Microsoft holds privacy group Passport discussion

A Washington DC-based privacy group has held the first of a planned series of discussions with Microsoft regarding the future of...

A Washington DC-based privacy group has held the first of a planned series of discussions with Microsoft regarding the future of Passport, the software maker's authentication service.

The Centre for Democracy and Technology (CDT) solicited talks with representatives from Microsoft's .Net developers team and its legal counsel to discuss the technical details of Passport, the single sign-on service that allows subscribers to log on to a collection of Web sites without re-entering personal information. The authentication system is at the centre of Microsoft's Internet plans and its set of Web services called Hailstorm.

"Within these discussions we spoke about consumer privacy issues, government privacy issues, security issues and standards issues," said Ari Schwartz, a spokesman for the CDT. "All those questions were tied back to Passport and Hailstorm."

Both the Windows XP operating system and the new Internet Explorer browser, due for release in October, will include close ties to Passport. The high-profile product debuts have drawn all eyes to the Passport technology.

Schwartz said the CDT set up the meetings with Microsoft to establish an open dialogue with the company as it moves forward with future product releases. The group meets regularly with major technology vendors about new technologies and their effects on consumer privacy.

"We've been interested in authentication issues for some time," Schwartz said. "Obviously this is one of the most important of the authentication technologies to come around in a long time."

Adam Sohn, a product manager in Microsoft's .Net platform group, said: "We're constantly involved in dialogue with these groups. We came to town today at the request of CDT... We had a great discussion about what we're up to."

Joining Microsoft and the CDT at the talks were a number of academics from the field of consumer privacy and technology. They included Peter Swire, a visiting professor at George Washington University Law School and the chief privacy counsellor for the Clinton administration.

"I've been studying the privacy and security issues that arise from Passport and Hailstorm," Swire said. "There are potentially serious issues here."

Both Microsoft and the CDT said their meeting had nothing to do with the complaint filed with the US Federal Trade Commission in July by a coalition of privacy advocacy groups concerned about the way Passport gathers user information.

Microsoft is planning to release version 2.0 of Passport tomorrow as a follow-up to the service already used on Microsoft Web properties such as the free e-mail service Hotmail and a variety of Web sites from partners such as Starbucks.

Microsoft has maintained that the upcoming Passport 2.0 will include a number of additional privacy features to protect consumer information as users navigate the Web.

"It's very close to roll-out but we need to make absolutely sure that quality testing and final checks are complete before we take it live," Sohn said.

The privacy group wants to continue working with Microsoft to ensure that future releases of the software include even more security and privacy features. Engineers working close to Microsoft's Passport and Hailstorm Web services said earlier this month that future versions of Passport will include a number of new security features, including a standard called Kerberos.

"We think we're taking some great steps forward with the security we've already announced," Sohn said. "We're always taking feedback and figuring out how we can incorporate those ideas into the products."

Read more on IT legislation and regulation