Microsoft Calls for National Privacy Law

tabdelgawad writes "Brian Krebs, who writes the Washington Post's Security Fix Blog notes that Microsoft has just asked Congress to enact a new federal privacy law to preempt the growing hodge-podge of state laws that regulate how companies can use personal information. Go Microsoft!?"

Don't let your head explode

[jellomizer]

Before your heads explode, you must say to yourself, Microsoft is only a company. Companies job is to make money, not to do good or evil, if doing good will help the company make or save money then they will do it. In this case for companies like Microsoft it is easier for them to follow one set of privacy laws except for 50 different laws and with the internet it makes it more convoluted.

Re:Don't let your head explode

[QuantumG]

Exactly my thoughts. Anything the greases the wheels of multinational corporate greed has to be a bad thing. So let's introduce more privacy laws. Maybe on a county by county level, and different laws depending on the annual profits of your company and your previously indicated tendency to evil.

Re:Don't let your head explode

[the_bard17]

In most situations, I'd agree with you... I'm not a big fan of big business. But this might hurt small business more than it would hurt big business. A small business may not be able to afford to cut/sort through all the different laws required to do business in multiple states... whereas a big business could more easily absorb the cost. I don't like that.

Re:Don't let your head explode

[QuantumG]

Uhh, the whole freakin' point of a small business is that they don't do business in multiple states. By nationalizing the law you're making it cost the same to do business in multiple states as it costs to do business in one state. But more importantly, you're taking away the ability of individual states to customize the law to the needs of their citizens. I'm sure the people in West Virginia have a different opinion to the people of Texas about what a company should be able to do with their personal information.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Don't let your head explode

[vanka]

Actually I think it was simply your greed in not wanting to pay the sales tax that prevented you from finding the car you wanted not any rules and regulations. You said you found several but didn't want to pay the extra money.

I'm sorry but wanting to save a couple of hundred bucks is not greed, it is actually a wise thing to do. The whole basis of our economy is based on the fact that customers want the highest quality product possible at the lowest price possible. The point of the grandparent was that t

Re:Don't let your head explode

[QuantumG]

If you really wanna go offtopic, let's talk about small business on the Linux platform shall we? If I were to release a version of my software for Linux the immediate response I would get is that it is completely unnecessary, as software like netstat, nettop, and tcplog work flawlessly on Linux, are free, and my software is no better. Supposing my software was actually useful on that platform, someone would most likely demand that I open source it, and when I refused they would clone it and open source th

Re:Don't let your head explode

[NaruVonWilkins]

I think that the same can be said for many, possibly a majority, of people - at least in the US. Sure, sometimes we do things for charity, sometimes we do things because we feel they're right, but there are so many things we do simply because they're cheaper. We don't know, say, what the conditions are in the factories where our clothes are made, but we buy them anyway.

Companies are a more distilled form of this. There are, of course, exceptions - more people than corporations, certainly - but I think the concept holds.

Re:Don't let your head explode

[An Onerous Coward]

I think individuals are less culpable in such situations. Consider that we're all very busy, living relatively complicated lives, and for one individual, keeping track of the ethical successes and failings of dozens of different brands is just one more very complicated task to pile on top of an already strained life.

But when a big company decides it needs 300,000 shirts to stock in their stores this holiday season, it adds little to the transaction cost to have somebody study their suppliers' working condi

Re:Don't let your head explode

[servognome]

The point is, companies can afford to have the sort of expertise that is simply beyond the reach of individuals making decisions.

What ethical guidelines should they follow? In most situations international businesses provide significantly better conditions than local employment. Morally they can justify they are doing the right thing.
Now if you want the company to impose your ethics you have the power to do so, through how you spend your money.
If a company sees their brand is more popular because they

Re:Don't let your head explode

[l3prador]

I think you guys are both right. Being in charge of a corporation doesn't make you exempt from doing the right thing, and on the other side, consumers should be more proactive in supporting companies that try to do so. Consider the extra 5% it might cost as an expenditure on cleaner air, privacy rights, rights of workers in sweatshops or what have you, and encourage those who agree with you to do the same.

What sort of internet sites are there for people who would like to learn more about the ethical pract

Re:Don't let your head explode

[laughingcoyote]

And if they don't, who holds them accountable? Ideally, this should be looked at the same way as sex tourism (if an American tourist does something in Thailand that'd be illegal in the US, they will still be prosecuted for it upon return to the US, why shouldn't the same apply to a corporation which goes abroad to skirt labor laws?), but since they're currently not, it falls to -you- to hold that corporation accountable.

Yes, it's a pain in the ass. Sorry. Most things worth doing are. If everyone would quit being too busy to give a shit, these types of things just might improve. Otherwise, they're going to continue. Anyone who is aware of an evil act and does not stand up against it is partially guilty in it.

This is not the same as saying you should -personally- go check every factory you purchase clothing from. But when the labor record of any given multinational is easily available [sweatshops.org] on the web, to consult before making a purchase, you're talking about 5 minutes worth of work. This is NOT too much to ask from even a busy person.

Re:Don't let your head explode

[QuantumG]

Sex tourism laws are fucking insane. The only reason they are tolerated is because they're for a specific heinous act that no-one wants to defend (sex with children). Suppose the exact same laws were applied to drug tourism. Go to Amsterdam, visit a hash cafe, return to the US and get arrested at the airport. Or decompilation tourism. Go to Australia, decompile software to check its security, return to the US and get arrested at the airport. If you're not in the US, you can't commit a crime in the US. That's the way it should be. Otherwise the US is nothing but an imperialist who thinks they can police the world.

