Q&A: Trusted Computing and the Privacy/Security Debate After September 11

MOUNTAIN VIEW, Calif., Nov. 5, 2001 — Microsoft on Tuesday convenes Trusted Computing 2001, the only gathering at which leaders in the fields of online privacy and security can meet to address issues and develop consensus for protecting computer information and infrastructures. The three-day forum here is expected to attract more than 150 leaders from government, business and academic and advocacy groups.

Richard Purcell, Microsoft Director of Corporate Privacy Click for a high-resolution image.

Trusted Computing 2001 comes just 11 months after the only other meeting of this type, the SafeNet 2000 forum, also convened by Microsoft. But these two gatherings have been separated in time by the tragic events of September 11 — events that changed the context in which cyber-security must be discussed.

To better understand the challenges that businesses, government and consumers face in the areas of computer security and privacy, as well as in the broader area of trusted computing, PressPass spoke with Richard Purcell, Microsofts director of corporate privacy, and Steve Lipner, Microsofts director of security assurance.

PressPass: What did we learn coming out of last years forum, and how will that influence what happens this week?

Purcell: The conclusions from last years forum centered on the need for business, government and academic centers to collaborate more closely — and with greater trust — to address security and privacy concerns, on the need to better educate the public, and on the need to develop and implement best practices to minimize potential problems. SafeNet 2000 was the first time that security and privacy leaders came together in an interactive forum setting, with the opportunity to address and identify common interests and concerns. That alone was a step forward. This year, weve created even more opportunities for these two groups to interact, rather than to conduct their discussions separately. Were going to build on the foundations we created last year, to develop more specific plans and action items.

Steve Lipner, Microsoft Director of Security Assurance Click for a high-resolution image.

Lipner: For example, last year we began a community-wide dialogue on the subject of responsible handling and sharing of information about the vulnerability of systems. This is a contentious topic in the security community. There have been long debates on whether full disclosure to the public at large about security problems with specific products helps or hurts the customers security. Customers can use this information to help protect themselves but, at the same time, an attacker can use the information to create more dangerous attacks. SafeNet 2000 produced a consensus statement about the need to disclose security issues. This week at Trusted Computing 2001, we hope to build on that consensus with specific guidelines for implementation. This is one of the areas in which last years discussion was more theoretical, and in which we expect this years discussion to be more practical.

Similarly, last year the participants agreed that security measures must be implemented in ways that dont harm users, and that privacy protection can provide an economic benefit for companies. Now we hope forum attendees move forward on those ideas.

Purcell: Also last year, we began to identify Internet business models that contributed to consumer anxiety about how personal data was gathered and used. This year, we hope to focus efforts on distinguishing between business models that are accepted and not accepted by consumers, based on the full range of trusted computing issues.

PressPass: Tell me about the concept of

trusted computing.

Last years forum was called

SafeNet 2000,

this year its

Trusted Computing 2001.

Does this signal a different focus?

Purcell: Yes, the name change itself is indicative of how the discussion has progressed over the last year. In 2000, the forum — and the issues being discussed in the industry — were focused narrowly on privacy for consumers and security for information systems. Now, we believe that the discussion is broadening to embrace the overall concept of trusted computing, computing that is inherently trusted by those who use it. That, after all, is why security and privacy are important, because they contribute to the trust that people have in online services and information systems. But there are other issues that affect trust beyond security and privacy. Availability and integrity — which includes accuracy and maintenance of data over long periods of time — are also serious concerns. Trusted computing requires an objective, open way to measure and evaluate performance on all of these considerations.

Lipner: But in another way, the two forums are very similar. Last years was successful because we didnt structure it as a series of conference-like lectures. We invited the people who usually lecture behind a podium to share their views in rich interchanges with their colleagues and competitors, and to roll up their sleeves to help advance the discussion and begin to fashion solutions. We are taking that same approach this week.

PressPass: Does the broader focus on trusted computing mean our information infrastructure is largely secure, or secure enough?

Lipner: We think of security as a journey, not a destination. Threats are always changing, and its a constant challenge. There have been some well-publicized problems over the past few months that affected a lot of organizations — but a lot of other organizations rode out those incidents without being affected, because theyre applying best practices that are very effective in making them secure. The challenge for Microsoft, as a leader, and for the industry overall, is not just to create new ways to enhance security, but to bring everyone in the industry up to the level of companies already benefiting from best practices. The Strategic Technology Protection Program that Microsoft announced a month ago is one way were meeting this challenge. Were expanding the online and human resources available to all of our customers to enhance their security.

PressPass: How do the events of September 11 affect our understanding of computer security and privacy issues? How has the dialogue changed in the aftermath of those events?

Purcell: September 11 challenges all the conventional thinking about the commercial handling of privacy and security issues. It demands an expansion in the way we think about the concept. In many ways, the tensions between privacy and security that formerly existed within the commercial environment have now been brought into the public arena, where the question of how to balance liberty and safety must be debated on the governmental level, because its now clearly a matter of national security. Richard Clarke, director of the federal Office of Cyber Security, will deliver a keynote at the forum that will spur discussion on these issues and challenge the industry to play an important role in the process.

