Microsoft rapped over privacy failings

[bongme]

hi

Thursday, 8 August, 2002

Microsoft misled consumers over its ability to protect the private information of users of its Passport software, a US Government watchdog has said.

The US Federal Trade Commission said Microsoft made false claims to consumers about its ability to keep their personal information safe.

Under an agreement reached with the FTC, the software giant has pledged to overhaul the Passport system and to have its work checked by independent experts to ensure it has done a good job.

The Federal Trade Commission investigated Passport following complaints by privacy and civil liberty groups.

Law breaker

The complaint was lodged in July 2001 by a coalition of consumer groups who feared that the technical shortcomings of Passport were a danger to personal privacy.

The Passport system is an identification system that lets users sign in once but gives them personalised access to many hundreds of different websites.

The FTC said Microsoft misrepresented the security of Passport's design and use.

"Companies that promise to keep personal information secure must follow reasonable and appropriate measures to do so," said Timothy Muris, chairman of the Federal Trade Commission in a statement.

"It's not only good business, it's the law," he said, "Even absent known security breaches, we will not wait to act."

The agreement reached with the FTC prohibits Microsoft from misrepresenting its ability to protect information.

Microsoft will not pay a fine as part of the settlement but could be liable for substantial fines in the future if it does not comply with the deal.

The agreement to improve the security of Passport will be in place for the next 20 years.

Flawed software

Many other organisations have found flaws in Passport. The self-styled hacker quarterly 2600 produced an article that showed just how easy it was to fake the identity of a Passport user.

Late last year the Passport service was taken offline when Microsoft admitted that a vulnerability was putting at risk the credit card details of two million users.

The Passport service is key to Microsoft's ambitions to get users signing up to web-based services as part of the larger .Net initiative.

Passport now has more than 200 million registered users although many accounts lie fallow because users only sign up to get more out of newer versions of Microsoft's operating systems.

Rivals to Microsoft have set up the Liberty Alliance which aims to produce a decentralised way of signing in to lots of allied websites.

Bongme