Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS Settles With FTC Over Passport Privacy Complaints

Posted by michael on from the wet-noodle dept.

There will be a number of stories out shortly (here's an early one) noting that Microsoft has settled with the FTC over privacy complaints relating to Microsoft Passport. Short summary: Microsoft made lots of false representations about the security of Passport, and collected more information than it disclosed in its privacy policy, and now must be penalized in the usual Microsoft fashion - they must promise not to do it again. The FTC's settlement page has the complaint and settlement documents. We've covered this extensively - All Your Bits Are Belong to Us, EPIC's complaints about the integration of Windows XP and Passport, Microsoft Defends Passport, EPIC pushing state attorneys general to act against Passport, etc. In fact EPIC has an entire page devoted to Passport. The FTC settlement requires two main things: that Microsoft adopt basic security practices (what were they doing before?), and that Microsoft be audited by a third-party to assure compliance - perhaps it will be TrustE, since Passport's privacy policy remains approved by TrustE.

12 of 227 comments (clear)

  1. Promises, promises, promises by yeoua · · Score: 5, Funny

    "and now must be penalized in the usual Microsoft fashion - they must promise not to do it again."

    I hope Bill Gates wasn't crossing his finger behind his back...

    Better make sure and force him into a pinky swear and swear his soul to the dark lord.... er, too late, nevermind.

  2. It's this kind of thing.... by kabir · · Score: 5, Insightful

    that makes me want to give up. I mean, over, and over, and over, and over again big companies (esp. Microsoft) do Bad Things(tm), get caught, and essentially get lightly scolded.

    Now if I pulled shit like this I'd be up on fraud charges so fast that the whiplash would likely kill me. Assuming the lawyers hadn't eaten me alive first. But as it turns out that's only true because I'm not completely filthy stinking right.

    *sigh*

    I mean, I know it's nothing new, and I realize that I probably shouldn't be surprised, but c'mon.... it's just bloody depressing. How can things possibly get better if there's effectively no incentive for companies to behave? Clearly relying on a sense of honor or ethics just isn't working.

    I'm going to go kick my cube wall for a while... at least then I'll feel like I'm accomplishing something.

    --
    Behold the Power of Cheese!
    1. Re:It's this kind of thing.... by Gaijin42 · · Score: 5, Insightful

      Well, thie thing is, while obviously what Microsoft did was bad, it isn't illegal. So they can't do much more than tell them "Abide by what you said you were going to do". A privacy policy is a policy, not a contract. So you really can't even get them for breach of contract.

  3. Re:Who is the target audience? by kabir · · Score: 5, Insightful

    See, the thing is this: knowledgable people who care about security don't use passport, sure. But when the first thing that an XP install asks you for after you boot it for the first time is to get a passport account then plenty of people who care about security but aren't in the know about information security sign up (after all, Passport sounds so... official) and the common consumer gets screwed.

    That's the audience. And once enough of them are on board then the rest of us start being faced with choices like: "If I want to use cool service X I'll need to sign up for a passport because there's no other way to get it". That's the plan.

    --
    Behold the Power of Cheese!
  4. Re:Who is the target audience? by Danse · · Score: 5, Insightful

    The target audience is everyone. Whether you care about security or not, if Microsoft can create a demand by legislation (such as the Hollings bill) that would mandate DRM and thus some sort of identity verification scheme, or by convincing the majority of hardware/software makers to use their scheme, then you'll be stuck with it whether you like it or not. I think the former option is a lot more likely really. I seriously doubt they could get a majority to agree on anything. Congress, however, is open for business.

    --
    It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
  5. Microsoft's PR Response by grim57 · · Score: 5, Informative

    I have the unfortunate luck of developing a Passport site. Here is an e-mail they sent out to all Passport Sites:

    From: passexec@microsoft.com [mailto:passexec@microsoft.com]
    Sent: Thursday, August 08, 2002 10:20 AM
    To: *****
    Subject: Passport Resolves Issues with the US FTC

    Very soon you will be hearing about an agreement between the United States Federal Trade Commission (FTC) and Microsoft regarding the Passport service. As a Passport participating site I wanted to contact you directly in order to provide you with information about this development.

    This agreement is really about two things: making sure our statements about the service are clear and accurate, and ensuring we are meeting a very high bar with regard to online security.

    We recognize that if we are going to be true to the high bar we set, we must take responsibility for the past and lead into the future. We realize some of our marketing statements in the past could have been clearer and in some cases less enthusiastic. We've already changed them and are working to complete an independent audit of our information security program which will give our customers added confidence that we are meeting this high bar.

