Andy Sullivan
WASHINGTON: A privacy group on Tuesday asked state law enforcement
authorities to examine software giant Microsoft Corp.'s Passport online identity
service, saying it exposes consumers to fraud, junk electronic mail and identity
theft.
The Electronic Privacy Information Center sent a letter to all 50 state
attorneys general, asking them to protect consumers against what it called
Microsoft's unfair and deceptive trade practices because the federal government
has failed to act.
Launched in 1999, Passport aims to simplify Internet transactions by allowing
consumers to store passwords, credit-card numbers and other personal information
in one location. Microsoft claims it has created more than 200 million Passport
accounts, mostly through Hotmail, its free e-mail service.
The service has drawn the ire of the Electronic Privacy Information Center
and other privacy groups, who say it allows Microsoft to track and profile
Internet users, encourages junk e-mail, and exposes consumers to identity theft
by inadequately protecting their credit-card numbers.
Microsoft temporarily disabled some Passport functions last fall after a
security expert demonstrated that he could hijack a Passport account by getting
its owner to open a Hotmail message.
Privacy groups want Microsoft to back off on claims that Passport is secure
and protects consumer privacy, and allows consumers to delete the accounts they
have set up so far. A Microsoft spokesman said EPIC's allegations were not true.
Microsoft does not share personal information with third parties, said
spokesman Rick Miller, unless users voluntarily use Passport to access
third-party sites. Passport does not encourage junk e-mail, Miller said, because
it simply replaces other authentication services that would have asked for
users' e-mail addresses anyhow.
And no harm has come from security holes because Passport users have not had
their credit-card numbers stolen, he said. Perfect security is impossible to
guarantee in a world where millions of users are connected on the Internet, he
said.
"It's not a Passport thing, it's an Internet thing," Miller said.
EPIC said it was appealing to the states because the Federal Trade Commission
has not taken action since EPIC and other groups asked it to investigate
Passport last summer.
An FTC spokesman would not confirm or deny whether the agency was
investigating Passport, but added that the agency was aware of the controversy
and was following developments in the press.
Chris Hoofnagle, EPIC legislative counsel, said states have often taken a
more aggressive approach to privacy matters. Attorneys general in Minnesota and
New York have recently pursued banks for privacy violations, and California
state law establishes a strong right to privacy, he said.
"The states have been on the forefront of privacy protection and
consumer protection generally," Hoofnagle said. The environmental movement
has found success at the state level as well, he said. EPIC also plans to use
European Union privacy laws to go after Passport, Hoofnagle said. "We will
file a complaint with the FTC on that issue in the near future," he said.
(C) Reuters Limited.