Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Microsoft Your Rights Online

EU to Investigate Passport Privacy Concerns 102

mvdwege writes: "Well, it appears that the old fight between the US and the EU over privacy regulations is about to enter a second round. In response to a letter by a Member of the European Parliament, the Commission has stated that it will start investigating Microsofts possible breach of the EU privacy regulations. The Register has a nice summary."
This discussion has been archived. No new comments can be posted.

EU to Investigate Passport Privacy Concerns

Comments Filter:
  • by Anonymous Coward on Saturday May 25, 2002 @06:00PM (#3585179)
    Obligatory collection of information on users by Microsoft .NET Passport and measures to protect their privacy

    1. Is the Commission aware of Microsoft's free .NET Passport service, which, while consumers are engaged in a purchase, a game, a request or a bank transaction on line, is designed continually to collect their personal information via for instance, an e-mail address (Hotmail), a chat programme (MSN Messenger), a shop (Expedia.com), an auction site (QXL), a community (MSN Communities) or a hotel chain (Hilton.com) and that, as a result, a vast quantity of personal information is surreptitiously passed on to unknown parties by, in particular, Hotmail address owners without their noticing it?

    2. Is the Commission also aware that failure to register with .NET Passport results in exclusion from many sites' services, that unsubscribing is not possible, that periodically only out-of-date information is removed and that the passwords to be given (minimum of six characters only) are easily accessible, to some extent, to others posing as system administrators or possessing considerable knowledge of dictionaries?

    3. Does the Commission regard it as acceptable that users of public terminals in universities, libraries or Internet cafes who fail to log off correctly may pass on their confidential information to the next user, that to hire software via the Internet (using Microsoft servers instead of a personal hard disk) access is possible only via .NET Passport, and that, because of a de facto monopoly, Microsoft may shortly charge a high price for what are still for the time being free services?

    4. Is it lawful for a dominant firm to build up a very extensive database of personal information? Is .NET Passport registered with national agencies supervising the application of privacy legislation? Is registration mandatory in every Member State? Does such a requirement also apply where the database is not located on the territory of an EU Member State?

    5. Can national or European criminal investigators make use of the information collected without prior consent of the individuals concerned or the courts?

    6. According to the Commission, is there any call for further regulation in order to make abuses by interested parties or subversion of current privacy rules impossible?

    Answer given by Mr Bolkestein
    on behalf of the Commission
    (7 May 2002)

    1-3. The Commission is indeed aware of Microsoft's .NET Passport system and of its alleged capabilities and shares some of the Honourable Member's concerns. It is looking into this as a matter of priority, in concertation with national data protection authorities, as regards the system's compatibility (or not) with EU data protection law.

    4. A company operating in the Union is subject to Community law and may build up a database of personal information, provided the obligations laid down in Directive 95/46/EC of the Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data are respected. These include having a specific, legitimate purpose, informing the individual of identity of the controller of the data, of the purpose of collection and the rights individual has, such as the right to access his/hers own personal data. In cases where consent for processing is required, the Directive requires that it be unambiguous and freely given. The Directive also lays down the obligation to notify such processing operations to national data protection authorities. But the directive also provides for some exemptions from the notification obligation. The Commission is not at present in a position to say whether this processing operation has been notified within the Community.

    The question of whether and to what extent the Directive applies to a data base (or in the terms of the Directive a data controller) located outside the Union, especially where data is collected directly from data subjects via the Internet, is a complex one which the Commission and national data protection authorities are at present examining carefully. Article 4.1(c) of the Directive provides for its application where a controller makes use of equipment, automated or otherwise, situated on the territory of a Member State, which means that the Directive does at least in some cases apply to controllers outside the Community. Furthermore specific national rules concerning a third country in which the controller is established may also apply and be enforceable within that jurisdiction. In this respect, Microsoft has notified the US Department of Commerce that it adheres to a privacy policy that meets the Safe Harbor framework.

    5. On the basis of legislative measures, criminal investigators can make use of information collected without the prior consent of the individuals concerned or the courts, provided that the rights of defence of the individuals concerned are respected and that the restriction to the right to privacy is strictly necessary for the purpose of the criminal investigation. The information collected during the investigation may moreover only be used to the extent necessary for those purposes.

