For those of us who were too young to have remembered the plot of this excellent movie, quite a bit of the plot revolves around an arrest warrant mistakenly circulated because of a 'bug' in the computer.
Bzzzz....
Re:PDF Virus a *Proof of Concept*, not a real thre
on
PDF Virus Spotted
·
· Score: 3, Insightful
Well, the Code Red exploit was once a proof of concept. I still have the original post from the NTBugtraq list outlining the vulnerability...
I think we're going to come to the point where *any* embeddable-type document is going to be prone to infestation. We're almost there. We just need to add.swf,.psd, and the complex audio formats coming out. Play a Music Stream from Real and get a virus!
WinXP ships, and the injunction is imposed against it after it has already started to move copies?
My ideas of the consequences - legal minds feel free to correct me:
1. Walmart, Babbages, Everyone else who sells software is required to 'yank' shelf copies to comply with the injunction. Most stores will be slow to comply, and then claim that they sold out before the injunction hit.
2. We'll have a 'limited edition' of WindowsXP in the wild. Pirate copies will run rampant online and on Ebay because 'the most popular OS' cannot be legally bought in stores, and MS will be in the odd position of having to try enforce their own injunction because they can't be seen as encouraging piracy, can they? The other members of the BSA would scream if they did.
3. After a few months, Microsoft will release something like Windows IR (Injunction Release!) online as an 'update' to existing copies of WinMe and Win2k. It will be an Internet Explorer 4.0 type release -- all the funcitonality of a new OS, all the FUD and anticompetitive bullshit, but Microsoft will give it away as a new product just to spite the Fed and its competitors.
4. ANOTHER LAWSUIT over whether or not MS violated the injuction by releasing WinIR (Say that one out loud!)
5. Microsoft releases much of WinIR under their 'shared source' license, locking hundreds, if not thousands of developers into MS-only development. Hey, if it's free, code for it, right?
6. After months and months and months, a judge finally gets the breakup to stick.
7. Because they won't let him make the rules, Bill takes his toys and goes home. Microsoft 'exits' the home operating system market, and concentrates solely on a 'Software as Service' business market. They sell Win200x releases on a yearly basis to people who want or need server software and are too dim to use a *nix.
Sadly, the man bought his computer expressly for the purpose of playing games. I would be remiss in my duties to reccomend Linux as a gaming platform. That may change in the near future, but right now there is a very limited selection of games for Linux, and a zero "Off the shelf" selection.
Recently, I was setting up an internet connection for my father-in-law, who is decidedly of a non-technical bent. Linux is not an option for this man. Hell, Windows 98 was barely an option for him. Even then he has to ask questions like 'Is it okay to delete kernel32.dll?'
At any rate, immediately after I fixed all the problems with his cheap-ass winmodem and got the whole mess to work to dial into one of the short-lived ad-based ISP's, the guy punches in URL to a website he read out of a magazine.
The *first* thing to come up is a popup add for polarized sunglasses, as sponsored by the ISP . My father in law was *amazed* and called over his fifteen year-old son (Who thinks CB-Radio is high-tech) to see the wonderous display of marketing. Between the two, they had all but forgotten the original website they were trying to find, which was buried in a stack of software-controlled popups by this time. By the time I left that evening, both my father-in-law and my brother-in-law were pleading with my wife's mother for the number to her mastercard so that they could get some of the 'incredible bargains' that were there just because they had signed up with whatever ISP.
"You're related to them, you know," I told my wife after we left.
Her only response was, "Please don't remind me."
This makes Open Source video even more important
on
HDTV Over IP
·
· Score: 3, Interesting
I mean, look at all the industry controls and FUD built into HDTV. The format is less than ideal, and all the hardware required to play it is exorbitant.
This makes getting open source video formats in place even more important so that, in the very near future, we don't have to make a decision like the one we're making right now between OGG and MP3. One format is techincally superior and open, while the other is the 'industry standard'.
Wow, that was a lot of talk with very little point. I guess the point is this - UI programmers of the world, don't give up on innovation just because MS has done a lot of research. There's always something better w/r/t MMI.
I agree wholeheartedly. MS has spent a lot of effort getting their UI to be the best it can, but it still serves MS's purposes, and doesn't really break any new ground.
Features I'd like to see in 'new' User Interfaces:
1. A departure from the 'Dock'/'Taskbar' modus operandi. Just about every GUI uses one of these in one form or the other. They eat up valuable screen realestate, and I can't help but feel that there is a better and more efficient way to accomplish the same tasks. Damned if I know what it is, though... Make everything a right-click menu?
2. Graphical Relational Links: One of the concepts I really like about 'The Brain' is that it helps you to build visual logical links between applications, files, and websites. For example, you can link your MP3 Player to your MP3 folder, Winamp.com, Gnutella, etc...
Unfortuneately, the last version of the 'The Brain' I used wasn't really an adequate shell replacement. There's no real file management. I would give up a lot to have those same kind of links in a 'real' UI.
3. 'Tearaway' components. This is a feature you tend to find inside office and productivity apps that could really help any given UI if they were made standard. We're starting to see this a little bit in the moveable menus inside most applications, but I would really like to be able to say, grab my bookmarks sidebar from Mozilla and yank it onto the desktop or another application when I'm doing work on the web. There are other examples, but there is a lot of room for improvement here.
4. 3d object manipulation - We're stuck in a 2D world. For most things this is okay, but I can't help but feel that I could be more efficient if I could manipulate files, folders, and applications as if they were 3D objects. There are a few UI's built around Doom and Quake for linux, but we have yet to see a comprehensive UI that was entirely 3D. The model that most quickly comes to mind is 'Black and White'. Use a 'hand' pointer to move objects around, keyboard chords or gestures to execute common commands, and have an environment that can be used at a macro- or a microscopic level.
I'd love to throw around all my downloaded files into a big 'sorting' bin, for example, and have more organized objects represent my media and application files.
We have the hardware to do these things now. It'd be nice to see them in action. I wish I were a little better coder so that I could try to impliment some of them...
Microsoft is coming up on a decade of interaction with users and usability testing. I think they're nearing the point that Apple did with OS 9, before they broke all the interfaces for the 'Aqua' look that pervades 0S 10.
In other words, despite all the FUD, marketing, and anti-competitive crap BillCo is engaged in, they're getting their User Interface pretty-damn near perfect in terms of usability. Remember that because a person is employed by MS, he or she is not necessarily a borg. It looks like those who actually get WinXP will be getting a hell of an operating system.
We're seeing a lot of the same application elements expressed in slightly different ways in different OS's now. You can say that someone is copying someone else, but what it really means is that someone has found the 'best' way to do something in terms of usability or security. Take the graphical logins. I think Apple was the first to get the whole 'Icon-Username' setup, but this is apparently the best setup for a multi-user workstation, like most family PC's.
By the same token, I think that we'll probably see MS making their UI/Windowing System skinnable in the not-too-distant future ala Windowblinds to compete with Apple's 'themes', Kaleidoscope and all the different theme-window manager combinations for X.
Now if only their development teams put as much effort into application security as they do into UI. I would really have loved not cleansing my Mom's PC of Code Red II....
I watched a documentary not too long about about this kind of research. One of the researchers' primary obstacles was the fact that many tribal councils demanded that all fossils be turned over to them for 'proper burial' if they were found in tribal lands.
Of course you can't do composition analysis on casts, which are slightly imperefect representations anyway.
Along with the inevitable increases in speed and battery life, I think that we can probably expect the following advances in PDA technology over the next few years:
- More non-volatile storage space so that video becomes viable. Reasearch into minimizing non-disk based storage will be directly funded by a coalition of 'adult entertainment companies' headed by Christie Hefner and Robert Guccione.
- Vibrating batteries, as used in cell phones and pagers, will be modified for use with PDA's for those... long, lonely trips.
- Javascript-enabled web browsers will be ported to PalmOS so that we can be etertained by browser windows that reopen themselves, or their affiliates pages, no matter how many times you try to close them.
- New games will be written, targeted for PDA's that have touchpads or stylus interfaces. Players will be required to interact with in-game 'characters', either with thier hands... or their toungues.
- The X-10 mini-camera will become ubiquitous in most PDA designs, but for 'recreational' purposes only. The forementioned industry group will take no responsibilty for sexual harassment suits centering around misuse of X-10 technology.
- The popularity of Ascii Porn will skyrocket, creating a new market for fixed-width fonts.
"Just because it is made public doesn't mean it's declassified," Colonel Lehner said.
Classic case of the military getting to big for their britches and trying to rule the rest of the country instead of the other way 'round.
Stand up to 'em, Doc Postol! And if MIT caves, well, I don't think I'll be alone in saying that it will be a sad day for academia.
Another interesting point of interest is with the new Final Fantasy: spririts within movie, actors are beginning to consider copyrighting their likenesses,
Good for them... Better for us! Who wants dumpy Sandra Bullock, bug-eyed Steve Buscemi, or smarmy Ben Affleck when we can have perfect, artist produced, fan-boy (and fan-girl) material like Aki from FF?
What about it? Apple has released their BSD core OS, but the GUI, which most users consider the computer, is still strictly proprietary. How many times do we have to trot this old dog out before we realize it's the same old dog that's been given a shearing and a flea-dip?
I, for one, don't feel like spending $1500-2000 for the same bang-per-buck I already have in my Athlon-based PC for under $500 just to use MacOS.
Whithout being a flaming asshole, what applications are there for knowing if the digits of PI are random or not?
Also, since Pi is a ratio that we 'choose' to express in a base10 numerical system, would the fact that the digits are random in a decimal system mean that they would be random if we expressed Pi in a hexidecimal or octal system?
Before the
Federal Trade Commission
Washington, DC
In the Matter of )
)
Microsoft Corporation. )
_____________________________ )
Complaint and Request for Injunction, Request
For Investigation and for Other Relief
INTRODUCTION
1. This complaint concerns the privacy implications of the Microsoft XP operating
system that is expected to become the primary means of access for consumers in the
United States to the Internet. As is set forth in detail below, Microsoft has engaged, and is
engaging, in unfair and deceptive trade practices intended to profile, track, and monitor
millions of Internet users. Central to the scheme is a system of services, known
collectively as ?.NET,? which incorporate ?Passport,? ?Wallet,? and ?HailStorm? that are
designed to obtain personal information from consumers in the United States unfairly and
deceptively. The public interest requires the Commission to investigate these practices
and to enjoin Microsoft from violating Section 5 of the Federal Trade Commission Act,
as alleged herein.
PARTIES
2. The Electronic Privacy Information Center (?EPIC?) is a non-profit, public interest
research organization incorporated in the District of Columbia. EPIC?s activities include
the review of government and private sector polices and practices to determine their
possible impact on the privacy interests of the American public. Among its other
activities, EPIC has prepared reports and presented testimony before Congress and
administrative agencies on the Internet and privacy issues.
C 2
3. The Center for Digital Democracy (?CDD?) is a non-profit organization that represents
the interests of citizens and consumers with respect to new media technologies.
4. The Center for Media Education (?CME?) is a national nonprofit, nonpartisan
organization dedicated to creating a quality electronic media culture for children, their
families, and the community. CME's report "Web of Deception" (1996) first drew
attention to potentially harmful marketing and data collection practices targeted at
children on the Internet and laid the groundwork for the Children's Online Privacy
Protection Act.
5. Computer Professionals for Social Responsibility (?CPSR?) is a public-interest
alliance of computer scientists and others concerned about the impact of computer
technology on society
6. Consumer Action is a 30 year-old, San Francisco-based non-profit education and
advocacy organization. It works on a wide range of consumer and privacy issues in
conjunction with its national network of 6,500 community-based organizations.
6?. The Consumer Federation of America ("CFA") is a non-profit association organized
in 1967 to advance the interests of consumers through advocacy and education. CFA's
current membership is comprised of over 280 national, state, and local consumer groups
throughout the United States, which, in turn represent more than 50 million consumers.
7. The Consumer Task Force for Automotive Issues (?CTFAI?) was co-founded by Ralph
Nader and Remar Suttton. CTFAI monitors auto fraud activities for consumer
groups, attorneys general, and plaintiff firms. CTFAI has particular interest in consumer
privacy since using the Internet is a common practice for consumers looking for
information on cars and loan.
8. The Electronic Frontier Foundation (?EFF?) is a non-profit organization based in San
Francisco, California. EFF is a donor-supported membership organization working to
protect our fundamental rights regardless of technology; to educate the press,
policymakers and the general public about civil liberties issues related to technology; and
to act as a defender of those liberties.
9. Junkbusters is a privacy advocacy and consulting company based in New Jersey
and incorporated in Delaware.
10. The Media Access Project (?MAP?) is a non-profit, public interest law firm
C 3
that promotes the public?s First Amendment right to hear and be heard on the electronic
media of today and tomorrow.
11. NetAction is a San Francisco-based nonprofit organization that promotes use of the
Internet for grassroots citizen action, and educates policy makers on technology policy. In
1997, NetAction launched a campaign that mobilized Internet users to pressure the
Justice Department to enforce antitrust laws against Microsoft.
12. The Privacy Rights Clearinghouse (?PRC?) is a nonprofit consumer information and
advocacy program based in San Diego, California.
13. U.S. Public Interest Research Group (?USPIRG?) serves as the national association of
state PIRGs, which are independent, non-profit, non-partisan advocacy organizations
around the country. U.S. PIRG and the state PIRGs have a long-standing interest in data
privacy and data protection and have published a series of reports on privacy-related
topics, including identity theft.
14. Microsoft Corporation (?Microsoft?) was founded as a partnership in 1975 and
incorporated in the State of Washington in 1981. Microsoft develops, manufactures,
licenses, and supports a wide range of software products for a variety of computing
devices. Microsoft?s principal place of business is One Microsoft Way, Redmond,
Washington 98052-6399. At all times material to this complaint, Microsoft?s course of
business, including the acts and practices alleged herein, has been and is in or affecting
commerce, as ?commerce? is defined in Section 4 of the Federal Trade Commission Act,
15 U.S.C. 44.
15. EPIC, CDD, CME, CPSR, Consumer Action, CFA, CTFAI, EFF, Junkbusters, MAP,
NetAction, PRC, and USPIRG bring this complaint against Microsoft alleging unfair and
deceptive trade practices under Section 5 of the FTC Act.
16. The complainants reserve the right to amend this complaint as new facts emerge
regarding this matter.
THE IMPORTANCE OF PRIVACY PROTECTION
17. The right of privacy is a personal and fundamental right in the United States. The
privacy of an individual is directly implicated by the collection, use, and dissemination of
personal information. The opportunities for an individual to secure employment,
C 4
insurance, and credit, to obtain medical services, and the rights of due process may be
jeopardized by the misuse of certain personal information.
18. Privacy law in the United States has by tradition protected the privacy of consumer in
the offering of new commercial services enabled by new technologies. For example, the
Cable Act of 1984 protects the privacy of cable subscriber records created in connection
with interactive television services. The Electronic Communications Privacy Act of 1986
protects the privacy of electronic mail transmitted over the Internet. The Video Privacy
Protection Act of 1988 protects the privacy of rental record for video recordings of
commercial programs made available to the public for home viewing. The medical
privacy regulations mandated by the Health Insurance Portability and Accountability Act
establish safeguards for the delivery of medical information in electronic formats.
19. The vast majority of Americans are today ?concerned? or ?very concerned? about the
loss of privacy particularly with regard to commercial transactions that take place over
the Internet. One poll has indicated that the ?loss of personal privacy? is the number one
concern facing the United States in the twenty-first century. A recent poll shows that
Americans favor government action to safeguard online privacy. Another recent poll
indicates that the ability to remain anonymous online is supported by both Internet
experts and ordinary Internet users.
20. The Federal Trade Commission has played a significant role in the last several years
investigating and prosecuting violations of section 5 of the Federal Trade Commission
Act where the privacy interests of Internet users are at issue.
STATEMENT OF FACTS
Background
21. Microsoft is the largest computer software company in the world. Microsoft?s
customers include consumers, small and medium-sized organizations, enterprises,
educational institutions, Internet Service Providers, and application developers. Most
consumers of Microsoft products are individuals in businesses, government agencies,
educational institutions, and at home.1 The Microsoft operating system is used by more
Internet users than any other operating system in the world. Microsoft?s database of
1 Microsoft Corporation Form 10-K for the Fiscal Year Ended June 30, 2000.
C 5
Passport users is the largest commercial database of Internet users. At present there are
more than 100 million users.2
22. Microsoft?s Internet business activities include the MSN network of Internet products
and services and alliances with companies involved with broadband access and various
forms of digital interactivity.3 Microsoft?s online properties include MSN Internet
Access, MSN Hotmail, MSN Messenger Service, WebTV Networks, Microsoft CarPoint,
Microsoft Home Advisor, Expedia, Inc., MSN MoneyCentral and MSNBC.4
23. The far-reaching and inter-connected nature of Microsoft?s Internet business activities
provides a unique potential for the collection, sharing and use of personal information
concerning the users of its various properties. This potential to track, profile, and
monitor users of the Internet has far-reaching and profound implications for privacy
protection in general and in particular with regard to the growth of electronic commerce.
24. As is set forth in detail below, Microsoft has developed technical capabilities and
business practices that facilitate such tracking, profiling, and monitoring in an
unprecedented manner. As a direct result of these capabilities and business practices,
Internet users who seek to engage in online commerce will routinely disclose to
Microsoft virtually all aspects of their private transactions with other merchants.
25. Internet users will also be confronted with a confusing labyrinth of inter-connected
Microsoft websites that collect and share their personal data. Consumer confusion is
exacerbated by the misleading registration practices, incoherent privacy policies, and
covert data sharing arrangements that are intended to facilitate the collection of personal
information from consumers by Microsoft while simultaneously making it difficult if not
impracticable for consumers to exercise control over their personal information.
26. When viewed both in its entirety and in terms of specific business practices outlined
below, and considering the extraordinary market dominance enjoyed by Microsoft, the
collection and use of personal information within the Microsoft network under Windows
XP and with the associated.NET services constitutes a series of unfair and deceptive
trade practices.
2 New York Times, July 26, at C4.
3 Microsoft Corporation Form 10-K for the Fiscal Year Ended June 30, 2000.
4 Id.
C 6
Windows XP Impact on Consumer Profiling
27. With the release of the new operating system Windows XP and its associated
services, Microsoft will transform the process for the collection and use of personal
information on American consumers who engage in electronic commerce on the Internet.
Personal information associated with commerce, such as credit card numbers, has
traditionally resided under the personal control of the individual consumer. Such
information is typically disclosed in the context of a particular transaction for a particular
purpose to a particular merchant. With the release of Windows XP, Microsoft proposes to
move the locus of control away from the end user to Microsoft. Although it is described
by Microsoft as a ?user-centric,? the Windows XP architecture is more accurately
described as ?Microsoft-centric.?
28. The Microsoft Passport is a user authentication standard that will enable Microsoft to
collect personal information from consumers and disclose that information to Microsoft
partners and others. It makes Microsoft the central repository for routine information for
commercial transactions, as well as personal facts such as birthdates and anniversaries.
29. The HailStorm platform will enable the widespread exchange of personal information
among Microsoft business partners. It is intended to exchange the rapid exchange of a
wide range of personal information set out in more detail below.
30. Microsoft privacy practices will have a profound impact on American consumers.
According to Microsoft, the Hotmail web-based e-mail service, MSN, Microsoft.com,
and Passport, are among the ten largest Web sites in the world.5
31. Microsoft is currently testing the Windows XP operating system. Several questions
have already been raised about certain proposed features of XP that may disadvantage
competing products, services and standards provided by Microsoft?s competitors.
32. The Windows XP system is expected to be finalized later this year and then sold to
consumers.
33. The Federal Trade Commission is the primary federal agency responsible for
investigating and prohibiting ?unfair methods of competition in or affecting commerce;
and unfair or deceptive acts or practices in or affecting commerce.?
5 Hailstorm White Paper, http://www.microsoft.com/net/hailstorm.asp.
C 7
A. Passport
34. According to Microsoft, ?Microsoft Passport allows consumers to create a
single sign-in, registration, and electronic wallet that can be shared between all of
the sites that support Microsoft Passport.?6
35. The information that may be stored in the Microsoft Passport includes ?real
name,? country/region, state, city/locale, gender, age, occupation, marital status,
e-mail, personal statement, hobbies and interest, favorite quote, favorite things
(?Name your favorite books, artists, places, gizmos, or gadgets?), a personal
photo (?include a photo of yourself, a loved one, or a favorite place, thing or
pet?), a home page, options to routinely disclose the Public Profile in MSN chat
rooms, and to be notified of future features, as well as whatever additional data
Microsoft eventually chooses to request for the Public Profile.
36. The information maintained in the Passport Public Profile is under the ?user
control? in the sense that the user may choose not to provide certain information
or to prevent certain information from being routinely disclosed, but the Profile is
also very much under the control of Microsoft in the sense that the information is
physically in the possession of Microsoft and may be obtained by Microsoft
whether or not the user chooses to make the personal information public. Further,
many of the practices described below demonstrate how Microsoft through the
XP Registration procedures, access to MSN, use of Hotmail, and use of new
services such as e-books seeks to obtain from the consumer detailed information
for the Passport system.
