Planning the future of privacy at Microsoft
Published: 03 Jul 2006 12:10 BST
After the recent row kicked up by a Microsoft antipiracy tool, Peter Cullen was selected to help undo the PR damage and mend fences with upset customers.
The controversy stemmed from Microsoft's failure to make the proper privacy disclosures with its Windows Genuine Advantage Notifications tool. It didn't disclose that the software connected to a Microsoft server after each start-up, which irked users and had one critic liken the tool to spyware.
Cullen, Microsoft's chief privacy strategist, has been very involved with the issue and readily admits that the software maker dropped the ball on WGA Notifications. The flap puts him on the front line, rather than his usual role behind the scenes.
For the most part, Cullen, who joined Microsoft three years ago from the Royal Bank of Canada in Toronto, is happy with his role at the software giant. He works on things such as guidelines for developers and privacy policies.
Like other Microsoft employees, Cullen, who calls Vancouver home, is proud of having an impact at the Redmond, Washington, software giant. He's working to make long privacy policies a part of history and helping to make Windows Vista the most privacy-sensitive operating system Microsoft has ever built.
Q: What would you say is the biggest difference between working at Microsoft and working at a bank?
A: The dilemmas — think of Windows Automatic Updates, as one. You could make an argument that, for the good of the user and even the good of the ecosystem, Automatic Updates should be turned on by default. People should have patched machines. But that would be contrary to our belief about user control; users need to have a choice.
In the three years that you have been at Microsoft now, what do you think is the single most important thing you've been able to achieve?
Integrating privacy into the process, into the way the company does business. For example, we now have a very prescriptive set of privacy standards that guide the development of all products and services, which is integrated into the development process, as opposed to having it as a standalone checkpoint.
Is there one thing you've done that millions of people worldwide will have seen?
The best example is the way we've radically changed privacy notices. We were probably one of the first companies to implement the short form, or layered form, of privacy notice. In the case of MSN, that means 250 million people have access to a much more streamlined privacy notice. That has since been expanded to all online services, and Microsoft Office 2007 will be one of the first boxed products that comes out with a layered, or short form, privacy notice.
Is this short form because longer forms are simply impossible to read?
In the spirit of trying to be very upfront and include everything, privacy notices have become incredibly long. The previous MSN notice was 13 pages long — that's a lot to ask anybody, to read it. Users want to know very specific information, so the answer was to put those specific things into an executive summary of a single page.
Microsoft has been under fire recently for a program called WGA Notifications that connected to a Microsoft server every time a PC starts up, which was not disclosed. Are you aware of this?
Yes. We spent a lot of time focusing on the type of disclosure and type of notice around validation. That is really the part where the user's information, at least the system information, is being transferred back to Microsoft. We didn't spend the same amount of time on the notification side of it, which really transmits no information about the user back to Microsoft.
It's important to go back to the fundamental goal of Windows Genuine Advantage and the risk of pirated software. A lot of people believe that it might be about the revenue...
Previous
Did you find this article useful?
158 out of 302 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
Full Talkback thread
2 comments