    6. In accordance with Article 33 of the Directive, the Commission is examining the application of Directive 95/46/EC and expects to make a report before the end of the year. The subversion of current rules will be looked into in that context.
  • to think MS will not use the personal info for marketing purposes? I mean, MS is more a marketing company than a software company anyway!
  • by Anonymous Coward
    Just like the government here in the U.S., they'll whine for a while to show people that they're doing something to protect them. Then, Microsoft will send in the high priced lawyers and lobbyists. Europe, fearing losing Microsoft business will slap them on the wrist, and business will go on as usual.

    Government gets their money, plus they look like their doing something, meanwhile Microsoft gets their money, and looks like they're sorry.
    • by Anonymous Coward
      The European Union will not put up with Microsofts violation of European Directives and Law. If Microsoft continues such criminal activity as spelled out in the EU directives and law they will be banned from doing further business in the European Union. Further the EU and its partner states can file for an arrest warrant and have Bill Gates brought to Europe to face trail in a criminal court of law for willfully violating European Law. The EU could also bring its complaint before the United Nations and file a complaint against Microsoft and the United States for violating existing UN Charters on Privacy. Sanctions on the United States could be asked for and demanded along with penaltys because American Corporation Microsoft Violation of European and United Nation Laws and Charters. A complaint could also be filed before the WTO for violation of the law and charters.
    • by Daniel Dvorkin ( 106857 ) on Saturday May 25, 2002 @07:21PM (#3585391) Homepage Journal
      You know, as little as a couple of years ago, you'd have been right. But the EU in general is very nervous about America right now. We've got a President they by and large despise (with considerable justification) and giant corporations (like Microsoft) which are effectively their own branches of government. Anything that gives them the chance to cut loose from their dependence on and vulnerability to the US -- militarily, economically, politically, whatever, especially as the lines between those categories blur -- they're going to see as a good thing.
      • Anything that gives them the chance to cut loose from their dependence on and vulnerability to the US -- militarily, economically, politically, whatever, especially as the lines between those categories blur -- they're going to see as a good thing.

        Unless you are the UK government of course, then you will be falling over yourselves to allow Microsoft to implement the planned 'Government Gateway' online access point for government services, oh yeah, and also grant Microsoft a licence to resell any resulting intellectual property. Register article here [theregister.co.uk].

      • Europe did very well standing America off against Russia, got the Marshall Plan, spendy tourists, and unloaded all that dusty art (which otherwise that French guy would have run off with an squirled in the attic until his mamma could get rid of it). Now the great and lesser European nations are all cowering because they're afraid of being overrun by kids mostly named Mohammed. If all the Mohammeds will just leave them alone they'll be perfectly happy to help them build nukes and other nastiness to go after the tasteless United States, which has decimated their cinema industries.

        Ah, but clever W. has put it to Putin that we can hammer the treacherous Euros from both sides, and tony Tony will help! That leaves only the French nuclear arsenal, and perhaps China's - if they can make a deal - plus whoever survives tomorrow's Indo-Pak Kablooey - against the mightiest champion of freedom, or anything else for that matter, this side of the Sun.

        Looks like a good time to emigrate to New Zealand, what? Now, exactly why are you concerned about your privacy? Do you really think you'll be let in anywhere nice without your Microsoft Passport once you're on the run and the fun's begun? Oh yeah, you'll be real happy about having arranged to be left off Bill 'God' Gates' list then! You don't think it's already occured to Him to buy up all the pleasant real estate, especially the land with His favorite critters, sheep?
      • by Anonymous Coward
        "and large despise (with considerable justification) "
        That's great , his job is not to please Europeans but work for us and if this involves pissing off others then so be it.
      • You are completely right.

        Any nation in the world who can safely cut ties from us, the U.S. should.

        We are in the business of smashing you up and getting our multi-national companies in there and rebuilding (and getting all the profits or owning you in the end).

        I'm eager to cut ties from the U.S.A. and I'm a citizen.

        Sure, you're thinking; "How can you say that after September 11th? - We are at war you anti-American scum". To you I say; "Fuck off, I can challenge my leaders and their politics at anytime"
    • by Zeinfeld ( 263942 ) on Saturday May 25, 2002 @08:47PM (#3585609) Homepage
      Then, Microsoft will send in the high priced lawyers and lobbyists. Europe, fearing losing Microsoft business will slap them on the wrist, and business will go on as usual.

      While a number of European governments are as corrupt as the US Congress none of them operates in quite the same way. The EU officials who are in charge of implementing the directive do not stand for election and in any case European politicians do not collect campaign funds directly for their personal campaigns.