Re:Don't let your head explode

[laughingcoyote]

Sex tourism is a violation of an internationally-recognized human right. Decompiling software and using drugs is not. If you murdered someone in another country, your own country is -supposed- to prosecute you for that crime and/or extradite you to the country in which you committed it. These laws do, and should, apply to violent crime, and do not, and should not, apply to nonviolent victimless crime.

Now, I don't even support drug prohibition within the US, so that's another discussion entirely. Still rem

Re:Don't let your head explode

[bhiestand]

Sex tourism laws are fucking insane

I agree with the rest of your post, but I have to correct you. Sex tourism laws are fucking bullshit.

And you forgot my FAVORITE subject: sodomy. If you live in a state where sodomy is still on the books as illegal, travel to a country where sodomy is legal, get funky with someone and do a little sodomy dance with another consenting adult, can you be prosecuted upon your return to the US?

What if you live in a state where the age of consent is 18, but a neighboring state

Re:Don't let your head explode

[mboverload]

I'm a nudist you insensitive clod!

Re:Don't let your head explode

[ozmanjusri]

I'm a nudist you insensitive clod!

I just had lunch, you insensitive clod!

Re:Don't let your head explode

[susano_otter]

Have you ever noticed that the crappiest place of all--Africa--is surprisingly short on sweatshops and surprisingly long on ex-vassal states of failed Industrial Age European Empires? What's up with that?

Re:Support your sweatshops!

[Concerned Onlooker]

We should buy as much from possible from sweatshops to increase the wages of their workers.

If you made a sweatshop owner filthy rich he would never raise wages. To think otherwise is to be disingenuous. Money doesn't make one more enlightened, it makes one less enlightened.

My original point wasn't really about sweatshops, it was more about the incredible lack of imagination that human beings have for non-greedy purposes. When you look around in the world to determine why people are suffering please re

Re:Don't let your head explode

[bersl2]

Besides, it's not as though we didn't want this to come about before they announced this. I wouldn't consider them any kind of leading authority on the importance of privacy. Sure, they're influential, but that's because they have lots of cash.

Re:Don't let your head explode

[AuMatar]

OF course, you have to assume that they'll do good here. Like the CAN-SPAM law, the federal version will likely be weaker than many state versions, and will override the state versions making them unenforcable. MS doesn't really want a law to protect people- they want a law that allows them to do basicly anything. Just watch, the law they push will basicly be "If its in a privacy policy, they can do whatever they want".

Re:Don't let your head explode

[dgatwood]

Yup. If Microsoft really cared at all about the consumer on this one, they would deal with the state laws, choose the strictest of them, and comply with it across the country. Unlike with tax laws (where overcharging is a no-no), there's nothing stopping them from being more anal about privacy than is necessary.

In fact, one could reasonably argue that if they were NOT trying to do something bad (or at least potentially bad), they would have no need to worry about privacy laws because they wouldn't run a

Re:Don't let your head explode

[Jah-Wren Ryel]

Unlike with tax laws (where overcharging is a no-no),

I am pretty sure you are wrong about that. I looked into this a few years ago when a local B&M was charging tax on the full price of purchases made with coupons. It turned out that they were "wrong" to do that, they only needed to charge tax on the actual dollar amount that changed hands. But, it was still legal for them to over charge on sales tax as long as they gave it all to the state.

So, if they charge you a gynormous fee and they call it sale

Re:Don't let your head explode

[canuck57]

OF course, you have to assume that they'll do good here.

For companies, M$ included it does not have squat to do with what is good. Microsoft is just realizing it has an impending image problem so it want to be perceived as the "good ole boy" in the block.

After all, Microsoft did rename Personal Computer (PC) to Public Computer. Do remember Windows media player does go out on the internet when you drop a CD-ROM in.

MS doesn't really want a law to protect people- they want a law that allows them to do

Re:Don't let your head explode

[ottffssent]

IANAL, so I don't know if that's really the case, but such promises (contracts with the world, as it were) were brought up in the discussions of Jack Thompson being a petulant asshole. Since there's no law against asshattery (asshaberdashery?), I suspect it relies more on truth in advertising laws (advertise one policy, implement another), but the effect is the same. A law saying you have to actually abide by your privacy policy ought to be redundant, and I'll be more disappointed than usual if that's wha

Microsoft is NOT your Friend

[queenb**ch]

Ok,

Let's take a cold hard look at the company's historical behavior.

They drove Lotus 1-2-3- out of business.

They bought off the DOJ. I mean, if AT&T was a monopoly, so is Microsoft. Since AT&T got broken up, Microsoft should have been too. Fair for one, fair for all.

They been spanked, albeit lightly, for their attempt to subvert Java and stymie Sun.

They bundled their browser into the operating system in order to drive their rival, Netscape out of business.

Now they're doing the same thing with MSN

Re:OT sig reply

[Omestes]

I'm winning, I managed to even get the profanity blacklist on my freaks list. I'm impressed, I didn't think I cussed that much... I guess I let a naughty word slip.

But then again (besides the blacklist) I see each freak as a sign that I'm getting closer to something right.

