $18 billion, has about 172,000 stockholders and Polaroid, which is much smaller with sales of about $1.9 billion, has about 21,000.
...
The award brings closer to an end a battle that began in April 1976, when Kodak introduced a line of instant cameras. Polaroid filed suit six days later, charging that Kodak infringed 10 patents, most involving technology in Polaroid's SX-70 system, which had been introduced in 1972.

So let's see. A case that takes 16 years to play out. A final judgement that is worth greater than half of the winner's annual sales, and more than 5% of the loser's. An entire product line pulled from the shelves after nearly two decaedes of sales. A class-action lawsuit against the loser that results in refunds to any purchasers of the discontinued product.

Sounds like a good roadmap to follow. And more to the point of my subject line, proof that the courts have a history of deciding to pull products after they have shipped. So enough of this "it's too late" boo-hooing. It is damn well not too late.

all I want in life (computer-wise)

[Dr.+Awktagon]

All I want is to be able to 1) buy a computer from any PC manufacturer I want without ANY operating system, or 2) be able to immediately sell, on eBay let's say, the operating system and junk that comes with a new PC. And not get a nastygram from Microsoft, or the guy who buys it can't run it because of some serial number.

If I buy a car, or a TV, or pretty much anything else, I can strip it down and sell the parts and nobody calls me a "pirate". For instance, I sold a card remote and sensor from an old Discman on eBay. I can remove the tires, or the engine, or the ashtray from my car and give them away or sell them, then add my own.

Why can't I do this with my computer? Why are software companies allowed this power? Really, I want to exercise my capitalistic rights and avoid Microsoft, but it's hard.

Unfortunately, the "lesson" will go unlearned.

[oGMo]

Microsoft is good at one thing: spin control. Even if they get hacked and everyone's data gets stolen, what do they do? Take the blame? Admit they're not very good at this security thing? Decide Passport wasn't a good idea?

Yeah right. Instead, they can simply spin it as "terrorism". That's right---you and your data have been the victims of a terrorist-hacker attack. Computer crimes are terrorism. You are a hapless victim. Microsoft is a hapless victim. Are they to blame? Who would blame the victims of a terrorist attack? Would you blame the people in the WTC buildings for the attack that got them killed?

Now whose fault does it look like? Certainly no-one would blame MS. They've provided this great service and now for their insight, innovation, and generosity, are the victims of terror. Right. How many people will learn a lesson from this? They'll just want more draconian laws passed, harsher measures taken against these "computer terrorists".

Re:Unfortunately, the "lesson" will go unlearned.

[foobar104]

Yeah right. Instead, they can simply spin it as "terrorism".

Actually, I think the whole computer-crime-as-terrorism thing is a pretty useful analogy.

When the bad stuff happened last month, the FAA responded by completely shutting down all air travel in the US until major policy changes could be instituted. Did it have a serious impact on the security of the US air travel system? Dunno. Maybe. The point is, the FAA acted, and acted fast, doing the best job they could think of. We'll never know, thankfully, if they saved lives by doing so.

When nimda happened, Microsoft responded by... um. Actually, how did they respond? Exactly what swift, decisive measures did MS take to lessen the impact of that problem, and prevent future problems?

Re:Too Little, Too Late, Too much Money..

[killthiskid]

Actually, I do not recieve any spam, except the stuff I want.

I contacted all businesses that have my personal data, and told them I wanted to opt out and to not share my info with anyone.

I started telling every telemarketer that called that I wanted to be put on their do not call list and asked for their name, a phone number, an address, and a confirmation letter (didn't get very many letters).

I contacted all of the big 3 credit shops and opted out with them too...

And ya' know what? I don't get marketing calls or letters anymore. None. Zero. My mail was cut by, oh, about 70%. And I never get interupting phone calls over dinner.

I took about a 9 months of telling people no, but it finally paid off.

I'm fairly certain that I can attribute at least a bit of that to the FTC muscle behind these laws.