      Nor does Microsoft have any significant political leverage with the EU. The only country it has significant investment in is the UK and that is a high powered research lab they are not going to close. Microsoft might ask the Bush administration to exercise leverage however after the steel tarifs and the farm bill the US does not have any.

      Although Microsoft is not going to intimidate or bribe the EU into submission the Passport issue is not a problem. While Microsoft could in theory abuse their ability to collect personal info they merely have to undertake not to abuse the data, they do not have to design the system so that the data cannot posibly be abused.

      While such 'undertakings' tend to be considered by US firms to be loopholes to be exploited while the government turns a blind eye, the EU is not like the US in that regard. Microsoft would be making a major mistake if they broke their undertakings. The EU can and will impose very very large fines.

    • Given that the EU was willing to risk a trade war over the privacy directive, I don't think Microsoft is going to get away with a slap on the wrist on this one

      They'll have to work very hard at convincing the Commision that Passport will abide by the EU privacy directive to get out of this mess.

      Trust a European on this: the EU countries take privacy very seriously. That's not to say that occasional violators don't slip through, but a giant corporation can't just ignore the directive.

  • Correction.. (Score:1, Interesting)

    by dj28 ( 212815 )
    "The Register has a nice summary."

    If by summary, you mean bias, then you're correct. I think most people here agree that The Register hops on the Microsoft-bashing bandwagon to generate more ad revenue. Take an objective look at it rather than consuming The Register's spin.
    • Thats a pretty vague accusation of bias.

      If you think they are biased then maybe you should point out how they are biased (and no ad revenue doesnt really work, one could say that if you are pro microsoft you can generate more add revenue by having microsoft buy adds in your paper), but more importantly tell us how their article is false or misleading as a result of their bias.

      I really hope microsoft are not paying you for such general and lazy accusations. I heard they expect more thurough work.
      • happy to oblige. reporting is theoretically about giving facts on a news item, not opinions, otherwise it'd be called an op-ed. the following comments would be removed in journalism 101, based on injection of unvarnish opinion into the story:
        • "Some of Meijer's questions, which you can find here, are frankly a little weird."
        • "But 'Is .NET Passport registered with national agencies supervising the application of privacy legislation?' seems to us a fair, reasonable and possibly tricky one."
        • "We'd guess the answer is not exactly, but we're prepared to be surprised."
        • "The EU polices privacy via legislation, whereas the US goes for a more laissez faire self-regulation approach (we do not at this juncture propose to make any observations about henhouses and foxes)."
        • "Not of course that they are, necessarily, really. Have they been independently audited? Or have they just promised to be good?"
        • "If it transpires that Microsoft Passport isn't compatible with EU law, then Mr Meijer might do well to ask questions about how come this could possibly apply to a company that had successfully signed up to Safe Harbour."
    • Which is why my first link was to the original letter by the Member of European Parliament. I trust you are intelligent enough to check the facts I gave you so conveniently a link to.

      I'd say your post betrays a little bit of bias too.

  • That's a first... (Score:1, Redundant)

    by nosphalot ( 547806 )
    Microsoft violate privacy rights? Never.
  • by donnacha ( 161610 ) on Saturday May 25, 2002 @06:14PM (#3585234) Homepage

    This, taken from the the original parliamentary submission [eu.int] upon which the Reg article is based, is laugh-out-load funny:

    2. Is the Commission also aware that failure to register with .NET Passport results in exclusion from many sites' services, that unsubscribing is not possible, that periodically only out-of-date information is removed and that the passwords to be given (minimum of six characters only) are easily accessible, to some extent, to others posing as system administrators or possessing considerable knowledge of dictionaries?

    You realize, of course, that pot is legal in the Netherlands?

    • Nope, pot isn't legal... but we got a very special word for it... it is 'gedoogd'. Kind of 'fair use' principle. It's still illegal, but if you only have 2 plants in your bedroom or only a few grams of hash/weed with you, the police won't do anything.

      The party of Erik Meijer (SP), the guy who asked that question, _is_ pro full legalisation of softdrugs, though :-)

      • Nope, pot isn't legal... but we got a very special word for it... it is 'gedoogd'.

