Enabling Security and Privacy in an Interconnected World

WASHINGTON, D.C., March 8, 2007 – In remarks Wednesday night during the annual dinner of the Center for Democracy and Technology (CDT), Microsoft Chairman Bill Gates emphasized the need for comprehensive federal privacy legislation that will provide meaningful protection for individuals online, and set clear guidelines for businesses.



Scott Charney, Microsoft Corporate Vice President, Trustworthy Computing

In today’s interconnected world, with affordable and powerful PCs, high-speed Internet connections and a plethora of mobile devices, computer users are engaging in rich online experiences around e-commerce, communications and entertainment. However, with this new interactivity comes an important responsibility – of governments, industry and consumer advocacy groups – to ensure that computer users can trust that their personal information is secure and private. In his remarks, Gates asserted that some basic standards must be put in place to ensure that personal information is kept secure, that people’s privacy is protected and that they are protected from harm, and cited the company’s commitment to building tools, applications and services in order to help keep the Internet a rich resource with which to communicate, play, shop and do business.

Microsoft believes that to provide a consistent, safe online experience, technology, enforcement and industry collaboration need to be supported by effective public policy. This includes strong legislation that prohibits deception, empowers consumers with control over their personal information and protects e-commerce. PressPass spoke with Scott Charney, corporate vice president of Trustworthy Computing at Microsoft, and Peter Cullen, Microsoft’s chief privacy strategist, about how all can work together to improve online safety and user confidence, and put spammers, phishers and scammers out of business.

PressPass: Why is a comprehensive federal privacy law necessary?

Cullen: As we all know, digital technology has changed the world in the last decade. We now have connected experiences that link our interests and communities into a seamless whole that extends to every facet of our lives. More and more people are envisioning a world of anywhere access – where individuals can get to the information, communities and content that they care about instantly and easily, no matter where they are. But first, people need to be certain that they can create and share information without fear that it will be compromised, stolen or exploited.

Building that trust, creating systems and processes that are more secure, giving people the confidence to know that the technology they use will protect their identity and personal data, cannot be accomplished by any one organization. Success will require a lot of hard work and extensive cooperation between companies, governments and organizations around the world.

One step in that process is an all-inclusive, uniform federal privacy law. The goal is to provide consumers with more protection with respect to how their information is used and protected; thus increasing their confidence to provide that information to legitimate businesses and other organizations. As a founding member of the Consumer Privacy Legislative Forum, Microsoft is working with other companies to advocate for this strong standard, and urge Congress to introduce and pass comprehensive legislation this year.

PressPass: You mentioned that a collaborative effort is necessary to achieve broader security and privacy goals. What’s been done so far?



Peter Cullen, Microsoft Chief Privacy Strategist

Cullen: In addition to new security and privacy features that we’re building into our products and services, we’re committed to working with others – such as consumer and privacy advocacy organizations, government agencies like the FTC and our industry colleagues – to educate consumers about how to avoid online security and privacy risks. That means initiating an ongoing dialogue with these groups so that we can work together more effectively in creating practical and effective solutions. It is also essential that we all come together to raise consumer awareness in order to reach our goal of more secure, privacy-enhanced online experiences.

Through continued innovation, Microsoft is working to identify and, through effective solutions, prevent new online scams or malicious behaviors that threaten consumer privacy and online safety. We are working diligently to find the right solutions to fight identity theft, shut down the spammers and phishers that attempt to put spyware on your computer.

Charney: As a company, we are committed to the principles of Trustworthy Computing: security, privacy, reliability and trustworthy business practices, which influence and shape everything we do at Microsoft. Our priority is to build security and privacy into all of our products and services, and share what we’ve learned with others in the industry. For example, we have published a set of privacy guidelines for software development, as well as books and tools that enable developers to write more secure code. And we’ll continue to move forward with our industry partners to raise the bar when it comes to bolstering security and enhancing privacy in software development.

PressPass: What are other ways that organizations can work together to protect privacy and make the Internet safer?

Charney: There are a number of things we can do. As Peter mentioned, we believe that a comprehensive, yet flexible legislative solution is required at the federal level to provide robust and complete protection for consumers, as well as provide consistency for organizations that would otherwise face a host of disparate laws affecting how they manage and protect personal information. Currently there is a growing patchwork of inconsistent, overlapping and complex obligations that are making consumers feel alienated, uncertain, and fearful about disclosing personal information, as well as making it more difficult for organizations to effectively and efficiently protect data. This puts the whole promise of information technology as a vehicle for economic growth at risk.

