Commentary: Trust is key for HailStorm

Two questions face Microsoft's new privacy initiative: Will HailStorm be seen as a Redmond power grab? If not, will Web surfers even bother to use it?

3 min read

HailStorm is the first of what we expect will be a series of announcements from Microsoft on specific sets of building-block services it will offer through .Net via XML-based interfaces, enabling Web site developers to add these services to their sites.

This first set is based on Microsoft Passport and is designed, among other things, to provide both privacy and security protection and personalization services across all sites that implement it. It will enable consumers to have a single sign-on to all .Net-based sites and to create a master set of preferences that will apply to all such sites they may access.

For Microsoft, these services are an extension of a long-term corporate policy that has made it a leader in privacy and personal security on the Internet. For instance, it has a chief privacy officer, and it has actively supported the establishment of security and privacy standards on the Internet.

Nevertheless, one major question determining the success of this initiative will be whether Microsoft can convince the majority of Internet users to trust it. In fact, the degree to which Microsoft pushes HailStorm may quickly translate into the strength of the backlash against it. Justified or not, the public may regard this as another example of Microsoft trying to take over the world.

The role of American Express
The involvement of American Express as a partner may help blunt any concern. To succeed with the public, Microsoft needs to take an "inside-out/outside-in" approach. Web users who are entering the Web through Microsoft sites such as MSN already have a trust relationship with Microsoft. They probably would be comfortable with the idea of trusting Microsoft with their personal information.

See news story:
With HailStorm, think fee, not free
Individuals who do not already have that relationship with Microsoft may be less comfortable. But if they already have a trust relationship with HailStorm adopters such as American Express, they may be more willing to accept Microsoft's evolving market position. Microsoft's HailStorm branding must be flexible. The company must be willing to allow business partners to private-label HailStorm for specific communities.

Another key question is whether consumers will bother to use (or pay for) these services, regardless of whose brand is on it. Several surveys have shown that privacy and security concerns are a major inhibitor to consumers considering using online shopping and financial services. But a poll by Harris of what consumers actually do online shows that only 1 percent even bother to read a site's privacy statement. They become concerned about security and privacy only when there is a problem. People are saying one thing and doing another.

Microsoft probably has good technology, and there are good arguments for having a central provider of these services, regardless of branding. Ultimately, however, the success of this service is not a technology issue, but a personal behavior issue.

The roll of online gamers
Gamers are one community to watch closely. Tight integration between Microsoft's X-Box and HailStorm will be a likely scenario, whereby gaming services are accessed over the Web by profile, not by machine. Gamers, usually very early adopters of technology, may help drive acceptance of this service into the larger user community.

Organizations may want to consider joining the Microsoft personalization service if it starts to gain momentum. At this point, however, we recommend that they do not look to Microsoft to provide security, for instance, for online transactions--which is a more difficult technical issue.

It is possible that at some point within the next six to 12 months Microsoft will decide that extending full security across the Web is more difficult than it thought. At that point, Microsoft may partner with a certificate security provider. However, this probably will be a convenience for both sides. Ultimately, .Net Passport services will overlap with certificate provision to some extent.

Meta Group analysts Dale Kutnick, Peter Burris, David Cearley, Val Sribar, Mike Gotta and William Zachmann contributed to this article.

Visit Metagroup.com for more analysis of key IT and e-business issues.

Entire contents, Copyright ? 2001 Meta Group, Inc. All rights reserved.