Now a new horde of Huns is at the gates: Microsofts
Passport identification service, a feature of the software giant's
forthcoming Windows XP operating system that allows the surfer to visit
the member areas of Microsoft-owned sites such as Hotmail, the MSN
Network, and Microsoft.com without having to enter a user name and
password every time. The catch, say critics, is that because these sites
are among the 10 most visited on the Web, this will lead to the largest
invasion of online privacy ever seen.
In a lawsuit accusing Microsoft of unfair and deceptive trade practices
now before the Federal Trade Commission, more than a dozen privacy groups
led by the Electronic Privacy Information Center (or EPIC, www.epic.org)
have charged that the Passport service is designed to compile a colossal
database of users personal information. Microsoft, they contend, will be
able to use the data entered during the Windows XP installation process to
track and profile Web surfers, and then do with the information as it
pleases, including selling it to the highest bidder. Before you are tempted
to upgrade to XP when it comes out at the end of September, you should
know what these watchdog groups are saying about it, and how Microsoft is
dealing with the flak.
With 165 million people already registered, the Passport service is the
largest online repository of personal information (to put this figure in
perspective, consider that there are now an estimated 300 million
computers on the Internet). Even though Passport is an optional feature of
XP, the suit accuses Microsoft of not making that clear to the user at the
time of installation. Instead, users are led to believe that signing up
for Passport is simply part of the process. When privacy groups first
filed the lawsuit asking to delay XP's release, Passport was designed to
ask for 13 items of personal information, including users real names,”
e-mail addresses, street addresses, home phone numbers, credit card
information, gender, age and occupation. Photos of users were also
And in a glaring example of Microsoft greed, a posting on Slashdot.com
inputting data . . . or engaging in any other form of communication with
or through the Passport Web Site or any of its “associated
services, users would grant Microsoft the right to use, modify, copy,
distribute, transmit, publicly display, publicly perform, reproduce,
publish, sublicense, create derivative works from, transfer, or sell any
such communication and exploit any proprietary rights in such
communication, including but not limited to rights under copyright,
trademark, service mark or patent laws. In other words, if you installed
XP, got suckered into signing up for Passport and then used Hotmail to
e-mail your latest short story to your literary agent or a new schematic
diagram to your patent lawyer, Bill Gates would devour the rights to your
work like a blood-crazed shark.
After privacy groups made headlines in July by filing suit, an embarrassed
Microsoft tried to backpedal. The company announced Passport would only
require users e-mail addresses, but that their affiliates would still be
free to ask for all the other information. The clause granting Microsoft
the rights to users intellectual property, called an oversight by a
company spokesman, were dropped. Microsoft also disavowed any intention to
make commercial use of its trove of user information.
Unimpressed by the company response, the privacy groups announced on
Aug. 15 that they would file an expanded lawsuit maintaining that
Passport's requirement of users e-mail addresses was still
unacceptable more spam in users in-boxes would still be the inevitable
result. The second suit also asks the FTC to order Microsoft to alter the
XP registration process to allow users to opt out of the Passport system
more easily, and permit them to surf the Web anonymously.
And according to Jason Catlett of Junkbusters (www.junkbusters.com), one
of the complaining parties, Passport requirements also violate a 2000
law protecting the online privacy of children. Tonya Klause, a Microsoft
spokeswoman, attempted to rebut the charge by saying that all Passport-
affiliated Web sites require parental consent before children can provide
information to those sites. But how easily a child could pose as his own
parent and give himself permission to disclose personal information
remains unanswered here.
Meanwhile, the Justice Department, still in antitrust litigation with
Microsoft, has yet to issue an injunction against the release of XP. On
Aug. 17, a federal appellate court turned down the company request to
delay further proceedings in the four-year case pending Microsoft's
request for a Supreme Court review, which some experts think may increase
the likelihood of such an injunction.
A possible indication of what Justice's position on XP might be, though,
lies in Attorney General John Ashcroft's current budget for the agency,
which in spite of its stated willingness to pursue the Microsoft
anti-trust suit, allots no funding whatsoever to it. However, according to
CNN, a number of state attorneys general are currently weighing legal
challenges to XP, and the Senate Judiciary Committee also plans to hold
hearings on the new operating system.
The only response from the FTC so far has been a letter to EPIC saying,
"We will evaluate your complaint to determine what action, if any would be
appropriate in this case. Please be advised that any Commission
investigation is non-public until the Commission decides to issue a formal
complaint. As a result, we will not be able to advise EPIC or the other
complainants of our decision as to whether to investigate the matter."
With an overwhelmingly pro-business Bush administration possibly ready to
look the other way on this assault on online privacy, and help from other
quarters uncertain, all that remains to be said is this: Surfer, beware.
List of Metroland Stories by Glenn Weiser
©2003 by Glenn Weiser. All rights reserved.