37. The Microsoft Passport Privacy Policy contains a section entitled ?Participating Sites?
Commitment to Privacy.? The title of this section reasonably would lead a consumer to
believe what the heading implies; that sites that participate in Microsoft Passport have a
commitment to protect users? privacy. However, the section only contains one
requirement for participating websites; ?All Web sites participating in the Passport
program must have a posted privacy policy.? Nothing is said regarding what level of
protection that policy must provide. This section, with its deceptive title, is likely to
promote consumer confidence in Passport by instilling the mistaken impression that
participating websites will protect their personal information.
6 Microsoft Corporation Form 10-K for the Fiscal Year Ended June 30, 2000.
C 8
38. The Windows XP operating system leaves the user with little choice but to employ
Passport. As soon as the user starts a computer and uses a modem, a dialog box appears
on the screen stating: ?You?ve just connected to the Internet. You need a Passport to use
Windows XP Internet communications features (such as instant messaging, voice chat
and video), and to access Net-enabled features. Click here to set up your Passport.?
39. The collection and use of detailed personal information in this fashion constitutes an
unfair and deceptive trade practice.
B. HailStorm
40. HailStorm is a software based means to transfer personal information contained in the
Microsoft Passport, as well as a host of other information, across any operating system,
platform, or device. Microsoft lists an extraordinary range of consumer information that
will be collected and subsequently disclosed by means of HailStorm. This information
includes a person?s home telephone number, office telephone number, fax number, home
address, business address, and geographic locations; a person?s actual name, nickname,
birthdate, anniversary, other special dates, and personal photograph; a complete list of all
names of all contacts contained in an electronic datebook, including names, addresses,
contact dates, and personal details for all friends and associates; information concerning
location and contact information; all forms of incoming mail, including voicemail,
electronic mail, and fax mail; tracking information; personal and business documents;
favorite websites and other identifiers; receipts, payment instruments, coupons and other
transaction records, devices settings and capabilities across all platforms, including PC,
PDA, and telephones; and detailed usage reports for each one of these services.7
41. Microsoft represents that when using HailStorm, the ?user owns the data? that he or
she enters into Passport. HailStorm will, according to Microsoft, ?put people in control
of their own data,? because ?HailStorm starts with the assumption that the user controls
all personal information and gets to decide with whom to share any of it and under what
terms.?8
42. Despite these broad representations, the control that users will ultimately have over
the extensive collection of their personal information within the HailStorm system will be
subject to the vagaries of Microsoft?s business model.
7 Hailstorm White Paper, http://www.microsoft.com/net/hailstorm.asp.
8 Microsoft Corporation Form 10-K for the Fiscal Year Ended June 30, 2000
C 9
43. Microsoft states that it ?intends to contractually bind licensees to specific terms of
use that control what can and cannot be done with user data originating from a HailStorm
source.? Microsoft has made its intention clear, stating that it ?will operate HailStorm as
a business.? In Microsoft?s HailStorm business model, ?end users will be the primary
source of revenue to Microsoft.?9
44. To use Windows XP, consumers will be unfairly led to believe that they need a
Microsoft Passport. Passport is the ?basic user credential? of Hailstorm. Although
Microsoft claims the ?users own their information? and that consumers will control the
use of that information, Microsoft will charge consumers to relay this vast amount of
individually identifiable information, ranging from their home addresses to the
documents stored on their computers. Microsoft will also charge recipients to use the
information.
45. As a result of these practices, Microsoft will essentially provide consumers the
?right? to buy some limited level of ?control? over the use of their own personal
information outside of Microsoft, despite the fact that the consumer has no meaningful or
effective control over the use of that information within Microsoft. Additionally, in
reference to third parties, consumers? control of their own information exists only so long
as the consumers? desires fit within the framework of Microsoft?s intent to ?contractually
bind licensees? regarding the use which they can and cannot make of this information.
46. Microsoft?s Windows XP / Passport / HailStorm business model constitutes both an
unfair and a deceptive trade practice when considered in its entirety.
Misleading Product Activation and Registration Procedures
47. Microsoft represents to consumers that the product activation feature included in the
new Windows XP operating system and its software suite Office XP will not combine the
information gathered in the activation?s hardware sweep with personally identifiable
information. Information at the Microsoft website states:
Microsoft Product Activation is completely anonymous, and no personally
identifiable information is collected.
9 Id.
C 10
48. However, Microsoft then goes on to say:
Activation is different from product registration. If they wish, customers
may voluntarily register their product by providing their name and contact
information. Registration is for those customers who want to receive
future communications on product updates, service releases and other
special offers.10
49. Microsoft also claims that product registration, which requires personally identifiable
information, is voluntary. However, users cannot receive support services for products
without registering for Microsoft Passport. The user?s product identification number is
then linked to his or her personally identifiable Passport information. Information posted
by Microsoft states:
Using the Online Support sites secured by Passport is easy. Passport
provides secure authentication ensuring that your support interactions and
all data exchanged with Microsoft is secure and private. To establish your
own private and secure personalized support web page where you can
interact with our award-winning Microsoft Support Professionals, first
time users will need to (1) sign-up for Passport or sign-in to Passport and
(2) complete a profile.
In order to identify the type of support you are entitled to, this system may
automatically determine your product identification number. This number
is required to receive support from Microsoft.11
50. Through product activation and registration, Microsoft can actually match users to
their machines. Although Microsoft represents to users that the product activation
process preserves anonymity, users cannot receive software support anonymously for the
product that they activate and are forced to register for Microsoft Passport.
51. This practice constitutes an unfair and deceptive trade practice.
10 Software Piracy on PressPass,
http://www.microsoft.com/presspass/newsroom/pira cy/productactivationfaq.asp
11 http://servicedesk.one.microsoft.com/WRPublic/en/C onsent.asp
C 11
Hotmail Service Tracks Users
52. Hotmail is an email service offered by Microsoft.
53. Users of Hotmail email service are required to create Passport accounts, using the
personal information they provided to sign up with Hotmail. No notice is provided to
Hotmail users that they are being given Passport accounts, nor does the Hotmail website
contain an opt-out feature. When Hotmail users login to Hotmail, they are simultaneously
logged-in to the Passport system.
54. Passport will track Hotmail users as they visit other MSN sites, and provide users?
personal information to those sites, unless the users click on a small ?Sign-Out? button on
the page each time they wish to move to a different MSN site. Hotmail?s privacy policy
states in part:
Your non-personally identifiable information from your Hotmail
registration (such as zip code and gender) may be shared with other
Microsoft websites to provide a more personalized advertising experience
online. For example, you may see ads from a Microsoft
bCentral/LinkExchange Banner Network member as you surf the Web but
none of your personally identifiable information is shared with the third
party websites.12
55. Passport tracks the behavior and divulges the personal information of Hotmail
customers who neither have been notified of their Passport accounts, nor have granted
permission for such use of their information. If a user visits the MSN homepage, a
Passport ?Sign-in? button will appear. If the user who did not come from Hotmail or
another MSN site clicks this button, information on Passport will appear, along with an
invitation to join the Passport system. However, if a Hotmail user who did not click the
Passport ?Sign-Out? button before exiting Hotmail visits the MSN homepage and clicks
the same button, the MSN page will reload, with a message greeting the user by name.
56. This practice constitutes an unfair and deceptive trade practice.
12 Hotmail MSN Hotmail Privacy Statement, http://lc1.law5.hotmail.passport.com/cgibin/
dasp/hminfo_shell.asp?content=pstate
C 12
Kids Passport Captures Data from Parents for Unrelated Services
57. Microsoft makes the following representations regarding the Kid?s Passport service,
which enables the collection of information on children under the age of 13 that will be
subsequently disclosed to Microsoft partners and other entities operating on the Internet.
Microsoft Kids Passport allows parents to consent to the collection, use
and sharing of their children?s information with Microsoft and the sites
and services operated by or for Microsoft (including MSN) and with
participating Passport Web sites that have agreed to utilize Kids Passport
as their parental consent process. (emphasis added) . . .
All of these sites [participating passport websites] agree to have a posted
privacy statement describing how they use personal information collected
by their website. . . .
It is important for you to read the Privacy Statement and Terms of Use for
each website you are consenting for your child to visit and use.13
58. The Kids Passport privacy policy only requires one parental verification process.
Participating Passport websites will not have to obtain ?verifiable parental consent? if the
user enters the site through Kids Passport because the participating websites will have
already agreed to utilize Kids Passport as their parental consent process. Thus if a
participating website changes its existing privacy policy after the parent has gone through
the verification process and the changed policy conflicts with the parent?s level of
consent, the participating site will not have to obtain parental consent a second time. The
burden will be on the parent to ensure that his/her consent level is consistent with
participating websites? privacy policies at all times.
59. Even if the privacy policies of participating Passport websites contradict or provide
less protection than Passport?s privacy policy, the participating Passport websites?
policies will govern over Passport?s privacy policy. Hence, the parent is effectively
required to read all participating Passport websites? privacy policies before providing
parental consent in the first instance for Kids Passport
13 Microsoft Passport: Privacy Statement,
http://www.passport.com/Consumer/PrivacyPolicy.a sp ?PPlcid=1033
C 13
60. The design of Kids Passport further requires parents to review the privacy policies of
participating websites on an ongoing basis to make sure that websites have not altered
their privacy policies in a manner that conflicts with the parents? desired level of consent.
61. Parents are required to establish their own Microsoft Passport accounts in order to
register their children with Kids Passport. Microsoft does not provide parents with any
other means of registering their children with Kids Passport.
62. Microsoft?s practice of requiring parents to register for Passport in order to register
their children for Kids Passport is a deceptive practice. It enables further collection of
personal information by Microsoft for purposes unrelated to the use of Kids Passport.
Further, by requiring parents to verify their consent through credit card validation,
Microsoft automatically creates a Passport Wallet for the parents, where their credit card
information will be held.
63. These practices constitute unfair and deceptive trade practices.
Covert Sharing of Passport Information within the MSN Network
and Conflicting Privacy Standards within the MSN Network
64. Microsoft Passport facilitates greater access by Microsoft affiliates within the MSN
network to personal information of computer users. Microsoft represents that
When you sign in to any area of MSN (and don?t sign out) and you visit
any other area of MSN, you will be automatically signed in . . . [and] your
Passport information (excluding your wallet information) will
automatically be shared with each area in MSN that you visit.
65. While facilitating the broad sharing of personal data, Microsoft makes it difficult, if
not impossible, for users effectively to protect their privacy within the MSN Network
because the various components offer contradictory and conflicting privacy policies.
Thus, Microsoft advises users that ?when you choose to visit the various areas of MSN . .
