Microsoft Meets With Privacy Advocates

WASHINGTON, D.C.--Microsoft is meeting here with privacy groups, trying to sort out consumer concerns about its Passport authentication service, which is tied closely to the upcoming Windows XP.

The Center for Democracy and Technology met Wednesday for the first in an expected series of talks with representatives from Microsoft's .Net developers team and its Washington legal counsel. The CDT and other consumer groups are concerned about Passport, the single sign-on service that lets subscribers log on to a collection of Web sites without re-entering personal information. The authentication system is at the center of Microsoft's Internet plans and its set of Web services called Hailstorm.

"Within these discussions today (Wednesday) we spoke about consumer privacy issues, government privacy issues, security issues and standards issues," says Ari Schwartz, a CDT spokesperson. "All those questions were tied back to Passport and Hailstorm."

Microsoft is preparing to release its Windows XP operating system and new Internet Explorer browser in October; both draw on Passport technology. The high-profile product debuts have drawn eyes to the Passport technology.

Ongoing Talks

"We're constantly involved in dialogue with these groups," says Adam Sohn, a product manager in Microsoft's .Net platform group. "We came to town today at the request of CDT .... We had a great discussion about what we're up to."

Schwartz says the CDT has set the meetings with Microsoft to establish an open dialogue with the company as it moves forward with future product releases. The group meets regularly with major technology vendors about new technologies and their effects on consumer privacy, he says.

"We've been interested in authentication issues for some time," Schwartz says. "Obviously this is one of the most important of the authentication technologies to come around in a long time."

Joining Microsoft and the CDT Wednesday were a number of academics working in the field of consumer privacy and technology, including Peter Swire, a visiting professor at George Washington University Law School and the chief privacy counselor for the Clinton administration.

"I've been studying the privacy and security issues that arise from Passport and Hailstorm," Swire says. "There are potentially serious issues here."

Complaints Filed

Meanwhile, a coalition of privacy advocacy groups filed a complaint in July with the Federal Trade Commission. They're concerned about the way Passport gathers information about customers. The meeting between Microsoft and the CDT is not related to the FTC filing, both parties say. Microsoft expects to soon release Passport 2.0, a follow-up to the service. Passport is already used on Microsoft Web properties such as the free e-mail service Hotmail, and a variety of Web sites from partners such as Starbucks and Victoria's Secret.

Microsoft notes that Passport 2.0 includes a number of additional privacy features to protect consumer information as users navigate the Web.

"It's very close to rollout but we need to make absolutely sure that quality testing and final checks are complete before we take it live," Sohn says.

While Schwartz notes that the release of Passport 2.0 is imminent, he says the group is interested in working with Microsoft so that future releases of the software include even more security and privacy features. Engineers working close to Microsoft's Passport and Hailstorm Web services said earlier this month that future versions of Passport will include a number of new security features, including a standard called Kerberos.

"We think we're taking some great steps forward with the security we've already announced," Sohn says. "We're always taking feedback and figuring out how we can incorporate those ideas into the products."