In a letter to all 50 state attorneys general Tuesday, EPIC Executive Director Marc Rotenberg, Legislative Counsel Chris Hoofnagle and Law Clerk Nathan Mitchler said, "The Electronic Privacy Information Center urges you to take action to protect consumers against unfair and deceptive trade practices raised by Microsoft Corp.'s Passport service and related "Wallet," "Kid's Passport," "Hailstorm," and ".NET Services." These systems unfairly and deceptively gather personal information and expose consumers to the release, sale, and theft of their personal information. Immediate state action is necessary to protect consumers and ensure Microsoft does not continue to improperly collect personal information."

Hoofnagle said the organization sent the letters in response to frustration at a lack of visibility into the FTC's movement on its complaints (EPIC filed an initial complaint with the FTC in July 2001. In August 2001, the FTC wrote to EPIC and said, "We will evaluate your complaint to determine what action, if any, would be appropriate in this case. Please be advised that any commission investigation is non-public until the commission decides to issue a formal complaint. As a result, we will not be able to advise EPIC or the other complainants of our decision as to whether to investigate the matter.")

But Hoofnagle also explained that EPIC turned to the state attorneys general because many states have stronger consumer protections than the federal government, especially California, which grants citizens the inalienable right to privacy in its constitution.

Jason Catlett, president of Junkbusters Corp. and a fellow at the Kennedy School of Government, Harvard University, added, "What we've tried to do is get the obvious agency to act. They've failed to act after several months and now we're going down to the next level."

Specifically, EPIC alleges that Passport, which Microsoft says has more than 200 million accounts, allows an "unprecedented profiling of individuals' browsing and online shopping behavior." And the organization claims that opens consumers, who have been assured by Microsoft that the Passport service is secure, to numerous privacy and security risks from online profiling, to e-mail spam, to stolen credit card data from alleged security holes in the Passport and Wallet systems.

Catlett explained that EPIC's problem is not with Microsoft's collection of data, which he noted is not illegal, but with Microsoft's representation of its Passport service as a secure method for storing personal data and credit card numbers online. In its letter to the attorneys general, EPIC noted a recent instance that it said displayed the vulnerability of Passport.

"In November a computer programmer illustrated a serious flaw in the Passport Wallet service that could affect 200 million users," EPIC wrote. "By exploiting the flaw, a user's entire Passport account, including credit card numbers stored in the database, could be made public. Microsoft recognized the problem and disabled the Wallet service in order to patch the flaw. Since its introduction, consumers using Passport and Windows have been exposed to two major Internet viruses, and personal information in Passport was compromised numerous times."

EPIC also noted that Microsoft offers no mechanism for allowing consumers to delete their Passport registrations.


Stocks Plunge On Accounting Concerns, Gerstner Resignation
VCs See Little to No Improvement in 2002

About us -Site map -Advertisement -Jion us -Contact us - Exchange links - Sponsor us
Copyright© 2008 polala.com All Rights Reserved
Site made&Support support@polala.com    E-mail: web@polala.com