. you are subject to their specific terms of use and privacy policies.?14
66. Microsoft?s collection and sharing of personal data under this procedure within its
network constitutes an unfair and deceptive trade practice.
14 Id.
C 14
The Flawed Microsoft Passport Privacy Policy
67. The Microsoft Passport Privacy Policy states that, ?[y]ou are in complete control of
which web sites receive the Personal Information in your Passport profile and Passport
wallet ? Microsoft will not share, sell, or use your Personal Information in any way not
described in this privacy statement without your consent.?15
68. Participating web sites are not required to abide by the same information collection
practices as purportedly apply to the Microsoft Passport services, and such sites can
apparently share, sell, or use personal information in a manner not explicitly provided for
in the Passport Privacy Policy.
69. Buy.com, a shopping site accessible through the Passport service16 reserves the right
?to share [customers?] personally identifiable information with third parties who provide
services to us, our customers and web site visitors ? includ[ing] authorized contractors,
temporary employees and consultants and other companies working with us.?17 Further,
customers of Buy.com who then wish to shop at other sites associated with that company
(part of its ?Partner Center?) are subject to entirely different privacy protections once
again.
70. Participating web sites are not required to meet even basic industry standards of
privacy protection to participate in Passport services. Microsoft only requires that
participating web sites have ?a posted privacy statement.?
71. Customers, assured by Microsoft that information in their Passport profile is protected
according the principles of the Passport Privacy Policy, will reasonably assume that sites
associated with Passport will offer the same protections, and share personal information
they otherwise would not share.
72. The Microsoft Passport Privacy Policy unfairly and deceptively leads consumers to
believe that websites participating in Passport will abide by the same privacy practices as
Passport itself.
15 Id.
16 Microsoft Passport - Site Directory, http://www.passport.com/Directory/Default.asp
17 http://www.us.buy.com/corp/privacy_policy_complete.asp
C 15
Harvesting of email addresses and Profiling of Users
73. The Passport service is intended to give Microsoft the ability to send unsolicited
commercial email to Internet users and to profile their activities.
74. Microsoft obtains a user?s email address and discloses that personal information to
other Microsoft web sites whether or not the user intends to visit those sites or if there is
any need for the address to be collected by those sites. According to Microsoft:
Creating a Passport --- . . . Your email address is required to create a
Passport and it will be shared with Microsoft and its web sites . . . 18
75. Microsoft retains the right to disclose email addresses obtained by Passport to enable
unsolicited commercial email by web sites participating in the Passport network:
If in the future Passport sends email on behalf of participating web sites,
you will be able to follow instructions contained in the email to choose
whether or not you?d like to receive additional email.19
76. There appears to be no means by which users currently can limit the exchange of their
email addresses with the Microsoft Network and no limitations on the unsolicited
commercial email that may result from the collection of email addresses in this fashion.
77. Passport facilitates the profiling of Internet users by enabling the collection of
personal information. According to Microsoft:
The site may store the profile and wallet information sent to it during this
process in their database.20
78. These practices constitute unfair and deceptive trade practices.
18 Microsoft Passport: Privacy Statement,
http://www.passport.com/Consumer/PrivacyPolicy.a sp ?PPlcid=1033
19 Id.
20 Id.
C 16
Known Defects in Passport Design
79. Microsoft is aware of significant risks that users will have their personal information,
including their credit card numbers, disclosed to others when the Passport service is used
at a shared or public terminal, which could include a computer in a library, community
center, workplace, or airport lounge. Microsoft advises:
You should always sign out of Passport when you are finished browsing
the web to ensure that others cannot access your Passport profile or
wallet.21
80. Microsoft is also aware of significant risks that users will inadvertently disclose
personal information when they surf the web using the Passport service.
It is important for you to read the privacy statement and terms of use for
each site you visit to ensure you are comfortable with how they might use
your personal information.22
81. Internet users are routinely unaware of web site privacy statements. According to one
recent study, 41% of users report that they never or hardly ever read privacy statements
online.
82. The failure to establish adequate security standards to ensue that personal information
within the control of Microsoft, such as a credit card number, is not inadvertently
disclosed to a third party is an unfair and deceptive trade practice.
Failure to Warn of Passport Security Flaws
83. Microsoft has a history of privacy and security failures that is inconsistent with its
claim that ?Any information provided to Microsoft remains secure and private.?23
84. For example, in August 1999, when Passport was combined with Hotmail, a defect
was discovered in Hotmail that allowed ?anyone to read the private correspondence of
21 Id.
22 Id.
23 Id.
C 17
about 50 million subscribers.?24 In February 1999, Microsoft was found to be quietly
creating ?a vast data base of personal information about computer users.?25 The online
privacy seal organization TRUSTe subsequently found that Microsoft had compromised
?consumer trust and privacy.? Defects in Microsoft?s software are routinely discovered
that allow intruders unauthorized access to files, most recently a defect in Microsoft?s IIS
Web server software that has allows the ?Code Red? virus to compromise an estimated
300,000 computers, including some of Microsoft?s own servers.26
85. Microsoft?s failure to disclose the actual risks associated with the collection and use
of personal information in the Passport service constitutes an unfair and deceptive trade
practice.
Leading Industry Experts Have Expressed Concern about the
Privacy Implication of Windows XP and the HailStorm Services
86. Walter S. Mossberg is a widely regarded commentator on the computer industry who
writes a regular column for the Wall Street Journal. On July 5, 2001 (?Microsoft Cracks
Down On Sharing Windows XP?) Mr. Mossberg examined the product activation
procedure for Windows XP and noted that:
Windows will keep monitoring your setup to check that it?s still running
on the same machine. If you make major hardware changes, the system
could disable Windows and force you to check in with Microsoft in the
mistaken belief the program has been transferred to another computer.
One journalist reported that his copy of Office XP suddenly went into
?reduced functionality mode? and insisted he activate again while he was
using it on an airplane.
87. Mr. Mossberg concluded:
Microsoft has chosen a method of enforcing its policy that smacks of an
invasion of privacy. The company says its database of PC configurations
won?t contain any personal information, and will be encrypted so that
24 Wired News at http://www.wired.com/news/news/business/story/2149 0.htm.
25 New York Times, March 3, 1999.
26 ??Code Red? Worm Rearing to Attack on Net,? ZDNet News, July 21, 2001,
http://www.zdnet.com/zdnn/stories/news/0,4586,50 94 428,00.html.
C 18
nobody can misuse it. But Microsoft?s bully-boy behavior in the
marketplace hardly inspires confidence that it won?t somehow exploit this
information.
88. Stewart Alsop is a widely regarded commentator on the computer industry who writes
a regular column for Fortune Magazine. In an article for Fortune on July 23, 2001
(?Monopoly Has Just Begun Insidiously, incrementally, Microsoft is getting more and
more of me. That has me worried.?) Mr. Alsop examined the impact on Windows XP on
consumer privacy. He found, for example, that when he tried to take advantage of a new
consumer product, the ?e-book,? offered by a non-Microsoft company he was required to
go through the Microsoft Passport registration procedure.
I decided to buy the e-book, but Microsoft forced me to register with its
Passport service to activate Reader. The ostensible reason is that Microsoft
keeps track of the digital rights to each copy of the book.
89. He had a similar experience when he attempted to download a new software product.
Based on his experience with these two products, Mr. Alsop observed:
Microsoft is going to collect more and more information about what I buy
and what I do. I don?t really have a choice. It is very nearly impossible to
use any computer without using Microsoft?s software, and increasingly
that means that it is very nearly impossible to avoid handing over your
personal information to the company.
And this situation is just going to get worse, because Microsoft does have
a monopoly, and it is using that monopoly to aggressively expand its
dominance of computers--personal computers, office servers, handheld
computers, even set-top boxes--and its dominance of the Web and Web
services delivered through its Internet Explorer browser.
90. Mr. Alsop concludes:
This gets to the heart of why I?m really starting to worry. Microsoft is
encroaching on the consumer side, increasingly using its position between
us and every computer to make sure that it has the data to know who we
are and what we?re buying.
C 19
91. Esther Dyson is a widely regarded computer industry expert and chairman of
EDVenture Holding. Regarding the privacy implications of the practices described
herein, Ms. Dyson said to the Industry Standard, a leading industry magazine:
I don?t want the government, or Microsoft, asking me for my ID.
I find it kind of amazing. You sit and think, ?Can they actually do this? Is it
believable?? One hopes not.
REQUEST FOR RELIEF
Wherefore, the Complainants request that the Commission:
A. Initiate an investigation into the information collection practices of Microsoft
through Passport and associated services;
B. Order Microsoft to revise the XP registration procedures so that purchasers of
Microsoft XP are clearly informed that they need not register for Passport to
obtain access to the Internet;
C. Order Microsoft to block the sharing of personal information among Microsoft
areas provided by a user under the Passport registration procedures absent explicit
consent;
D. Order Microsoft to incorporate techniques for anonymity and pseudo-anonymity
that would allow users of Windows XP to gain access to Microsoft web sites
without disclosing their actual identity
E. Order Microsoft to incorporate techniques that would enable users of Windows
XP to easily integrate services provided by non-Microsoft companies for online
payment, electronic commerce, and other Internet-based commercial activity; and
F. Provide such other relief as the Commission finds necessary to redress injury to
consumers resulting from Microsoft?s practices as described herein.
C 20
Respectfully Submitted,
Marc Rotenberg David L. Sobel
Executive Director General Counsel
ELECTRONIC PRIVACY INFORMATION CENTER
1718 Connecticut Ave., N.W.
Suite 200
Washington, DC 20009
(202) 483-1140
July 26, 2001
Assuming you don't qualify for any of the discounts, one year of Science costs $250US. You also have the option of paying $5US for a *single* article on their website.
Perhaps if we let a certain former Texas governor order the killing of virus writers, he might refrain from killing retarded adults, people who committed their crimes as juveniles...
The real kicker here is that most of the viruses out there have been created by... you guessed it... juveniles.
They're juvenile in mind if not in body at least...
There's a reason we call these people 'script kiddies'. Steve Gibson, of grc.org fame beleives that the k1dd3s DOS'ing his site are no older than 12 or 13. I would imagine that most of the people who downloaded this virus creation kit are just about as old.
Slashdot Mirror
For those of us who were too young to have remembered the plot of this excellent movie, quite a bit of the plot revolves around an arrest warrant mistakenly circulated because of a 'bug' in the computer.
Bzzzz....
Well, the Code Red exploit was once a proof of concept. I still have the original post from the NTBugtraq list outlining the vulnerability...
.swf, .psd, and the complex audio formats coming out. Play a Music Stream from Real and get a virus!
I think we're going to come to the point where *any* embeddable-type document is going to be prone to infestation. We're almost there. We just need to add
WinXP ships, and the injunction is imposed against it after it has already started to move copies?
