Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Settles With FTC Over Passport Privacy Complaints

Posted by michael on from the wet-noodle dept.

There will be a number of stories out shortly (here's an early one) noting that Microsoft has settled with the FTC over privacy complaints relating to Microsoft Passport. Short summary: Microsoft made lots of false representations about the security of Passport, and collected more information than it disclosed in its privacy policy, and now must be penalized in the usual Microsoft fashion - they must promise not to do it again. The FTC's settlement page has the complaint and settlement documents. We've covered this extensively - All Your Bits Are Belong to Us, EPIC's complaints about the integration of Windows XP and Passport, Microsoft Defends Passport, EPIC pushing state attorneys general to act against Passport, etc. In fact EPIC has an entire page devoted to Passport. The FTC settlement requires two main things: that Microsoft adopt basic security practices (what were they doing before?), and that Microsoft be audited by a third-party to assure compliance - perhaps it will be TrustE, since Passport's privacy policy remains approved by TrustE.

6 of 227 comments (clear)

  1. Microsoft's PR Response by grim57 · · Score: 5, Informative

    I have the unfortunate luck of developing a Passport site. Here is an e-mail they sent out to all Passport Sites:

    From: passexec@microsoft.com [mailto:passexec@microsoft.com]
    Sent: Thursday, August 08, 2002 10:20 AM
    To: *****
    Subject: Passport Resolves Issues with the US FTC

    Very soon you will be hearing about an agreement between the United States Federal Trade Commission (FTC) and Microsoft regarding the Passport service. As a Passport participating site I wanted to contact you directly in order to provide you with information about this development.

    This agreement is really about two things: making sure our statements about the service are clear and accurate, and ensuring we are meeting a very high bar with regard to online security.

    We recognize that if we are going to be true to the high bar we set, we must take responsibility for the past and lead into the future. We realize some of our marketing statements in the past could have been clearer and in some cases less enthusiastic. We've already changed them and are working to complete an independent audit of our information security program which will give our customers added confidence that we are meeting this high bar.

    I want to assure you that this is not an indication that the service itself is unsound. As you know, network security constantly evolves. What was reasonable in 1999 would not be reasonable by today's norms. While we believe we have always employed reasonable and appropriate security measures (in fact we know of no instance where a Passport user's information has ever been compromised), we understand the FTC's concerns and in hindsight wish we had held ourselves to an even higher bar.

    We recognize the role of the government in this effort and we worked closely with the FTC to address these issues. This has been a far-reaching and thorough process and we have had an ongoing dialog with the FTC that has lasted several months and resulted in this agreement. We are committed as a company to being a leader in this field.

    As a result of this experience, as odd as it seems to say this, I believe that the Passport service is better and more worthy or your trust than ever. You should know that:

    We will meet and hope to exceed the high standards set by this agreement

    We have planned for some time to conduct regular 3rd party audits of our service, and now we will provide the results of those audits to the FTC. These assessments will help give you and your customers the added confidence that we are living up to our commitments to run top quality services.

    The allegations in the complaint are made in the past tense. We have made continuous improvements to the Passport service, and many of the FTC's concerns had already been dealt with as part of our normal service updates. I want to ensure you that we remain committed to improving and enhancing Passport.

    I am sure that many of you are already thinking about what you will need to tell your customers. While I am sure that everyone's situation is unique I would encourage you to link to the information that we will be posting on Microsoft.com. This will include both a formal statement and a less formal interview with me that goes into more detail on the issues surrounding this agreement and its impact. We hope that these resources will assist you in speaking to your customers. When published, this information will be at http://www.microsoft.com/presspass/features/2002/a ug02/08-08passport.asp and will be pointed to from several Microsoft sites.

    Thank you for taking the time to read this mail. I am very invested in continuing to earn your trust as both a business partner and a consumer of our service and I hope that I have been able to communicate to you how committed we are to making Passport the highlight of our Trustworthy Computing Initiative.

    If you have any further questions, please do not hesitate to contact me via this email address.

    Sincerely,

    Brian Arbogast

    Corporate Vice President

    Microsoft Corporation

  2. Public comment is open until September 9 by jemele · · Score: 2, Informative

    The FTC is accepting public comment on the proposed order for 30 days, until September 9, 2002, after which the Commission will determine whether to make it final. Comments should be sent to: FTC, Office of the Secretary, 600 Pennsylvania Ave., N.W., Washington, D.C. 20580.

  3. Re:It's this kind of thing.... by darkonc · · Score: 4, Informative
    Actually, it just might be illegal. They're using their market monopoly in desktop systems to muscle their way into financial services and personal information warehousing. This might be very framable as a Sherman Act violation.

    Anybody got a spare fortune and a couple of good lawyers?

    --
    Sometimes boldness is in fashion. Sometimes only the brave will be bold.
  4. Can't register for Hotmail / Passport with Mozilla by ddkilzer · · Score: 3, Informative

    What does it matter? Anyone using Mozilla can't register with Hotmail or Passport anyway. Go ahead, click on the register link.

    Microsoft® .NET Passport no longer supports the Web browser version you are using. Please upgrade to a current Web browser, such as Microsoft Internet Explorer version 4.0 or later, or Netscape Navigator version 4.08 or later.

  5. TrustE is owned by Microsoft by randomErr · · Score: 5, Informative

    "and that Microsoft be audited by a third-party to assure compliance - perhaps it will be TrustE, since Passport's privacy policy remains approved by TrustE."

    I remember this big stink a few years ago about Microsoft having the majority stake when TrustE was founded.

    Heck just look at the Privacy Statment at WebTV/MSNTV.

    --
    You say things that offend me and I can deal with it. Can you?
  6. Re:It's this kind of thing.... by Anonymous Coward · · Score: 1, Informative

    How about fraud?