Microsoft Calls for National Privacy Law

tabdelgawad writes "Brian Krebs, who writes the Washington Post's Security Fix Blog notes that Microsoft has just asked Congress to enact a new federal privacy law to preempt the growing hodge-podge of state laws that regulate how companies can use personal information. Go Microsoft!?"

Don't let your head explode

[jellomizer]

Before your heads explode, you must say to yourself, Microsoft is only a company. Companies job is to make money, not to do good or evil, if doing good will help the company make or save money then they will do it. In this case for companies like Microsoft it is easier for them to follow one set of privacy laws except for 50 different laws and with the internet it makes it more convoluted.

Re:Don't let your head explode

[QuantumG]

Exactly my thoughts. Anything the greases the wheels of multinational corporate greed has to be a bad thing. So let's introduce more privacy laws. Maybe on a county by county level, and different laws depending on the annual profits of your company and your previously indicated tendency to evil.

Re:Don't let your head explode

[NaruVonWilkins]

I think that the same can be said for many, possibly a majority, of people - at least in the US. Sure, sometimes we do things for charity, sometimes we do things because we feel they're right, but there are so many things we do simply because they're cheaper. We don't know, say, what the conditions are in the factories where our clothes are made, but we buy them anyway.

Companies are a more distilled form of this. There are, of course, exceptions - more people than corporations, certainly - but I think the concept holds.

Re:Don't let your head explode

[AuMatar]

OF course, you have to assume that they'll do good here. Like the CAN-SPAM law, the federal version will likely be weaker than many state versions, and will override the state versions making them unenforcable. MS doesn't really want a law to protect people- they want a law that allows them to do basicly anything. Just watch, the law they push will basicly be "If its in a privacy policy, they can do whatever they want".

Re:Don't let your head explode

[zoomzit]

Well, past experience certainly do color perception of current actions. If Google promoted monopolistic practices time and time again, I'd question their motives too.

If you saw Mother Teresa (were she still alive) beating someone, you'd wonder if the person somehow deserved it.

Likewise, if you saw Hitler petting a bunny, you'd wonder if there was a more sinister motive.

Not that I am equating Mother Teresa to Google and Hitler to Microsoft...

oh wait... I am.

Re:Don't let your head explode

[QuantumG]

Uhh, the whole freakin' point of a small business is that they don't do business in multiple states. By nationalizing the law you're making it cost the same to do business in multiple states as it costs to do business in one state. But more importantly, you're taking away the ability of individual states to customize the law to the needs of their citizens. I'm sure the people in West Virginia have a different opinion to the people of Texas about what a company should be able to do with their personal information.

Re:Don't let your head explode

[someone300]

A company has a choice about how it makes profit. Some of these ways might benefit the public, some might not affect the public, and some might make everyone's lives worse.

Google, for example, as a company want to make profit. They can do this through targetted advertising. Their advertising is more intelligent and reaches the people who might care enough to click it if they have a larger database of information and users to sort through, so they offer many services. Some people might be concerned about the privacy of it, but nearly all public webmail services and stuff keep the user's data on a computer they don't own. All their software does is scan your emails and display relevant adverts... it's not as though people sit there reading your emails. But if you don't like their stuff you can block the google cookie and get on with your life.

Microsoft usually do their business through monopoly and things that hinder others, specifically those who choose not to use their software and services. It's not usually a case of just migrating away from Windows, since you have to deal with other Windows users sending you things you can't open. However, if Microsoft do the right thing, (even for the "wrong" reasons.. like profit), then it's a good thing, and if they see this having a positive effect maybe they will do more good things.
Microsoft have a hell of a lot of power and money, maybe we could prompt them to use it for things that will benefit us.

Re:Don't let your head explode

[laughingcoyote]

And if they don't, who holds them accountable? Ideally, this should be looked at the same way as sex tourism (if an American tourist does something in Thailand that'd be illegal in the US, they will still be prosecuted for it upon return to the US, why shouldn't the same apply to a corporation which goes abroad to skirt labor laws?), but since they're currently not, it falls to -you- to hold that corporation accountable.

Yes, it's a pain in the ass. Sorry. Most things worth doing are. If everyone would quit being too busy to give a shit, these types of things just might improve. Otherwise, they're going to continue. Anyone who is aware of an evil act and does not stand up against it is partially guilty in it.

This is not the same as saying you should -personally- go check every factory you purchase clothing from. But when the labor record of any given multinational is easily available on the web, to consult before making a purchase, you're talking about 5 minutes worth of work. This is NOT too much to ask from even a busy person.

Re:Don't let your head explode

[QuantumG]

Sex tourism laws are fucking insane. The only reason they are tolerated is because they're for a specific heinous act that no-one wants to defend (sex with children). Suppose the exact same laws were applied to drug tourism. Go to Amsterdam, visit a hash cafe, return to the US and get arrested at the airport. Or decompilation tourism. Go to Australia, decompile software to check its security, return to the US and get arrested at the airport. If you're not in the US, you can't commit a crime in the US. That's the way it should be. Otherwise the US is nothing but an imperialist who thinks they can police the world.

Re:Don't let your head explode

[ozmanjusri]

I'm a nudist you insensitive clod!

I just had lunch, you insensitive clod!

Re:Don't let your head explode

[vanka]

Actually I think it was simply your greed in not wanting to pay the sales tax that prevented you from finding the car you wanted not any rules and regulations. You said you found several but didn't want to pay the extra money.

I'm sorry but wanting to save a couple of hundred bucks is not greed, it is actually a wise thing to do. The whole basis of our economy is based on the fact that customers want the highest quality product possible at the lowest price possible. The point of the grandparent was that the various hoops that a person or company has to jump through in interstate commerce raises the cost of doing business to where smaller companies and poorer people are not able to participate. In our Internet Age, many small businesses are finding it easier and even necessary to do business in serveral states; why not make it easier for the small guys to join the party? If privacy regulations were nationally standardized, I believe it would benifit the comsumers as well, not just corporations. It would actually be easier for consumers to find out exactly how the law protects them and to get advice. Less legal confusion is generally a good thing. One last point, someone mentioned that privacy laws should be decided by each state as they are better aware of the needs of their population. While I generally agree with this theory I fail to see how the privacy needs can vary so significantly between a person living in the state of New York and someone living in Washington state./p?

Hmmmm....

[Conspiracy_Of_Doves]

Anyone else think that Microsoft is trying to buy our love?

Not necessarily good

[tuxlove]

Don't assume Microsoft is trying to enact a law that *protects* your privacy. Perhaps they just want privacy laws to be predictable w/o too much concern for whether they actually protect or not.

Re:Not necessarily good

[thparker]

Don't assume Microsoft is trying to enact a law that *protects* your privacy.

Exactly. Right now, I think privacy laws are pretty weak. But this isn't necessarily a good change -- remember that CAN-SPAM eliminated a bunch of far stronger state laws and left the end user with far less recourse in many cases.

To take this a step further, Microsoft's next logical step would be to gear up their lobbying machine to make certain the federal privacy law would supercede all state laws, limit corporate liability for violations, and leave as much latitude as possible on what they can do with the information.

I hope everyone is compiling their list of items that should be included in a consumer-focused privacy law and is ready to contact their representatives. If this goes forward, I can guarantee you that corporate America has their checkbooks ready to support their idea of how your personal information can be gathered, held, used and sold.

Re:Not necessarily good

[InvalidError]

I'm fine with companies tracking my personal info if UK-style laws are adopted. IIRC, some of the more interesting clauses went something like this:
1) companies shall not use nor retain information whose origins is not documented
2) companies must make all the info they have on an individual including sources at the individual's request
3) individuals may have companies delete records unless the company can justify keeping the records of terminated accounts

This way, companies would at least have to think at least twice before collecting, using and distributing data.

All we need, MS designing privacy law

[KD7JZ]

It will end up requiring MS-Privacy v1.0 for all taxpayers. No linux version available.

Well..

[TrappedByMyself]

If Microsoft has the ear of the lawmakers, then they'll be in the best position to exploit the law.



Hey, this paranoia stuff is kinda fun!!

Of course they want a national privacy law

[Scareduck]

That law will read something as follows:

1. Individuals have no rights to privacy.
2. Corporations can do what they want with any data.

That is, they want enshrined in national law the most pernicious possible data standards. The fact that this is going down during the Bush administration may or may not play a part, but certainly, the idea that bad laws can be purchased isn't helping assuage any fears I have that such legislation is hopelessly one-sided.

Of course they do.

[BCW2]

It's much cheaper to bribe your way around one law than it is fifty.

the first step

[BushCheney08]

The first step to ensuring that our privacy is protected is to make it federal law that all citizens have a Passport account...

