Privacy Group Ready to Challenge Passport

Microsoft's Passport authentication system is due to meet with another wave of dissent Tuesday after a Washington, D.C.-based privacy group announced that it will begin firing off letters to state attorneys general across the nation, asking them to investigate the technology amid allegations of unfair and deceptive trade practices.

Saying that prior attempts to get the U.S. Federal Trade Commission (FTC) to investigate the technology have failed, the Electronic Privacy Information Center (EPIC) decided to appeal to state attorneys general, asking them to use state laws to investigate Passport and Microsoft's related Web-based services, including Kids Passport, Hailstorm, electronic wallet, and other .Net services.

"These systems unfairly and deceptively gather personal information and expose consumers to the release, sale, and theft of their personal information," EPIC writes in the letters due to be sent Tuesday. "Immediate state action is necessary to protect consumers and ensure Microsoft does not continue to improperly collect personal information."

Under Fire

The move is just the latest salvo against Passport, which has come under increasing scrutiny by opponents who claim that the service is a means for the software maker to collect, store, and sell users' personal information. Microsoft vehemently denies these allegations, however, saying that Passport's purpose is merely to provide a convenience to users. Once a user signs up for the authentication service, it allows them to access a number of Web sites without having to re-enter their personal information.

No one from Microsoft was immediately available to comment on EPIC's letter campaign Tuesday.

In addition to claiming that the software titan's Web services engage in unfair and deceptive trade practices, the group also alleges that they pose security risks to users. EPIC notes a much-publicized case last November when a computer programmer found a hole in the company's Passport electronic-wallet service, which stores users' credit card and address information for shopping online. The group also cites the threat of Internet viruses, and says that it does not believe Microsoft has done enough to protect users' personal information.

"Serious questions remain about the security of the Passport and .Net services yet Microsoft continues to collect personal information," EPIC's letter states.

The group says that the anti-Passport missives are due to go out to state attorney generals across the U.S. Tuesday and copies were also being sent to several FTC commissioners, as well as certain members of Congress.