November 2005


I am The Cyberwolfe and these are my ramblings. All original content is protected under a Creative Commons license - always ask first.
Creative Commons License

Microsoft now Pro-Privacy?

Brian Krebs of Security Fix writes to let us know that Microsoft has been prodding lawmakers to enact a Federal-level privacy law to pre-empt all the states who have been doing so locally. Makes plenty of sense to me.

First, M$ is a huge bloody company, selling its products globally. I’d bet that a sizable portion of their expenses can be found under the heading “legal fees”. If every state enacts it’s own privacy laws, then M$ has to pay a lawyer to decipher each one, and then make sure they are abiding by all of them. It gets expensive. A little money now spent urging Congress to act unilaterally will pay for itself later on down the road. Smart move.

Secondly, it’s good PR. M$ has been taking it without lube or a kiss lately over the general insecurity of their products, and this might help swing public opinion a little. Also a good move.

Here’s where we get to the part I don’t like. M$ is big enough to buy some serious sway, and that means they could have a big hand in writing the law. Him that writes the law will often make himself a loophole to get out of it.

Still, the devil will be in the details, (Chris) Hoofnagle cautioned, noting that Microsoft’s statement of principles says the company supports “consumer opt-in” — the consumer’s advance permission would be required — for sharing of sensitive (e.g., financial or medical) data but supports “opt-out” — data can be shared unless the consumer explicitly says “no” — for every other kind of information.

Personally, I am of the firm belief that any company I do business with needs to ask permission in writing before disclosing any of my personal information. This should be a completely seperate form, not wrapped up in another block of legaleze. It should have only the one option, so therefore it would be quite short, so you can use a nice easy-to-read font.

Here’s an example: “I agree to let XYZ Company share my personal information with that company’s business partners for the purpose listed here.” Followed of course, by said purpose. One purpose per page, each page requiring a signature.

Comments are closed.