Taking on Passport privacy -- again

Privacy groups on Wednesday will push federal regulators to look into claims that Microsoft Corp.'s data collection methods tied to its Passport and XP efforts amount to "unfair and deceptive" trade practices.

Officials from the Electronic Privacy Information Center (EPIC), in Washington, and Junkbusters Corp., in Green Brooke, N.J., said the groups are poised to file an amended complaint against Microsoft with the Federal Trade Commission (FTC).

Readied just days after Microsoft offered up new concessions to appease the privacy community, the new complaint calls on the FTC to launch an investigation of the company's practices.

The complaint takes aim at Passport, a service designed to let users visit multiple sites on the Web without having to enter personal information each time.

Passport is a key element of Microsoft Internet strategy known as .NET. XP will be the first operating system to support Microsoft's HailStorm and Passport, both of which are key deliverables in Microsoft's .NET strategy.

Also, Passport is used by many of Microsoft's Web properties, such as its free e-mail service, Hotmail, and by a growing list of partners including Inc. and Inc.

The authentication service stores as many as 13 items of basic user information, ranging from ZIP codes to a street address. The service also includes an "electronic wallet" component that stores information for making online purchases, such as a billing address and credit card number.

Criticism of Passport has mounted over concerns about how the service collects data from users and how that personal information might be used in the future.

Hoping to ease some of that opposition, Microsoft said recently it will now require a user to enter only an e-mail address and password to open a new Passport account.

Microsoft also said that Passport will support an emerging industry standard for enhancing privacy on the Internet called Platform for Privacy Preferences (P3P).

P3P allows users to better manage what information Web sites can collect about them. P3P identifies Web sites that use "cookies," or pieces of code that Web sites can attach to a user's browser and use to track his or her movements on the Web.

But those gestures seemed to fall short of easing privacy concerns.

Specifically, Junkbusters president, Jason Catlett, said recently that measures to reduce the information Passport collects about its subscribers do not go far enough.

Microsoft is still requiring users to provide an e-mail address, which will allow Microsoft to gain personally identifiable information, he argued.

Further, Catlett has characterized Microsoft's P3P move as irrelevant to the privacy groups' list of concerns.

"The concessions Microsoft has offered to us are even less satisfactory than the antitrust concessions they have offered to the Department of Justice," quipped Catlett. "They have been totally nonresponsive."

Catlett said the amended complaint among other things asks the FTC to look closely at "Kids' Passport" for potential violations of Children's Online Privacy Protection Act (COPPA) and will include input from several outside parties that have contacted the groups regarding Passport.

The FTC is aware of the petition for investigation, but has alerted the groups that any action will be "non-public," so even advocates themselves will be unaware, should the agency take action," Catlett continued.

Along with EPIC, Junkbusters will detail on Wednesday its amended complaint to FTC.