The Federal Trade Commission Thursday issued a proposed consent order with Microsoft Corp. over complaints that the company falsely represented the security and privacy provisions in its Passport family of services. As part of the order, Microsoft must submit to a bi-annual review of its security program for Passport by an independent third party. The order also would prohibit the company from making any further misleading statements about its policies and procedures. It also requires Microsoft to implement and maintain a comprehensive security program for the Passport services. During a year-long investigation into the Passport service spurred by a complaint filed by the Electronic Privacy Information Center, the FTC found that Microsoft, of Redmond, Wash., not only misrepresented the level of security afforded by its services, but that it also collected more consumer information than it said it would.

Hallelujah!  Thank god for EPIC.  This is HUGE.  The government is taking a software company, and not just any software company, to task for privacy violations, and crappy security.  This is a precedent that hopefully indicates the government is realizing the importance of privacy in the digital age.  No longer can a company claim to respect a customers privacy and tout its highly secure infrastructure without actually backing up those claims, at least not without the risk of getting an FTC smack down... or at least I hope thats what this says.

Permalink  comment []