Irony

[divisivemind]

"Microsoft said organizations that maintain private consumer information should have to meet some kind of national standard to prove they have at least taken reasonable steps to protect that data from hackers, viruses, or other kind of loss, theft or disclosure."

I would assume this means said organizations would not be running Microsoft products...

Beware

[linuxwrangler]

One need only look at how the federal banking regulations are repeatedly used to crush California's much more stringent privacy requirements to see the real reason behind federalized "privacy" laws.

Protecting the Bottom Line, Not Privacy

[Dotnaught]

The purpose of calling for federal regulation is to keep costs down, not to protect privacy. Some companies are actually interested in protecting privacy because failure to do imposes costs. HP is particularly good in this regard in that it lets customers access their data. The companies you have to watch out for are the ones with business models that depend on selling personal information.

Likely Bad, Maybe Good

[mpapet]

I used to work in the wine/spirits business years ago and I can tell you from experience it is very difficult to build business outside your local regulatory agent. Now that was the intention all along. (Prohibition and all)

The Good: A Single set of rules makes it easier to sell to a bigger market.

Now, on the other hand, I have some experience in gov't sales and can tell you once the gov't adopts a some conventions, well, then the big players who were there all along defining the conventions pretty much soak up all of the business. They mostly own the business already, the new rules make it a sure thing.

The Bad: Generally eliminates variety and discourages innovation.

If MS is smart, they help write the laws and develop compliant code simultaneously. So MS gets a 6-12 month jump on the competition when there's little innovation left. Win-Win for MS.

MS vs. Google

[Zebra_X]

This is a preemptive strike against Google.

MS isn't in the business of knowing who you are or what you do. They want you to buy their software, not collect your personal data. It shows in their software. Activation is completely anonymous as is error reporting and authenticity checks. This is not true however, for Google.

They want to know who you are, what you do, what you click, buy, read and where you want to go. It's not going to stop there. Google wants information about every corner of the world. Thanks to a digital age, it is possible to gleen this information from our on-line habits.

MS is making a strike at google's efforts by putting tighter restrictions on how they can use, and possibly distribute your information in the future.

Re:MS vs. Google

[d34thm0nk3y]

MS is making a strike at google's efforts by putting tighter restrictions on how they can use, and possibly distribute your information in the future.

Good!

Now all we need is for Google to lobby for national software quality control standards and we will be set!

Anyone else see this as an attempt to kill Google?

[handmedowns]

I mean, after all.. what does google do? Index information. Revenue is based off how they use that information, personal and public. Will this law(s) convienently be aimed towards creating requirements on how to protect such information that it will make it costly ($$ and time) enough to hurt google's business?

Sounds like the HIPPA expanded.

Error

[game+kid]

Microsoft Privacy Assurance has encountered a problem and needs to close. We are sorry for the inconvenience.

If you were in the middle of living, the identity you were counting on might be lost.

Please tell Microsoft about this problem.

We have created an error report that you can send to help us improve Our Lobbying Techniques. We will treat this report as an important path towards increased revenue and shareholder appeal.

[Debug]|[Sell soul]|[Smart people can click here and do neither unless they are x86 machine-code pros]

To MS-Bashing Slashbots: RTFA

[tabdelgawad]

Already a bunch of +4 and +5 Insightful posts bashing MS.

From TFA:

"CDT [Center for Democracy and Technology] President Jerry Berman praised Microsoft's move as "a landmark moment in the cause of establishing and protecting individual privacy rights online. ... While we have not reached consensus on all of the provisions of a privacy bill, we applaud Microsoft 's willingness to work actively with other high tech companies, consumer organizations and policymakers."

"Chris Hoofnagle, EPIC's senior counsel, agreed that Microsoft's position has softened significantly over the years. He noted that it was opposition from Microsoft and Hewlett-Packard that derailed an industry-friendly privacy bill from Rep. Cliff Stearns (R-Fla.) that was quickly gathering support a few years ago
'Microsoft is being more assertive now and it shows that the company is maturing,' he said"

"ACLU legislative counsel Timothy Sparapani also praised Microsoft's move, but cautioned that any federal privacy law would need to include safeguards for data gathered by commercial data brokers."

