Skip to main content /TECH with /TECH

Privacy Council defends Passport


By Brian Sullivan

(IDG) -- The CEO of the Privacy Council Inc., based in Richardson, Texas, has steered a course against the storm of controversy swirling around Microsoft's Passport and Windows XP operating system.

Several groups have called on Timothy Muris, chairman of the Federal Trade Commission (FTC), to stop Microsoft from "unfairly and deceptively" obtaining customer information through Passport services and XP.

But Privacy Council CEO Larry Ponemon took a different tack in a conference call with reporters. "I feel like the lone soldier attacking the hill," Ponemon said. "We don't see Passport as a large privacy issue here. Quite frankly, folks, Passport itself is not creating the kinds of privacy problems that are being advanced by EPIC (Electronic Privacy Information Center) and others."

Ponemon said that Microsoft should be applauded for making an effort to work within some aspects of the P3P protocols that have been heralded as a standard for privacy on the Web. Ponemon acknowledged that P3P, as defined by Microsoft, is different from the way most privacy groups define the privacy guidelines.

"Microsoft's P3P is not the full-blown P3P," Ponemon said. "Most of us thought that P3P would die. The fact that it is here and it is baked into the IE 6 browser -- I think that Microsoft should be applauded for being bold." INFOCENTER
Related Stories
Visit an IDG site

He added that privacy groups such as EPIC and others deserve some of the credit, too. The pressure that these groups brought to bear on the industry had to have affected Microsoft's decision to make an effort toward being P3P compliant, he said.

Ponemon said the issues surrounding the Passport controversy actually point to three larger questions that should be addressed.

•   Should access to the Internet be controlled by a handful of large companies?

•   How can the public be assured that Microsoft with Passport, America Online with its Magic Carpet and Sun Microsystems with its Liberty can be trusted not to exploit private information gathered by these products?

•   And can P3P offset privacy risks?

Ponemon said that while large companies have the power and the money to make sure that access to the Web is faster and cheaper, there is also a threat that they might exploit private information in the rush to maintain profitability. To keep this from happening, Ponemon said the FTC should create an enforcement mechanism with legal teeth. Any company that collects private information needs to know that it will face problems if it doesn't protect that information, he said.

"We know a lot of organizations have posted privacy policies that they don't live by," Ponemon said. "We have to make it costly not to walk the walk. If you don't have an enforcement arm, you won't change bad players."

Ponemon criticized the federal government for not doing enough to ensure the FTC could enforce privacy infractions. Recent increases in the FTC's budget aren't enough, he said, mocking the government's statement that it had boosted the agency's budget by 50 percent.

"If you start at zero, 50 percent is only 50 cents," Ponemon said.

One concern he did have about Passport and the information it would gather is that Microsoft has a reputation for being vulnerable to hackers. He suggested that Microsoft address those concerns, saying the company could consider not keeping the information in a single database.

He said he also has some concerns about Microsoft's Hailstorm product, although those shouldn't affect Passport or the new XP system.


• Microsoft

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top