Helping to Safeguard Online Privacy
More information about Microsoft's efforts to eliminate junk e-mail is available at http://www.microsoft.com/presspass/features/2004/Feb04/02-24CallerID.mspx. |
Microsoft's work in the security arena is focused on preventing and limiting the impact of what might be considered physical assaults on computer systems. Safeguarding consumers' privacy—protecting consumers' interest in being left alone—is a complementary goal.
Here, too, our most significant strides over the course of the past year were in improving the technology tools.
Our work to reduce spam is the most noteworthy. Microsoft e-mail customers report spam as their number-one concern. This is not surprising, since spam accounts for two-thirds of all e-mail traffic worldwide: a staggering 15 billion spam messages are sent and received every day.
In early 2003, Microsoft formed the Safety Technology and Strategy Group to focus on creating spam solutions. One research project led to the development of Microsoft SmartScreen Technology, which helps filter out spam for customers of MSN Mail, Hotmail, Microsoft Outlook, and Microsoft Exchange Server. In the first six months after Hotmail introduced SmartScreen in fiscal year 2004, the new technology succeeded in blocking an average of nearly 3 billion messages daily.
Consistent with our belief that online safety issues are best addressed via comprehensive, multi-pronged strategies, Microsoft embarked on a broad campaign to frustrate spammers. In the table below, we provide more detail on our support for antispam legislation, our cooperation with law enforcement officials in pursuing spammers, our collaboration with industry partners on e-mail best practices, and our educational activities. Through these combined efforts, we feel we are making good headway toward reducing the impact of spam on customer privacy. Much more needs to be done, but we are committed to achieving significant further decreases in the volumes of spam worldwide.
In an e-mail message to Microsoft customers in fiscal year 2004, Microsoft Chairman and Chief Software Architect Bill Gates said, "I believe that the lessons we're learning in this fight against junk e-mail will lead to many other benefits. As we work to help isolate and block spammers, we're also helping to build an infrastructure that will enhance the reliability, efficiency, and safety of e-mail, of the Internet, and of computing in general. Microsoft is committed to continuing these efforts until spam is no longer a major problem—a goal I'm confident will be achieved."
Our antispam activities are in addition to ongoing efforts to block or disrupt other techniques that compromise customer privacy. Since early 2004, MSN has offered technology to block pop-up ads, and similar capabilities are part of Windows XP SP2. Our e-mail offerings that target spam, by default, also do not display pictures embedded in e-mails. Consumers must affirmatively click on a picture or graphic to see it.
Our latest initiative is to reduce the threat of spyware—software programs that are deceptively downloaded onto your computer. They can launch a barrage of ads, track your surfing habits, or consume computing cycles without your knowledge. Windows XP SP2 includes capabilities aimed at making it easier to detect spyware.
We recognize that there is still more work to do. Privacy is not only about preventing intrusive conduct. It is also about enabling customers to control the collection, use, and distribution of their personal data. Microsoft has long been committed to providing customers with that degree of control. Microsoft's own privacy policy is to never sell, rent, or lease customer lists to other companies.
Improving the transparency of data management practices has been a challenge, not only at Microsoft but also throughout the industry. Privacy policies are notorious for their length and complexity. We are not there yet, but we have simplification clearly in our sights. Windows Media Player 9 might be considered an industry best practice in this regard. It offers consumers, in plain language, the ability to make privacy choices before running online video and audio files.
