REDMOND, Wash., Dec. 7, 2000 — Microsoft Chairman and Chief Software Architect Bill Gates told privacy and security leaders today that the continued growth of online shopping and the proliferation of convenient devices that automatically exchange user information depends largely on one thing — the confidence of consumers and other users that their personal information is secure.
Richard Purcell, Microsoft’s director of corporate privacy, talks with other privacy and security leaders during SafeNet 2000.
Gates kicked off SafeNet 2000, the first technology security summit of its kind, by demonstrating Microsoft’s vision for how the company will increase user confidence through technology advances it is already integrating into its products.
Gates made it clear, however, that there is still much work to be done. He and other Microsoft officials challenged attendees at the two-day summit to look for additional ways to increase privacy and security in the Internet age.
“The challenge is clearly ours to take up,” said Richard Purcell, Microsoft’s director of corporate privacy. “The question is: will we, how will we? This summit is a gathering to determine the answers to those questions.”
Microsoft arranged and is hosting SafeNet 2000 at its Redmond campus. Dozens of security and privacy leaders from the areas of technology, government, law enforcement, policy, academia and consumer protection have gathered to share concerns and discuss possible solutions to the increasing need for information security in the Internet age.
The leaders began attending panel discussions today. They also began working in groups this afternoon to draft ways to improve online security. The groups are scheduled to present their proposals on Friday.
Users Concerned About Security
Gates said concern about information security and privacy has increased among computer users as they share more personal information while shopping and engaging in other activities online.
Without serious attention from technology and security leaders, this concern will continue to grow as advances in technology allow computer users to more easily trade personal online preferences and other information among multiple devices, such as their office computer, cell phone and television set-top console, he said.
“One of the key priorities for industry is building systems that are secure and able to preserve privacy,”
“There is no way to enforce policies around privacy unless there is a secure infrastructure working, and working perfectly.”
Gates said the need to maintain multiple computer passwords and online identities is degrading security because users are putting less energy into creating unique authentication. He offered
technology as an alternative, demonstrating on stage how a pilot program on the Microsoft campus limits access to computer systems and buildings.
When Gates slipped the Windows Powered Smart Card — a credit –card-sized pass that stores personal identification information — into a mobile device, the system provided access. When he pulled the card out, Windows’ Active Directory locked him out. Employees swipe the same cards through electronic readers to enter and exit buildings. This prevents employees from leaving cards in computers — and others getting unauthorized access — after employees are done working, Gate said.
With smart cards,
“we are giving people the means to determine every kind of identification process for every class of user,”
P3P Increases Security Online
Although many consumers feel uneasy about divulging personal information online, Gates said it’s only natural for businesses to attempt to collect and use this information. In comparison, he joked, most consumers wouldn’t tell a clerk at a traditional store to
“Forget everything about me”
when they finish shopping.
Much of the information online businesses collect allows them to tailor their services or selection of products to the consumer. The key, Gates said, is that consumers should know what they are giving out. They also should be able to create privacy preferences for their personal information.
Microsoft has incorporated a new protocol, or set of rules, into beta versions of Internet Explorer 6.0 that allows users to define the information they don’t mind sharing over the Internet and informs them when Web sites want additional information.
The protocol is called P3P, or Platform for Privacy Preferences. Developed by the World Wide Web Consortium (W3C), the protocol creates a standard way for Web sites to define how they gather information over the Web. It also allows P3P functions to be implemented over the Web.
Gates brought Michael Wallent, p , , roduct unit manager for Windows Internet Technologies, on stage to show how Internet Explorer 6.0 will incorporate P3P. On an overhead display of a computer screen, Wallent demonstrated how it would take users only two mouse clicks to begin establishing their privacy settings. He then visited two make-believe Web sites. A green icon appeared on the screen when he visited one site. It was seeking only information he chose to disclose. He was warned by a red on-screen icon when the other site sought information he wanted to remain private.
When users click on the red icon, they receive a plain English description of what information the site wants and then can decide whether they want to change their privacy preferences and enter the site. Users also can accept the preloaded default settings or download those created by privacy groups or organizations.
Internet Explorer 6.0 will be included in a beta version of Whistler, the next version of Windows, which is expected to be released early next year.
We’re All In This Together
Following his speech, Gates answered questions from the audience and reiterated the need for government, industry and academia to work together to solve the problems of online security and privacy.
Gates demonstrated throughout his speech that Microsoft isn’t looking to pass the buck. He said Microsoft plans to make itself a model for how to reduce the inconveniences and damage done by computer viruses and other breaches in online security.
“The magic of software (is that it) can improve the situation quite a bit. This is not just a zero sum game,”
Gates said. For computer users,
“it doesn’t mean taking a trade-off and living with that.”