MS Settles With FTC Over Passport Privacy Complaints

There will be a number of stories out shortly (here's an early one) noting that Microsoft has settled with the FTC over privacy complaints relating to Microsoft Passport. Short summary: Microsoft made lots of false representations about the security of Passport, and collected more information than it disclosed in its privacy policy, and now must be penalized in the usual Microsoft fashion - they must promise not to do it again. The FTC's settlement page has the complaint and settlement documents. We've covered this extensively - All Your Bits Are Belong to Us, EPIC's complaints about the integration of Windows XP and Passport, Microsoft Defends Passport, EPIC pushing state attorneys general to act against Passport, etc. In fact EPIC has an entire page devoted to Passport. The FTC settlement requires two main things: that Microsoft adopt basic security practices (what were they doing before?), and that Microsoft be audited by a third-party to assure compliance - perhaps it will be TrustE, since Passport's privacy policy remains approved by TrustE.

Passport has integrity

[stevebrandli]

I know Brian Arbogast (Microsoft's VP for Passport) pretty well, and believe his integrity to be unassailable. He has not been on the Passport team for very long. Could this be more simple and less pernicious than is the slashdot consensus? Could their press release be an honest mea culpa and promise to do better? What would everyone be saying under the same facts and circumstances if this was some medium-size startup with none of the negative history and less market power? Microsoft's a big company, and not every product has been horrible and every initiative negative for consumers. I have no love for corporate Microsoft (long story), and I agree skepticism is called for. But on the other hand, if posters look at each situation with a jaundiced bias, these postings feel more like a lynch gang than an informed discussion.