MS Settles With FTC Over Passport Privacy Complaints

There will be a number of stories out shortly (here's an early one) noting that Microsoft has settled with the FTC over privacy complaints relating to Microsoft Passport. Short summary: Microsoft made lots of false representations about the security of Passport, and collected more information than it disclosed in its privacy policy, and now must be penalized in the usual Microsoft fashion - they must promise not to do it again. The FTC's settlement page has the complaint and settlement documents. We've covered this extensively - All Your Bits Are Belong to Us, EPIC's complaints about the integration of Windows XP and Passport, Microsoft Defends Passport, EPIC pushing state attorneys general to act against Passport, etc. In fact EPIC has an entire page devoted to Passport. The FTC settlement requires two main things: that Microsoft adopt basic security practices (what were they doing before?), and that Microsoft be audited by a third-party to assure compliance - perhaps it will be TrustE, since Passport's privacy policy remains approved by TrustE.

Re:In A country where the rich pilfer our savings

[FreeUser]

Read the news. The Federal Government just made doing what the CEOs of Enron et al did a federal offense, meaning real jail time.

I do read the news, and the measures which have been taken are laughable and incomplete. Ralph Nader, the guy who finally got the automotive industry to belatedly incorporate basic safety designs into automobiles in the United States decades after they knew better, and chose not to for financial reasons, offers a detailed analysis of just how widely Congress dodged the entire issue, and how profoundly superficial and ineffective the law you cite really is.

In short, its a superficial measure designed to smooth the ruffled feathers of those few who dare, or rather bother, to speak aloud their outrage.

http://www.time.com/time/magazine/article/0,9171,1 101020805-332031,00.html

You'll have to forgive us if we slack off a bit; after outlasting communism and dealing with a world that alternatly hates us and wants us to be their best friend, we as a counry have earned a little corruption and selfishness.

Or, to put your argument in a more individual light:

"You'll have to forgive me if I slack off a bit; after outlasting my competing coworkers and dealing with an office that alternately hates me and wants to be my best friend, I as a person have earned a little cancer and self-destructiveness."

Corruption isn't some self-indulgence you earn as a result of hard work, it is a cancerous, destructive force that tears a society apart and undermines basic, civil society and the social contract that holds it together, so unless you are arguing that America has earned the destruction it is bringing down upon itself, your argument falls to pieces.

As for the notion of 'needing something to fight against' as a justification for injustice or corruption, so that the next generation has something to occupy their time, I think the absurdity of your words stand upon their own. Indeed, your rhetoric is a perfect example of the kind of conditioning our culture has been subjected to for the last several decades which has resulted in the apathy and submissiveness of our populace which is allowing these sorts of destructive behavior to flourish, virtually unapposed.

Re:Microsoft's PR Response (fixed link)

[darkonc]

When published, this information will be at http://www.microsoft.com/presspass/features/2002/a ug02/08-08passport.asp

While I'm at it, I'm going to use some information that they used at their site in a slightly different order:

• First, the FTC said that [Microsoft] failed to implement and document procedures to prevent, detect, monitor or document unauthorized access.
• Hence, [Microsoft knows] of no instance where a Passport user's information has ever been compromised, in hindsight we wish we had held ourselves to an even higher bar.

Now whack me on the back of the head with a two-by-four if I'm wrong, but given that they had been lax in monitoring for security violations, is it any shock that they don't know that we^w someone violated them seven ways from tuesday?

Microsoft will never regulate itself

[erroneus]

It is definitely out of control and should be dismantled.

Microsoft is part of the legacy of the 80's mentality which is "looking out for #1." This translates to "increasing the bottom line at any cost." This makes them reckless and dangerous. Damage has already been done, is being done and will continue to be done until they are halted.

They cannot be taken for their word as they have shown to be very deceptive already and continue to be so.

If testimony under oath was true, that if revealed, the vulnerabilities of MS Windows could represent a threat to national security, then MS should be abandoned by all national and state government systems as soon as possible. It's not "if" these vulnerabilities are found, it's "when" and the code to exploit such vulnerabilities can be developed anywhere on the planet.

I think the value of money pales in the face of national security and privacy concerns. The economy is already in trouble and we're not going to save ourselves by keeping predatory corporations afloat long enough to destroy themselves abruptly as other large companies have already done. An orderly shutdown is a much better approach.

Bill Gates and all those in control of Microsoft should resign.