Click Here to Install Silverlight*
United StatesChange|All Microsoft Sites
Microsoft
PressPass - Information for Journalists 

SafeNet 2000
Security/Privacy Summit
Remarks by BILL GATES

BILL GATES: Well, good morning. It's great to have an opportunity to get everyone here together to talk about what we think are two of the key priorities for the entire industry, and those are building systems that are both secure and are able to preserve privacy. These are tied together in a very deep way, because there's no way to enforce policies around privacy unless the security infrastructure is working -- and working perfectly -- to make sure those policies have come into force.

These issues will become increasingly important as the Internet evolves in the direction that we call the .NET generation.

We've been through two phases already in the Internet. The first was very simple. It was about providing information, essentially turning a PC into a terminal that could connect up to any server. You'd go to one site at a time. That information would all be static information. And this environment raised very little in the way of privacy concerns. People weren't declaring much information about who they were or what they were doing.

There were some security issues around intranets in that some of these pages you wanted to provide only to your suppliers or other kinds of partners, and so having the same sort of logon security that you have inside the company then extended outside. And this is relatively simple in that password systems were simply used to add those people, almost as though they were internal employees. The difficulty of the fact that meant you'd have dozens of passwords, depending on how many of those relationships you were involved in; that only became obvious in the last few words as that intranet phenomena and extranet element of it became very pervasive.

When we moved to transactions, this is where people first started worrying about how were we going to make sure that that credit card number isn't stolen, that it isn't taken and abused in a very broad way.

And it's interesting, there is an analogy back to the physical world in terms of handing your credit card over or using it across the phone, and yet the digital implementation of that charge card usage really raised a lot more concerns for people; the idea that they really didn't know who they were giving it to, the idea that there could be weaknesses in the system that would lead to thousands of those cards being revealed, or that somebody could create transactions at almost an arbitrary rate now that they had this digital connection.

So there was a lot of reluctance in giving out credit cards and all of us involved in Web sites saw that people would often come, for example, to our travel site, Expedia, see what the flight information was, really get a huge benefit out of that online capability, but then when the final step came, the step that actually was key to the business model of the Web site, which is getting a commission on that transaction, a high percentage of those buyers, potential buyers would actually go and complete the transaction by more traditional means.

And so that reluctance actually meant that the site was doing a good job, but not getting the full cycle that it was dependent upon.

Now, why do I say these issues are going to become more dramatic in the future? Well, the vision that we and many in the industry share is that as you're working on the Web you won't just be connecting up to a single Web site at a time; you'll be getting information from many different sites.

And so there will be a lot of exchange of information taking place that will be less visible to you. It won't just be you typing in a URL and going there; rather, any sort of interest you have about, you know, stock prices or weather or sports type developments, all of those things, your system will go out and pull that information onto the screen and combine it in a way that meets your interests. So essentially every individual will be empowered to create their own portal experience.

And yet that's in an environment in which you don't really know how much of your personalization data is going out to those different sites. There's a level of indirection there.

Further, we see an environment where the user owns many different devices, perhaps a PC at home, a PC at work, a cell phone, the set-top box. And in order to make those scenarios worthwhile, all of the information, ranging from credit card to zip code to preferences, should be moved between those devices. And, in fact, there's a number of services, including some that Microsoft is coming up with, that will automatically move that information around to those different devices. And so that when you see your "favorites" list, it's not just what you did on that device, it's what you did across all your devices. When you see your "contact" list, it's everybody that you wanted to talk to. And if you make an update, it flows automatically without you having to run a sync program or get involved in it; it shows up on all those devices.

Well, what that means is that information that used to be controllable, because it was only down on that local device, now for reasons of convenience, to allow this multiple device world to proliferate, that information has to have been replicated most likely through an Internet or what we sometimes call a "cloud-based" service in order to bring it down onto all of those devices.

So the nature of the information and the breadth of that information that you're going to want to be used on your behalf is much larger. And yet your concerns about, "okay, now that it's up there, who's going to have access to that," will move up to a new height.