UPDATE ON PRIVACY
| Technology | |
Filtering spam | Microsoft has integrated our SmartScreen Technology into Hotmail, MSN Mail, Office 2003, and Exchange Server 2003 to filter spam. We also are working with industry to develop a standard, Sender ID, to enable legitimate senders to more clearly distinguish themselves from spammers. |
Detecting spyware | The new security features in Windows XP SP2 and MSN also help frustrate spyware. Customers are given more robust control over the pop-ups and downloads that often are used as delivery vehicles for spyware. |
Frustrating phishing | The Sender ID technology mentioned above will frustrate spam, but it is particularly well suited to helping deter phishing attempts. |
Windows Error Reporting | To improve product reliability, we continue to rely on advanced error-reporting technology in Windows XP and Office XP. The tools detect product failures and offer customers the opportunity to report these details to Microsoft. This reporting is subject to clear and conspicuous notice, customer choice, and customer access to the information before transmission. |
Radio Frequency Identification (RFID) | Through our internal Microsoft RFID Council and ongoing engagement with RFID standards body EPCglobal, we are actively committed to supporting the development of RFID standards and solutions that also address privacy considerations around the use of this technology. |
| Government Partnerships | |
Supporting antispam legislation | Throughout fiscal year 2004, Microsoft worked with industry partners and legislators in developing laws that prohibit fraudulent and deceptive e-mail practices, not only in the United States, where new antispam legislation garnered significant attention, but also within the European Union and in Australia, New Zealand, China, Hong Kong, Japan, Korea, India, Malaysia, and Singapore. More broadly, Microsoft remains engaged with government officials—both bilaterally and in the context of multilateral groups such as APEC—to help create the appropriate legislative infrastructure for privacy protection. |
Prosecuting spammers | Microsoft devotes substantial resources to support civil and criminal enforcement against the most harmful spammers. By the end of fiscal year 2004, we had filed over 90 enforcement actions in 14 countries. Through lawsuits, we have been awarded $79 million in damages. We refer the most egregious cases to law enforcement officials in those countries where strong antispam statutes exist or where spammers can be pursued under other laws or regulations. We have pursued lawsuits in the United States, Europe, and Asia. In fiscal year 2004, we also sent almost 200 cease-and-desist letters to spammers as an initial warning. |
Spyware | Throughout fiscal year 2004, Microsoft worked closely with legislators in various jurisdictions as they contemplated, and in the case of California, passed, anti-spyware legislation. We testified before the U.S. Congress and Federal Trade Commission on the topic, and we have been working with law enforcement officials. In fiscal year 2004, we sent 30 notifications to ISPs informing them indicating that they appeared to be hosting spyware distributors. |
Phishing | Our internal Internet Safety team is working on prosecutions, both civil and criminal, to combat phishing as well. In fiscal year 2004, we sent over 350 notifications to ISPs informing them that they appeared to be hosting phishing sites. |
| Industry partnerships | |
Anti-Spam Technical Alliance (ASTA) | Microsoft and ASTA members (AOL, British Telecommunications plc, Comcast Corporation, EarthLink, and Yahoo!) continue to work together to drive technical standards and promote collaboration in the development of industry guidelines to address the spam problem. ASTA has taken the lead in promoting the aforementioned Sender ID standard, but the organization also has published a host of recommendations for the industry on best e-mail practices. |
Other antispam coalitions | As part of our global effort to marginalize spam, Microsoft cofounded industry antispam coalitions around the world. For example, Microsoft helped to spearhead the formation of a new coalition devoted to addressing the spam problem in Hong Kong and elsewhere in Asia through public policy leadership, training, and other activities. Other coalition members include Time Warner, the Hong Kong Internet Service Provider Association, the Asia Digital Marketing Association, MessageLabs, and Global Orient. Microsoft has helped to form similar coalitions in Israel and Japan. |
2004 China Internet Conference and International Anti-Spam Summit | In September 2004, Microsoft, eBay, Yahoo!, AOL, and the Internet Society of China cosponsored a multinational summit in Beijing on how to improve coordination in reducing spam. The event culminated in the signing of a memorandum of understanding among the cosponsors that calls for ongoing collaboration in combating spam in China. |
Anti-Phishing Working Group (APWG) | As a member of APWG, Microsoft is actively engaged with other industry leaders to help reduce the threat of phishing attacks by developing and sharing information about the problem and promoting the visibility and adoption of industry-wide solutions. |
Center for Information Policy Leadership | Microsoft has been participating in the Center's "Short Notices Program." The program's goal is to develop consumer-friendly privacy summaries that enable consumers to quickly grasp key privacy disclosures. We are piloting these notices in Europe and Hong Kong in fiscal year 2005. |
| Education | |
Relaunching of consumer information on Microsoft.com and MSN.com | In fiscal year 2004, the company significantly revised and relaunched its two primary consumer-education portals, http://www.microsoft.com/athome/security and http://security.msn.com. Both sites have been translated into 19 languages and are available in almost 40 countries. The sites contain information on spam, phishing, ID theft, spyware, and helping protect your privacy. They also address child safety and other security concerns. |
MSN's spambuster site in the European Union | MSN's European offices collaborated in developing a site exclusively dedicated to informing consumers about how to help protect themselves from spam. It is available in 15 markets and 10 languages. See http://www.msn.co.uk/gen/antispamsites.asp. |