    I want to assure you that this is not an indication that the service itself is unsound. As you know, network security constantly evolves. What was reasonable in 1999 would not be reasonable by today's norms. While we believe we have always employed reasonable and appropriate security measures (in fact we know of no instance where a Passport user's information has ever been compromised), we understand the FTC's concerns and in hindsight wish we had held ourselves to an even higher bar.

    We recognize the role of the government in this effort and we worked closely with the FTC to address these issues. This has been a far-reaching and thorough process and we have had an ongoing dialog with the FTC that has lasted several months and resulted in this agreement. We are committed as a company to being a leader in this field.

    As a result of this experience, as odd as it seems to say this, I believe that the Passport service is better and more worthy or your trust than ever. You should know that:

    We will meet and hope to exceed the high standards set by this agreement

    We have planned for some time to conduct regular 3rd party audits of our service, and now we will provide the results of those audits to the FTC. These assessments will help give you and your customers the added confidence that we are living up to our commitments to run top quality services.

    The allegations in the complaint are made in the past tense. We have made continuous improvements to the Passport service, and many of the FTC's concerns had already been dealt with as part of our normal service updates. I want to ensure you that we remain committed to improving and enhancing Passport.

    I am sure that many of you are already thinking about what you will need to tell your customers. While I am sure that everyone's situation is unique I would encourage you to link to the information that we will be posting on Microsoft.com. This will include both a formal statement and a less formal interview with me that goes into more detail on the issues surrounding this agreement and its impact. We hope that these resources will assist you in speaking to your customers. When published, this information will be at http://www.microsoft.com/presspass/features/2002/a ug02/08-08passport.asp and will be pointed to from several Microsoft sites.

    Thank you for taking the time to read this mail. I am very invested in continuing to earn your trust as both a business partner and a consumer of our service and I hope that I have been able to communicate to you how committed we are to making Passport the highlight of our Trustworthy Computing Initiative.

    If you have any further questions, please do not hesitate to contact me via this email address.

    Sincerely,

    Brian Arbogast

    Corporate Vice President

    Microsoft Corporation

  6. In A country where the rich pilfer our savings ... by FreeUser · · Score: 5, Insightful

    ... and the life savings of the entire middle class, with hardly a peep of protest from those affected, this sort of anti-consumer protection, or better said, government wink-wink-nudge-nudge "don't get caught doing that again" tactics for allowing this sort of atrocious behavior to slide relatively unaffected and unchanged, again and again, is unlikely itself to change in any measurable way.

    At least, not until things become so intolerable that the masses overcome their conditioned apathy and subservience, and actually rise up in anger and demand real accountability and real reform. Unfortunately, by then I suspect things will have gone so far the non-violent reform will be difficult, if not impossible, and I sure don't want to be anywhere near the United States when that time comes.

    Every great power in history was brought to its knees, and ultimately destroyed, by its own internal, unchecked, and uncorrected corruption. It is extraordinarilly unlikely that the United States will be any different, or somehow immune to this kind of historical tide, and with every such expose it becomes ever more clear that we in the United States have nearly reached that threshhold already.

    I mean, hell, the upper crust just got done pilfering the life savings and retirement of the entire middle class, and yet no signficant reform or change has taken place, and the very people so affected can't be bothered to protest or be caught dead carrying a plackard in a public place demanding change, much less actually get involved in the political process and work for peaceful change. Unless this changes, and soon, this trend will not be corrected until it is far too late.

    This despicable behavior with regards to Microsoft is appalling and extreme, but it is only a symptom of a much greater, more fundamental, and much more deeply entrenched malaise that affects our entire political culture, and likely spells the beginning of the end of American society as we know it.

    It isn't going to be any foreign enemy, or "terrorists" who bring down our country, it is going to be our own inaction in the face of ever wider, ever more flagrant, and ever more destructive corruption. It saddens me greatly to have lived to see such a day.

    --
    The Future of Human Evolution: Autonomy
  7. Dark Lord? by ImaLamer · · Score: 5, Funny

    One password to rule them all,
    in the darkness,
    one password to bind them.

    To the race of men Borgates gave them
    passwords which would give them power
    over e-mail log-ins and on-line shopping
    sites.

    But there was one password crafted by the
    dark lord Borgates which controlled them ....

    --
    Get your Unix fortune now!
  8. TrustE is owned by Microsoft by randomErr · · Score: 5, Informative

    "and that Microsoft be audited by a third-party to assure compliance - perhaps it will be TrustE, since Passport's privacy policy remains approved by TrustE."

    I remember this big stink a few years ago about Microsoft having the majority stake when TrustE was founded.

    Heck just look at the Privacy Statment at WebTV/MSNTV.

    --
    You say things that offend me and I can deal with it. Can you?
  9. Re:In A country where the rich pilfer our savings by JordoCrouse · · Score: 5, Insightful

    Its sometimes very difficult to fathom just how big the United States is, and how many different people live here. And its also hard to fathom that the general population of /. sits in a much higher caste than the average American. Its real easy for us to sit in an ivory tower and deride the rich, attack big companies, belittle the technology have-nots and laugh at the unintelligent. We all have 401(k) accounts, and we feel the sting of losing a couple of thousand dollars in the stock market because of some greedy CEO. And its real easy for us to extend that to the entire country, and assume that becuase the dot-com bubble burst, and the economy isn't doing as well as it used to, and your average HTML writer can't go out and get $100,000 that our country is doomed to failure.

    The problem with that thinking is that there are lots more people out there without 401(k) accounts, and that didn't lose a single penny in the stock market, because they don't have any money to invest. They don't care about Microsoft, and they don't care about Enron, because neither of those companies have anything to do with them working two shifts and feeding their kids, or harvesting their crops. They're not calling for reform, because they haven't been wronged. What you call apathy is what they call ignoring things that are not important.

    As for the downfall of American society - The downturn of an economy, and the corruption of CEOs and the back scratching of companies - these are not new concepts in US history. There is nothing new under the sun - just new generations, and new scams. Far greater evils have beset corporate America in the past 226 years, and if nothing else, the country has shown a tendancy for survival.

    But when you've got your food on the table,and your surround sound stereo with the Simpsons Season 2 DVD playing at full blast, its nice to look out and have something to rally against. Because it is my belief that human beings are always at feeling their best when they are on the defensive - something hard wired into our instincts, I guess.

    In this case, Microsoft was unethical and sneaky. And its good to cast a watchful eye toward the corporations lest they wrong us. But to rant and rave and call this the end of American society - well... if you were wronged then please do all you can to reform the system. But don't play the victim and blame all of society's ills on the lack of interest of the American public - its quite possible that they have more important things to worry about.

    --
    Do you have Linux and a DotPal? Click here now!
  10. Re:In A country where the rich pilfer our savings by FreeUser · · Score: 5, Interesting

    Read the news. The Federal Government just made doing what the CEOs of Enron et al did a federal offense, meaning real jail time.

    I do read the news, and the measures which have been taken are laughable and incomplete. Ralph Nader, the guy who finally got the automotive industry to belatedly incorporate basic safety designs into automobiles in the United States decades after they knew better, and chose not to for financial reasons, offers a detailed analysis of just how widely Congress dodged the entire issue, and how profoundly superficial and ineffective the law you cite really is.

    In short, its a superficial measure designed to smooth the ruffled feathers of those few who dare, or rather bother, to speak aloud their outrage.

    http://www.time.com/time/magazine/article/0,9171,1 101020805-332031,00.html

    You'll have to forgive us if we slack off a bit; after outlasting communism and dealing with a world that alternatly hates us and wants us to be their best friend, we as a counry have earned a little corruption and selfishness.

    Or, to put your argument in a more individual light:

    "You'll have to forgive me if I slack off a bit; after outlasting my competing coworkers and dealing with an office that alternately hates me and wants to be my best friend, I as a person have earned a little cancer and self-destructiveness."

    Corruption isn't some self-indulgence you earn as a result of hard work, it is a cancerous, destructive force that tears a society apart and undermines basic, civil society and the social contract that holds it together, so unless you are arguing that America has earned the destruction it is bringing down upon itself, your argument falls to pieces.

    As for the notion of 'needing something to fight against' as a justification for injustice or corruption, so that the next generation has something to occupy their time, I think the absurdity of your words stand upon their own. Indeed, your rhetoric is a perfect example of the kind of conditioning our culture has been subjected to for the last several decades which has resulted in the apathy and submissiveness of our populace which is allowing these sorts of destructive behavior to flourish, virtually unapposed.

    --
    The Future of Human Evolution: Autonomy
  11. Re:Passport has integrity by jamused · · Score: 5, Insightful

    Arbogast's integrity, or even that of Microsoft as a whole, is irrelevant. Despite the high feelings of a lot of the posters in this topic, the problem with Passport isn't that we can't trust Microsoft: the problem with Passport is the scheme itself. Nobody should be trusted with that kind of personal data in a central repository, and nobody should ever be able to suck that kind of data out of a repository (central or not) without the active participation of the user. Automatic authentication and personal data mining is in and of itself a bad thing: one breach, one moment of carelessness by any party to any of the transactions and you're hosed. The very idea is the antithesis of security and privacy, and the only thing that having a person of integrity in that position can do is make it worse by lulling some people into trusting it.