Privacy of Third Parties

[RoadDogTy]

Microsoft is an industry leader in terms of user privacy, internally every employee (for whom it is relevant) must undergo security/privacy training and sign statements about compliance with privacy standards (particularly in terms of how the company deals with PII, Personally Identifiable Information). Saying that the company wants a single privacy standard solely for the purpose of making money may be true in a few corner cases, but in general its not true because Microsoft already has to comply with international standards which (particularly in the EU) are much stricter than the standards of any US State. I think the biggest reason Microsoft would support standard privacy laws is because it would be easier for the company to make guarantees about third party partners (particularly those that use Passport) and make some baseline claims about the level of privacy partners must support.

Amended.

[Tackhead]

> That law will read something as follows:
>
> 1. Individuals have no rights to privacy.
> 2. Corporations can do what they want with any data.
>
> That is, they want enshrined in national law the most pernicious possible data standards.

You must be new to K Street. Never miss an opportunity to enshrine a monopoly in legislation by finding a way to render your competitors' business practices, even where they're identical to your own, illegal - while simultaneously granting yourself the permission to do the same thing under color of law.

I've therefore amended your second rule as follows:

2. Corporations that have business models that conflict with that of Microsoft must be held to the most stringent privacy standards.

Although the Constitution is no longer relevant, it's still considered bad form to write a Bill of Attainder", so you have to be a little clever about it.

Thus, you'll typically end up with something like this:

• Subsection 477.104.8453: the "All Your Base" clause - the use of hashes to represent hardware configurations ("GUIDs") for the purposes of managing software licensing, software configuration, and the provision of security updates, is a permitted use of personal information that enhances user privacy and shall not be penalized.
• Subsection 8008.13: the "Booble" clause - the use of hashed unique identifiers ("Cookies") that represent individual software configurations for the purposes of providing stateful web browsing, search history, the relevance of clickthroughs for search engines, is an invasion of privacy punishable by having a chair thrown at oneself before being fucking buried, and then fucking killed.

Let's see...

[dslauson]

Hmmm.... How can I spin this against MS to make it seem like they're doing something evil...

I am so sick of this nonsense. I swear, I need to stop clicking on any slashdot story with the name "Microsoft", "Google", or "Apple". Or maybe I should stop looking to slashdot thinking that maybe people could somehow look past their biases and read a story for what it is.

Yes, Microsoft is probably acting in their own best interest. So do Google and Apple. They're all trying to make money. That doesn't mean it won't benefit us. Don't try to tell me that you never act in your own self interest.

I know, Microsoft does anti-competitive things, and that's not cool, but don't let your opinion of them cloud your ability to think for yourself. We need to have our personal information protected, and here MS is in agreement with that. What's the big problem? Seriously!

Microsoft not on the consumer's side in this

[Todd+Knarr]

My thought: Microsoft is trying to get Federal rules that they can live with and that'll override more restrictive state rules. Take a look at opt-in vs. opt-out in their proposal. They advocate opt-in for a very limited class of data that they know the general public's getting touchy about, and I'll bet they make that a headline point. But for all other classes of data, they want opt-out enshrined in law in a way that prevents any state from requiring opt-in across the board. And once this is nailed down in Federal law, it'll be all but impossible to get it changed later no matter what happens.

I think that's Microsoft's strategy: cave in on the few points the public's riled up about right now, while simultaneously nailing down favorable terms everywhere else.

Nearly, almost, kinda adequate

[sn00ker]

Every time I hear about privacy laws in the US, I'm stunned at how little privacy you lot have.
This is yet another example, though admittedly it's better than a lot of what's already in existence.

Here in NZ, we've had a Privacy Act for 15 years, and it's stronger than this proposal. You have a right-to-access-and-correct information held by any organisation, even the Government, for example. Getting a credit card or a loan is not a licence for the bank to sell your name and address to a dozen different direct-advertising agencies. Buying something on HP will not require you to purchase a larger mailbox just to cope with the influx of targeted mail.
If you allow the corporations to define the rules of the game, you are fair game. I'd hate to live in a society where any company that has my details can sell them.

Oh, and to the people who say that this exceeds the authority of the federal government, surely this is an inter-state commerce matter? A uniform set of rules under which you may be fucked over by corporations sounds like inter-state commerce regulation to me.

Think: Patriot Act

[Bilbo]

Of course, if someone says that a law is supposed to protect our privacy, then it MUST be good for us, just like the way all true Americans know how the Patriot Act MUST be there to protect us!!

Yea, right.