Microsoft Corp. has quickly rewritten its Passport password service's terms of use, after customers and privacy advocates loudly complained that the document appeared to grant the company ownership of users' content.

At the heart of the current debate was wording in the original terms of use
agreement that appeared to give Microsoft wide-ranging control of information,
including passwords, that its customers store using the Passport service. Passport
lets users register a single user name and password that works at numerous Web
sites, eliminating the need to re-register at every site.

Over the last few days new awareness of the terms of service spread in the
user community. PCWorld.com also received numerous complaints. In particular,
users expressed alarm that Microsoft's access to personal data would become
more dire when people store files on Microsoft's servers, which is part of the
company's .Net strategy.

Faced with a brewing public-relations fiasco, Microsoft on Wednesday night
posted revised terms of use, which indicate the company will own only customer
communications exchanged with Microsoft itself.

Prelude to a HailStorm

Passport's original terms of use contained several statements regarding ownership
of content that raised the ire of customers. But the most concern was focused
on wording that granted Microsoft and unspecified affiliates the right to "use,
modify, copy, distribute, transmit, publicly display," and take other actions
with any messages, files, or data entered into the Passport Web site.

Part of the reason Passport's terms of use drew so much attention this week
is that Microsoft plans to use its Passport service as a component of other
upcoming Web-based services including the HailStorm hosting services.

Hailstorm will let users store content on Microsoft servers, for access from
any Web-enabled device.

Because Passport is an integral part of HailStorm, critics charged that Microsoft
was positioning itself to take control of anything users stored on its servers,
from business plans to fiction writing to financial records.

Microsoft: Just a mistake

"We were in error for having that up there," says Tom Pilla, a Microsoft
spokesperson. The company hadn't updated the terms of use to reflect the company's
policies and Passport's current privacy statement, he says.

The privacy statement would have trumped the erroneous terms of use anyway,
he says.

It's unclear what brought about the uproar regarding the terms of use, as they've
been posted on the site for some time, Pilla says. He denies that the terms
of use for today's Passport grant Microsoft ownership of other user-generated
content, such as material users would eventually store on HailStorm servers.

"These terms of use have nothing to do with HailStorm," he says.
While Passport will be a part of HailStorm, that service will have its own terms
of use, Pilla adds.

Microsoft security?

Regardless of Microsoft's intentions with its Passport terms of service, analyst
William Knowles of the c4i.org security group questions why anyone would trust
their data--from passwords to business content--to Microsoft.

"Microsoft has all of these existing security issues," he says, referring
to last year's hacker attack on the company as well as ongoing security problems
with its various products.

"Now Microsoft wants to be this data center and to have all your information.
It's a total hacker target," he says.

Microsoft's Pilla admits the company has had its ups and downs with security.
"We've had both good and bad experiences," he says.

Microsoft has learned from those experiences, and plans to be successful here,
he says. "We plan to work hard on this issue," he says.

» posted by ITworld staff

PC World

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine