A Washington DC-based privacy group has held the first of a planned
series of discussions with Microsoft regarding the future of
Passport, the software maker's authentication service.
The Centre for Democracy and Technology (CDT) solicited talks with
representatives from Microsoft's .Net developers team and its legal
counsel to discuss the technical details of Passport, the single
sign-on service that allows subscribers to log on to a collection
of Web sites without re-entering personal information. The
authentication system is at the centre of Microsoft's Internet
plans and its set of Web services called Hailstorm.
"Within these discussions we spoke about consumer privacy issues,
government privacy issues, security issues and standards issues,"
said Ari Schwartz, a spokesman for the CDT. "All those questions
were tied back to Passport and Hailstorm."
Both the Windows XP operating system and the new Internet Explorer
browser, due for release in October, will include close ties to
Passport. The high-profile product debuts have drawn all eyes to
the Passport technology.
Schwartz said the CDT set up the meetings with Microsoft to
establish an open dialogue with the company as it moves forward
with future product releases. The group meets regularly with major
technology vendors about new technologies and their effects on
consumer privacy.
"We've been interested in authentication issues for some time,"
Schwartz said. "Obviously this is one of the most important of the
authentication technologies to come around in a long time."
Adam Sohn, a product manager in Microsoft's .Net platform group,
said: "We're constantly involved in dialogue with these groups. We
came to town today at the request of CDT... We had a great
discussion about what we're up to."
Joining Microsoft and the CDT at the talks were a number of
academics from the field of consumer privacy and technology. They
included Peter Swire, a visiting professor at George Washington
University Law School and the chief privacy counsellor for the
Clinton administration.
"I've been studying the privacy and security issues that arise from
Passport and Hailstorm," Swire said. "There are potentially serious
issues here."
Both Microsoft and the CDT said their meeting had nothing to do
with the complaint filed with the US Federal Trade Commission in
July by a coalition of privacy advocacy groups concerned about the
way Passport gathers user information.
Microsoft is planning to release version 2.0 of Passport tomorrow
as a follow-up to the service already used on Microsoft Web
properties such as the free e-mail service Hotmail and a variety of
Web sites from partners such as Starbucks.
Microsoft has maintained that the upcoming Passport 2.0 will
include a number of additional privacy features to protect consumer
information as users navigate the Web.
"It's very close to roll-out but we need to make absolutely sure
that quality testing and final checks are complete before we take
it live," Sohn said.
The privacy group wants to continue working with Microsoft to
ensure that future releases of the software include even more
security and privacy features. Engineers working close to
Microsoft's Passport and Hailstorm Web services said earlier this
month that future versions of Passport will include a number of new
security features, including a standard called Kerberos.
"We think we're taking some great steps forward with the security
we've already announced," Sohn said. "We're always taking feedback
and figuring out how we can incorporate those ideas into the
products."