My ideas of the consequences - legal minds feel free to correct me:
1. Walmart, Babbages, Everyone else who sells software is required to 'yank' shelf copies to comply with the injunction. Most stores will be slow to comply, and then claim that they sold out before the injunction hit.
2. We'll have a 'limited edition' of WindowsXP in the wild. Pirate copies will run rampant online and on Ebay because 'the most popular OS' cannot be legally bought in stores, and MS will be in the odd position of having to try enforce their own injunction because they can't be seen as encouraging piracy, can they? The other members of the BSA would scream if they did.
3. After a few months, Microsoft will release something like Windows IR (Injunction Release!) online as an 'update' to existing copies of WinMe and Win2k. It will be an Internet Explorer 4.0 type release -- all the funcitonality of a new OS, all the FUD and anticompetitive bullshit, but Microsoft will give it away as a new product just to spite the Fed and its competitors.
4. ANOTHER LAWSUIT over whether or not MS violated the injuction by releasing WinIR (Say that one out loud!)
5. Microsoft releases much of WinIR under their 'shared source' license, locking hundreds, if not thousands of developers into MS-only development. Hey, if it's free, code for it, right?
6. After months and months and months, a judge finally gets the breakup to stick.
7. Because they won't let him make the rules, Bill takes his toys and goes home. Microsoft 'exits' the home operating system market, and concentrates solely on a 'Software as Service' business market. They sell Win200x releases on a yearly basis to people who want or need server software and are too dim to use a *nix.
Sadly, the man bought his computer expressly for the purpose of playing games. I would be remiss in my duties to reccomend Linux as a gaming platform. That may change in the near future, but right now there is a very limited selection of games for Linux, and a zero "Off the shelf" selection.
Ogg handles up to 256 simultaneous channels at once. At high-bitrates (192kbit/sec) I can't tell it from CD Audio.
Recently, I was setting up an internet connection for my father-in-law, who is decidedly of a non-technical bent. Linux is not an option for this man. Hell, Windows 98 was barely an option for him. Even then he has to ask questions like 'Is it okay to delete kernel32.dll?'
At any rate, immediately after I fixed all the problems with his cheap-ass winmodem and got the whole mess to work to dial into one of the short-lived ad-based ISP's, the guy punches in URL to a website he read out of a magazine.
The *first* thing to come up is a popup add for polarized sunglasses, as sponsored by the ISP . My father in law was *amazed* and called over his fifteen year-old son (Who thinks CB-Radio is high-tech) to see the wonderous display of marketing. Between the two, they had all but forgotten the original website they were trying to find, which was buried in a stack of software-controlled popups by this time. By the time I left that evening, both my father-in-law and my brother-in-law were pleading with my wife's mother for the number to her mastercard so that they could get some of the 'incredible bargains' that were there just because they had signed up with whatever ISP.
"You're related to them, you know," I told my wife after we left.
Her only response was, "Please don't remind me."
I mean, look at all the industry controls and FUD built into HDTV. The format is less than ideal, and all the hardware required to play it is exorbitant.
This makes getting open source video formats in place even more important so that, in the very near future, we don't have to make a decision like the one we're making right now between OGG and MP3. One format is techincally superior and open, while the other is the 'industry standard'.
Collect them all!
Wow, that was a lot of talk with very little point. I guess the point is this - UI programmers of the world, don't give up on innovation just because MS has done a lot of research. There's always something better w/r/t MMI.
I agree wholeheartedly. MS has spent a lot of effort getting their UI to be the best it can, but it still serves MS's purposes, and doesn't really break any new ground.
Features I'd like to see in 'new' User Interfaces:
1. A departure from the 'Dock'/'Taskbar' modus operandi. Just about every GUI uses one of these in one form or the other. They eat up valuable screen realestate, and I can't help but feel that there is a better and more efficient way to accomplish the same tasks. Damned if I know what it is, though... Make everything a right-click menu?
2. Graphical Relational Links: One of the concepts I really like about 'The Brain' is that it helps you to build visual logical links between applications, files, and websites. For example, you can link your MP3 Player to your MP3 folder, Winamp.com, Gnutella, etc...
Unfortuneately, the last version of the 'The Brain' I used wasn't really an adequate shell replacement. There's no real file management. I would give up a lot to have those same kind of links in a 'real' UI.
3. 'Tearaway' components. This is a feature you tend to find inside office and productivity apps that could really help any given UI if they were made standard. We're starting to see this a little bit in the moveable menus inside most applications, but I would really like to be able to say, grab my bookmarks sidebar from Mozilla and yank it onto the desktop or another application when I'm doing work on the web. There are other examples, but there is a lot of room for improvement here.
4. 3d object manipulation - We're stuck in a 2D world. For most things this is okay, but I can't help but feel that I could be more efficient if I could manipulate files, folders, and applications as if they were 3D objects. There are a few UI's built around Doom and Quake for linux, but we have yet to see a comprehensive UI that was entirely 3D. The model that most quickly comes to mind is 'Black and White'. Use a 'hand' pointer to move objects around, keyboard chords or gestures to execute common commands, and have an environment that can be used at a macro- or a microscopic level.
I'd love to throw around all my downloaded files into a big 'sorting' bin, for example, and have more organized objects represent my media and application files.
We have the hardware to do these things now. It'd be nice to see them in action. I wish I were a little better coder so that I could try to impliment some of them...
Here's hoping Lionhead will release B&W Shell
Microsoft is coming up on a decade of interaction with users and usability testing. I think they're nearing the point that Apple did with OS 9, before they broke all the interfaces for the 'Aqua' look that pervades 0S 10.
In other words, despite all the FUD, marketing, and anti-competitive crap BillCo is engaged in, they're getting their User Interface pretty-damn near perfect in terms of usability. Remember that because a person is employed by MS, he or she is not necessarily a borg. It looks like those who actually get WinXP will be getting a hell of an operating system.
We're seeing a lot of the same application elements expressed in slightly different ways in different OS's now. You can say that someone is copying someone else, but what it really means is that someone has found the 'best' way to do something in terms of usability or security. Take the graphical logins. I think Apple was the first to get the whole 'Icon-Username' setup, but this is apparently the best setup for a multi-user workstation, like most family PC's.
By the same token, I think that we'll probably see MS making their UI/Windowing System skinnable in the not-too-distant future ala Windowblinds to compete with Apple's 'themes', Kaleidoscope and all the different theme-window manager combinations for X.
Now if only their development teams put as much effort into application security as they do into UI. I would really have loved not cleansing my Mom's PC of Code Red II....
The DOJ were as rabid about pursuing anti-trust allegations as they were about prosecuting file-traders and honest hackers...
I'd love to see Hillary Rosen picked up outside her house and jailed for a month without bail being set.
Of course, I'd never run IIS on my workstation, let alone a server, but it's fun to watch the HTTP requests come in on ZA.
Now, let's see if ZA logs contain enough information to determine if it's a Code Red attack or just another port scanner....
It will be a lot easier to stop these guys than it will Bill G.
I watched a documentary not too long about about this kind of research. One of the researchers' primary obstacles was the fact that many tribal councils demanded that all fossils be turned over to them for 'proper burial' if they were found in tribal lands.
Of course you can't do composition analysis on casts, which are slightly imperefect representations anyway.
Along with the inevitable increases in speed and battery life, I think that we can probably expect the following advances in PDA technology over the next few years:
- More non-volatile storage space so that video becomes viable. Reasearch into minimizing non-disk based storage will be directly funded by a coalition of 'adult entertainment companies' headed by Christie Hefner and Robert Guccione.
- Vibrating batteries, as used in cell phones and pagers, will be modified for use with PDA's for those... long, lonely trips.
- Javascript-enabled web browsers will be ported to PalmOS so that we can be etertained by browser windows that reopen themselves, or their affiliates pages, no matter how many times you try to close them.
- New games will be written, targeted for PDA's that have touchpads or stylus interfaces. Players will be required to interact with in-game 'characters', either with thier hands... or their toungues.
- The X-10 mini-camera will become ubiquitous in most PDA designs, but for 'recreational' purposes only. The forementioned industry group will take no responsibilty for sexual harassment suits centering around misuse of X-10 technology.
- The popularity of Ascii Porn will skyrocket, creating a new market for fixed-width fonts.
Is this quote from the Times Article (Archive addy, so no reg req):
"Just because it is made public doesn't mean it's declassified," Colonel Lehner said.
Classic case of the military getting to big for their britches and trying to rule the rest of the country instead of the other way 'round. Stand up to 'em, Doc Postol! And if MIT caves, well, I don't think I'll be alone in saying that it will be a sad day for academia.
Another interesting point of interest is with the new Final Fantasy: spririts within movie, actors are beginning to consider copyrighting their likenesses,
Good for them... Better for us! Who wants dumpy Sandra Bullock, bug-eyed Steve Buscemi, or smarmy Ben Affleck when we can have perfect, artist produced, fan-boy (and fan-girl) material like Aki from FF?
What about Mac OS-X?
What about it? Apple has released their BSD core OS, but the GUI, which most users consider the computer, is still strictly proprietary. How many times do we have to trot this old dog out before we realize it's the same old dog that's been given a shearing and a flea-dip?
I, for one, don't feel like spending $1500-2000 for the same bang-per-buck I already have in my Athlon-based PC for under $500 just to use MacOS.
Well, you're already buying two drives for booting off of if you're using this device.
Whithout being a flaming asshole, what applications are there for knowing if the digits of PI are random or not?
Also, since Pi is a ratio that we 'choose' to express in a base10 numerical system, would the fact that the digits are random in a decimal system mean that they would be random if we expressed Pi in a hexidecimal or octal system?
Before the .NET services constitutes a series of unfair and deceptive
a cy /productactivationfaq.asp
C onsent.asp
a sp ?PPlcid=1033
e .asp
a sp ?PPlcid=1033
9 0.htm.
0 94 428,00.html.
Federal Trade Commission
Washington, DC
In the Matter of )
)
Microsoft Corporation. )
_____________________________ )
Complaint and Request for Injunction, Request
For Investigation and for Other Relief
INTRODUCTION
1. This complaint concerns the privacy implications of the Microsoft XP operating
system that is expected to become the primary means of access for consumers in the
United States to the Internet. As is set forth in detail below, Microsoft has engaged, and is
engaging, in unfair and deceptive trade practices intended to profile, track, and monitor
millions of Internet users. Central to the scheme is a system of services, known
collectively as ?.NET,? which incorporate ?Passport,? ?Wallet,? and ?HailStorm? that are
designed to obtain personal information from consumers in the United States unfairly and
deceptively. The public interest requires the Commission to investigate these practices
and to enjoin Microsoft from violating Section 5 of the Federal Trade Commission Act,
as alleged herein.
