Must Implement New Data Security Program for 'Passport' Service

By Published on .

Most Popular
WASHINGTON ( -- Microsoft Corp. today agreed to settle with the government charges that it overstated the privacy effectiveness claims of its Passport service.

In a case Federal Trade Commission Chairman Timothy Muris said was intended to send a message, the FTC accused Microsoft of deceptively promoting that Passport offered consumers additional security, and that the Kids Passport program gave parents controls over what personal information their children could provide.

None of the claims were true, the FTC said, adding that using Passport offers no additional protections and that children can easily defeat the parental controls.

No fines
Microsoft wasn't fined, but it agreed to implement a new information security program that includes an audit of its procedures every two years. It could face fines if it makes further privacy violations.

Passport, which is included in some editions of Windows or the Internet Explorer Web brower, lets users register various personal data -- including in some cases credit card numbers -- to avoid having to repeatedly enter the information at different Web sites. Microsoft tries to sell Web sites on using the service.

The FTC for the first time also warned marketers who promise privacy that they have to employ "reasonable and appropriate measures ... to maintain and protect the privacy and confidentiality of consumers' personal information."

The FTC said there was no evidence anyone had breached Microsoft's security, but Microsoft violated its privacy policy by failing to take adequate steps to ensure there weren't breaches.

Mr. Muris said the case showed that the FTC is "very active" in safeguarding privacy.

'Raise the bar'
Microsoft said today it believed the agreement will further "raise the bar for Internet security and privacy."

Thirteen consumer groups, including the Electronic Privacy Information Center, had petitioned the FTC to act against Passport.

Marc Rotenberg, executive director for the Electronic Privacy Information Center, called the FTC's action against Microsoft "extraordinary" and "quite sweeping."

"This is a very big development," he said. "It sent a clear message that privacy has to be a top priority and a strong message that the FTC will act."

In this article: