Microsoft surrenders to FTC's will over Passport

THE FTC SAID it had settled with Microsoft over possible problems with privacy and security using its Passport web services.

Microsoft will introduce an information security programme to prevent users' privacy being compromised.

The FTC's chairman, Timothy J. Muris, seemed to issue a warning for the future though, when he said: "Companies that promise to keep personal information secure must follow reasonable and appropriate measures."

Microsoft's three services - Single Sign In, Express Purchase and Kids Passport - all collect personal data for Web sites that agree to use the service.

The FTC had claimed that MS falsely represented it did include reasonable privacy and confidentiality measures, including personal info and credit card numbers, and that transactions using Passport were safer than when people bought kit not using it.

Microsoft, according to the FTC, also claimed that it didn't collect any personally identifiable info when in fact it did.

And it had said the Kids Passport programme gave parents control over what info could be collected from children, falsely.

Microsoft has signed a consent order to stop misrepresenting information practices, and it must introduce a programme which has to be certified as secure every two years.

Microsoft said in a statement that the consent order "reinforces Microsoft's commitment to improving security, and we will meet and work to exceed this high bar."

But of course it might never have done so had not a coalition of different groups, and the Federal Trade Commission, hadn't bounced it into signing the consent order.

Brad Smith, Microsoft's chief lawyer, is to comment on its view of the consent order today, at 12.30 EDT. There's a Q&A all ready in place on the MS site, which you can find here. µ