The Electronic Privacy Information Center (EPIC) has sent an open
letter to the attorneys general in all 50 US states to stop what it
claims are Microsoft's unfair and deceptive business practices
surrounding the company's Passport service.
In the letter, the consumer privacy group said it chose to go to
the states because of its frustration with the lack of action by
the Federal Trade Commission (FTC). "We have repeatedly urged the
FTC to investigate this matter in two separate filings, but the
commission has failed to act," said the letter, which was signed by
Marc Rotenberg, EPIC's executive director, Chris Hoofnagle,
legislative counsel and Nathan Mitchler, law clerk.
Hoofnagle said the first time the FTC pursued a company for
negligent privacy violations was this month. In contrast, the
states have a long history of investigating and prosecuting privacy
violations, he said.
Among EPIC's objections to Passport are:
- It can be used to profile user's browsing and shopping
behaviour
- Microsoft has said it wants all Internet users to hold a
Passport account
- Passport's security flaws could expose subscribers' personal
information, including credit card numbers
By tying Passport to other services, such as Hotmail and online
customer support, Microsoft has already acquired more than 200
million Passport accounts.
In the past Microsoft has denied claims by EPIC and other groups
that Passport engages in deceptive business practices and unfairly
gathers personal information. In addition, Microsoft has said these
groups, and specifically EPIC, are playing to the media rather than
working with the company to resolve problems.
However, Hoofnagle said Microsoft has begun to push Passport on a
variety of different fronts to gain subscribers. For instance, he
said, some functions of Microsoft Money applications are only
available now to Passport subscribers. An increasing number of Web
sites that have partnerships with Microsoft have also stipulated
Passport registration, thus removing consumer choice, he said.
Hoofnagle also said that because it has been shown that Passport
has some security flaws, Microsoft's claim that all information is
private and secure is a deceptive business practice and the company
should stop making such claims.
While EPIC doesn't expect an immediate response to its letters,
Hoofnagle said it was the best strategy the group could pursue. The
states have much tougher privacy legislation, he said, pointing to
a California law that bans unconstitutional seizures of private
information by both governments and businesses as an example.
He also said that the state officials may be more willing to act
because being seen as a protector of consumer rights is always a
benefit at election time and most of the states attorneys general
are elected.