TechWeb

Microsoft Agrees To Changes In Passport

Jan 29, 2003 (07:01 PM EST)

Read the Original Article at http://www.informationweek.com/news/showArticle.jhtml?articleID=6512119


SEATTLE (AP)--Microsoft Corp. will give all users of its Passport online authentication system more control over how their personal information is shared, following months of discussions with the European Union.

Among other revisions, Microsoft will change its Passport system in the next 18 months to let users select which sites within the network may have access to what personal information--including names, countries of residence, occupation, birth date, and other data, said Adam Sohn, product manager in the .Net platform strategy group.

The changes come after months of talks with the EU, which questioned whether Passport violated its data-protection laws. Although Microsoft contended the service adhered to privacy rules, EU officials said it raised legal concerns, including the value of the consent given by users and the security risks of the data transfer.

The Passport system allows users who have registered with the service to enter personal data just once and use that digital "passport" to enter multiple Web sites, including eBay, Starbucks, and Microsoft's MSN network, without re-entering the same data or creating a new password.

Sohn said Microsoft has been working on some of the changes that the EU wanted, including a new program that tells users whether their selected passwords are weak and vulnerable to unauthorized users' guessing it.

In addition, Microsoft will include some changes just for residents of EU countries, including a link to the EU's Web site, Sohn said. But "in general, anything we do to raise the bar in terms of (putting the) user in control is going to be done across the system," Sohn said.

The EU's changes also will apply to Microsoft's rivals in the so-called Liberty Alliance, which includes Sun Microsystems Inc. and several other multinationals.

"The bottom line is that users' data will now be better protected," said EU Internal Market Commissioner Frits Bolkestein.

The EU privacy probe is unrelated to an antitrust investigation by the European Union Commission, which has accused Microsoft of using its dominant position in desktop operating systems to unfairly influence the server software market.