PARTIES
2. The Electronic Privacy Information Center (?EPIC?) is a non-profit, public interest
research organization incorporated in the District of Columbia. EPIC?s activities include
the review of government and private sector polices and practices to determine their
possible impact on the privacy interests of the American public. Among its other
activities, EPIC has prepared reports and presented testimony before Congress and
administrative agencies on the Internet and privacy issues.
C 2
3. The Center for Digital Democracy (?CDD?) is a non-profit organization that represents
the interests of citizens and consumers with respect to new media technologies.
4. The Center for Media Education (?CME?) is a national nonprofit, nonpartisan
organization dedicated to creating a quality electronic media culture for children, their
families, and the community. CME's report "Web of Deception" (1996) first drew
attention to potentially harmful marketing and data collection practices targeted at
children on the Internet and laid the groundwork for the Children's Online Privacy
Protection Act.
5. Computer Professionals for Social Responsibility (?CPSR?) is a public-interest
alliance of computer scientists and others concerned about the impact of computer
technology on society
6. Consumer Action is a 30 year-old, San Francisco-based non-profit education and
advocacy organization. It works on a wide range of consumer and privacy issues in
conjunction with its national network of 6,500 community-based organizations.
6?. The Consumer Federation of America ("CFA") is a non-profit association organized
in 1967 to advance the interests of consumers through advocacy and education. CFA's
current membership is comprised of over 280 national, state, and local consumer groups
throughout the United States, which, in turn represent more than 50 million consumers.
7. The Consumer Task Force for Automotive Issues (?CTFAI?) was co-founded by Ralph
Nader and Remar Suttton. CTFAI monitors auto fraud activities for consumer
groups, attorneys general, and plaintiff firms. CTFAI has particular interest in consumer
privacy since using the Internet is a common practice for consumers looking for
information on cars and loan.
8. The Electronic Frontier Foundation (?EFF?) is a non-profit organization based in San
Francisco, California. EFF is a donor-supported membership organization working to
protect our fundamental rights regardless of technology; to educate the press,
policymakers and the general public about civil liberties issues related to technology; and
to act as a defender of those liberties.
9. Junkbusters is a privacy advocacy and consulting company based in New Jersey
and incorporated in Delaware.
10. The Media Access Project (?MAP?) is a non-profit, public interest law firm
C 3
that promotes the public?s First Amendment right to hear and be heard on the electronic
media of today and tomorrow.
11. NetAction is a San Francisco-based nonprofit organization that promotes use of the
Internet for grassroots citizen action, and educates policy makers on technology policy. In
1997, NetAction launched a campaign that mobilized Internet users to pressure the
Justice Department to enforce antitrust laws against Microsoft.
12. The Privacy Rights Clearinghouse (?PRC?) is a nonprofit consumer information and
advocacy program based in San Diego, California.
13. U.S. Public Interest Research Group (?USPIRG?) serves as the national association of
state PIRGs, which are independent, non-profit, non-partisan advocacy organizations
around the country. U.S. PIRG and the state PIRGs have a long-standing interest in data
privacy and data protection and have published a series of reports on privacy-related
topics, including identity theft.
14. Microsoft Corporation (?Microsoft?) was founded as a partnership in 1975 and
incorporated in the State of Washington in 1981. Microsoft develops, manufactures,
licenses, and supports a wide range of software products for a variety of computing
devices. Microsoft?s principal place of business is One Microsoft Way, Redmond,
Washington 98052-6399. At all times material to this complaint, Microsoft?s course of
business, including the acts and practices alleged herein, has been and is in or affecting
commerce, as ?commerce? is defined in Section 4 of the Federal Trade Commission Act,
15 U.S.C. 44.
15. EPIC, CDD, CME, CPSR, Consumer Action, CFA, CTFAI, EFF, Junkbusters, MAP,
NetAction, PRC, and USPIRG bring this complaint against Microsoft alleging unfair and
deceptive trade practices under Section 5 of the FTC Act.
16. The complainants reserve the right to amend this complaint as new facts emerge
regarding this matter.
THE IMPORTANCE OF PRIVACY PROTECTION
17. The right of privacy is a personal and fundamental right in the United States. The
privacy of an individual is directly implicated by the collection, use, and dissemination of
personal information. The opportunities for an individual to secure employment,
C 4
insurance, and credit, to obtain medical services, and the rights of due process may be
jeopardized by the misuse of certain personal information.
18. Privacy law in the United States has by tradition protected the privacy of consumer in
the offering of new commercial services enabled by new technologies. For example, the
Cable Act of 1984 protects the privacy of cable subscriber records created in connection
with interactive television services. The Electronic Communications Privacy Act of 1986
protects the privacy of electronic mail transmitted over the Internet. The Video Privacy
Protection Act of 1988 protects the privacy of rental record for video recordings of
commercial programs made available to the public for home viewing. The medical
privacy regulations mandated by the Health Insurance Portability and Accountability Act
establish safeguards for the delivery of medical information in electronic formats.
19. The vast majority of Americans are today ?concerned? or ?very concerned? about the
loss of privacy particularly with regard to commercial transactions that take place over
the Internet. One poll has indicated that the ?loss of personal privacy? is the number one
concern facing the United States in the twenty-first century. A recent poll shows that
Americans favor government action to safeguard online privacy. Another recent poll
indicates that the ability to remain anonymous online is supported by both Internet
experts and ordinary Internet users.
20. The Federal Trade Commission has played a significant role in the last several years
investigating and prosecuting violations of section 5 of the Federal Trade Commission
Act where the privacy interests of Internet users are at issue.
STATEMENT OF FACTS
Background
21. Microsoft is the largest computer software company in the world. Microsoft?s
customers include consumers, small and medium-sized organizations, enterprises,
educational institutions, Internet Service Providers, and application developers. Most
consumers of Microsoft products are individuals in businesses, government agencies,
educational institutions, and at home.1 The Microsoft operating system is used by more
Internet users than any other operating system in the world. Microsoft?s database of
1 Microsoft Corporation Form 10-K for the Fiscal Year Ended June 30, 2000.
C 5
Passport users is the largest commercial database of Internet users. At present there are
more than 100 million users.2
22. Microsoft?s Internet business activities include the MSN network of Internet products
and services and alliances with companies involved with broadband access and various
forms of digital interactivity.3 Microsoft?s online properties include MSN Internet
Access, MSN Hotmail, MSN Messenger Service, WebTV Networks, Microsoft CarPoint,
Microsoft Home Advisor, Expedia, Inc., MSN MoneyCentral and MSNBC.4
23. The far-reaching and inter-connected nature of Microsoft?s Internet business activities
provides a unique potential for the collection, sharing and use of personal information
concerning the users of its various properties. This potential to track, profile, and
monitor users of the Internet has far-reaching and profound implications for privacy
protection in general and in particular with regard to the growth of electronic commerce.
24. As is set forth in detail below, Microsoft has developed technical capabilities and
business practices that facilitate such tracking, profiling, and monitoring in an
unprecedented manner. As a direct result of these capabilities and business practices,
Internet users who seek to engage in online commerce will routinely disclose to
Microsoft virtually all aspects of their private transactions with other merchants.
25. Internet users will also be confronted with a confusing labyrinth of inter-connected
Microsoft websites that collect and share their personal data. Consumer confusion is
exacerbated by the misleading registration practices, incoherent privacy policies, and
covert data sharing arrangements that are intended to facilitate the collection of personal
information from consumers by Microsoft while simultaneously making it difficult if not
impracticable for consumers to exercise control over their personal information.
26. When viewed both in its entirety and in terms of specific business practices outlined
below, and considering the extraordinary market dominance enjoyed by Microsoft, the
collection and use of personal information within the Microsoft network under Windows
XP and with the associated
trade practices.
2 New York Times, July 26, at C4.
3 Microsoft Corporation Form 10-K for the Fiscal Year Ended June 30, 2000.
4 Id.
C 6
Windows XP Impact on Consumer Profiling
27. With the release of the new operating system Windows XP and its associated
services, Microsoft will transform the process for the collection and use of personal
information on American consumers who engage in electronic commerce on the Internet.
Personal information associated with commerce, such as credit card numbers, has
traditionally resided under the personal control of the individual consumer. Such
information is typically disclosed in the context of a particular transaction for a particular
purpose to a particular merchant. With the release of Windows XP, Microsoft proposes to
move the locus of control away from the end user to Microsoft. Although it is described
by Microsoft as a ?user-centric,? the Windows XP architecture is more accurately
described as ?Microsoft-centric.?
28. The Microsoft Passport is a user authentication standard that will enable Microsoft to
collect personal information from consumers and disclose that information to Microsoft
partners and others. It makes Microsoft the central repository for routine information for
commercial transactions, as well as personal facts such as birthdates and anniversaries.
29. The HailStorm platform will enable the widespread exchange of personal information
among Microsoft business partners. It is intended to exchange the rapid exchange of a
wide range of personal information set out in more detail below.
30. Microsoft privacy practices will have a profound impact on American consumers.
According to Microsoft, the Hotmail web-based e-mail service, MSN, Microsoft.com,
and Passport, are among the ten largest Web sites in the world.5
31. Microsoft is currently testing the Windows XP operating system. Several questions
have already been raised about certain proposed features of XP that may disadvantage
competing products, services and standards provided by Microsoft?s competitors.
32. The Windows XP system is expected to be finalized later this year and then sold to
consumers.
33. The Federal Trade Commission is the primary federal agency responsible for
investigating and prohibiting ?unfair methods of competition in or affecting commerce;
and unfair or deceptive acts or practices in or affecting commerce.?
5 Hailstorm White Paper, http://www.microsoft.com/net/hailstorm.asp.
C 7
A. Passport
34. According to Microsoft, ?Microsoft Passport allows consumers to create a
single sign-in, registration, and electronic wallet that can be shared between all of
the sites that support Microsoft Passport.?6
35. The information that may be stored in the Microsoft Passport includes ?real
name,? country/region, state, city/locale, gender, age, occupation, marital status,
e-mail, personal statement, hobbies and interest, favorite quote, favorite things
(?Name your favorite books, artists, places, gizmos, or gadgets?), a personal
photo (?include a photo of yourself, a loved one, or a favorite place, thing or
pet?), a home page, options to routinely disclose the Public Profile in MSN chat
rooms, and to be notified of future features, as well as whatever additional data
Microsoft eventually chooses to request for the Public Profile.
