Microsoft's unofficial privacy chief
In the wake of the giant's highly publicized misstep of gathering identifying data from Windows 98 users, a fairly new member of its team has emerged as its unofficial privacy emissary.
Ex-Firefly Network executive Saul Klein, whose formal title is group program manager for Web Platform Services at Microsoft, seemed to clinch the role at last month's Computers, Privacy, and Freedom conference in Washington.
During the conference's comedic and shrewd Big Brother Awards ceremony, "actors" delivered mock acceptance speeches on behalf of high-tech companies and government agencies that were rebuked for violating personal privacy. But when Microsoft won the People's Choice award for "worst privacy violator," a brave Klein took the stage and graciously accepted the trophy. Playing along, he excitedly thanked his mother and father before soberly pledging Microsoft's ongoing commitment to shielding computer users' privacy.
The packs of privacy advocates in the audience may have taken his remarks with a grain of salt. However, he received a standing ovation from his table, where some of his colleagues sat with former FTC commissioner Christine Varney, who now represents the Online Privacy Alliance, Net pundit Esther Dyson, and the Electronic Frontier Foundation's (EFF) new head Tara Lemmey.
In fact, the familiar faces in the crowd represented all sides in the international privacy tug-of-war between those who want stronger laws to protect consumers in the digital age and those who believe a better solution lies in voluntary industry guidelines backed by seals programs.
And that night also proved what Klein already knows--that Microsoft, a company that has largely staked its future in the explosive money-making potential of the Web, has to take all these people seriously. After all, personal information, from email addresses to credit card data, has become the cornerstone of marketing and commerce on the Net.
"We're galvanizing internal efforts and working with the rest of the industry to address the privacy concerns," Klein said in an interview with CNET News.com.
"We are not perfect," he added. "But when someone has pointed out a mistake, we investigate it very promptly and we move quickly to provide patches or fixes."
Microsoft is not alone in feeling the heat on privacy issues; other high-profile companies also have appointed internal privacy point people and have posted privacy policies online in an effort to mollify increasing consumer and regulatory concerns.
Klein first entered the U.S. Net privacy debate when he worked for Firefly, whose flagship product, called Firefly Passport, helps collect user preferences anonymously, recommend Internet content, and send appropriate advertising, for example. Microsoft bought the company in April 1998.
Since then, Klein has been leading the company's efforts to turn out products that let consumers manage the amount of personal information they want to share with Web sites. But he also has increased his frequent-flyer miles to Capitol Hill.
"When we were at Firefly we had a good relationship with the folks from D.C., and there are a lot of different voices and opinions," he said.
Microsoft is no stranger to the privacy policy arena.
It supports both Truste and the Better Business Bureau Online's Web trust seal programs. And the company jointly created a privacy wizard with the EFF that helps companies generate data collection policies to post on their Web sites. The wizard is expected to be incorporated into the Privacy Preferences Project browser standards initiative that is before the World Wide Web Consortium (W3C).
Moreover, any company Microsoft buys immediately has to apply for a Truste seal.
"Unless you have privacy policies out there, clients and search services have nothing to read," Klein explained. "Then Web sites can start saying, 'This is my policy,' and people can then make decisions about how they want to spend time and money."
But not all are satisfied with Microsoft's response to discoveries about its products, such as a feature in Windows 98 that can be used to collect information on authors of electronic documents without their knowledge. Microsoft has promised to fix the problem.
"With Windows 98, Microsoft hasn't made an adequate commitment to fair information practices because it hasn't informed people who may have been affected," said Jason Catlett, founder of the privacy tool clearinghouse Junkbusters.
Adds Marc Rotenberg, executive director of the Electronic Privacy Information Center, "Microsoft actually helps make the case for the need for a comprehensive law because there is too much chaos and confusion across their products and varying privacy standards."
Klein acknowledges that the Windows issue conflicted with Microsoft's efforts on the Web privacy front but notes that people need to understand the difference between unique identifiable data and aggregate data that can't be linked back to them.
"The thing that is key to us is trying to move toward giving people access to their information and informing them when information is collected," he said.
Despite the ongoing debate over what sensitive information companies should gather from computer users, privacy advocates are glad to see Klein on the front lines.
"I think it is great he is there doing this job for Microsoft. He understands these issues well," Catlett said. "People in Washington will make a lot of judgments based on what he says."