ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > Security

Security threats Toolkit

The public face of Microsoft privacy

Tags:
Privacy Spam Phishing

Colin Barker ZDNet.co.uk

Published: 08 Jul 2005 16:40 BST

What is the single biggest issue facing privacy? Is it Phishing?
It is really tough to identify one big issue. Spam used to be about marketing, now it is about delivering spyware and phishing. A year ago they term phishing didn't exist. Spyware, a year ago, was about tracking where users went for the purpose of feeding them ads. Now it is about keystroke loggers being put on people's PCs.

Take spam. We block 3.2 billion pieces of spam per day across MSN and Outlook but still 65 percent of the world's email is spam. That’s why we felt that the whole Sender ID framework was good and now, 25 per cent of the mail that MSN receives has the Sender ID framework. So that means we can now focus on the 75 percent, as opposed to the whole 100 per cent. Collectively, all of these things allow us to really narrow the funnel down so that we can really focus on the bad people.

Do you think that the chip-and-pin initiative in the UK and elsewhere is the way to go forward with privacy?
Chip-and-pin is great, but there are some operational issues with it. What happens if I lose it, for example? Does that mean that I am left stranded? I think that there are multiple different types of solution. In other parts of the world, they are looking a two-factor authentication. In places like the US and Canada, Internet banking tends to be rolled out without the use of smartcards. They just use password and user ID.

It's not just about the financial institution knowing who they are dealing with. Are we as users telling them we are dealing with a financial institution? In our view, authentication needs to be very two way.

From the authentication point of view, is there any particular method you favour?
We’ve done an awful lot of thinking about this and the system itself needs to be able to exist with multiple different kinds of technology solutions. It has to be very inter-operable as opposed to one single solution. We think that is the answer. So we have designed a set of principles, collaboratively. Even people from the open source community helped to create this and as a result of that, all of our technology solutions will actually meet those standards. They are called the seven laws of identity and were created over the past year and in our view, these are the laws a successful identity management framework needs to exist by.

Because we helped create them, these will be the standards that we meet in terms of identity solutions that we roll out for our customers…