Another change in the discussion after September 11 centers on the nature of the privacy debate. Before the attacks, the commercial debate was about how to provide as much service as possible with as little data exchange as possible — that is, maximizing service and privacy at the same time. Now the question is different, because people understand how maximizing privacy to the point of anonymity has the potential to erode public safety. Promoting public safety in the commercial world means sharing data with government that, before September 11, we might never have considered sharing, out of privacy concerns. How do we balance the considerations of personal liberty, public safety, commercial privacy and commercial security? Thats a key question. Its important to understand that the tradeoffs among these considerations always existed, but that September 11 brought these issues violently to the forefront of the discussion, and affected the relative weights we may put on them.

PressPass: What about some of the aspects of privacy implementation, such as the rise of chief privacy officers and the development of P3P — have these changed since last year and even since September 11?

Purcell: The position of chief privacy officer is important for any corporation thats providing information-based services, and weve seen a continual increase in this position over the last few years. In light of new and greater threats in our world, being proactive to address online threats and collaborating with other stakeholders in the solution is increasingly important. That collaboration should include not only internal stakeholders, such as the privacy and security officers, but also external stakeholders such as governments, third-party providers and others. But the role of the privacy officer has also changed post-September 11. The privacy officer has to be more cognizant of the costs of privacy and, while remaining the chief advocate for privacy protection, has to understand that there must be a balance, that some privacy loss must be the cost of greater safety. The ultimate privacy state is anonymity — and we now know that being anonymous can have cataclysmic consequences for society.

Lipner: P3P, or Platform for Privacy Preferences, was developed by the World Wide Web Consortium (W3C) as a standard way for Web sites to define how they gather information. Individuals can take advantage of P3P — weve incorporated it into Windows XP and Internet Explorer 6.0, for example — to understand when Web sites are seeking information that users may or may not be willing to divulge, and to choose to divulge the requested information or not. P3P wont go away or become less important. It is a part of giving consumers tools to control their information online.

One persons privacy is another persons exposure. P3P enhances the individuals privacy by exposing the activity of Web sites with which the individual interacts, thus diminishing the ability of the sites to obtain information or to place code on the individuals PC without that persons knowledge. Whether P3P has a greater impact on privacy or on safety depends on how we use it — demonstrating how multi-dimensional this challenge really is.

PressPass: What is Microsofts commitment to the issues of trusted computing?

Lipner: We think that, because of our size and our role in the industry, we have an obligation to be a responsible leader on these issues. We are committed to making and leading industry progress on building trust, and in developing more secure products, systems, and technology practices that empower private, safe, secure and trusted computing for all users. Our convening these forums is an outgrowth of that commitment to responsible leadership. We are bringing together business partners, competitors and neutral third parties. Reaching consensus with competitors on issues of increasingly grave concern to the country clearly shows that were serious about making progress.

Purcell: Beyond convening these forums, we demonstrate our commitment to the issues of trusted computing every day. On the privacy side, we have a robust, worldwide policy on data protection and privacy that we believe is a model for the industry. We voluntarily implement privacy policies consistent with public standards, such as the European Union Safe Harbor agreement. And we implement standards-based privacy technology, such as P3P, into our products.

On the security side, Microsoft is a true leader in fulfilling a commitment to security technology, secure data practices and protections. The Strategic Technology Protection Program that Steve mentioned earlier is probably the most comprehensive program of any company to enhance customer security. Were mobilizing technical account managers to reach enterprise customers, extending security-related product support and online resources to all customers at no charge, expanding our own security efforts and providing one-step software updates, called security rollup packages, that help our largest customers to be as secure as possible with their Microsoft products.

PressPass: Microsofts XML Web services, known as .NET My Services, are frequently discussed in the context of privacy and security concerns. How does Microsofts development of .NET My Services fit with this commitment youve been describing?

Lipner: Security is absolutely fundamental to the acceptance of .NET My Services, which gives users the information and services they want in a very distributed, networked way. Weve heard this from partners, competitors, governments and analysts — but we heard this from our own executive management before we heard it from anyone else. Microsoft was absolutely clear from
“day one”
that security was an essential component of .NET, that .NET would be the first globally scaled information service built from the ground up on a foundation of privacy and security principles that ensure a trusted relationship with consumers and providers.

Consumers want .NET My Services to be able to identify them accurately, to be able to distinguish them from other users, so that only they can access their personal information. Its similar to other security challenges, but magnified because of the distributed nature of the Internet. And while users want a solution that identifies them effectively, they also want a solution that identifies the service provider effectively to the user. Is the service provider who it says it is, and can it be trusted to use and safeguard the consumers information properly?

We have incorporated a broad range of technology and policy solutions to ensure the appropriate level of trust for .NET My Services. In fact, we believe that .NET is an example of what trusted environments will look like in the future. And this is increasingly important because computing will become increasingly ubiquitous. Well have computers — whether or not we recognize them as such — in our cars, phones, homes, appliances, medical devices, everywhere. Being able to trust these devices to ensure privacy, security, and more, will be central to their effectiveness. This week, we take another step toward ensuring that future.