Re:Don't let your head explode

[vectorian798]

Funny how when Slashdot talks about Google and the Summer of Code, everyone's jumping up in joy praising Google for their work while when Microsoft does something beneficial to consumers, someone HAS to nitpick about the motives. Correct me if I am wrong but Google stands to profit from SoC as well since they use so much FOSS.

In any case, a company's job IS to make money, but why should we complain when we (consumers) stand to benefit. Having a big name like MS back up the CDT, ACLU, and EPIC is a good thi

Re:Don't let your head explode

[IWannaBeAnAC]

Maybe slashdotters have a sense of history? Microsoft has a lot of baggage they need to make up for [opensource.org].

ARGH, this was supposed to be a link to the Halloween Documents. Apparantly they have been moved to ESR's personal site (why?), but I cant find them (and I find ESR to be annoying enough that I really dont want to troll through his personal site much).

Re:Don't let your head explode

[zoomzit]

Well, past experience certainly do color perception of current actions. If Google promoted monopolistic practices time and time again, I'd question their motives too.

If you saw Mother Teresa (were she still alive) beating someone, you'd wonder if the person somehow deserved it.

Likewise, if you saw Hitler petting a bunny, you'd wonder if there was a more sinister motive.

Not that I am equating Mother Teresa to Google and Hitler to Microsoft...

oh wait... I am.

Re:Don't let your head explode

[symbolic]

It's WAAAAY to early to tell if this is something that will benefit consumers, or benefit Microsoft. As others have pointed out, things become a lot easier for companies like Microsoft if they have only one set of laws to deal with, rather than a morass of 50. What this also does, is make it MUCH easier to get the law changed if it doesn't happen to fit within their objectives. Who will actually benefit, if anything, remains to be seen.

Think: Patriot Act

[Bilbo]

Of course, if someone says that a law is supposed to protect our privacy, then it MUST be good for us, just like the way all true Americans know how the Patriot Act MUST be there to protect us!!

Yea, right.

Re:Don't let your head explode

[Omestes]

While I do recognize the blindness of your average /.er as a problem (I even wanted to defend Bliz and the Warden because I like them!), this isn't the case, so much, here.

Sure there is gonna be the MS (pardon me M$! *hic*) = evil sentiment here, but on some level we have the right to look at MS as being evil, they have reaffirmed evil as their buisness strategy several times over. Whereas Google has pretty much lived up to their "do good" model. So when Google does something good it is characteristic. "

Re:Don't let your head explode

[eric76]

It is very possible that Microsoft wants to require Google to jump through hoops before serving up information on their web pages.

Not only the obvious cases such as when you type in someone's name and address to get their telephone number, but every web page that might contain information that might be deemed to be private (like a name and e-mail address).

Re:Don't let your head explode

[killjoe]

"Funny how when Slashdot talks about Google and the Summer of Code, everyone's jumping up in joy praising Google for their work while when Microsoft does something beneficial to consumers, someone HAS to nitpick about the motives."

How do you know this will be beneficial to the consumer? Given the unethical corporate culture at MS the chances of it being good for the consumer is near zero.

Re:Don't let your head explode

[happymedium]

Google stands to profit from SoC as well since they use so much FOSS

Um, why is this a bad reason for them to have done SoC? Open source has an altruistic element, but users (individual and corporate) also have a definite self-interested motive to contribute both code and cash. It's not a contradiction; IMHO, it seems like self-interest will help open source succeed in the long term.

Re:Don't let your head explode

[Py to the Wiz]

First of all, I agree, companies' primary job is to make money. But the fact that a company's actions may be motivated by profit does not mean they aren't commendable. Think about it, when google supported OSS development, everyone praised it, even though google was just in it for the money.

Likewise, just because MS supports a federal privacy law doesn't mean it's a bad thing. Too many people on Slashdot seem to be looking for reasons to hate microsoft.

Secondly, while companies PRIMARY goal is to make mo

Re:Don't let your head explode

[ergo98]

But the fact that a company's actions may be motivated by profit does not mean they aren't commendable.

Commendable might be a bit strong of a word. Agreeable perhaps, but not commendable.

For instance in the era of Rosa Parks, most private bus companies fervently disagreed with segregation rules. Champions for the oppressed? No. Most of the owners were terrible racists, but they saw profits hurt by the law. It doesn't make their opposition commendable, it makes it coincidentally parallel with real good.

Re:Don't let your head explode

[An Onerous Coward]

Let's look at this cynically. I mean, I shouldn't have to be the only one, should I?

If I were Microsoft, I would be thinking, "If we let the states each pass their own regulations, and we do business in all fifty states, we're pretty much stuck abiding by the most stringent provisions of each. That will suck."

"But if we encourage a national law that pre-empts the state laws, it will be much less restrictive."

As someone else pointed out, the CAN-SPAM Act undermined several far superior anti-spamming ordina

Re:Don't let your head explode

[someone300]

A company has a choice about how it makes profit. Some of these ways might benefit the public, some might not affect the public, and some might make everyone's lives worse.

Google, for example, as a company want to make profit. They can do this through targetted advertising. Their advertising is more intelligent and reaches the people who might care enough to click it if they have a larger database of information and users to sort through, so they offer many services. Some people might be concerned about the privacy of it, but nearly all public webmail services and stuff keep the user's data on a computer they don't own. All their software does is scan your emails and display relevant adverts... it's not as though people sit there reading your emails. But if you don't like their stuff you can block the google cookie and get on with your life.