Beyond that, we need to empower law enforcement both nationally and internationally to protect consumers and families from online criminals and predators. It’s important, however, to take the right approach. Policymakers must continue to resist efforts to change the Internet’s fundamental architecture in order to make it “safer.” Focusing on punishing online criminals, while at the same time providing consumers with better tools to protect themselves from scams and exposure to unwanted content, will lead to a better Internet experience without undercutting its open, borderless nature.

PressPass: What steps has Microsoft already taken to improve security and privacy in its products and services?

Cullen: Our recently launched Windows Vista operating system includes new security and privacy features that help people protect their sensitive information, and provides IT administrators with new ways of protecting corporate networks as well as preserving data integrity and confidentiality. Both Windows Vista and our Xbox gaming system have parental control settings built into the system. These family safety settings help people easily and confidently manage access to content, whether for children or for themselves. Specifically with regard to children, parents can specify when and for how long their kids can use the computer, which Web sites they can visit, and which software applications they can use. This helps parents spot any inappropriate interactions taking place in chat rooms or social networking sites.

Windows Vista offers an array of advanced privacy and security safeguards that together provide defense-in-depth protection of sensitive personal data and a layered defense against viruses, spyware, phishing and other malicious software intrusions. For example, the Microsoft Phishing Filter for Windows Vista, Internet Explorer 7, and the Windows Live toolbar all help detect phishing attacks and malicious Web sites, reducing the opportunities of cyber criminals to deceive and defraud.

Although today we still have to put up with some spam, we’re continuing to make progress in protecting inboxes through collaboration with industry and government, consumer education and technical innovations. Industry-wide legal efforts and partnerships with law enforcement have helped stop some of the highest-volume spammers in the world. The SmartScreen filtering technology in Windows Live Mail blocks more than 3.4 billion spam e-mail messages every day, and the next version of Microsoft Exchange will include even more robust and accurate anti-spam technology.

Charney: Windows Vista was the first client-based operating system to be developed using Microsoft’s complete Security Development Lifecycle, a rigorous software development process that makes security and privacy an integral part of the way our products are developed, from design, to coding, to testing, to support in the marketplace. That process includes the Microsoft Privacy Standards for Development, which establishes a set of rules and guidelines to help ensure that consumer privacy and data protections are systematically incorporated into the development and deployment of all Microsoft products and services.

Microsoft is also investing in providing educational resources, training, supportive tools and global outreach to help customers make their environments more secure. For example, Microsoft, together with groups such as the AARP, the National Center for Missing and Exploited Children, the U.S. Chamber of Commerce, iSafe, the Boys and Girls Clubs, the Geek Squad, the National Cyber Security Alliance, GetNetWise, the U.S. Department of Commerce, and the FTC’s Onguard Online program, recently completed a 12-city nationwide GetNetSafe Tour that reached out to adults, businesses and children with messages on how to protect themselves online.

PressPass: What are some things consumers can do to help protect themselves today?

Charney: First and foremost, consumers should keep themselves educated about the threats that are out there and the steps they can take to combat malicious behavior, and be vigilant and protective of their personal information. At a very basic level, we caution consumers to keep personal information to themselves; safeguard account numbers, their Social Security number and any online passwords. People should learn to create strong passwords, through a mix of letters and numbers that would be hard for an attacker to simply guess. Another important tip is to be very cautious about downloading and sharing files, which includes downloading e-mail attachments. “Think first; click later” is the motto I like to share – this is vital to a safer computing experience.

In addition to exercising such caution, we advise consumers to embrace the technologies that are available to help protect them. The first line of defense is a firewall, which keeps the sensitive information in your computer safe from the outside world. We also advise that consumers keep their Windows computer protected and up-to-date against potential threats – Microsoft can do this automatically for you each month through the Automatic Updates feature. As a third measure in protection, use an anti-virus product and don’t let it expire. Finally, make sure that you have anti-spyware software so unknown people cannot track your online habits and potentially steal your information. Microsoft offers its anti-spyware protection, Windows Defender, at no charge.

Although this is sound advice, it is important to understand that many consumers do not yet take these steps. For instance, Consumer Reports surveyed 2,000 households with Internet access only to find that 20 percent did not have antivirus software installed and 35 percent did not use software to block or remove spyware. They also found that 2.4 million households with broadband connectivity remain unprotected by a firewall, and 795,000 households had purchased products advertised through spam, thus inviting spammers to continue their activities. This is important not only because it encourages spammers to continue to flood our inboxes with unwanted mail, but that mail may be promoting fraud or fishing for identity information that may lead to a loss of privacy and personal security. This is why consumer education is so important, so that people can better understand the risks and the steps they can take to be safer online.