Skip to main content /TECH with /TECH

Microsoft settles Passport privacy case

Microsoft to tighten security on personal data

Microsoft settles Passport privacy case

From Shirley Hung
CNN Sr. Producer

WASHINGTON (CNN) -- Microsoft Corp. will tighten security around the personal information it collects from users of its Passport Internet services, as part of a settlement reached with the federal government.

Federal Trade Commission Chairman Timothy Muris announced the deal Thursday, after an FTC investigation concluded that Microsoft made false promises about how secure it kept the consumer information it collected.

"Privacy and security promises must be kept. It's good business. It's the law, and we'll take action against companies that do not keep their promises," Muris said.

The FTC also found that Microsoft misled users about the kind of information it was collecting.

The settlement requires Microsoft to stop such practices and to implement a "comprehensive information security program." Microsoft agreed to pay $11,000 per day for any future violation and to submit to an audit of its security program every two years for the next two decades.

No security breaches

Muris acknowledged the FTC did not find that any security breaches involving consumer information had occurred, but added, "Why wait for a security breach to occur when you have the opportunity, not to mention a legal obligation, to prevent it in the first place."

In a statement, Microsoft Corporate Vice President Brian Arbogast said, "We have been working to raise the bar for Internet security and privacy and believe that the agreement with the FTC will raise it further -- for both ourselves and industry. The agreement reinforces Microsoft's commitment to improving security, and we will meet and work to exceed this high bar."

The settlement covers Passport, which allows consumers to use a single log-in to access multiple Web sites; Passport Wallet, which collects and stores consumers' credit card numbers so that users can make purchases at participating Web sites; and Kids Passport, which allows parents to create Passport accounts for their children that limit the amount of personal information collected about them.

The Director of the Bureau of Consumer Protection at the FTC, Howard Beales, said that Microsoft had been collecting information about the day and time consumers logged into participating Passport Web sites without their knowledge, and storing data for longer than it claimed.

The FTC launched the investigation after a complaint filed last year by the Electronic Privacy Information Center and a coalition of consumer groups.




Back to the top