Bradner's column: Microsoft's unprincipled action

That did not take long. Only a few weeks after the brouhaha over Intel's addition of a serial number to the Pentium III processor, along comes the disclosure that Microsoft has been inserting unique serial numbers of its own in files created with its Office suite of programs.

That's not all. Back in Redmond, Washington, Microsoft has also been building a database of which users are tied to which serial numbers. So if you are a whistle-blower who wants to remain anonymous, do not write your expos‚ using Microsoft Word. Your target could just subpoena Microsoft to find out the name of the software user who created the file.

Microsoft quickly announced that it would modify the registration software to stop the software from sending the serial number to Redmond. The company is going to scrub the serial numbers it has received from its database and is thinking about creating a free utility program for removing the serial number from a user's computer.

Microsoft says the serial numbers were created as part of an effort to make it easier for Microsoft support technicians to diagnose problems that resulted from interactions between software packages. The company says it never considered the privacy implications of the feature.

I'm willing to accept that, even though I'm not quite sure how a software-specific serial number helps in diagnosing such problems. But it is quite troubling that Microsoft was oblivious to the privacy aspects. Intel claims that it was also blindsided by the privacy advocates' attacks.

What is so hard to understand about the issues here? Even though Sun Chief Executive Officer Scott McNealy told us last month to get over the fact that people no longer have any privacy, it seems a no-brainer that it is not a good idea privacy-wise to create yet another way to keep track of what people do or create. But somehow this level of understanding seems to be unachievable in corporate America.

I sometimes wonder if there are any people in some of these organisations -- people would have seen that if they do these sorts of things to others they are also doing them to themselves.

Missing from most of the debate over the Intel and Microsoft missteps and the ongoing fight over other personal data has been a statement of principle.

Here is an easy one to remember: People should be able to say who can get information about them and for what that data can be used. If Intel and Microsoft had thought about this simple principle, neither would have done what it did.

Disclaimer: If Harvard has principles beyond "Veritas", I'm not the one to intone them. Thus, the above is mine alone.

Scott Bradner is a consultant with Harvard University's University Information Systems. He can be reached at sob@harvard.edu.

Join the newsletter!

Error: Please check your email address.

More about BradnerHarvard UniversityIntelMicrosoftVeritas

Show Comments

Market Place