Microsoft usually do their business through monopoly and things that hinder others, specifically those who choose not to use their software and services. It's not usually a case of just migrating away from Windows, since you have to deal with other Windows users sending you things you can't open. However, if Microsoft do the right thing, (even for the "wrong" reasons.. like profit), then it's a good thing, and if they see this having a positive effect maybe they will do more good things.
Microsoft have a hell of a lot of power and money, maybe we could prompt them to use it for things that will benefit us.

Re:Don't let your head explode

[Omestes]

I wish I hadn't already posted and still had mod points.

To often both proponents and opponents of corporate actions will use the pure greed rule, the pro for how corporations and the profit motive is amoral (just process), while the opponents will say it is immoral.

Greed is not moral or not, but how one fulfills this greed is where ethics come to play. just like, to steal someone elses examples, neither Hitler or Mother Theresa were in themselves good or evil, but their decisions dictated their ethical we

Re:Aye! I wish more people realized this!

[mister_llah]

This sort of statement applies to companies that aren't Microsoft, as well. The goal of a company is not philantropy, it is success (unless you are a not-for-profit company whose goal is philantropy, in which case, philantropy is success, but I digress)...

The same "company goal" that Microsoft has is shared by Google, Yahoo, Netscape, Intel, AMD...

===

The company benefit from certain actions may just be as simple as 'branding' and positive public relations, but actions a company takes are almost never selfle

Woah

[pHatidic]

Does that mean I have to commit ritual suicide now?

Hmmmm....

[Conspiracy_Of_Doves]

Anyone else think that Microsoft is trying to buy our love?

No. Making it easier to circumvent

[DrYak]

No.
I'm rather thinking they are fed up because of too much different Privacy laws between different states (at least that's what the blog says).
It'll be easier for them to controll whatever data they want, if they only need to consider 1 (nationnal) legal system.

In other word : It'll be easier to circumvent if you have only 1 known barrier.

And when reading the blog carefully, one may notice that thay want to avoid data leaking against a company's will.
- User should be asked permission before giving informat

Re:Hmmmm....

[Antique Geekmeister]

No, they're lobbying to save themselves money and to get a uniform standard of privacy laws that will somehow, magically be consistent with the default options of their customer database services, and will be far more generous than many state policies.

As has been pointed out, look at the CAN-SPAM law and how it has actually shielded spam from state law and blocked no spam whatsoever. Then look at Microsoft's history of the "Sender-ID" email signature system, where all you have to do to spam past Microsoft's

Not necessarily good

[tuxlove]

Don't assume Microsoft is trying to enact a law that *protects* your privacy. Perhaps they just want privacy laws to be predictable w/o too much concern for whether they actually protect or not.

Re:Not necessarily good

[thparker]

Don't assume Microsoft is trying to enact a law that *protects* your privacy.

Exactly. Right now, I think privacy laws are pretty weak. But this isn't necessarily a good change -- remember that CAN-SPAM eliminated a bunch of far stronger state laws and left the end user with far less recourse in many cases.

To take this a step further, Microsoft's next logical step would be to gear up their lobbying machine to make certain the federal privacy law would supercede all state laws, limit corporate liability for violations, and leave as much latitude as possible on what they can do with the information.

I hope everyone is compiling their list of items that should be included in a consumer-focused privacy law and is ready to contact their representatives. If this goes forward, I can guarantee you that corporate America has their checkbooks ready to support their idea of how your personal information can be gathered, held, used and sold.

Re:Not necessarily good

[InvalidError]

I'm fine with companies tracking my personal info if UK-style laws are adopted. IIRC, some of the more interesting clauses went something like this:
1) companies shall not use nor retain information whose origins is not documented
2) companies must make all the info they have on an individual including sources at the individual's request
3) individuals may have companies delete records unless the company can justify keeping the records of terminated accounts

This way, companies would at least have to think at least twice before collecting, using and distributing data.

All we need, MS designing privacy law

[KD7JZ]

It will end up requiring MS-Privacy v1.0 for all taxpayers. No linux version available.

Error

[game kid]

Microsoft Privacy Assurance has encountered a problem and needs to close. We are sorry for the inconvenience.

If you were in the middle of living, the identity you were counting on might be lost.

Please tell Microsoft about this problem.

We have created an error report that you can send to help us improve Our Lobbying Techniques. We will treat this report as an important path towards increased revenue and shareholder appeal.

[Debug]|[Sell soul]|[Smart people can click here and do neither unless they are x86 machine-code pros]

Re:All we need, MS designing privacy law

[canuck57]

It will end up requiring MS-Privacy v1.0 for all taxpayers. No linux version available.

True enough, when you fire up a Linux media player, unlike M$ Windows Media player; you don't have to worry about it sending info out that you played it. (Ya, I know you can turn it off but it is on be default).

That is also why my Windows PC sits behind a firewall that is as paranoid about what gets out as in.

Well..

[TrappedByMyself]

If Microsoft has the ear of the lawmakers, then they'll be in the best position to exploit the law.



Hey, this paranoia stuff is kinda fun!!

Now that you mention it...

[Guppy06]

Wasn't Microsoft behind the "U-CAN-SPAM" Act?

Seriously, if that's what Congress does to protect our inboxes, I'd hate to see what a federal privacy statute would do the Fourth and Fifth Amendments.

Of course they want a national privacy law

[Scareduck]

That law will read something as follows:

1. Individuals have no rights to privacy.
2. Corporations can do what they want with any data.

That is, they want enshrined in national law the most pernicious possible data standards. The fact that this is going down during the Bush administration may or may not play a part, but certainly, the idea that bad laws can be purchased isn't helping assuage any fears I have that such legislation is hopelessly one-sided.

Or more likely....

[HotNeedleOfInquiry]

The maker of any closed-source operating system or application shall not be held liable for any unauthorized disclosure of private information caused by defect of said operating system or application.

Re:Of co ... In the Very Least

[SirSlud]

They'd rather that they only have to lobby one government than have to do it seperately, all over.

If the rules are centralized federally, it makes it much easier to be the gatekeeper on policy as it pertains to corperate use of private data.

Its similar to your point, but more of an addenum. I'm not judging whether they want good or evil, but its pretty clear what kind of advantages are provided by one stop shopping as it pertains to government policy making.

To think they really care about the customer as a

Amended.

[Tackhead]

> That law will read something as follows:
>
> 1. Individuals have no rights to privacy.
> 2. Corporations can do what they want with any data.
>
> That is, they want enshrined in national law the most pernicious possible data standards.

You must be new to K Street. Never miss an opportunity to enshrine a monopoly in legislation by finding a way to render your competitors' business practices, even where they're identical to your own, illegal - while simultaneously granting yourself the permission to do the same thing under color of law.

I've therefore amended your second rule as follows:

2. Corporations that have business models that conflict with that of Microsoft must be held to the most stringent privacy standards.

Although the Constitution is no longer relevant, it's still considered bad form to write a Bill of Attainder" [techlawjournal.com], so you have to be a little clever about it.

Thus, you'll typically end up with something like this:

• Subsection 477.104.8453: the "All Your Base" clause - the use of hashes to represent hardware configurations ("GUIDs") for the purposes of managing software licensing, software configuration, and the provision of security updates, is a permitted use of personal information that enhances user privacy and shall not be penalized.
• Subsection 8008.13: the "Booble" clause - the use of hashed unique identifiers ("Cookies") that represent individual software configurations for the purposes of providing stateful web browsing, search history, the relevance of clickthroughs for search engines, is an invasion of privacy punishable by having a chair thrown at oneself before being fucking buried, and then fucking killed.

Of course they do.

[BCW2]

It's much cheaper to bribe your way around one law than it is fifty.

Re:Of course they do.

[BCW2]

Who cares about the rating? It's the truth. They bought their way out of the anti-trust suit, they are trying to buy their way out of the one in Europe. And in the end they get away with doing anything they want, whether it's business practices or with "your" information. Nothing has changed with them. Of course I'm starting to sell Linux boxes at the white box store I work in, so some people are getting smart.

I wonder what caused this...

[jevvim]

Did Microsoft finally encounter a state that enacted privacy laws that they find cumbersome, and therefore hope that new Federal laws would be enacted without those same cumbersome issues? Or maybe someone at Microsoft thinks that Federal regulation, through a new set of privacy rules, would serve as an effective barrier against competitors in some of their markets?

Heck, even better - maybe it's both!

the first step

[BushCheney08]

The first step to ensuring that our privacy is protected is to make it federal law that all citizens have a Passport account...

don't get your hopes up

[v1]

This is not MicroSoft fighting for your rights. This is MicroSoft working to get legislation passed that clearly establishes the rules and defines the loopholes through which they will legally violate your privacy. That's how it always works. Sort of like how the Do Not Call list made certain calls illegal, and at the same time made it legal for politicians to campaign you over the phone all day long. Sort of a variant on "bait and switch".

Re:don't get your hopes up

[Anita Coney]

I agree with the parent. The key phrase is "growing hodge-podge of state laws." It's much easier for Microsoft and its lobbyist to get what it wants out of the federal government versus the fifty various states. Essentially, Microsoft wants one stop shopping to make it easier for them to screw us over.

Irony

[divisivemind]

"Microsoft said organizations that maintain private consumer information should have to meet some kind of national standard to prove they have at least taken reasonable steps to protect that data from hackers, viruses, or other kind of loss, theft or disclosure."

I would assume this means said organizations would not be running Microsoft products...

Beware

[linuxwrangler]

One need only look at how the federal banking regulations are repeatedly used to crush California's much more stringent privacy requirements to see the real reason behind federalized "privacy" laws.

Protecting the Bottom Line, Not Privacy

[Dotnaught]

The purpose of calling for federal regulation is to keep costs down, not to protect privacy. Some companies are actually interested in protecting privacy because failure to do imposes costs. HP is particularly good in this regard in that it lets customers access their data [hp.com]. The companies you have to watch out for are the ones with business models that depend on selling personal information.

Organic Food

[daigu]

It is basically the same issue as with organic food [wikipedia.org]. National standards mean that companies can lobby Congress to get the concessions they want. For organic foods, it can mean anything from allowing synthetics [ens-newswire.com], factory dairy farms for "organic" milk [foodconsumer.org] or worse.

