Craig Mundie: International Association of Privacy Professionals National Summit 2005

Remarks by Craig Mundie, Senior Vice President and Chief Technical Officer, Advanced Strategies and Policy, Microsoft Corporation
“Technology Future; What It Means for Privacy”
International Association of Privacy Professionals National Summit
Washington, D.C., USA
March 10, 2005

MODERATOR: I think Trevor set us off with an interesting proposition, this construct of challenges that we all face as well as the strategic approach. And so with this in mind, we kind of shift gears to the role that technology plays in our lives, both for our organizations, for our customers and I think also with us as individuals. And I think also we’re beginning to think about and understand more about the role that privacy plays through that technology.

So it’s with great pleasure that we have Craig Mundie addressing us today. Craig is one of the senior executives at Microsoft, responsible for broad-based implementation of technology across platforms. He has a very unique view of the world in terms of the role that technology and the future of technology plays but as the founder of the Trustworthy Computing Initiative at Microsoft also understands all of these tensions.

So could you please give a warm welcome for Craig Mundie.

CRAIG MUNDIE: Good morning, everyone. It’s good to be here in Washington again. I get here quite often and explain to you a little bit about my view of what’s going to happen in the technological future, the near future and what the implications of that are for both privacy issues and the related policy considerations.

Today clearly a lot of the policy problems arise from the fact that we live in an increasingly interconnected world. Communication and collaboration are continually expanding; online commerce and banking are growing at a fairly rapid rate; people are using computers in pretty much every aspect of their daily lives. In fact, I went to Microsoft 12 years ago and my original job there was to start to design our software products that would go into non-PC computers. And so even though that began 12 years ago; we have software now for watches [Audio Break].

Mostly their privacy concerns or their technical concerns centered around the business computers that they had or the person computers that they used.

So we now face increasing challenges in maintaining privacy and confidentiality. We have new risks that essentially derive from people’s creativity, not in the good sense but in the negative sense. And, of course, as we seek to give access to all of these services to many more people, people are also creative in terms of developing new business models and taking well-established ones, for example, the critical ad-supported model of doing business like newspapers and magazines have used for many, many years, and figuring out, well, how do those things work in this new cyber-environment. And each of these things presents us with both benefits and challenges.

Microsoft has been involved for quite some time in developing privacy-enabling technologies. We’ve been sensitive to this issue I would say on an increasing basis for certainly the last five years, and we start to see more and more specific product activities or features put into the products that address striking an appropriate balance between the collection of data, the transmission of data and ultimately the use of it.

But we also have to recognize that we have some role to play in trying to defend, I’ll say, the innocent, the people who don’t really understand, they just want to use the technology and so a lot of work has been done, we’re currently beta testing an anti-spyware offering which helps people to make sure that these things don’t enter their machine.

I think people are often surprised; we talk about doing a beta test on this. The test community that’s downloaded this from Microsoft today is 9 million people and so the scale at which these things are happening is oftentimes a surprise. In the case of our MSN properties there’s about more than 300 million people a month, unique people a month who come to these properties and interact with the company. Similarly in the way that we update people’s software, when we put out the Service Pack for Windows that had some more of these capabilities in it recently, in the first 90 days about 120 million computers were automatically improved relative to their capability to handle these things.

We’re also developing new things like rights management technologies. Mostly people hear about these things in the context of protecting music and movies so that the commercial model of offering these things can be done, But the same technology is being made available in products to give individuals the choice of controlling the downstream use and dissemination of documents they write or materials that they produce. And so we think that people will ultimately become acclimated to having the ability in certain cases to have a more active and direct role in deciding what they do.

And we continue to build basic capabilities into the browser and other things to both deal with some of the automation of detection of privacy notices and security issues and help to evangelize these issues to the consumer directly.

But perhaps more than ever we have a very difficult balancing act. There are many, many technological changes that create more and more ways in which we can accumulate data. In fact, when we put computers into virtually everything that’s in your daily life, your personal life and your business life, what you really have is an increasing level of intimacy between the computer and the ultimate end user.