        Look... you can call it anything you want but the fact is that I (or, indeed, any Dutch policeman) can walk down the road, walk into one of many cafes, browse a long menu detailingdozens of varieties of grass and weed, hand over a few Euros and, in return, be handed a bag of white Widow.

        Seriously, how is that not legal? I do understand what you mean (ie. that it's technically decriminilized rather than legalized) but let's be honest about the reality of the situation: Nobody is ever going to be arrested for buying or selling pot in the Netherlands.

        Thankfully, it looks as if the same common sense will soon be applied in the UK too.

        (Mods, I've effectively modded myself down -1, off-topic by not applying my +1 bonus)

    • If went to the original Klingon^WDutch version (little link, bottom right) to see if by any chance it was just a very bad translation. It isn't.

      By the way, Bolkestein (answering on behalf of the commision) is also Dutch.
  • Other than the desktop stranglehold and various back-room government deals that MS employs to maintain that monopoly, what's to stop the Liberty Alliance from porting to *all* platforms and just putting an end to the BS once and for all?

    Or is this a ploy by the EU to get a better deal from MS as the new licensing sceme approaches?

    oreillynet overview of web identity [oreillynet.com]
  • by cscx ( 541332 )
    Uhh, correct me if I'm wrong, but isn't AOL-Time Warner coming out with their own competition to Passport? Would they be subject to the same regulations?
    • They probably are, as well as many others (Terra, for once, is working on something like this).
      You know what ? Why should I care ?
      People that use MS Passport are basicaly all Windows/IE users. Their data is already avaliable to Microsoft. Hotmail ? Sure, Microsoft will never look into your data, or change your preferences [slashdot.org] so it can send your information to everybody and dog.
      You see, even before using Passport, the "potention" Passport user already trust MS with their data.
      I'm not a Windows user. Also, obviously, I don't use IEand Passport. Do I miss it ? Am I giving up access to anything for not using it ? Surely not
      I don't think Passport should be regulated. I think it should be outlawed. It's a stupid thing. Why should I need something like this ? So I don't have to enter my data to every other site ? There are lots of programs that do that automaticaly. So I have an unified login/password ? Bad idea. I use a different password for every site. How do I remember them all ? If you have to do it, you will, like myself, came up with some password creation logic, where you don't have to remember all the passwords.
      All in all, Passport-like systems are a bad idea. I don't give all my data to any company. I changed supermarkets couse they started asking my telefone number when I was paying with my debit card. Why should I trust MS with any of my data ?
      Also, it's valid to remember I live in a country (Brazil) where there are no privacy related regulations, and where Microsoft pretty much has a hand on the government's pocket (and, I dare say, several government members have a hand on Microsoft's pocket).
  • Yeah well.. (Score:2, Funny)

    by Anonymous Coward
    I won't get excited until Singapore decides to investigate Microsoft. Then the executives can face a good Singapore caning!
  • by donnacha ( 161610 ) on Saturday May 25, 2002 @06:36PM (#3585286) Homepage

    The guy asking these questions, Erik Meijer MEP, probably realized the game was up when the Parliament issued it's preliminary answers [eu.int] in only one format... Microsoft Word.

    • They have the resources to release WordPerfect and OpenOffice copies.

      • They have the resources to release WordPerfect and OpenOffice copies.

        But they didn't.

        Bit like Dell having the resources to offer Linux as a pre-installed option on all their machines.

        But they don't.

    • ... and as we all know, MS Word is an entirely unreadable format. Come on... openoffice does a fine job at readin Word files, for instance - they're not perfect filters, but for reading a document you don't need the layout to be 100% perfect do you?

      To ask for the Parliament to refit their computers to use a different word processor because somebody doesn't like MS is simply weird. Like it or not (I don't), MS Word is the de facto standard word processor out there... and I strongly doubt that the Parliament uses Word just to "show those MS bashers" or out of love for MS. It just happens to be the best word processor available.

      • Just because Word "happens to be the best word processor available" (a questionable claim, of course), doesn't mean it had to be saved in Word format. They could've saved it in RTF or HTML...

        Not that I'm really advocating using Office's horrible HTML, but, the point is that there's other options.
      • ... and as we all know, MS Word is an entirely unreadable format. Come on... openoffice does a fine job at readin Word files, for instance - they're not perfect filters, but for reading a document you don't need the layout to be 100% perfect do you?

        `Fine job'? The latest time I needed to view a word document, it happened to be written in Japanese, and used tables. Now, openoffice claims to support Japanese, but in this case, only managed to display about 1% of the text correctly. 1%!

        Morever, it's perfectly reasonable to hold a government body to higher standards than an average company -- the government is supposed to think about more than just convenience (read the recent letter from the Peruvian congressman for a more eloquent take on this). There are many more universal formats out there, which at least are documented well enough so that people can write proper viewers for them (e.g., PDF, RTF, HTML, text files...).

        [If there's a better way to view word files without word, I'd appreciate some pointers, incidentally. Antiword and openoffice seem to do OK on simple docs, but ...]
        • You said it yourself... export it to html or pdf from word, then send it out. Word processing is for editing only, use what ever you like best, but for distribution use a more universal format and pick the one with the least overhead for the document... kind of like that old proverb "Rather hurt than maim, rather maim than injure, rather injure than kill."

          If plain old text will do the job well enough use it, if you need more use RTF or PDF, need more then consider needing less... there's no need for killing your intended recipient.

        • [If there's a better way to view word files without word, I'd appreciate some pointers, incidentally. Antiword and openoffice seem to do OK on simple docs, but ...]
          If viewing word files is the only thing you need, then you might want to check WordViewer [microsoft.com]. It runs only on windows but you don't have to purchase MSOffice...

          There are also viewers for excel, powerpoint, ...

    • Not realy a surprise, Mr. Frits Bolkestein is a staunch Dutch Liberal, that means he's all free enterprise and pro (big) business.

      He's known to be at least reluctant to support OS.

  • in related news... (Score:5, Interesting)

    by __aawsxp7741 ( 78632 ) on Saturday May 25, 2002 @06:42PM (#3585300)
    the US government is trying to stop [theregister.co.uk] the European Commission's antitrust case [eu.int] against Microsoft.
  • Microsofts update will now personal the updates for your computer. This is done without sending Microsoft ANY information.

    Dont remember exactly what it says. If people weren't so dumb in general I'd get mad at Microsoft for assuming we're so dumb.

    *rants* the DrugCheese
  • by villoks ( 27306 ) on Saturday May 25, 2002 @07:23PM (#3585398) Homepage Journal
    EU is preparing new legistaltion, which would make compulsory data retention possible forthe member states. The crusial vote on Directive on the protection of privacy in the electronic communications sector is scheduled for 29 May. More detailed information about the directive and backgrounds can be found from here. [epic.org]

    GILC [gilc.org] members have launced also a lobbying campaing including an open letter, which can be signed here. [stop1984.com]

    Here's also Marco Cappato's (the person in charge of the directive in European Parliament) press release about the situation:


    Brussels, 23 may 2002

    European PPE (conservatives) and PSE (socialists) have tabled yesterday common amendments to the Cappato report on privacy in electronic communications, that take over the Council positions on all main issues. Their content is in striking contradiction with the EP first reading position as confirmed by the EP Civil Liberties Committee during the second reading.
    The discussion in the EP will take place on the 29th of May in Brussels, while the vote will follow on the next day.

    Declaration by Marco Cappato, MEP of the Lista Bonino/Radical Party and EP draftsman
    on the EU Commission proposal on the protection of privacy in electronic communications:

    "With these amendments, PPE and PSE have abandoned the stance that the EP had taken in first reading and confirmed in second reading in the EP Civil Liberties committee, without getting any politically meaningful concession from the Council.
    Ana Palacio Vallelersundi (PPE Spanish MEP), President of the Civil Liberties committee (and Spanish conservative Government representative in the Convention) has promoted the tabling in the EP of amendments that take over the (Spanish conservative) Presidency of the Council gaining the support of the Socialist group in the EP, with the only aim of avoiding the conciliation procedure between the Council and the EP and allowing the Spanish Presidency to close successfully the dossier.
    PPE MEPs, that had supported until now the freedom for Member States to decide on the regime to adopt on unsolicited commercial communications, opt-out on directories and cookies, now obey to the Spanish Presidency indications and unite with the PSE in supporting a European opt-in system - although in a softened version - in all the abovementioned cases.
    But the most controversial issue is that of the powers the Council wants to give to Member States to impose to Telecom and Internet service providers the retaining of data concerning citizens' communications, SMS, emails, Internet surfing. The PPE-PSE amendment (that goes beyond the legal basis of the directive, that is an internal market measure) inserts in the articles the possibility for Member States to provide for data retention, while guarantees for citizens' privacy are left to a reference to the general principles of community law and to the EU Treaty. The reference to the jurisprudence of the European Court of Human Rights is relegated in the PPE-PSE amendment in the recitals (while the EP had included it in the articles).
    I appeal to MEPs to ask them to vote following their conscience and not on a party basis, and to follow my request to delete from the articles of the directive the reference to data retention of citizens' communications."