36. The information maintained in the Passport Public Profile is under the ?user
control? in the sense that the user may choose not to provide certain information
or to prevent certain information from being routinely disclosed, but the Profile is
also very much under the control of Microsoft in the sense that the information is
physically in the possession of Microsoft and may be obtained by Microsoft
whether or not the user chooses to make the personal information public. Further,
many of the practices described below demonstrate how Microsoft through the
XP Registration procedures, access to MSN, use of Hotmail, and use of new
services such as e-books seeks to obtain from the consumer detailed information
for the Passport system.
37. The Microsoft Passport Privacy Policy contains a section entitled ?Participating Sites?
Commitment to Privacy.? The title of this section reasonably would lead a consumer to
believe what the heading implies; that sites that participate in Microsoft Passport have a
commitment to protect users? privacy. However, the section only contains one
requirement for participating websites; ?All Web sites participating in the Passport
program must have a posted privacy policy.? Nothing is said regarding what level of
protection that policy must provide. This section, with its deceptive title, is likely to
promote consumer confidence in Passport by instilling the mistaken impression that
participating websites will protect their personal information.
6 Microsoft Corporation Form 10-K for the Fiscal Year Ended June 30, 2000.
C 8
38. The Windows XP operating system leaves the user with little choice but to employ
Passport. As soon as the user starts a computer and uses a modem, a dialog box appears
on the screen stating: ?You?ve just connected to the Internet. You need a Passport to use
Windows XP Internet communications features (such as instant messaging, voice chat
and video), and to access Net-enabled features. Click here to set up your Passport.?
39. The collection and use of detailed personal information in this fashion constitutes an
unfair and deceptive trade practice.
B. HailStorm
40. HailStorm is a software based means to transfer personal information contained in the
Microsoft Passport, as well as a host of other information, across any operating system,
platform, or device. Microsoft lists an extraordinary range of consumer information that
will be collected and subsequently disclosed by means of HailStorm. This information
includes a person?s home telephone number, office telephone number, fax number, home
address, business address, and geographic locations; a person?s actual name, nickname,
birthdate, anniversary, other special dates, and personal photograph; a complete list of all
names of all contacts contained in an electronic datebook, including names, addresses,
contact dates, and personal details for all friends and associates; information concerning
location and contact information; all forms of incoming mail, including voicemail,
electronic mail, and fax mail; tracking information; personal and business documents;
favorite websites and other identifiers; receipts, payment instruments, coupons and other
transaction records, devices settings and capabilities across all platforms, including PC,
PDA, and telephones; and detailed usage reports for each one of these services.7
41. Microsoft represents that when using HailStorm, the ?user owns the data? that he or
she enters into Passport. HailStorm will, according to Microsoft, ?put people in control
of their own data,? because ?HailStorm starts with the assumption that the user controls
all personal information and gets to decide with whom to share any of it and under what
terms.?8
42. Despite these broad representations, the control that users will ultimately have over
the extensive collection of their personal information within the HailStorm system will be
subject to the vagaries of Microsoft?s business model.
7 Hailstorm White Paper, http://www.microsoft.com/net/hailstorm.asp.
8 Microsoft Corporation Form 10-K for the Fiscal Year Ended June 30, 2000
C 9
43. Microsoft states that it ?intends to contractually bind licensees to specific terms of
use that control what can and cannot be done with user data originating from a HailStorm
source.? Microsoft has made its intention clear, stating that it ?will operate HailStorm as
a business.? In Microsoft?s HailStorm business model, ?end users will be the primary
source of revenue to Microsoft.?9
44. To use Windows XP, consumers will be unfairly led to believe that they need a
Microsoft Passport. Passport is the ?basic user credential? of Hailstorm. Although
Microsoft claims the ?users own their information? and that consumers will control the
use of that information, Microsoft will charge consumers to relay this vast amount of
individually identifiable information, ranging from their home addresses to the
documents stored on their computers. Microsoft will also charge recipients to use the
information.
45. As a result of these practices, Microsoft will essentially provide consumers the
?right? to buy some limited level of ?control? over the use of their own personal
information outside of Microsoft, despite the fact that the consumer has no meaningful or
effective control over the use of that information within Microsoft. Additionally, in
reference to third parties, consumers? control of their own information exists only so long
as the consumers? desires fit within the framework of Microsoft?s intent to ?contractually
bind licensees? regarding the use which they can and cannot make of this information.
46. Microsoft?s Windows XP / Passport / HailStorm business model constitutes both an
unfair and a deceptive trade practice when considered in its entirety.
Misleading Product Activation and Registration Procedures
47. Microsoft represents to consumers that the product activation feature included in the
new Windows XP operating system and its software suite Office XP will not combine the
information gathered in the activation?s hardware sweep with personally identifiable
information. Information at the Microsoft website states:
Microsoft Product Activation is completely anonymous, and no personally
identifiable information is collected.
9 Id.
C 10
48. However, Microsoft then goes on to say:
Activation is different from product registration. If they wish, customers
may voluntarily register their product by providing their name and contact
information. Registration is for those customers who want to receive
future communications on product updates, service releases and other
special offers.10
49. Microsoft also claims that product registration, which requires personally identifiable
information, is voluntary. However, users cannot receive support services for products
without registering for Microsoft Passport. The user?s product identification number is
then linked to his or her personally identifiable Passport information. Information posted
by Microsoft states:
Using the Online Support sites secured by Passport is easy. Passport
provides secure authentication ensuring that your support interactions and
all data exchanged with Microsoft is secure and private. To establish your
own private and secure personalized support web page where you can
interact with our award-winning Microsoft Support Professionals, first
time users will need to (1) sign-up for Passport or sign-in to Passport and
(2) complete a profile.
In order to identify the type of support you are entitled to, this system may
automatically determine your product identification number. This number
is required to receive support from Microsoft.11
50. Through product activation and registration, Microsoft can actually match users to
their machines. Although Microsoft represents to users that the product activation
process preserves anonymity, users cannot receive software support anonymously for the
product that they activate and are forced to register for Microsoft Passport.
51. This practice constitutes an unfair and deceptive trade practice.
10 Software Piracy on PressPass,
http://www.microsoft.com/presspass/newsroom/pir
11 http://servicedesk.one.microsoft.com/WRPublic/en/
C 11
Hotmail Service Tracks Users
52. Hotmail is an email service offered by Microsoft.
53. Users of Hotmail email service are required to create Passport accounts, using the
personal information they provided to sign up with Hotmail. No notice is provided to
Hotmail users that they are being given Passport accounts, nor does the Hotmail website
contain an opt-out feature. When Hotmail users login to Hotmail, they are simultaneously
logged-in to the Passport system.
54. Passport will track Hotmail users as they visit other MSN sites, and provide users?
personal information to those sites, unless the users click on a small ?Sign-Out? button on
the page each time they wish to move to a different MSN site. Hotmail?s privacy policy
states in part:
Your non-personally identifiable information from your Hotmail
registration (such as zip code and gender) may be shared with other
Microsoft websites to provide a more personalized advertising experience
online. For example, you may see ads from a Microsoft
bCentral/LinkExchange Banner Network member as you surf the Web but
none of your personally identifiable information is shared with the third
party websites.12
55. Passport tracks the behavior and divulges the personal information of Hotmail
customers who neither have been notified of their Passport accounts, nor have granted
permission for such use of their information. If a user visits the MSN homepage, a
Passport ?Sign-in? button will appear. If the user who did not come from Hotmail or
another MSN site clicks this button, information on Passport will appear, along with an
invitation to join the Passport system. However, if a Hotmail user who did not click the
Passport ?Sign-Out? button before exiting Hotmail visits the MSN homepage and clicks
the same button, the MSN page will reload, with a message greeting the user by name.
56. This practice constitutes an unfair and deceptive trade practice.
12 Hotmail MSN Hotmail Privacy Statement, http://lc1.law5.hotmail.passport.com/cgibin/
dasp/hminfo_shell.asp?content=pstate
C 12
Kids Passport Captures Data from Parents for Unrelated Services
57. Microsoft makes the following representations regarding the Kid?s Passport service,
which enables the collection of information on children under the age of 13 that will be
subsequently disclosed to Microsoft partners and other entities operating on the Internet.
Microsoft Kids Passport allows parents to consent to the collection, use
and sharing of their children?s information with Microsoft and the sites
and services operated by or for Microsoft (including MSN) and with
participating Passport Web sites that have agreed to utilize Kids Passport
as their parental consent process. (emphasis added) . . .
All of these sites [participating passport websites] agree to have a posted
privacy statement describing how they use personal information collected
by their website. . . .
It is important for you to read the Privacy Statement and Terms of Use for
each website you are consenting for your child to visit and use.13
58. The Kids Passport privacy policy only requires one parental verification process.
Participating Passport websites will not have to obtain ?verifiable parental consent? if the
user enters the site through Kids Passport because the participating websites will have
already agreed to utilize Kids Passport as their parental consent process. Thus if a
participating website changes its existing privacy policy after the parent has gone through
the verification process and the changed policy conflicts with the parent?s level of
consent, the participating site will not have to obtain parental consent a second time. The
burden will be on the parent to ensure that his/her consent level is consistent with
participating websites? privacy policies at all times.
59. Even if the privacy policies of participating Passport websites contradict or provide
less protection than Passport?s privacy policy, the participating Passport websites?
policies will govern over Passport?s privacy policy. Hence, the parent is effectively
required to read all participating Passport websites? privacy policies before providing
parental consent in the first instance for Kids Passport
13 Microsoft Passport: Privacy Statement,
http://www.passport.com/Consumer/PrivacyPolicy.
C 13
60. The design of Kids Passport further requires parents to review the privacy policies of
participating websites on an ongoing basis to make sure that websites have not altered
their privacy policies in a manner that conflicts with the parents? desired level of consent.
61. Parents are required to establish their own Microsoft Passport accounts in order to
register their children with Kids Passport. Microsoft does not provide parents with any
other means of registering their children with Kids Passport.
62. Microsoft?s practice of requiring parents to register for Passport in order to register
their children for Kids Passport is a deceptive practice. It enables further collection of
personal information by Microsoft for purposes unrelated to the use of Kids Passport.
Further, by requiring parents to verify their consent through credit card validation,
Microsoft automatically creates a Passport Wallet for the parents, where their credit card
information will be held.
63. These practices constitute unfair and deceptive trade practices.
Covert Sharing of Passport Information within the MSN Network
and Conflicting Privacy Standards within the MSN Network
64. Microsoft Passport facilitates greater access by Microsoft affiliates within the MSN
network to personal information of computer users. Microsoft represents that
When you sign in to any area of MSN (and don?t sign out) and you visit
any other area of MSN, you will be automatically signed in . . . [and] your
Passport information (excluding your wallet information) will
automatically be shared with each area in MSN that you visit.
65. While facilitating the broad sharing of personal data, Microsoft makes it difficult, if
not impossible, for users effectively to protect their privacy within the MSN Network
because the various components offer contradictory and conflicting privacy policies.