These ideas that people collect data as an ancillary part of doing business have been with us a long time, credit cards perhaps being one of the best known examples. And we’ve found an equilibrium, you could say, on a global basis between the data that was implicit in the use of a credit card and the sense that people enjoyed the benefit of credit but ultimately didn’t feel they were abused by the people who were in possession of that information.

I think a similar equilibrium has to be sought in many of these new areas, but the degree to which the computer touches people, the intimacy with which it will know and understand your preferences and choices, and perhaps different than other things we’ve seen in the past, the degree to which the computer can remember these days is pretty staggering.

Over the Christmas holidays I did a little upgrade in my home and I added two and a half terabytes of storage in my home. It was probably less than five or six years ago that most companies, Fortune 500 companies in this country or anywhere in the world, probably didn’t have a terabyte of storage in their entire enterprise datacenter. And so the cost of these things has declined so much and the capacity gone up so much that whether it’s something as small as a cell phone or as big as a personal computer in your home, you’re going to have what used to be the province of very large businesses in terms of the ability to capture and retain information.

And then we also have connectivity. It used to be that people who had any large amounts of data didn’t have it connected to very much; it sat in some central repository. Now this stuff is all over the place and therefore the controls on it are more difficult to enforce, and the aggregate amount of it that’s out there to deal with is much larger.

It’s interesting when I look back at the foundation of the Trustworthy Computing Initiative at Microsoft, it was a direct outgrowth of me being asked by my colleagues in the management group at Microsoft to take over responsibility for both our chief software officer and our chief privacy officer. And at the time they existed in different places within the Microsoft organization. The chief security people were more focused on internal corporate network security than anything else and the privacy people were basically working inside the company to try to make sure that our properties that were involved in collecting or dealing with data were somehow trying to be conformal to all the various privacy laws that existed in the countries we did business. And I was increasingly concerned that both aspects of these things were becoming more problematic, and so I questioned that and was rewarded with the opportunity to take over managing all of it.

And as I sat down with the teams as they came to work for me, I would ask the privacy people, OK, what are the problems and what are we going to have to do to solve this? And in a sense they said to me, hey, we actually got it all figured out; we know now that if we could just have complete anonymity on everything, we wouldn’t have a privacy problem. And I said, OK, that’s good, I’ll remember that. And then the security guys came in and they said, hey, we’ve got it all figured out, too; if we absolutely have perfect identity on everything then we won’t have a security problem.

And that was when I realized that we needed to have the Trustworthy Computing Initiative because we had to bring together conceptually the elements that we decided created trust and for us we concluded there were four things: security, privacy, reliability and the integrity of the business relationship that the company, any company, had with the people who were buying the products and services.

And so for four-plus years now we have had a very big focus that has been transformative inside Microsoft in terms of both our engineering practice and the culture of the company, and everybody from Bill Gates on down has really become very, very involved in finding a balance and doing the right technical work to ensure that these things play out in an appropriate way.

There are many challenges that we face. One of the things that I’ve been struck by as I’ve thought about these issues is the parallels that do exist between things that our society has come to deal with in the physical world for many years and the kind of problems that we now see happening in cyberspace. And I think oftentimes we don’t necessarily need new laws, we need to understand how the concepts that were embodied in laws that we had in the past need to be interpreted to be applied in cyberspace.

But unfortunately because the legal process is sometimes, you could say, of necessity retroactive, and because those people are not particularly familiar with what’s going to happen technologically, it’s oftentimes difficult for them to understand, well, do I need a new law, do I have to do something different, are these actually new problems that we have to defend against in our society?

And so Microsoft has become more and more active in trying to be a counselor in these areas because we have not only the reach to affect a lot of people, but we have some understanding of what’s likely to happen in the future.

One of the areas where this has come up recently and where I think there’s an analogy between how society has dealt with medicine and epidemiology and to some extent the problems we have in computer security is finding a balance again between privacy and user choice. If you think of this, as this little picture shows, on the right you get somebody getting a vaccination and in most countries of the world there are certain classes of vaccines that we think are essential for people to have, they’re not optional. If, for example, you want to have your kid go to school they have to have a certain set of vaccines and prove that they’ve had these vaccinations. And why is that? Well, because these diseases are so problematic and so contagious that society has decided that they’re going to impose their will on people if they’re going to allow them to circulate in a society, and we see this recurring over and over again.

