Thank you for sharing!

Your article was successfully shared with the contacts you provided.
On Jan. 29, the Electronic Privacy Information Center (EPIC) sent a letter to the attorneys general for all 50 states demanding action to protect consumers from “unfair and deceptive trade practices” pertaining to Microsoft’s Passport service and related Wallet, Kids Passport, HailStorm and .Net Services. EPIC seeks “immediate state action” to ensure that “Microsoft does not continue to improperly collect personal information.” EPIC seeks help from the states because the Federal Trade Commission (FTC) has failed to act despite two complaints filed by EPIC. If the state attorneys general take up EPIC’s cause, Microsoft’s ongoing legal woes will be compounded. PASSPORT Passport, which was launched in 1999, seeks to simplify Internet transactions by permitting customers to save passwords, credit card numbers and other personal data in one place. In its demand letter, EPIC describes Passport as a system that enables the “unprecedented profiling of individuals’ browsing and online shopping behaviors.” EPIC asserts that Microsoft could become “the tollbooth that controls Internet access and online ordering for millions of consumers,” because Microsoft’s “goal is to have every Internet user possess a Passport account.” Indeed, according to EPIC, Microsoft to date has acquired more than 200 million Passport accounts “by tying Passport to the Microsoft Hotmail E-Mail system, on-line customer support services, over 100 of the largest online retailers, and to numerous exhortations to subscribe to the Windows XP Operating System and Microsoft home site.” ALLEGED RISKS EPIC describes privacy and security risks associated with Passport as including “online profiling made possible by the requirement that individuals sign on to Passport before viewing Web content, an increase in the amount of unsolicited commercial e-mail from the sharing of e-mail addresses with Passport-affiliated sites, and stolen credit card data from numerous security holes in the Passport and Wallet systems.” Moreover, according to EPIC, “the vulnerability of Passport combined with its pervasion of the Internet creates serious risks to personal information sacrificed by consumers to gain access to services integrated with Microsoft authentication software under the belief that Microsoft is adequately protecting their data.” In addition, “Microsoft’s current privacy policy and click-through agreements fail to provide an understandable explanation of the company’s use of personal data and present a false sense of security.” FLAW SUPPOSEDLY EXPOSED EPIC points out that this past November a computer programmer demonstrated a “serious flaw” in the Passport Wallet service “that could affect 200 million users.” By exploiting the flaw, “a user’s entire Passport account, including credit card numbers stored in the database, could be made public.” Once exposed, Microsoft disabled the Wallet service to patch the flaw. Still, EPIC maintains that since their introduction, “consumers using Passport and Windows have been exposed to two major Internet viruses, and personal information in Passport was compromised numerous times.” Adding fuel to the fire, EPIC asserts that Microsoft does not provide a method to delete a Passport registration, as “the right to take back one’s personal information is not accommodated by the Passport system.” FTC FAILURE TO ACT EPIC filed complaints with the FTC on July 26 and Aug. 15. These complaints were endorsed by 15 leading consumer advocacy groups and described the privacy threats associated with Passport. The complaints urged the FTC to begin a formal investigation. However, the FTC has not taken action. WHAT’S NEXT? EPIC argues that the privacy and security risks associated with Passport violate state laws that prohibit unfair and deceptive trade practices. Given that the FTC has not seen fit to take any action, it is possible that the states also will take a pass. However, the states generally have been very active when it comes to privacy and consumer protection, and the states have been quite aggressive in dealing with Microsoft in particular when it comes to antitrust issues. Thus, it would not be surprising to see some state action on the Passport front — the last thing Microsoft needs when it already is besieged with other legal actions. Eric Sinrod is a partner in the San Francisco office of the international law firm Duane Morris, where he focuses on technology and litigation issues. Mr. Sinrod can be reached at [email protected]. His Web site is http://www.sinrodlaw.com.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.