A Washington D.C.-based privacy group held the first in what will be a series of discussions with Microsoft Corp. Wednesday regarding the future of the software maker's authentication service Passport.
The Center for Democracy and Technology (CDT) solicited talks with representatives from Microsoft's .Net developers team and its Washington legal counsel to discuss the technical details of Passport, the single sign-on service that allows subscribers to log on to a collection of Web sites without re-entering personal information. The authentication system is at the center of Microsoft's Internet plans and its set of Web services called Hailstorm.
"Within these discussions today (Wednesday) we spoke about consumer privacy issues, government privacy issues, security issues and standards issues," said Ari Schwartz, a spokesman for the CDT, following Wednesday's talks. "All those questions were tied back to Passport and Hailstorm."
Microsoft is preparing to release its Windows XP operating system and new Internet Explorer browser in October; each will include close ties to Passport. The high-profile product debuts have drawn all eyes to the Passport technology.
"We're constantly involved in dialogue with these groups," said Adam Sohn, a product manager in Microsoft's .Net platform group. "We came to town today at the request of CDT... We had a great discussion about what we're up to."
Schwartz said the CDT has set up these meetings with Microsoft to establish an open dialogue with the company as it moves forward with future product releases. The group meets regularly with major technology vendors about new technologies and their effects on consumer privacy, he said.
"We've been interested in authentication issues for some time," Schwartz said. "Obviously this is one of the most important of the authentication technologies to come around in a long time."
Joining Microsoft and the CDT Wednesday were a number of academics working in the field of consumer privacy and technology, including Peter Swire, a visiting professor at George Washington University Law School and the chief privacy counselor for the Clinton administration.
"I've been studying the privacy and security issues that arise from Passport and Hailstorm," Swire said. "There are potentially serious issues here."
Meanwhile, a coalition of privacy advocacy groups filed a complaint in July with the U.S. Federal Trade Commission regarding concerns over the way Passport gathers information about users. The meeting between Microsoft and the CDT was not related to the FTC filing, both parties said.
Microsoft this month is planning to release Version 2.0 of Passport, a follow-up to the service that is already used on Microsoft Web properties such as the free e-mail service Hotmail, and a variety Web sites from partners such as Starbucks Corp. and Victoria's Secret. The Redmond, Washington software maker has noted that the upcoming Passport 2.0 will include a number of additional privacy features to protect consumer information as users navigate the Web.
"It's very close to rollout but we need to make absolutely sure that quality testing and final checks are complete before we take it live," Sohn said.
While Schwartz noted that Passport 2.0 is imminent, he said the group is interested in working with Microsoft so that future releases of the software include even more security and privacy features. Engineers working close to Microsoft's Passport and Hailstorm Web services said earlier this month that future versions of Passport will include a number of new security features, including a standard called Kerberos.
"We think we're taking some great steps forward with the security we've already announced," Sohn said. "We're always taking feedback and figuring out how we can incorporate those ideas into the products."