You'll also have new things like note-taking, video editing, photo services, personal communities, a family calendar; all of these applications, which we've been talking about for many years now, are becoming far more practical. People's level of engagement with the Internet, their dependence on it, their willingness to use it to collaborate with other people, goes up very dramatically as we make these software advances and more and more people are drawn into this environment.

The fact that you'll be able to get at the information wherever you go makes a big difference here. At Microsoft we have a wireless LAN, an 802.11 LAN that is present throughout the entire campus. And so now people are taking their portable machines with them into meetings, able to access information, and many people are putting those networks together in their homes as well.

In the years ahead we can expect hotels, airports, many of the locations that have lots of travel, to have these wireless networks. And so people will be interacting with this rich information, that they care a lot about its security, in many, many different places.

So it won't be enough to say, "Okay, we've secured the physical LAN, we've made sure that nobody's tapping in," this information will be in the airwaves, not just on the campus, but in lots and lots of locations.

So wireless raises the depth of use that people have, and it also creates a new possible vulnerability in terms of the difficulty of making sure that the information is only seen by people who you want to see it.

So there's a growing dependence on this access to data, and on the positive side it's incredible that you will be able to share with whom you want to share with. You will be able to go back to a Web site and see the customized information that really counts for you. If you're buying a gift for somebody the second or third time, you should be able to not have to reenter any of that information.

Some of the concerns people have about this show that to some degree they didn't recognize that there were these digital databases that were out there all the time. As they themselves were involved in rich browsing and see what kinds of correlations can take place, they recognize somebody who's got every phone number you've called or every charge you have on your credit card, that controlling how that information is used should be important. But it's also not just that realization; it's also seeing that the cost of computing has brought the ability to bring that data together to a really new level.

And so whenever we go out and survey customers, whether it's corporate customers on the security point, or consumers on the privacy point, we see not only a high level of interest and concern, but an increasing level of interest and concern. And when we combine that with our vision of how all this moves forward, we see that that trend is likely to continue and so that a key element for the industry and any particular company's products within the industry will be what have they done to address the legitimate concerns here.

Well, we are seeing a lot of groups that combine different companies, focus on policy, focus on technology, a lot of groups come together. In fact, when I sat down over the last couple weeks to talk with the various experts in these topics at Microsoft, I was impressed how much of the time they're spending going out and meeting with their colleagues, people like yourselves, and talking through how can we make sure that whatever regulations come up in these areas that they are not impeding legitimate scenarios and really allowing the industry to move forward. How can we make sure that the industry adopts certain practices so that reputable Web sites, people absolutely know what to expect and that those rules are acceptable not just in this country but in all the countries that we want to do business in?

You can see here there is an interesting intersection between the private sector and government here. Government's not only interested in the policies to protect citizens, but they have a particular interest, in many cases, in gathering information when you get into tracking down criminal activities. And the whole privacy thing really is very two-edged in the sense that there are cases you ought to be able to go and track things down, and yet in most cases you should be able to block that or make sure that it's only done when some particular authorization is taking place there.

And so the dialogue has been a healthy one. There are aspects of this problem that I'll describe today that I think there are clear answers to, things where the appropriate use of technologies can make a huge difference, can make a huge advance.

There are other areas that literally are political questions; you know, what kind of access to information should an employer have? You know, when somebody has sales transactions records, what sort of uses should be able to make of those? And those issues certainly aren't going away. They'll continue to be a subject of extensive dialogue with the political sector.

One of the, I think, key issues around privacy has to do with freedom from intrusion. The privacy problem is a big enough one that I think it only can be tackled if we break it down. If you just take it at the top level, it's easy to say, "Hey, privacy is, you know, a fantastic thing; let's have infinite privacy." Well, one aspect, as we talk to users about this, is that they don't want to give out their email address and have their inbox flooded. It's just like they don't want to give out their phone number and have phone calls taking place all the time. They want to feel like they're absolutely in control of what information comes onto their system.

And it's not just as simple as saying, "Okay, there are certain email addresses you'd like to block information from;" it's more subtle than that. If you give your email address out to somebody you're buying products from, you might be glad to receive email from them once a week or once a month, but you don't want them using it more than that, sending you, say, a daily update. And you should be able to indicate that preference and have the system take care of that preference on your behalf.