I think this quote captures the issue well:

"Welcome to the wonderful world of government regulations, where good ideas and market forces wage war on the battleground of bureaucracy."

If you think this is going to help people like you and I very muc

Likely Bad, Maybe Good

[mpapet]

I used to work in the wine/spirits business years ago and I can tell you from experience it is very difficult to build business outside your local regulatory agent. Now that was the intention all along. (Prohibition and all)

The Good: A Single set of rules makes it easier to sell to a bigger market.

Now, on the other hand, I have some experience in gov't sales and can tell you once the gov't adopts a some conventions, well, then the big players who were there all along defining the conventions pretty much soak up all of the business. They mostly own the business already, the new rules make it a sure thing.

The Bad: Generally eliminates variety and discourages innovation.

If MS is smart, they help write the laws and develop compliant code simultaneously. So MS gets a 6-12 month jump on the competition when there's little innovation left. Win-Win for MS.

Anti open-source agenda

[Jumbo Jimbo]

The article stated 'Microsoft said organizations that maintain private consumer information should have to meet some kind of national standard to prove they have at least taken reasonable steps to protect that data from hackers, viruses, or other kind of loss, theft or disclosure'.

Could this be Microsoft's motivation for the bill? Big companies like Microsoft can pay to get their products through a certification process, and thus used by companies who must comply with this act, but lots of OS software (some Linux distros and many apps) will not have the necessary resources to go from 'Release' level to 'Government Certified Release' level - leaving no option but for companies in the future to use the certified Microsoft WonderServer2009 over open source alternatives.

MS vs. Google

[Zebra_X]

This is a preemptive strike against Google.

MS isn't in the business of knowing who you are or what you do. They want you to buy their software, not collect your personal data. It shows in their software. Activation is completely anonymous as is error reporting and authenticity checks. This is not true however, for Google.

They want to know who you are, what you do, what you click, buy, read and where you want to go. It's not going to stop there. Google wants information about every corner of the world. Thanks to a digital age, it is possible to gleen this information from our on-line habits.

MS is making a strike at google's efforts by putting tighter restrictions on how they can use, and possibly distribute your information in the future.

Re:MS vs. Google

[Frenchy_2001]

Privacy are 2 things: - how can one company collect and use your data - who can they share it/sell it to Google depends only on the 1st one. They just need to enter a contract with you (through eula/term of use of their service) for you to grant them some of this and then you can GIVE them your data. Most people wouldn't mind a restriction on the usage of those data to what was agree upon. I personnaly would like stronger laws on the sharing. In the US, any company owns YOUR data and can do as it please

Re:MS vs. Google

[d34thm0nk3y]

MS is making a strike at google's efforts by putting tighter restrictions on how they can use, and possibly distribute your information in the future.

Good!

Now all we need is for Google to lobby for national software quality control standards and we will be set!

Preempt tougher state laws, that should read.

[javaxman]

Not only does a uniform policy for the entire country make it easier to do business, a federal law can preempt any attempts at laws that actually mean anything useful to individuals, making doing business much, much easier.

Anyone else see this as an attempt to kill Google?

[handmedowns]

I mean, after all.. what does google do? Index information. Revenue is based off how they use that information, personal and public. Will this law(s) convienently be aimed towards creating requirements on how to protect such information that it will make it costly ($$ and time) enough to hurt google's business?

Sounds like the HIPPA expanded.

 

EULA

[msbsod]

Microsoft is also going to write the EULA for the new federal privacy law.

Go Microsoft?

[VidEdit]

Oh please, think about it before gushing over Microsoft. Microsoft only does things out of self interest. There are at least two Machiavellian motives for Microsoft to want a National privacy law. One is to undermine tougher state laws. MS knows that Congress is in the pocket of industry and will pass a weak national privacy law not a strict one. The other motive is to shoot Google in the foot. Google collects detailed personal information on every every Google transaction from a record of every Google search every made to the contents of your gmail in and out boxes. Privacy laws could hurt Google and anything that hurts Google helps Microsoft.

I'm no fan of Google's use of private info, but I never, never trust Microsoft.

To MS-Bashing Slashbots: RTFA

[tabdelgawad]

Already a bunch of +4 and +5 Insightful posts bashing MS.

From TFA:

"CDT [Center for Democracy and Technology] President Jerry Berman praised Microsoft's move as "a landmark moment in the cause of establishing and protecting individual privacy rights online. ... While we have not reached consensus on all of the provisions of a privacy bill, we applaud Microsoft 's willingness to work actively with other high tech companies, consumer organizations and policymakers."

"Chris Hoofnagle, EPIC's senior counsel, agreed that Microsoft's position has softened significantly over the years. He noted that it was opposition from Microsoft and Hewlett-Packard that derailed an industry-friendly privacy bill from Rep. Cliff Stearns (R-Fla.) that was quickly gathering support a few years ago
'Microsoft is being more assertive now and it shows that the company is maturing,' he said"

"ACLU legislative counsel Timothy Sparapani also praised Microsoft's move, but cautioned that any federal privacy law would need to include safeguards for data gathered by commercial data brokers."

Blame where blame belongs.

[twitter]

You are telling me the people who gave us DMCA and CAN-SPAM are going to do anything but make sure they can do whatever they want? Anyone paising M$ these days is a shill, a fool or seriously misquoted. Yep, looks like bad quoting there.

