Security threats Toolkit

The public face of Microsoft privacy

Tags:
Privacy Spam Phishing

Colin Barker ZDNet.co.uk

Published: 08 Jul 2005 16:40 BST

As the chief privacy strategist for Microsoft, Peter Cullen has an onerous responsibility. Microsoft software routinely collects information from millions of computers around the world, quietly and often without the owner's explicit knowledge.

Harvesting this kind of private information may seem intrusive, but Microsoft claims it is done for a good reason — the more information the company has on users, the better it can protect them.

Cullen moved to Microsoft three years ago from financial services where he helped develop the industry's best practices around the collection and use of information.

ZDNet UK talked to him about ID theft, the increasing threat of phishing attacks and combating the ever-present menace of spam

How do you differentiate your role from that of chief security officer or equivalent?
At the core definition level security is about how to keep information confidential and privacy is about the use of information. But the two are very related. Look at a phishing event. What started off as a security event — something that caused the customer’s information to be collected inappropriately — ended up with customers' information being used, perhaps for identity theft, which is a privacy issue. Around the world all privacy information has a security component to it.

On an issue like identity theft, what can Microsoft do to help people guard against that?
We approach it from a number of angles. Look at the fight against spam as an example. There were really four buckets of things we had to look at. One was technology solutions. The second is education and there are two strands. One is consumer education, so we help them by showing how to interact with online vendors and when not to. The other area that we focus on is partnerships with industry, so if we think about spam, it is about working with other industry players on ways to combat spam.

And then there is government, and in particular working with government on the law enforcement side of things and we have launched about 120 actions against spammers, phishers, spyware purveyors around the world.

So if you think about spam, two years ago it was about marketing and offering us body-parts we didn’t need and today it is about a delivery mechanism for spyware and phishing. So we are really focusing on spyware as part of spam. Now we are focusing on phishing but it is still part of the spam problem. As we block spam reaching the user's mailbox, it becomes one less way of launching a phishing attack, which can also lead to identity theft.