The Electronic Privacy Information Center has asked state attorneys general to investigate Microsoft Corp.'s Passport identity service, saying it exposes consumers to fraud, spam and identity theft.
Microsoft Corp. denies the allegations.
Passport allows customers to simplify Internet transactions by allowing consumers to store passwords, credit card numbers and other personal identification.
Redmond, WA-based Microsoft claims to have created 200 million Passport accounts, mostly through Hotmail, its free e-mail service, according to published reports.
In a letter sent Tuesday to 50 attorneys general, EPIC wrote: "Although Microsoft has continually expanded its partnership with online retailers and services, it has done little to improve the protection of consumers' personal information…or provide a reasonable explanation of how the collected data is used or may be used in the future."
In reaction, Microsoft said it shares EPIC's concern of privacy for consumers. "But as we've said in previous occasions, we believe EPIC's claims are totally unfounded," said Rick Miller, a Microsoft spokesperson.
"There's never been an instance of a credit card being stolen. We do not rent, lease or share information and our service is completely opt in. The only thing a customer has to give us is a user name and a password," Miller added.
The letter states that EPIC had asked the Federal Trade Commission to investigate the matter, but it has "failed to act." It urges the states' top lawyers to protect consumers against unfair and deceptive practices under their own statutory authority.