CDT takes "opt-out" seriously [cdt.org], so why should I take them seriously?

Your second quote does not show favor or approval by EPIC. Snakes mature with age. Indeed, from your fine article,

Hoofnagle cautioned, noting that Microsoft's statement of principles says the company

Privacy of Third Parties

[RoadDogTy]

Microsoft is an industry leader in terms of user privacy, internally every employee (for whom it is relevant) must undergo security/privacy training and sign statements about compliance with privacy standards (particularly in terms of how the company deals with PII, Personally Identifiable Information). Saying that the company wants a single privacy standard solely for the purpose of making money may be true in a few corner cases, but in general its not true because Microsoft already has to comply with international standards which (particularly in the EU) are much stricter than the standards of any US State. I think the biggest reason Microsoft would support standard privacy laws is because it would be easier for the company to make guarantees about third party partners (particularly those that use Passport) and make some baseline claims about the level of privacy partners must support.

Re:MSFT Privacy of Third Parties - Yeah, right..

[Dark Coder]

Microsoft is an industry leader in terms of user privacy, ...

Too bad, they couldn't go protecting our privacy when mobsters/crackers/l33th4x0r/spammers go injecting spyware, virus, trojans, and malwares which then go invading our Microsoft-certified and Microsoft-patched Windows operating systems which goes into a spell of lifting our credit cards, SSN and PII.

How about spending a better part of your MSFT cash reserves on a better QA force to put some money where your corporate mouth is?

Privacy and Big Business don't mix

[FishandChips]

A fair guess is that Microsoft has seen which way the wind is blowing and decided to put forward a proposition that's essentially on behalf of business before someone else puts forward a proposition that's a lot more tilted towards Joe Citizen or other business models.

A difficulty with any law of this kind is that essentially if it's going to have teeth then it's going to be anti-business, in the sense that business will always push for a greater invasion of privacy than legislators or citizens are going to feel comfortable with. It's rather hard to believe that a convicted monopoly is the best arbiter of this unavoidable clash of interests, though to be fair it's an issue that exists in every country in the Western world.

Of course, one can't help noticing that the requirements over "secondary" uses of information would be problematic for a company with a lot of alliances with third-parties and an interest in personal data, like erm Google, and less problematic for a company where more of it is kept in house, like erm MSN or Windows Live, and where the information is much less personal. And various hints that regulatory compliance might cost big bucks could knock out a lot of small guys. By amazing coincidence, a federal law would then knock out some perhaps tougher state laws, too.

Nope. The idea that a convicted monopoly should "help" politicians decide what's in my interest strikes me as gross. Even grosser, perhaps, is that the politicians should think it's a good idea to accept this generous offer.

Common Rules = Common Control

[gelfling]

And guess who wants to control them? Imagine a great big SQLserver in the sky managing your Federally mandated MS Passports.

What could possibly go wrong??

Privacy is not Anonynmity

[imsmith]

Rule of thumb definitions: privacy - the things which you wouldn't do or announce in the town square (or relevant 21st century equivalent); anonymity - a more general case than privacy, related the ability to tie a person's identity to actions taken in public places because of the difficulty of accounting for the scope of a public place (lots of people, lots of real estate, lots of activity, etc.).

If those thumbnail definitions can be accepted, then the real question becomes, "Is the Internet, and by exte

Let's see...

[dslauson]

Hmmm.... How can I spin this against MS to make it seem like they're doing something evil...

I am so sick of this nonsense. I swear, I need to stop clicking on any slashdot story with the name "Microsoft", "Google", or "Apple". Or maybe I should stop looking to slashdot thinking that maybe people could somehow look past their biases and read a story for what it is.

Yes, Microsoft is probably acting in their own best interest. So do Google and Apple. They're all trying to make money. That doesn't mean it won't benefit us. Don't try to tell me that you never act in your own self interest.

I know, Microsoft does anti-competitive things, and that's not cool, but don't let your opinion of them cloud your ability to think for yourself. We need to have our personal information protected, and here MS is in agreement with that. What's the big problem? Seriously!

Re:Let's see...

[vga_init]

Don't try to tell me that you never act in your own self interest.

To whatever extent that it doesn't conflict with the good interests of others. When we accuse MS of being self-interested, we're implying that what's good for MS is bad for us. I'm of the opinion that this is usually true, but I will gladly accept reasonable arguments to the contrary.

There's a business impetus

[stlhawkeye]

The motivation for this is that MS can look at the cost of gasoline and health care and observe that as state-by-state regulations get more complicated, the cost of producing health care services and gasoline skyrockets. Software is in the same boat. As privacy becomes a bigger concern, state-by-state regulations will become more and more expensive to keep atop of. A solution at the national level reduces costs. Microsoft is doing good business here; it's a coincidence that it may benefit us.

Microsoft not on the consumer's side in this

[Todd Knarr]

My thought: Microsoft is trying to get Federal rules that they can live with and that'll override more restrictive state rules. Take a look at opt-in vs. opt-out in their proposal. They advocate opt-in for a very limited class of data that they know the general public's getting touchy about, and I'll bet they make that a headline point. But for all other classes of data, they want opt-out enshrined in law in a way that prevents any state from requiring opt-in across the board. And once this is nailed down in Federal law, it'll be all but impossible to get it changed later no matter what happens.

