Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Amidst the muffled hoopla surrounding the release of Microsoft’s Windows XP operating system, some heavy-hitting consumer groups have complained to the Federal Trade Commission (FTC) that Windows XP and Microsoft Passport — software that consolidates passwords, credit card numbers and other personal information — jeopardize user privacy. The complaint alleges privacy problems stemming from the XP set-up process, which repeatedly asks users to sign up for Microsoft Passport. CALL FOR ACTION The groups complaining about XP and Passport are serious players. They include: Center for Digital Democracy, Computer Professionals for Social Responsibility, Consumers Union, Electronic Frontier Foundation, Media Access Project, Privacy Rights Clearinghouse, Center for Media Education, Consumer Action, Electronic Privacy Information Center, Junkbusters Corp., NetAction and U.S. PIRG. On July 26, these groups submitted a complaint to the FTC that set forth alleged privacy implications of XP and Passport. On Aug. 15, the groups sent the FTC a supplement that detailed how XP and Passport would harm consumer interests. The FTC has not yet taken any affirmative steps to address the issues raised. On Oct. 23, the groups sent a demand to the FTC that complained about “Microsoft’s ability to track, profile, and monitor the 165 million [Microsoft] Passport users” and the “far-reaching and profound implications for privacy protection in general and in particular with regard to the growth of electronic commerce.” ALLEGED SECURITY LAPSES Before setting forth the requested relief, the Oct. 23 demand notes a recent “series of security lapses” that further support the groups’ claims that “Microsoft’s guarantees of privacy and security are deceptive and unfair to consumers.” Indeed, according to the demand, “Microsoft’s failure to disclose the actual risks associated with the collection and use of personal information … constitutes an unfair and deceptive trade practice.” The referenced “security lapses” include: � A programmer’s ability to crack both Hotmail and Passport by cross-site scripting, thus allowing anyone to gain access to Passport identification and credit card data with a single line of code; � Code posted on the Internet, enabling other people to read the e-mail of Hotmail users; � A programmer’s reported ability to access Microsoft’s corporate network over the course of six days by way of a hole in Windows 2000; � Infection of the Code Red Worm through Microsoft’s Hotmail servers; � Infection of the NIMDA virus, which is propagated through Microsoft’s Internet Information Server, on about 1.3 computers; � Ability to view Microsoft customers’ names, addresses, e-mail addresses, phone numbers and purchase histories as a result of an error on the company’s customer support Web site; � Internet display of user names and passwords in plain text through an error on Microsoft’s Certified Partners page. REQUESTED RELIEF After detailing these alleged security lapses, the groups made specific requests for relief in their demand, including: � An investigation into Microsoft’s collection practices through Passport and associated services; � An order requiring Microsoft to revise its XP registration procedures to make sure that purchasers of XP are clearly informed that they do not need to register for Passport to gain access to the Internet; � Absent explicit consent, an order requiring Microsoft to block the sharing of personal information among Microsoft areas provided by a user under the Passport registration procedures; � An order mandating that Microsoft use techniques for anonymity and pseudo-anonymity that would allow XP users to access Microsoft Web sites without disclosing their actual identities; � An order requiring Microsoft to use techniques that allow XP users to easily integrate services provided by non-Microsoft companies for online payment and other electronic commerce activities; � Commencement of an investigation to ascertain whether Passport complies with the requirements of the Children’s Online Privacy Protection Act; � And lastly, that Microsoft be required to disgorge any personal information collected “fraudulently and deceptively” through XP and Passport. FOOD FOR THOUGHT The consumer groups certainly raise issues worthy of consideration by the FTC. However, because of the current focus on anti-terrorism efforts, it is possible that the issues raised will not get the visibility and response that they would have otherwise. Eric J. Sinrod is a partner in the San Francisco office of Duane Morris, where he focuses on technology and litigation matters. His Web site is sinrodlaw.com and his firm’s site is Duane Morris.Mr. Sinrod may be reached by e-mail at [email protected]

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.