    For more informations:
    Marco Cappato offices: 0032 2 2847496
    mcappato@europarl.eu.int www.radicalparty.org
    • although this directly against the data protection act, which states that personal data must not be stored longer than is necessary for its purpose, an EU ruling would overrule UK law. Unfortunately us in the UK alone cannot veto it from going forward. The data protection act does great things to prevent companies from passing on personal data for advertising purposes and various other scams and now it's going to be voided by this moronic crap from people who send out their official documents in microsoft word format.

      Man I'm going to New Zealand.
    • Check out this list of signatories to the Convention which kicked all of this off

      Council of Europe - Convention on Cybercrime [coe.int]

      The US (along with the UK govt) was actually instrumental in developing this policy with the European and other states in the Council of Europe . The Convention is developed from an idea the FBI were punting around in the early nineties [statewatch.org].

      It should be noted that the Council of Europe [coe.int] is not part of the EU and should not be confused with the European Council [eu.int]. Don't believe anyone who tells you this came from Brussels - This is a case of the nation states going oustide the EU (with the US, Canada and South Africa and Japan) to make an agreement, then propose it as legislation via the Commission (EU governmental heads together) for the European Parliament to approve. I'm actually glad there are some MEPs with some wits about them and a conscience to try to oppose this.

      News just in: G8 Justice and Interior Ministers are pushing for this too [theregister.co.uk]. Surprise!

  • The Reg's Liverpool striker link is, apart from funny, wrong: I would think this is the real Meijer [eu.int], along with his contacts. A nice polite email of support might be good. Nice. Polite.

  • Everyone and their mother can steal your password with no effort.
  • isn't saying the register has a nice summary a little bit like saying exxonmobil has a nice briefing on global warming? for those interested, a *relatively* unbiased version can be found at:

    Yahoo news [yahoo.com] -- straight off the reuters feed
  • wtf (Score:1, Offtopic)

    An article about Microsoft that's been up for hours and still has less than 100 comments?

    In other news, ambient temperature in Hell dropped to a remarkable -12F this afternoon...
  • by guttentag ( 313541 ) on Saturday May 25, 2002 @09:11PM (#3585649) Journal
    The government needs to start treating companies that collect sensitive consumer information like banks. They are in fact banks of valuable information that must be protected and regulated.

    Banks and financial institutions are subject to strict federal regulations in the U.S. with regard to:

    • information they disclose to third parties
    • information (advice/sales pitches) they provide their customers
    These institutions are monitored, and employees/institutions who violate the regulations are investigated and prosecuted (slapped with fines or jail time).

    At the moment, there are a number of companies that collect sensitive information from consumers, and regardless of what they claim they are doing with that information, no one has any way of knowing if they are honoring those claims. Most public companies would leap at the opportunity to tell consumers whatever they wanted to hear if

    1. the company could profit from it
    2. consumers had no way of knowing the truth
    The government needs to define regulations for this industry, it needs to be able to monitor the industry and it must have the power to enforce the regulations through fines and incarceration.

    The companies in this industry will oppose regulation, claiming that the costs associated with monitoring and compliance would put them out of business *bullshit-the-cost-of-not-being-able-to-prostitute -your-data-will-put-them-out-of-business* Excuse me; I must be coming down with a cold. As I was saying, they will insist upon being allowed to regulate themselves. They must not be permitted to persuade the politicians of this.

    Ask your representative or senator to consider what life would be like today if banks and brokerages were not regulated. Then tell them that this is far more serious, because while money can be refunded, information cannot be stuffed back into Pandora's Box once it is released.

    • by mvdwege ( 243851 ) <mvdwege@mail.com> on Sunday May 26, 2002 @04:36AM (#3586436) Homepage Journal

      Nice post. Good to see the moderators were awake on this one.

      Basically what you are describing is the EU Privacy Directive. The gist of the Directive is that companies may not store information on you without telling what they need it for, and not more information than is necessary for the purposes they state. Additionally, they are not allowed to give out your data to third parties without express prior consent. The national laws that implement this directive are backed up by the governments. Some are a little easy on violators, but others are terrifyingly strict.

