RealTime IT News

European Countries Mull Probe of Microsoft Passport

Adding to its potential regulatory problems in Europe, Microsoft Corp. might face an investigation of its Passport digital-identification system by European Union (EU) countries.

The European Commission, the EU's executive arm, said it would examine the privacy safeguards of Microsoft's Passport, according to reports over the weekend. Under EU law, the European Union's 15 member states would need to act on their own to penalize Microsoft, but the Commission is often looked to for guidance in such matters.

A privacy probe would come in addition to the investigation from the Commission's competition unit, which is examining the market dominance of Microsoft's Windows operating system and considering a probe of its bundling of the Windows Media Player.

According to published reports, European Commissioner for Internal Markets Frederik Bolkestein, responding to a written question by European Parliament member Erik Meijer, said that the Commission regarded privacy concerns about Passport "a matter of priority."

"The question of whether, and to what extent, the (EU) directive applies to a database located outside the Union, especially where data is collected directly from data subjects via the Internet, is a complex one which the Commission and national data protection authorities are at present examining carefully," Bolkestein wrote.

Microsoft officials were unavailable for comment. According to reports, the company said it has met with officials from the Commission and member states to discuss the issue.

Launched in 1999, Passport is a free service that authenticates users' identities, allowing them to move seamlessly within partner sites and make purchases without having to re-enter information. As of February, researcher Gartner Group estimates 14 million people were using Passport, which was meant to be the forerunner for My Services, the consumer side of its .Net strategy. However, the service has floundered as other businesses resisted sharing consumer information with Microsoft. In April, Microsoft quietly shelved its plans to launch My Services.

Both Passport and My Services raised potential obstacles to Microsoft in Europe. With restrictions on cross-border transfers of personal information, Europe traditionally takes a more expansive view of consumer privacy than in the United States.

"It was our opinion that the system violated American law," said Chris Hoofnagle, legislative counsel for the Electronic Privacy Information Center (EPIC). "Reasoning from that says it would violate European law, which is much stronger."

In the United States, Microsoft's Passport service has come under fire for its potential to invade consumers' privacy and security flaws.

"Microsoft's software and services are notoriously insecure," said Jason Catlett, a privacy advocate and president of Junkbusters.com. "Even if they could protect it, there's the question whether you want a court-certified law breaker in charge of personal information."

In July 2001, the EPIC, joined by other privacy advocates, filed a formal complaint against Microsoft with the Federal Trade Commission (FTC), followed by a letter this past January to state attorneys general urging them to investigate the service.

Neither the FTC nor any states have announced probes of Passport.