The IT Law Wiki

In re Microsoft

32,638pages on
this wiki
Add New Page
Talk0 Share

Citation Edit

In re Microsoft, Inc., File No. 012-3240 (proposed consent order accepted Aug. 8, 2002).

Factual Background Edit

In August 2002, Microsoft agreed to settle FTC charges concerning the privacy and security of information collected through its Passport websites.[1] Microsoft's Passport privacy policies claimed, among other things, that "Passport achieves a high level of Web Security by using technologies and systems designed to prevent unauthorized access to your personal information."

FTC's Complaint Edit

The FTC's proposed complaint alleges that Microsoft misrepresented that it maintained a high level of online security by employing reasonable and appropriate measures under the circumstances to maintain and protect the privacy and confidentiality of consumers' personal information collected through its Passport and Passport Wallet services.[2]

The complaint also alleges that Microsoft misrepresented that purchases made with Passport Wallet are generally safer or more secure than purchases made at the same site without Passport Wallet, even though most consumers received identical security at those sites regardless of whether they used Passport Wallet to complete their transactions. In addition, the proposed complaint alleges that Microsoft misrepresented that it did not collect any personally identifiable information other than that described in its privacy policy, even though Passport collected and held, for a limited time, a personally identifiable sign-in history for each user. Finally, the complaint alleges that Microsoft misrepresented that its Kids Passport service provided parents with control over the information their children could provide to participating websites when children were in fact permitted to edit or change certain fields of personal information and change account settings set by the parent.

Consent Order Edit

The consent order prohibited Microsoft from making any misrepresentations about its information practices or the extent to which its products or services maintain, protect, or enhance the privacy and confidentiality of consumers' information. The order also required Microsoft to implement and maintain a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers. In addition, every two years Microsoft must have its security program certified by an independent professional as meeting or exceeding the standards in the consent order.

References Edit

  1. Passport is an online authentication service that allows consumers to sign in at multiple websites with a single username and password. Passport Wallet and Kids Passport are add-on services that provide online purchasing and parental consent services.
  2. Specifically, the proposed complaint alleges that Microsoft failed to implement and document procedures that were reasonable and appropriate to: (1) prevent possible unauthorized access to the Passport system; (2) detect possible unauthorized access to the system; (3) monitor the system for potential vulnerabilities; and (4) record and retain system information sufficient to perform security audits and investigations.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.