Thus, Microsoft advises users that ?when you choose to visit the various areas of MSN . .
. you are subject to their specific terms of use and privacy policies.?14
66. Microsoft?s collection and sharing of personal data under this procedure within its
network constitutes an unfair and deceptive trade practice.
14 Id.
C 14
The Flawed Microsoft Passport Privacy Policy
67. The Microsoft Passport Privacy Policy states that, ?[y]ou are in complete control of
which web sites receive the Personal Information in your Passport profile and Passport
wallet ? Microsoft will not share, sell, or use your Personal Information in any way not
described in this privacy statement without your consent.?15
68. Participating web sites are not required to abide by the same information collection
practices as purportedly apply to the Microsoft Passport services, and such sites can
apparently share, sell, or use personal information in a manner not explicitly provided for
in the Passport Privacy Policy.
69. Buy.com, a shopping site accessible through the Passport service16 reserves the right
?to share [customers?] personally identifiable information with third parties who provide
services to us, our customers and web site visitors ? includ[ing] authorized contractors,
temporary employees and consultants and other companies working with us.?17 Further,
customers of Buy.com who then wish to shop at other sites associated with that company
(part of its ?Partner Center?) are subject to entirely different privacy protections once
again.
70. Participating web sites are not required to meet even basic industry standards of
privacy protection to participate in Passport services. Microsoft only requires that
participating web sites have ?a posted privacy statement.?
71. Customers, assured by Microsoft that information in their Passport profile is protected
according the principles of the Passport Privacy Policy, will reasonably assume that sites
associated with Passport will offer the same protections, and share personal information
they otherwise would not share.
72. The Microsoft Passport Privacy Policy unfairly and deceptively leads consumers to
believe that websites participating in Passport will abide by the same privacy practices as
Passport itself.
15 Id.
16 Microsoft Passport - Site Directory, http://www.passport.com/Directory/Default.asp
17 http://www.us.buy.com/corp/privacy_policy_complet
C 15
Harvesting of email addresses and Profiling of Users
73. The Passport service is intended to give Microsoft the ability to send unsolicited
commercial email to Internet users and to profile their activities.
74. Microsoft obtains a user?s email address and discloses that personal information to
other Microsoft web sites whether or not the user intends to visit those sites or if there is
any need for the address to be collected by those sites. According to Microsoft:
Creating a Passport --- . . . Your email address is required to create a
Passport and it will be shared with Microsoft and its web sites . . . 18
75. Microsoft retains the right to disclose email addresses obtained by Passport to enable
unsolicited commercial email by web sites participating in the Passport network:
If in the future Passport sends email on behalf of participating web sites,
you will be able to follow instructions contained in the email to choose
whether or not you?d like to receive additional email.19
76. There appears to be no means by which users currently can limit the exchange of their
email addresses with the Microsoft Network and no limitations on the unsolicited
commercial email that may result from the collection of email addresses in this fashion.
77. Passport facilitates the profiling of Internet users by enabling the collection of
personal information. According to Microsoft:
The site may store the profile and wallet information sent to it during this
process in their database.20
78. These practices constitute unfair and deceptive trade practices.
18 Microsoft Passport: Privacy Statement,
http://www.passport.com/Consumer/PrivacyPolicy.
19 Id.
20 Id.
C 16
Known Defects in Passport Design
79. Microsoft is aware of significant risks that users will have their personal information,
including their credit card numbers, disclosed to others when the Passport service is used
at a shared or public terminal, which could include a computer in a library, community
center, workplace, or airport lounge. Microsoft advises:
You should always sign out of Passport when you are finished browsing
the web to ensure that others cannot access your Passport profile or
wallet.21
80. Microsoft is also aware of significant risks that users will inadvertently disclose
personal information when they surf the web using the Passport service.
It is important for you to read the privacy statement and terms of use for
each site you visit to ensure you are comfortable with how they might use
your personal information.22
81. Internet users are routinely unaware of web site privacy statements. According to one
recent study, 41% of users report that they never or hardly ever read privacy statements
online.
82. The failure to establish adequate security standards to ensue that personal information
within the control of Microsoft, such as a credit card number, is not inadvertently
disclosed to a third party is an unfair and deceptive trade practice.
Failure to Warn of Passport Security Flaws
83. Microsoft has a history of privacy and security failures that is inconsistent with its
claim that ?Any information provided to Microsoft remains secure and private.?23
84. For example, in August 1999, when Passport was combined with Hotmail, a defect
was discovered in Hotmail that allowed ?anyone to read the private correspondence of
21 Id.
22 Id.
23 Id.
C 17
about 50 million subscribers.?24 In February 1999, Microsoft was found to be quietly
creating ?a vast data base of personal information about computer users.?25 The online
privacy seal organization TRUSTe subsequently found that Microsoft had compromised
?consumer trust and privacy.? Defects in Microsoft?s software are routinely discovered
that allow intruders unauthorized access to files, most recently a defect in Microsoft?s IIS
Web server software that has allows the ?Code Red? virus to compromise an estimated
300,000 computers, including some of Microsoft?s own servers.26
85. Microsoft?s failure to disclose the actual risks associated with the collection and use
of personal information in the Passport service constitutes an unfair and deceptive trade
practice.
Leading Industry Experts Have Expressed Concern about the
Privacy Implication of Windows XP and the HailStorm Services
86. Walter S. Mossberg is a widely regarded commentator on the computer industry who
writes a regular column for the Wall Street Journal. On July 5, 2001 (?Microsoft Cracks
Down On Sharing Windows XP?) Mr. Mossberg examined the product activation
procedure for Windows XP and noted that:
Windows will keep monitoring your setup to check that it?s still running
on the same machine. If you make major hardware changes, the system
could disable Windows and force you to check in with Microsoft in the
mistaken belief the program has been transferred to another computer.
One journalist reported that his copy of Office XP suddenly went into
?reduced functionality mode? and insisted he activate again while he was
using it on an airplane.
87. Mr. Mossberg concluded:
Microsoft has chosen a method of enforcing its policy that smacks of an
invasion of privacy. The company says its database of PC configurations
won?t contain any personal information, and will be encrypted so that
24 Wired News at http://www.wired.com/news/news/business/story/214
25 New York Times, March 3, 1999.
26 ??Code Red? Worm Rearing to Attack on Net,? ZDNet News, July 21, 2001,
http://www.zdnet.com/zdnn/stories/news/0,4586,5
C 18
nobody can misuse it. But Microsoft?s bully-boy behavior in the
marketplace hardly inspires confidence that it won?t somehow exploit this
information.
88. Stewart Alsop is a widely regarded commentator on the computer industry who writes
a regular column for Fortune Magazine. In an article for Fortune on July 23, 2001
(?Monopoly Has Just Begun Insidiously, incrementally, Microsoft is getting more and
more of me. That has me worried.?) Mr. Alsop examined the impact on Windows XP on
consumer privacy. He found, for example, that when he tried to take advantage of a new
consumer product, the ?e-book,? offered by a non-Microsoft company he was required to
go through the Microsoft Passport registration procedure.
I decided to buy the e-book, but Microsoft forced me to register with its
Passport service to activate Reader. The ostensible reason is that Microsoft
keeps track of the digital rights to each copy of the book.
89. He had a similar experience when he attempted to download a new software product.
Based on his experience with these two products, Mr. Alsop observed:
Microsoft is going to collect more and more information about what I buy
and what I do. I don?t really have a choice. It is very nearly impossible to
use any computer without using Microsoft?s software, and increasingly
that means that it is very nearly impossible to avoid handing over your
personal information to the company.
And this situation is just going to get worse, because Microsoft does have
a monopoly, and it is using that monopoly to aggressively expand its
dominance of computers--personal computers, office servers, handheld
computers, even set-top boxes--and its dominance of the Web and Web
services delivered through its Internet Explorer browser.
90. Mr. Alsop concludes:
This gets to the heart of why I?m really starting to worry. Microsoft is
encroaching on the consumer side, increasingly using its position between
us and every computer to make sure that it has the data to know who we
are and what we?re buying.
C 19
91. Esther Dyson is a widely regarded computer industry expert and chairman of
EDVenture Holding. Regarding the privacy implications of the practices described
herein, Ms. Dyson said to the Industry Standard, a leading industry magazine:
I don?t want the government, or Microsoft, asking me for my ID.
I find it kind of amazing. You sit and think, ?Can they actually do this? Is it
believable?? One hopes not.
REQUEST FOR RELIEF
Wherefore, the Complainants request that the Commission:
A. Initiate an investigation into the information collection practices of Microsoft
through Passport and associated services;
B. Order Microsoft to revise the XP registration procedures so that purchasers of
Microsoft XP are clearly informed that they need not register for Passport to
obtain access to the Internet;
C. Order Microsoft to block the sharing of personal information among Microsoft
areas provided by a user under the Passport registration procedures absent explicit
consent;
D. Order Microsoft to incorporate techniques for anonymity and pseudo-anonymity
that would allow users of Windows XP to gain access to Microsoft web sites
without disclosing their actual identity
E. Order Microsoft to incorporate techniques that would enable users of Windows
XP to easily integrate services provided by non-Microsoft companies for online
payment, electronic commerce, and other Internet-based commercial activity; and
F. Provide such other relief as the Commission finds necessary to redress injury to
consumers resulting from Microsoft?s practices as described herein.
C 20
Respectfully Submitted,
Marc Rotenberg David L. Sobel
Executive Director General Counsel
ELECTRONIC PRIVACY INFORMATION CENTER
1718 Connecticut Ave., N.W.
Suite 200
Washington, DC 20009
(202) 483-1140
July 26, 2001
I've written a fairly detailed essay on 'Scarcity'-based business models in relationship to information and the internet:
. html
http://www.furinkan.net/goodies/systemsofscarcity
Assuming you don't qualify for any of the discounts, one year of Science costs $250US. You also have the option of paying $5US for a *single* article on their website.
r _setup.asp
Look here for prices: https://aaas.realtimepub.com/membership/new_membe
From the article:
Perhaps if we let a certain former Texas governor order the killing of virus writers, he might refrain from killing retarded adults, people who committed their crimes as juveniles...
The real kicker here is that most of the viruses out there have been created by... you guessed it... juveniles.
They're juvenile in mind if not in body at least...
There's a reason we call these people 'script kiddies'. Steve Gibson, of grc.org fame beleives that the k1dd3s DOS'ing his site are no older than 12 or 13. I would imagine that most of the people who downloaded this virus creation kit are just about as old.
Hi! How are you?
I send you this goatse.cx link in order to have your advice
See you later. Thanks
Attachment 1: http://www.goatse.cx