      That's why I submitted this story in the first place; there have been a lot of stories lately about how companies treat personal information, and this was a nice way to show that somewhere in the world there are laws against this, and governments willing to back them up. I think the EU is a bureaucratic monstrosity sometimes, but this they got right.

    • The sad thing is that I know I'm putting my money in a bank.

      I never knew I was putting my information in Microsoft's information store...

      Sure, we see signs of this and that but we have no clue what they are really doing. For all I know they could be key logging everything I right now. We simply can't tell because they are bigger than Jesus.
  • In a historical context, it's funny that MS should have called their little product passports. the modern passport, as a photo based nationality document, was invented, in europe, during world war I--and was promised to be a "temporary" war time measure (europeans at the time were highly suspicious of the idea of such a document, and were afraid that it would severely effect liberty. my understanding is that one of the main points of the league of nations was to make sure that passports were eliminated at the end of the war.)

    So therefore, it is amusing to note that the microsoft service in question, named after a strongly opposed document whose purpose was to control the movement of people, is now being investigated by the same people who came up with the damn document in the first place. clusterfuck anyone?
  • Two very simple principles of data protection are:

    Personal data must not be released to a third party without the consent of the party who has given the data

    Personal data must not be used for a purpose other than that for which it was collected

    Now let's judge Passport against these:

    As soon as somebody signs for a Passport account they start getting spam from third parties

    As soon as somebody signs for a Passport account they start getting spam

    Now, this isn't some precious view about what a pity junk email is - this is a basic breach of fundamental principles of privacy and data protection being perpetrated by a corporation with a large amount of trade in every EU country (and elsewhere in the world).

    If they want to trade in the EU and make money here, they have to obey our laws. And our laws on privacy and data protection aren't that onerous - all that is asked is that if you collect personal data that you don't hand it out willy nilly, and that you use it for the purpose for which it was collected. Is that an unreasonable restraint on trade?


  • Basically, there isn't any, which means that a data user under EU legislation must make sure the data they hold doesn't leak to the US (or any other country without a comparable data protection regime).

    This can be rather a pain. Suppose I am registered under UK data protection legislation to hold certain kinds of personal data for certain purposes (which I am[1]) and I want to send it to my mate who is also registered to hold the same data for the same purposes.

    Am I allowed to send him this data via email, given that I can't prove that the email won't be routed via a US server which isn't subject to any laws protecting personal data?

    The simple answer is that we don't know. Different people give different advice and AFAIK there hasn't been a test case.

    [1] Under four separate registrations, so far, and I'm being told I need a fifth. Personally I think this is getting to be rather over the top.
  • by theolein ( 316044 ) on Sunday May 26, 2002 @10:08AM (#3586861) Journal
    For quite a long time I've wondered why there has been no investigation on MS's EULA's and Passport in the EU, since most of these contravene EU wide laws on Privacy of Data where explicit agreement is required before Data can be used or given to third parties and while I'm not sure about it alltogether, I think that MS's EULA's also contravene one or two EU laws in the EU with respect to bought products etc. (Trying to control the product after sale etc).

    I was one of the many who wrote in to the EU commisioner to complain about Passport. If you make a lucid complaint and have a valid view on some MS abuse etc, mail the EU. They generally do respond if you're not spamming or flaming and it seems that they do take the issues up.
  • See also the Register [theregister.co.uk]. In my opinion, Microsoft Passport needs to be open source or something similar.
    Here is something I wrote some time ago for Newsforge [pawlo.com]: 'Microsoft Passport is brilliant in its design. It will solve the problem that is allegedly killing dot com companies all over the world. Without making life online hell for the user you will easily manage micropayments and logins for content providers and e-tailers all over the world. You might like that and you might not, but a lot of companies have been waiting for this solution and I believe it could be successful, if companies and customers trust in Microsoft Passport. But why should we trust Bill Gates and Steve Ballmer? What have they done to gain our trust? They have done nothing of the kind, and that is why Microsoft Passport needs to be open. We need to know what the code is doing, how the data is storaged and we need competition and interoperability on the Microsoft identification market.'



"I shall expect a chemical cure for psychopathic behavior by 10 A.M. tomorrow, or I'll have your guts for spaghetti." -- a comic panel by Cotham