SARS is another good example. These things emerge; there is no vaccine. But it doesn’t matter pretty much where you are these days: If somebody says you have SARS, you probably have about a few minutes before you’re locked up in an isolation ward someplace, because people now care, a lot, about that.

Well, to some extent we haven’t quite gotten to that stage with how we deal with problems in computer security, but I contend that we ultimately will come to that point. Now, today people have no real responsibility to the society they’re in about whether their computers are healthy and maintained in that state or not and even when there are, if you will, inoculations available for your computer that might make it safe relative to damage it could bring about to other people in the network, there’s really no legal basis and no even sense of social or moral obligation to get your computer inoculated against the things that it could be prevented against.

And so as we’ve worked to automate these things it’s been fascinating to watch how people in different regulatory environments would come to us and say, hey, that automatic update, we don’t really want that to happen because it might be a violation of somebody’s privacy. And, in fact, when we were putting out this big Service Pack for Windows recently there were some countries that actually told us that they would deem it illegal for us to automatically update all of the people’s computers. Then we said, well, what would you have us do? And they said, well, what we want you to do is to give them choice, and we want you to do that by mailing them a CD or a set of CDs which would update their computer.

And we said, OK, let’s get this right. So you want us to go make a CD instead of using the network to do it, you want the consumer to have to get involved in doing that process, you want us to expend the money to produce these things? And then we said, well, how do we find them? And they said, well, we’ll have to give you all their names. (Laughter.) And we said, well, you see we can do it anonymously through the network and you want us to embark on a mechanism where you’re actually going to have to entrust to us the names and mailing addresses of all of these people who would then get this and have to make a decision to install it themselves.

And after this dialogue we finally did get them to conclude it was probably better both in the privacy sense and in the technical sense to do what we had originally intended, but it shows how it’s easy to get a bit misguided if you’re very religious about what you think is the mandate to protect privacy in some absolute sense. So we do really work hard to deal with these issues.

In fact, what we did come to internalize over the last few years is that if you really want people to have comfort and trust around the privacy aspects of computing, these two key words are very important: notice and choice. And that’s what guides Microsoft these days in terms of trying to conform not just in a regulatory sense but in terms of giving people as clear an articulation of what is happening with the data that we collect and to try to give them as simple as possible a mechanism to make elections about what they want to participate in or don’t want to participate in.

And, to a much greater degree than we had in the past, we do these things in a way where people are given a choice to opt in, in many cases, or a very simple mechanism for opting out, and a number of our products in recent years have been built that way. In fact, much as we have done with security where we make the default consideration one that favors security, in the vast majority of cases we similarly make a default election in privacy where people are opted out and have to opt in for things that would transmit personally identifiable information.

In our own company, and certainly broadly on the Web, as little as four and five years ago that was clearly not the default case, and I think it’s an example where we try to provide leadership both based on our understanding and because of our global reach to try to show people what we think is a preferred way to do that.

One of the things that’s been interesting, though, as you try to find this balance between what the consumer wants to know — what you see scrolling by right here is Microsoft’s MSN privacy notice. It’s 11 pages long and what happened is as we built up this capability and had more and more properties, and it did music, and it did photos, and it did dating, and it did all these other things, you had, I forget what it is, six or seven pages at the beginning which is all the canonical privacy declarations, and then there are these specific sections that were added to it to deal with the specific and unique information acquisition and uses that would happen in all of these adjunct services. And as the thing builds you could say it’s just going to get longer and longer.

And it was clear to us from both testing and survey data and others that people cared about privacy. I think the previous speaker commented in his country that it’s clearly an issue near the top of mind for many people and we knew that, too.

And so one of the things that we’re actually sort of announcing and rolling out in the United States and Canada and several other countries today, and we’ve done it in eight countries in Europe so as of today, about a dozen, is essentially a new thing that we call the Short Notice for Privacy for MSN. So we basically distilled the 11 pages down to the form you see here; one page appears on your screen. It contains essentially what you can think of as the executive summary of the 11-page privacy notice but it uses the technology itself, including the embedded links that are shown in blue there, that allow people to drill down into any kind of expanded level of information or understanding or elections that might be important to them.

And so the whole 11-page, if you will, legal document still exists behind this, but by distilling it down to the short privacy notice and layering it so that people only have to go follow the links for the parts of this that they actually care about, we have found people to be very, very pleased with this as a way to give them comfort and more ease in accessing this information without having to think that they face the daunting task of an 11-page mostly legalese type of document.

So we’re doing this and I think again this will provide a leadership strategy for the company in trying to get people who are collectively in the online services world to look at a document like this and say, OK, that’s what we should have as well.

So in this world of technology, of course, the only constant is change. We work hard and spend a ton of money every year to try to keep the technology moving forward and we have many other companies on the planet that are doing the same thing.

But there are certain things that come together to create very significant trends that represent big change and one of those trends that we’re seeing today is this notion of Web services. And so many people probably have heard the term; often they ask me what does that really mean? And so I’ll give you a very simple way of thinking about the evolution of computing and how this Web services thing is going to change people’s lives and businesses.

One way to think about it, if you look at the diagram here starting in the lower left corner, when we introduced personal computers two decades ago it was really mostly about person-to-machine interaction: You had a computer on your desk, it probably wasn’t connected to any other computer anywhere and you found utility in using it directly; you had a spreadsheet or a word processor and you could do things and it was an assistant for you.

And then we started connecting these things together and putting more software on them, and eventually the computer has essentially become a component part of almost all types of person-to-person interaction. In fact, even the last bastion of non-computerized person-to-person interaction, which was the telephone, is now becoming computer-based and network-based and to a new degree, too. So whether it’s instant messaging or electronic mail or facsimile communications or now telephony itself, all of the person-to-person interactions are being mediated by the computer software and the network as well.

And so those two areas are kind of where we’ve been at the end of this last 20-year period. But now we have a capability to solve some of the security and identity problems that used to be confined to just a single enterprise and with that comes the ability to seek workflow automation or the ability to automate interaction not just between people and their computers, which is, you could say, what the Internet has been where you sit at a computer, you use a browser, you go out and access something on the Internet; now what we’re really doing is creating an environment where computers can talk directly to other computers, not just within one enterprise but between any enterprises and, in fact, between people and their computers and any enterprise.

And so the world that we’re entering is this machine-to-machine interaction world, and it will be one where the capacities of the computer to collect information and exchange information will be dramatically raised and this, of course, like everything else can be a two-edged sword: It can have tremendous potential benefits, it could create tremendous potential abuses and so our challenge is to try to figure out how do we make that work.

And you’d say, well, how would this help somebody? Well, here’s a very, I’ll say, simple example. Today, most people go to the dentist and if you want to go have a dental visit you make an appointment. You check your calendar, you talk to the receptionist on the phone, you try to negotiate some time you think you can arrive there, you schedule the appointment. A few days before, maybe the night before if your dentist is like mine, the week before they send you a notice because they don’t want you to forget, the night before they call you at home to remind you because they really don’t want you to forget, and you show up there and the dentist does his thing.

In the world of Web services and computer-to-computer communication basically this will become potentially a completely automated process. You have a whole bunch of computers in your life: your personal computer at home, your PDA, your cell phone. These things essentially know your calendar; they come to know your preferences; software will be there that would essentially act as your agent. It’s like having a great personal assistant. Similarly the reception desk of the dentist office will also be augmented by computer programs and network availability that advertise the dentist’s schedule to his patients. And so by essentially marrying these two systems together, when you say to your cell phone, “I want to have my teeth cleaned,” basically it will make your appointment for you, it will figure out based on your preferences when it’s there, it will compare your calendar with the dentist’s calendar, it will book the appointment and without anybody mailing you anything or calling you the night before it will provide little notifications and reminders in appropriate places in your home or your calendar appointment book and all that will be essentially just my machine talks to your machine.

And there is a potential business saving in that, which is why people will move to do it on the business side. There’s an efficiency associated with it and there’s a convenience associated with it. And yet one of the questions is, well, now a whole bunch more new information is being collected and exchanged about preferences and it isn’t just what cereal I like, it may have other important — to me — information that’s being exchanged in order to support this, even with something like my doctor or my dentist.

The question is, in this environment where I’ve essentially said, hey, I want my computers to talk to your computers, what is notice and consent at that point? Because you’re essentially taking the person out of the loop on both ends of this equation to some degree it’s going to be important to figure out how we reflect what those notice and choice options are and how they’re embedded in the program and how the user establishes those ground rules for the software systems that are going to work on their behalf.

And so these things are going to happen. I mean, the big businesses are already putting these mechanisms in place. We’re doing it to automate workflow between corporations, but just as the Internet has extended information access to the individual and now that this is arriving on your cell phone and your television too, all of these things will move in this direction and so there will be a new set of both technical and policy and, frankly, end-user-training challenges to deal with.

One way that we’re dealing within the enterprise on the protection of information is to develop technology that allows us to move toward what we call role-based access control. Today the world of computing has generally been broken into two categories of users, the people who just run a specific application for a specific purpose and the data access may be implicit in that, and then there were the people who ran the computers themselves and they usually had unlimited rights of access as a function of controlling the machine.

Now, what you’d really like to have is a situation where the people who are running the machine are running it like they were running the power grid or something else, it’s just infrastructure, they don’t know or have a right to see anything that’s going on inside the machine. And we’re moving to create this segregation of duties, if you will, between the people who operate the computer systems and the people who operate the applications on top of the computer systems, and we think we will be able to produce this separation of duties.

But even within an environment, for example, like a hospital, the hospital administrator may have the right and responsibility to access any information that is collected in the hospital but the accountant doesn’t necessarily have to know what’s in the medical record, and so we’re starting to be able to specify these ideas that accountants have a certain class of information, billing information, for example, that they need to understand; the docs may need something different; and we’re able to essentially specify policies where the machines control access to these things according to those specified roles. And I think as these things are developed and are deployed more broadly it will simplify the task of keeping straight who’s supposed to be able to see what and at what time and for what purpose, and many of the breaches of security that we face today may be remediated or prevented by virtue of these technical approaches.

I think this is critically important just because these things are expanding into use by so many people; not just the big businesses have these problems, it’s the little businesses that have these problems and they don’t have chief privacy officers and chief security officers and CIOs and other people who can operate your little shoe store, for example, and as a result it will be very, very important to get these things right so that people who use computing in small and medium businesses are able to conform to people’s expectations here as well.

So technology is opening up new business opportunities, but with each of them there are some privacy implications that we need to think about. The dramatically expanded use of wireless communications, both cellular and Wi-Fi, for example, and other things that are on the technical horizon mean that location-based advertising becomes more and more interesting. Like everything else, if you know where somebody is and what their preferences are, presenting the information to them that they find most useful is the most powerful way to do advertising. But, of course, you have to be intersecting a lot of information in real time to do that. Web services, as I talked about, where machines are acting on your behalf, represent an interesting challenge.

Another thing that’s going to emerge is distributed storage. As I said before, everybody is going to have a lot of storage in their home and in their pocket and in their car and as a result the computers, you should think that, in certainly the next decade the computers will have almost infinite recall, they just won’t ever forget anything. And as a result the question won’t be how do you manage to clean up your hard disk and get rid of stuff you want, it will actually cost people a lot more to try to clean up stuff than it does to just add some more storage, add a gigabyte for a buck, which is where we are today; you can spend a dollar and get another gigabyte and that’s a lot of data. And so nothing will go away.

And so the question is, in a world of infinite recall for everything, what does that mean? It’s an interesting thought. My wife always tells me she can hardly wait for the time when I will never forget anything because the computer will remember it.

Data mining. We have the ability now to troll around in all this data, develop personalized services, but now we could also mine it for other things.

That also brings us to another implication, which is a lot of the stuff that we’re doing has to be done in a way where it addresses the global marketplace, not just the needs of a single culture or society or country. And when we look at the emerging markets and some of the things that are happening there, the business changes and the way in which technology gets deployed is creating some really interesting challenges.

Many people today are outsourcing different parts of their business, particularly service and some lower level functions, to low-priced labor markets, and one of the things that you find, much as we found in the security area, is that in those countries they don’t always have the laws and processes in place that hold them to the same standards as the country where they’re actually doing the outsourced work from. And so there’s a legal problem, there’s a policy problem, there’s a practical business problem.

In many cases the companies in the established countries are essentially implicitly getting the legal environment changed by getting the business environment in those countries to contractually agree to conform to these other laws and it’s rippling sort of back up into policy there.

Another thing that’s interesting is that many of the things we think about, as I said earlier, derive from the way in which technology was deployed in, I’ll say, the G8 countries where we started with mainframes, went to departmental computers, got to the minicomputer and now the stuff is trickling out into everything else: your phone, your car, your television, your game machine.

In the emerging markets they don’t have all of those old computer systems, by and large, and they didn’t start with a computer on everybody’s desk. And the reality is the first computer in almost everybody’s life in an emerging market is their cell phone and many of the things that they do, all the information they want to access, all the interactions that they have, they want to do through their cell phone first.

And so the question is, what would it be like if I told you you had to read that 11-page privacy notice on your cell phone before you could do anything? It just wouldn’t work. And even the short notice probably doesn’t work so well on a cell phone. And so the question of how do we take what are now the concepts that we know and understand are important and manifest them in a world where the way in which the application is presented to people and the modus operandi for interacting with it is quite a bit different.

So what are the appropriate processes going to be by which we encapsulate what the notice and choice process is? Let programs be proxies for people in a great many cases? We have tried some of these things in the past; I think they were not ready for prime time — for example, having machine-readable privacy notices on Web sites. I think we’re going to have to revisit that question both as a matter of policy and practice, and I think we’re going to actually have to get to the other side where there’s going to have to be a machine-readable privacy choice statement for the consumer and every application is essentially going to have to take that and enforce it as policy and intersect that with the privacy and security aspects that are on the service being offered. Without that we’re going to have too many people who either don’t care or will be unable to do that.

Another thing that’s fascinating in these emerging markets is the illiteracy rate is so high. So telling somebody, well, I’m going to give you this thing to read and they say uninteresting, I only push buttons and look at big things or listen, somebody has to speak to me in order to get me to interact with it, and these are things that we don’t think about in the rich-world countries, but the next two billion people that are going to use this technology on planet Earth in many cases don’t have the luxuries and training and education that most of us assume the population has in order to make this stuff work.

So one of the areas that is a hot topic these days is RFID — radio frequency identification tags. When people start to use these things, whether it’s in an individual clothing item like Benetton was attempting or whether it’s for the supply chain uses of Wal-Mart or the Department of Defense, it’s starting to make people quite nervous.

But I think it would be a big mistake if people have a knee-jerk reaction to say just because these things could have an abuse mode in consumer applications that we should just force them not be able to be utilized. I think there will be many benefits that will be invented from the ability to have ID tags in almost everything. For example, if you put them on your clothes and you go to an intelligent washing machine and just throw your clothes in there, the thing will basically know the optimal way to wash your clothes, it will make sure you don’t put your red shirt in with your white socks because it will just refuse to wash them together. (Laughter.) And you can laugh, but we know how to do that today — but you can’t do it if you don’t know what the item is.

And so I don’t know whether it’s a big privacy implication to that or not, but we need to make sure that we don’t just blindly say that having this identity mechanism is a bad thing, that there can’t be any good uses. I think there will be lots of interesting uses and we need as a matter of policy to make sure that we reflect on those opportunities.

