Microsoft Corp., Redmond, WA, last week settled Federal Trade Commission charges that Microsoft misrepresented the security and nature of data collected via its Passport Web services, which let subscribers conduct business on participating Web sites using a single name and password. (Passport Wallet stores credit card data for purchases; Kids Passport lets parents oversee kids’ online activities.)
A complaint led by the Electronic Privacy Information Center said Microsoft misstated that Passport transactions are more secure than other online transactions (they aren’t), that Passport doesn’t collect personally identifiable data (it keeps such data for a short time), and that parents can control what data participating sites collect on their kids (they can’t). The FTC investigation also found Passport security measures inadequate. The settlement requires Microsoft to set up a comprehensive security program for Passport and similar services.
Network