I think that's Microsoft's strategy: cave in on the few points the public's riled up about right now, while simultaneously nailing down favorable terms everywhere else.

Claria Gator GAIN Vista

[saskboy]

Microsoft's partnership with Spyware magnate Claria no doubt is a part of this effort. If Microsoft can write the law, they can be sure they aren't breaking the laws on spyware they'll bundle with Windows Vista.

Data Protection Act

[chowells]

Microsoft's suggestions sound quite a lot like what we've already got in the UK thanks to the Data Protection Act. [informatio...ner.gov.uk]

Nearly, almost, kinda adequate

[sn00ker]

Every time I hear about privacy laws in the US, I'm stunned at how little privacy you lot have.
This is yet another example, though admittedly it's better than a lot of what's already in existence.

Here in NZ, we've had a Privacy Act for 15 years, and it's stronger than this proposal. You have a right-to-access-and-correct information held by any organisation, even the Government, for example. Getting a credit card or a loan is not a licence for the bank to sell your name and address to a dozen different direct-advertising agencies. Buying something on HP will not require you to purchase a larger mailbox just to cope with the influx of targeted mail.
If you allow the corporations to define the rules of the game, you are fair game. I'd hate to live in a society where any company that has my details can sell them.

Oh, and to the people who say that this exceeds the authority of the federal government, surely this is an inter-state commerce matter? A uniform set of rules under which you may be fucked over by corporations sounds like inter-state commerce regulation to me.

MOD PARENT INSIGHTFUL

[sn00ker]

Damn, I wish I had mod points. Oh, and that you weren't replying to me :P

I think you've hit the nail on the head.

Beneficial

[QuietLagoon]

Microsoft just wants to assure that any privacy law is beneficial to Microsoft, and the easiest way to do that is to sponsor a federal law. That way, they only have to lobby one legislative body.

It's missing one clause.

[Harker]

This is all well and good, if you believe the big-bucks, corporate lapdogs in our nations capital would do it justice, but it needs one more bullet point to make it satisfactory, in my mind:

* Ensure strict and severe penalties for persons or corporations violating these rules. Ensure that any person or corporation that violates these rules suffer strict penalties, including, but not limited to reimbursement to the person or persons affected, no less than ten times their loss, or some minimum fine.

Yea, I be

Don't need a new law, especially not Microsoft's

[shanen]

If Microsoft wants it, we already know it favors big companies and a certain monopoly over all else. What we really need a simple recognition of the legal principle that your personal data belongs to you--and should be stored on your own equipment and subject to your Fifth Amendment protections against unreasonable search and seizure. "Possession is nine points of the law."

Too busy to grab the links just now, and the thread will be old and dead before I have time to do so, but several of my recent posts have been on this topic. You can search for them (assuming you have the time and interest).

WHOSE privacy is going to be protected?

[swschrad]

the little guys who make the country run, or the big shots who want to limit the little guys?

the answer to the question is the heart of the argument. I don't generally expect big multinational outfits to be pushing for little guys to get their rights back as it says in the constitution.

MS spokesman for Privacy was on C-span today

[Jackie_Chan_Fan]

The MS rep for the privacy law proposal was on C-span's Washington Journal (an excellent show i recommend all should watch)

The format of the show is that each guest gets a good 45 minute to an hour sit down interview, and takes calls for the entire 45 minutes.

I thought the MS rep had some good things to say. He said just about everything you would expect and it was pretty much on the ball.

Of course the entire time i tried to figure why MS is behind this because it's clear they're one of the biggest security problems on the internet.

The only thing i could come up with is that MS probably has software in developement that is near complete that they want to sell to all online retailers etc.

The MS rep's biggest point was that a person should beable to track their info, know where it is, who has it, what is being done with it, and when it shifts hands to outside agencies etc.

Which i'm guessing is exactly what they have in developement for a software solution. If MS could by law force all companies to use such software and provide such information to customers, then MS would have a sure sell to all buisnesses. And like i said, i bet MS has this peice of software all ready to go. All they need is a law to enforce the requirement of such applications and services.

The law is a good idea, but clearly i think MS is banking on this for a new source of revenue in the B2B world.

Somebody pinch the submitter

[SilverspurG]

It is not the federal government's role to be in charge of everything. Really. It's not.

Why isn't it the federal government's role to be in charge of everything? Because a top-heavy government with an all-encompassing federal overseer is called communism or socialism. We do not want that?

Why don't we want that? If you don't know then you need to go back through the social studies and history courses from 1-12th grades.

There were some very intelligent men who recognized that the absolute worst thing possible is to have a federal government which thinks that it is more sovereign than the collection of states beneath it. Those intelligent men wrote a Constitution, and in that Constitution they sealed it with 2 Amendments. Those Amendments are the 9th and the 10th, and they're supposed to be limiting the Federal Government.

Keep the hodge-podge of state laws about privacy. If you hand it over to the feds it will become a single point of failure and will cost 10x as much.

Likely Microsoft wants the Feds to preempt the whole system so they don't have so many state politicians to buy off.

Re:Hmmm

[smkndrkn]

I don't care who they mean if they can get legislation through that actually protects my privacy...I'm with them 100%

Re:Cuz it's too hard to lobby all 50 states

[Lehk228]

the only common sense barrier local and state politicians have around here goes along the lines of "is this bribe large enough to cover what is being asked for" and "how can i pork this up"