Likewise, if you have your multiple devices, and during the course of the day you're engaged in different activities, there's only a limited number of messages that ought to come to you and interrupt your activities. Your time is a valuable resource. And so you ought to be able to indicate messages from whom, about what topic, and how they get categorized so that your time is used in the most effective way.

There's a lot of great software technology that we and others are involved in creating that come under the heading "information agent" that really are going to help people deal with this. There's actually even a problem with this today I don't think that's widely recognized, that even as you sit at your desk and, say, you're trying to concentrate and write a memo, that the likelihood that if a new piece of mail comes in, you hear that little bong or whatever effect you have on your system, you know, you're really tempted to go and pay attention to that, and that, in a sense, is a loss of productivity, particularly if you find it's something that's particularly uninteresting that's been sent to you.

So putting the user back in control of who can call them, page them, email them, that's very important.

The vision here is a pretty ambitious one, and that is to say that not only won't things come to you at an inappropriate time, but also that you should be able to set the system up so that if there's things that you want to be notified of, whether it's a stock price change or a system going down or a certain budget being exceeded, that it's very easy for you to set that up so that you don't have to go out and try and find it, but rather the things you care about are brought to you and brought to you at the time that you care about that.

And so this issue of freedom from intrusion is one where a huge contribution can be made. This is one where when we meet on this topic three or four years from now we should be able to say that the magic of software has made huge advances, and so that giving out your email address is not something that you're concerned about because you can exercise the control over what that leads to in terms of use of your time.

A second area that I think technology can make huge advances in is blocking malicious codes, this idea that people click on an enclosure and, you know, they think, "Hey, it's a nice enclosure, doesn't matter if people told you not to click on the enclosure, you're going to click on that enclosure," making sure that incidents like that don't lead to a compromise in the security.

And the idea of having code be fine, being able to tell where the code came from, and then also having different levels of privilege inside the system, so that code that isn't verified in a certain way, that that code has very limited capabilities, for example, just updating the screen; we don't want to eliminate wholesale the idea of being able to send code around through electronic mail. The idea of being able to send a patch to an application, an update to an application, you know, a neat little card that might require an installable control, those are legitimate scenarios. And because we don't have the full infrastructure there today, people have had to make tradeoffs, where they eliminate some of those scenarios or make them extremely inconvenient in order to make sure that the viruses aren't spreading around and causing a loss of productivity.

And so this ability for administrators to lock down these desktops, to control what level of privilege the code runs in, those are features that will be present in the platform, and the development tools will make it easy to declare what kind of code you're writing, who's writing that code, and have the appropriate things take place.

So malicious code, freedom from intrusion; a lot that can be done there that are really policy neutral things, simply giving people the power to enforce what they're interested in.

Another huge key point in these systems, both for privacy and security, is knowing that the person who says they're using the system really is that person. If you take non-digital systems, you know, say you call up the tax office and say, "Okay, you know, I am this person; I would like to talk about my tax return," how much do they really verify that it is that right person? You know, are there weaknesses in those systems? Well, there probably are, but they're just sort of one at a time, simple weaknesses, not the systemic weakness you'd have if somebody can arbitrarily masquerade as being you and go into any database, including your mail or other databases that have information about you.

In fact, this identity issue has in many cases been the blocking thing that's prevented governments from taking very paper-oriented systems and putting them online. Voting, you know, is one that people are thinking about a lot now. You know, I would say that if the identity problem was something that, you know, we thought was just totally solved, that online voting would become an option and therefore, you know, a lot of benefits in terms of less time wasted, quick analysis, broader participation and things like that.

And so we really need pervasive identification, so that whether it's our dialogue about our health status or our tax status or our banking records, so that we can engage in those things on all of the different devices that we're involved in.

Now, today there is some proliferation of identities, where you have to have different names and different passwords on all these systems. Because you have so many names and passwords, it means that the amount of care and effort you're willing to put into any particular name and password is a lot lower. You want to write it down. You don't want to change it all the time. You don't want it to have something that's obscure.

