ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > IT Management

Desktop platforms Toolkit

Planning the future of privacy at Microsoft

Joris Evers CNET News.com

Published: 03 Jul 2006 12:10 BST

...but in actual fact, it is about the security and privacy of the users. Some research that we've done finds that the incidence of malware (malicious software) is a lot higher on pirated software, so we really are trying to make sure that users really have the opportunity to protect themselves.

WGA Notifications was found to ping Microsoft every day. Do you feel that should be disclosed to users?
We have a basic promise that we will be as transparent as possible. In this case, we've spent a lot of time on the Windows Genuine Advantage Validation part that really transmits information and neglected the area of Notifications.

Microsoft has a big push for online services. Everything is going "Live." Is there a difference between online and offline when it comes to privacy? Cullen: We're building online services to the same set of standards around privacy as more traditional products. Also, think about the fact that even though software sits on your computer, it's still connecting to the Internet.

Windows Error Reporting, for example, has privacy built into it. When there is a problem with the system we want to know about that, because it is perhaps the only way that we can fix it. But we also understand that you need to have the choice about whether the information is sent. So, before it gets sent, you have to affirmatively say "please send".

So there is no need for special guidelines for online services?
When we the built the privacy standards, we thought about it in terms of products, and we also thought about it in terms of services, so it applies to every single one of our Web pages.

Is there much debate, or do you have to fight for certain things when you're working with product teams? Are there certain things that you really have put your foot down over?
One of the most gratifying things about Microsoft is that privacy is a core tenet of the company. It's part of the Trustworthy Computing Initiative, which was proclaimed by Bill Gates four-and-a-half years ago. I find privacy is actually a forethought as opposed to an afterthought. There are situations where we do provide counsel, but usually it is because the business unit really wants to do the right thing.

Windows Vista is coming down the pike, and Microsoft is touting it as its most secure operating system. Is it also one of the most privacy-centred operating systems?
That gets back to the standards that we've right built into the product. Vista went through the entire Security Development Lifecycle, which means that privacy is built right into it.

Do you often have to slap people for doing something bad, related to privacy?
It hasn't been my experience, no.

Maybe the WGA Notifications flap is the only example?
We've spent a lot of time on parts of that, and we'll do a better job of the rest of it. My experience is that people absolutely want to do the right thing all the time. In our company, there are over 350 people that have responsibility for privacy as part of their job, so it's a marvellously rich infrastructure that's inculcated right into the business unit.