X

Privacy group details complaints against XP

Privacy organizations detail a complaint they will submit to the Federal Trade Commission, charging Microsoft with inadequate security and privacy in Windows XP.

4 min read
A group of privacy organizations on Thursday detailed a complaint it plans to submit to the Federal Trade Commission, charging Microsoft with inadequate security and privacy provisions in the forthcoming Windows XP and alleging unfair and deceptive trade practices.

More than 10 organizations, including privacy group Junkbusters and the Electronic Privacy Information Center, a public-interest group, are asking the FTC to prevent the launch of Windows XP because of potential privacy problems arising from the operating system and the company's Passport software.

The group plans to file the complaint later Thursday.

The complaint charges Microsoft with engaging in "unfair and deceptive trade practices intended to profile, track and monitor millions of Internet users. Central to the scheme is a system of services, known collectively as '.Net'...that is designed to obtain personal information from consumers in the United States unfairly and deceptively."

The complaint asks the FTC to investigate Microsoft's practices and uses of its technology, such as the Passport, Wallet and HailStorm services. It asks for relief under Section 5 of the Federal Trade Commission Act, which focuses on whether a practice is unfair or deceptive.

During a press conference Thursday, Jason Catlett, president of Junkbusters, said that Microsoft "is trying to put itself in the middle of all transactions of commerce and all private information on the Internet. They are an unsuitable party for this role."

The complaint comes as Microsoft has felt growing pressure from many fronts, with government officials and competitors scrutinizing critical features in Windows XP, due for release in late October.

The Redmond, Wash.-based software giant has been touting a service, dubbed HailStorm, that is central to its strategy to conjoin its applications with Internet services. The company envisions tying content delivery, shopping, banking and entertainment through a variety of devices--including cell phones, PCs and handhelds--through HailStorm, which relies on the Passport authentication system.

But with its Passport service, Microsoft is entering one of the most hotly contested arenas on the Web. E-wallet services gather and store personal information from consumers, including passwords and credit card information, so they don't have to continually re-enter the crucial data.

But the promise of convenience may come at a heavy price if the stored information is maliciously breached or accidentally leaked. At the very least, it opens up chances for abuse. And privacy advocates say Microsoft's track record on security is cause for alarm.

Privacy advocates on patrol
"Microsoft wants to be a gateway to the Internet over the long haul--the company that holds all of consumers' personal information," said Richard Smith, chief technology officer of The Privacy Foundation. "That's a control, antitrust issue. It's like they are the one credit card company on the Internet."

But security breaches through software trigger fears that the company could wield too much power through Windows XP. Privacy advocates point to security breaches last year in Microsoft's free Hotmail e-mail program, which is a part of Passport, and a "Code Red" computer worm that recently affected more than 350,000 Microsoft Internet Information Servers.

"There are some problems here with the underlying infrastructure," Smith said. "By concentrating personal information in one place, there are a number of dangers that could arise and issues that need to be addressed."

Microsoft spokesman Jim Cullinan said the company has these issues in mind. "Security is a fundamental design point with all of our .Net services. We have a commitment to our users to protect the privacy and security of their data, and if we don't live up to that, they won't use the Web services."

Further illustrating Microsoft's push to convert consumers into Passport customers, the software giant already requires people to sign up for a Passport account to buy an e-book through its software, advocates say.

"If a major book publisher were to start demanding consumers produce a driver's license before reading a book, people would be outraged," said Junkbuster's Catlett.

"Microsoft's strategic intent is plainly to be the monopoly broker of identity who takes a cut of each transaction," Catlett said. "They shouldn't be allowed to get there."

Cullinan said consumers are not required to sign up for Passport to use Windows XP. However, there are features in the system that require an authentication service, including Windows Messenger and Hotmail, he said.

Among other things, the complaint raises concerns about the tie-in between Windows XP and Passport registration; Microsoft's policies surrounding the sharing of information between company units and partners; and profiling of Internet users and the risk of exposure of consumers' Passport information to third parties, said Marc Rotenberg, executive director for EPIC.

The group will seek to alter the registration process for Windows XP, Passport and Hotmail and to ensure that Microsoft's practices in collecting and sharing data comply with federal privacy laws.

The group also plans to submit copies of the complaint to the Senate Judiciary Committee and the Justice Department.

News.com's Stefanie Olsen and Sandeep Junnarkar contributed to this report.