Capital Gazette wins special Pulitzer Prize citation for coverage of newsroom shooting that killed five

Software giant in privacy debate


As if an antitrust battle weren't enough, Microsoft has thrust itself into the growing national debate on online privacy with its new Internet-services initiative, code-named HailStorm.

Microsoft is betting consumers will be willing to disclose more personal information in years ahead, in return for HailStorm's ability to simplify online shopping, collaborating and communicating.

Financial analysts say Microsoft may be the only company in the world with the skill and clout to pull it off, but privacy and security experts say the company may be overestimating how much information the public is willing to share.

"This is sort of what defines you as an individual, and I think there's some real issues there about giving some company control of that data," said Marc Rotenberg, director of the Electronic Privacy Information Center, a nonprofit policy group in Washington, D.C.

But Craig Mundie, the Microsoft senior vice president helping Chairman Bill Gates develop strategies, contended that people were reluctant at first to use credit cards because of privacy concerns, and now the cards are ubiquitous because they make life easier.

Mundie said the public will accept HailStorm and Microsoft as a trusted repository within five to 10 years. "They'll trade off aspects of personal information in order to get a benefit," he said.

Gates presented HailStorm in March as the cornerstone of Internet services Microsoft will offer starting next year.

Initially, HailStorm will consist of a universal password and a service that would deliver short text messages to computers, pagers, phones and other devices. It would also automatically coordinate appointment calendars and store personal files online.

Eventually, the service will be able to watch and listen to computer users in their homes and offices, so it will know when they are busy and when to interrupt them with important messages and calls.

Microsoft researcher Eric Horvitz, who demonstrated the seeing and listening "notification platform" at a conference in Seattle last month, said it will "inform the notification manager as to how best to get information to you in the right time and the right place."

Basic HailStorm services, including an expanded version of Microsoft's Passport authentication service, will be free when they become available next year. Services such as automatic message delivery and calendar management would likely be available for $20 to $50 per year.

HailStorm would ultimately act as an online secretary, arranging appointments, filing documents, reminding you of a relative's birthday and helping buy and ship an appropriate gift.

If you were in a car accident, HailStorm could send your medical history and insurance information to the hospital before the ambulance arrived. It could page your spouse and reschedule your appointments.

But for HailStorm to do its job to the fullest, users would have to entrust Microsoft with all kinds of personal information.

People share personal information with their bank, other information with their doctor and still other information with friends and family. But most people don't give all that data to a central registry like HailStorm, Rotenberg said.

"One of the ways we protect our privacy is by disclosing some of our information in some contexts and not in others, and it's in that selective disclosure of information that you establish bonds of trust and friendship with friends and family members and others," he said. "Sitting in the hub of those relationships is the actual individual.

"What Microsoft seems to be doing here is saying, 'Sure there's an individual, but we can effectively map those data flows and extract them from the individual and replicate them on a case-by-case basis,' and that's where I think some substantial privacy issues arise."

Another concern for some is Microsoft's ability to protect that data. In announcing the service in March, Microsoft officials acknowledged the company has been vulnerable to attacks and system failures, but that it also runs some of the world's busiest Web sites.

"Now, being honest, some of that experience is very good and some of it's not so good," said Bob Muglia, the group vice president overseeing technical development of the services. "But we're committed to taking and learning from the mistakes that we've made."

Still, having one company in control of so much information makes some security experts leery of HailStorm.

Centralizing data creates a target for attacks, especially if it's Microsoft doing the centralizing, said Richard Stiennon, security-research director for Gartner, a Stamford, Conn.-based consulting company that advises 60 percent of the Fortune 500 companies.

"They're the most attacked infrastructure there is on the Internet, they're the No. 1 target for hackers," he said.

Privacy and security concerns aside, Microsoft should have no problem creating the sophisticated network upon which HailStorm will operate, said Giga Information Group analyst Rob Enderle.

Sooner or later, Enderle said, services such as HailStorm will drive the next wave of Internet commerce by providing a more personalized experience for the consumer. And Microsoft could make it work.

"They're probably one of the only companies that can pull together the mass of resources, whether that be software development tools or platforms, to create an overall integrated solution among messaging, customer information and e-commerce that would be required to really change the Internet market," he said.

Another hurdle may be Congress, where concern about online privacy has prompted several bills that could restrict the collection and use of personal information. A spokeswoman for Republican Sen. John McCain of Arizona said privacy and Internet taxation are priorities for the Commerce, Science and Transportation Committee, of which he is chairman. McCain and Sen. John Kerry, a Democrat from Massachusetts, are planning a privacy conference this spring to gather information from the public and industry.

Microsoft is asking lawmakers to give new laws enough flexibility to allow services such as HailStorm, under the premise that users will be able to decide how much information to disclose to Microsoft and dictate how much the company will disclose on the Internet.

Mundie said the company is up to the challenge.

"We're talking," he said, "about changing society's infrastructure."

Copyright © 2019, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad