REDMOND, Wash., June 9, 2004 — Consumers and businesses are increasingly concerned with protecting the security and confidentiality of their online information, and with good reason. Unsolicited junk e-mail makes up more than half of all e-mail communications, according to the Pew Internet and American Life Project survey (December 2002). The misuse — and fear of misuse — of personal information have made consumers skeptical of Internet commerce. As a response, governments worldwide are imposing detailed requirements on the collection and use of personal information.
Peter Cullen, Chief Privacy Strategist
These issues will be among those considered at the TRUSTe Symposium: Privacy Futures, organized by the International Association of Policy Professionals (IAPP) and taking place today through Friday in San Francisco. Microsoft is a key supporter of the conference and two Microsoft executives — Brian Arbogast , corporate vice president of Communication, Platform and Services Group, and Peter Cullen , chief privacy strategist — are among the keynote presenters.
To learn more about the online privacy issues facing consumers and businesses, and about Microsoft’s responses to those issues, PressPass sat down recently with Arbogast and Cullen for a chat.
PressPass: What are the biggest threats to privacy online and how significant are they?
Cullen: No one who uses e-mail needs to be told how serious the spam problem is. It clogs in-boxes, dragging down the productivity of computer users and exposing them and their children to unwanted messages. Spam has made most users less trusting of e-mail and, as a result, 25 percent have reduced their e-mail use, according to one survey [Editors’ Note: Privacy and American Business Survey, March 2003]. Deceptive software — software that customers don’t want on their machines, including spyware, adware and so on — is more than a nuisance. It’s a threat to user privacy and security, and can degrade computer performance. Protecting children from online threats remains an immensely important issue — every other online threat becomes magnified when parents worry about what their kids are encountering online.
PressPass: How does Microsoft respond to these threats?
Brian Arbogast, Corporate Vice President, MSN Communications Platform, MSN and Personal Services Division
Arbogast: We’re doing everything we can to put the bad guys out of business. Our efforts against spam and deceptive software are both multifaceted approaches including technology innovation, industry cooperation, legislation and law enforcement support, and consumer education.
To coordinate our efforts against spam we created an Anti-Spam Technology and Strategy Group at Microsoft. Our new anti-spam technologies appear in Microsoft Office Outlook, MSN and Microsoft Exchange Server. They’ve already improved the situation for our customers. For example, over the last six months, we’ve cut the spam that our MSN Hotmail users receive in their mailboxes by more than 60 percent. The problem’s not licked, of course, but we’re making real progress.
We’re also a founding member of the Anti-Spam Technical Alliance, where we coordinate efforts with members AOL, Earthlink, Yahoo, Comcast and British Telecom. We’re promoting stronger anti-spam enforcement with governments around the world. And our anti-spam Web page tells consumers what they can do today to fight spam. The problem’s not licked, of course, but we’re making real progress.
On the deceptive software issue, Microsoft made enhancements in the forthcoming Windows XP Service Pack 2, due out this summer, to thwart some of the methods that unscrupulous software makers use to install software on consumers machines without their consent. Also, Microsoft launched a Web site to educate consumers about deceptive software, www.microsoft.com/spyware, with links to vendors that offer software removal tools. In conjunction with other companies in the industry, Microsoft is working with government agencies, such as the U.S. Federal Trade Commission, to help develop a common understanding of the issues associated with deceptive software
To help protect children, parental controls in MSN give parents powerful tools to manage their children’s Internet use and help protect them from inappropriate content and communications. Parents can receive automatic emails showing how their children are using the Internet through MSN. They can control with whom a child is corresponding via MSN Mail or MSN Messenger. And via MSN Premium, parents can select settings to help block inappropriate Web sites.
PressPass: What guides Microsoft’s approach to protecting privacy?
Cullen: In the context of technology-based information, ensuring privacy means that people have control over how their personal information is used. At Microsoft, we regard the protection of customer information as a vital element of trust, and we believe customer trust is vital to the success of our business. But protecting privacy alone isn’t enough to build and maintain customer trust. We see it as one of four elements, or pillars, of Microsoft’s companywide Trustworthy Computing initiative — delivering the level of trust and responsibility that people should expect from the computing industry. The other three pillars are security, reliability, and business integrity.
That means that for Microsoft privacy directly relates to our company’s strategy and our overall business objectives. Since information privacy is a business imperative, we have to consider what kind of structure we put in place to manage it. The net result is: We look at privacy holistically, across Microsoft.
To accomplish this, we have a Corporate Privacy Group that is responsible for managing the programs that enhance the privacy of Microsoft products, services, processes and systems, both internally and for our customers and partners worldwide. But we don’t stop there.
We have dedicated, full-time privacy staff in many of our major business units — and we also incorporate responsibility for privacy into the roles of several hundred staff members. For example, the Windows group has more than 160 privacy leads, and MSN has more than 50 privacy “champs,” or champions, responsible for ensuring that privacy policies, procedures and technologies are optimized for their areas.
PressPass: Tell us more about how technology supports your privacy effort.
Arbogast: At Microsoft, we further our privacy goals through a range of technologies in Windows and other products, as well as in our MSN service offerings. Creating privacy-enhancing technologies is only part of the story — the other part is setting policies and defaults for the best use of those technologies.
We’ve enhanced customer privacy by setting limits on the information that our software collects and communicates to the Internet, as well as by giving customers notice about those communications and control over whether and how they take place. You can see this, for example, in the error-reporting technology in Windows XP and Office XP.
One of the more innovative approaches to protecting privacy is the Information Rights Management (IRM) technology in Office 2003 and the Windows Rights Management Services for Microsoft Windows Server 2003. Traditionally, users had few tools to limit the distribution of their confidential or personal information. IRM technology changes that. It gives users control over who can open, forward, print or edit their Office 2003 documents and e-mail messages within an enterprise. Windows Rights Management allows an organization to set consistent rules for whether its documents can be viewed, edited and printed, and by whom.
PressPass: You also mentioned working with other companies and with governments.
Cullen: Absolutely. We work with a variety of industry groups and other members of the online community to develop standards and common approaches to address the issues of online privacy. We’ve been a premier sponsor of both TRUSTe and BBBOnLine. In addition, many Microsoft Web sites are long-term licensees of the TRUSTe privacy program. We also support industry-wide privacy efforts through our sponsorship of the Privacy Enhancing Technologies Workshop. The PET Workshop is unique — a yearly conference that brings together experts from around the world to discuss recent advances and new perspectives in privacy and anticensorship services for the Internet and other communication networks.
On the government side, Microsoft’s meets the privacy requirements of all countries and regions in which we do business. And we afford the benefits of our privacy policies to all customers worldwide, even if their governments don’t have specific privacy policies. For example, in 2001 we were one of the first multinational companies to agree to the Safe Harbor principles for the management of data. This was a U.S.-European Commission agreement, but we’ve voluntarily extended our compliance with Safe Harbor to cover all of our customers, worldwide.
PressPass: What can consumers do today to enhance their online privacy?
Arbogast: We want to provide consumers with the tools and information that empower them to better protect their information and keep their families safer online. So, we’ve taken the initiative to promote consumer education about privacy and related issues on our Web sites. The Online Safety & Security site on MSN, at security.msn.com, is a great example of this.
Our Protect Your PC campaign brings together the most relevant security content from MSN and combines it with highlights from Microsoft.com. I’d advise all consumers to read our “3 Steps to Protect” information. Those steps include the use of an Internet firewall to protect the PC from hackers, viruses and worms; the use of automatic Windows updates to ensure up-to-date security protection; and the use of current anti-virus software. I’d also urge parents to look at our Staying Safe Online Web site for tips specific to keeping their children safe online.
PressPass: What should readers understand the most about Microsoft’s privacy efforts?
Cullen: Microsoft is absolutely dedicated to ensuring the privacy protections of our software products, Internet services, and online commerce and customer interactions. It’s a continuing mission at Microsoft — a longstanding and broad-based commitment that merely starts with our Web-site privacy statements and that goes on to include technology innovations, best practices, industry and government collaboration, and consumer education.