I think that tagging items and allowing all these systems in the home to interoperate, whether in support of people … we’re going to have an aging population. I think computers are going to be an integral part of ultimately lowering the cost of healthcare and support for people who are increasingly going to live longer and where we are going to have to find ways to control costs. I think that these kinds of technologies are going to have an important role to play there and we need to make sure that someone who speculates about privacy implications of this doesn’t essentially take away the technology community’s ability to be innovative in the applications.

Like anything else, we’re going to have to find an appropriate set of checks and balances and policies that apply to these things, but personally I don’t see that RFID tags are any different than other forms of product codes or the use of your credit card or all the other things that we ultimately have found an equilibrium around, and I think that we need to seek to do the same with all of these new technologies.

So just in closing, I think this idea of having short notices, it’s critical, we’re getting more and more people who are paying attention to it, and I’ll say it’s a nice and important thing to do but it won’t be long-lasting, and the reason is that most of people’s computing usage is going to extend beyond what they think of as the computer. Most of the computers in your life you will not address as computer, OK, they will be embedded in everything else you touch and use and they will actually be the source of most of the intimate collection of information, not the Web sites that you visit or the things that you do when you sit down at a thing that you call a computer.

And so all of the work that we’re doing is, I’ll say, nice and important, but it doesn’t actually get to the fundamental questions of when my computer is talking to your computer, how do I reflect my preferences in that environment and when I’m doing most of this stuff in a computerized connected environment that is not specifically a computer how does it all happen there?

The other thing is that the global information flows are forcing a rethinking of privacy. The idea that each nation state has a different view of this thing is going to make it quite impossible for people. Frankly, even in a country like the United States, we struggle with the fact that as states get cranked up on a lot of these things, they say, oh, well, let’s go have a privacy law in this state and let’s have another one in this state. And essentially if you get a patchwork of these things it actually works to frustrate the companies that want to make these offers and so you look to get federal pre-emption and I think we’ll see that happen in the United States.

The bigger challenge is in a world where there’s no global governance, certainly that addresses these questions, how do you get Earth pre-emption where you can say, hey, we have some uniform thing? Today it’s the companies like Microsoft who try to sit there above the fray, make an informed policy choice, reflected in the product and offer it globally is the only way you can essentially try to homogenize many of these things. And the real question is, how do you manage to take what in practice you have to do and then make sure that you can simultaneously conform to what regulations are out there–and where there’s enough engagement in conferences like this with an international component and with the active support of, I’ll call it the state departments of all these countries. to make sure that we reflect on the global nature of these businesses and the exchanges of information.

I think there are going to be new approaches that are required. You don’t want to get the unintended consequences like in the RFID case I mentioned, and I think it’s going to take a great deal of discipline to make sure that we focus on what the heart of the problem is and not just an individual symptom where we get one law after the next after the next after the next that’s targeting a very narrow thing but it makes it very hard for people to deal with.

Finally, I think it isn’t for all of us about keeping pace with regulation. You have to recognize regulation, like all forms of legislation, is largely retrospective in nature and you want it to be that way. But what happens here is technology is advancing at a very high rate of speed and our job at Microsoft — and I’ll tell you your job as privacy professionals — has to be about how you outpace regulation. I mean, that’s not the bar you want to get past; the bar you want to get past is to say we need to make sure that as these technologies roll out we’re offering the right options for people, the right notification, the right choice, and we have to think about doing it in a way that reflects how people will really use the technology and services and it isn’t going to be about sitting there in front of a computer and clicking on Web pages, it’s going to be much, much more pervasive than that.

It’s interesting. There were some statistics that are even now a couple of years old: in 2002 the information flows around the Internet and electronic channels was 18 exabytes. What’s an exabyte? That’s essentially a billion megabytes. And so what that says is that for every person on planet Earth we moved three gigabytes of data around in 2002 and it’s growing at an exponential rate. So the amount of data that’s out there is going to have to be managed by the systems that contain it. You’re not going to be able to get your arms around it and put it in one place and say I think I know how to control that; it’s just going to be everywhere and that’s what’s going to be the really interesting opportunity and challenge for us to find the benefit versus risk balance.

Thanks for your attention.