And so there's a couple of different improvements that can take place here. One is to have a pervasive authentication system that is accepted by lots and lots of Web sites, and therefore allow you to consolidate down and put more energy into the very few passwords that you have.

The other is to move to a system that provides a higher level of assurance that it really is that person, that it's not somebody who's actually guessing the password. And, of course, in many countries there's been a move to do this through the use of the smart card. At Microsoft we've decided that for certain applications internally we are going to insist that the person authenticate themselves not just with a password, but also with a smart card. A good example of this are our network administrators, the people who have the privilege to create and delete user accounts. You know, we want to make sure that those people are authenticated in a very, very strong way as they come onto the system.

And so what we've done is taken the infrastructure in Windows, the CryptoAPI capabilities and now said through the active directory, that users of that class need to authenticate in this different way.

Part of it is that those people can only stay active on the system when their smart card is actually present inside the PC. So I've got a portable machine here that actually has the smart card in it.

So here I am logged in with this smart card actually present. When I remove this smart card, it immediately goes into a mode where until I put the smart card back in I can't do anything. So that means that not only are you assured that the person, you have stronger authentication when they log in; the policy for those people is as they leave their system, they go out to lunch, they leave at night, they have to take their smart card with them.

Now, you might say, "Well, you know, aren't they just going to be lazy and leave the smart card in the system?" Well, first of all that would be a violation of policy. The second thing is we use the same physical card to control their physical access in and out of the building. And so if they leave the smart card in there and they go out of the building, then they won't be able to get back in the building, and that will remind them that they're supposed to have this -- (laughter) -- smart card with them.

And it's really nice; this is an incredible demo. They brought this door here just for this one demo -- (laughter) -- which is to show that this card is actually the same card that can open this door that goes nowhere. (Laughter.)

And so, you know, we're giving people now the means to say that whatever kind of identification process you want to have for different classes of users, you can insist on that just as part of the directory functionality.

Now, in some cases people will use other techniques as well. There's a lot of these biometric techniques that are coming along with different characteristics. Microsoft's role is just to make sure that all of those different devices can be connected in and you can set policies relative to those different devices. And so Windows itself accepts all the different means, the fingerprints, eye scan, voice print or whatever new things come along; there are people who have done drivers that fit in and then the administrator decides exactly what people ought to be involved in doing those things.

Another big issue with the different devices I talked about is actual data integrity on the PC, what happens if that PC is stolen. One of the things we've done to deal with that scenario is the encrypted file system, and so that only when you're logged onto that system are the keys there that let the information come out of that file system. It's by having that kind of approach that you can make it so that somebody can't just go in and immediately see the data that's out there on that desk.

One of the characteristics of the environment we're talking about here is that information will be replicated onto all of these devices, although logically there may be a master copy that you pick a particular PC or you pick to have that up on the cloud, and that will be completely under user control, where you say that the master copy for any portion of your information set is, and, you know, you can pick, you can say, "No, I don't want that to be in the cloud; I only want it to be on the PC." If you do it that way, then of course unless your PC is online when you're using the other device, you won't be able to get at that information.

So there's a little bit of a tradeoff there of do you trust the server, the cloud service to have that information, which guarantees total online availability, or are you making sure that whatever device you've got the information on, it's connected when you want access to that information. But again that's something that we're just going to create the broad schema that describes all this information, and let you, you know, have your preferences, your files, your communication so that there's a standard way of getting to it. Exactly where it's stored and the policies around who can have access, that's still completely under user control.

Well, I focused on the PC and the personal information on the PC. Let's now talk about Web sites and what all of this means for them.

I think it's quite clear that the idea of having a Web site retain some information about you as a customer, you as a browser, there's a lot of positive things that come out of that. I mean, in the physical world it's very typical to go into a store and buy something and then as you leave the store say to the person, "Hey, forget that I was ever here. If I come back in again, don't recognize me, you know, don't try and deal with me based on, you know, remembering what I did here." You know, you would expect or you generally view it as a positive thing to have them not have that be a memory-less interaction.

And the same sort of thing exists on Web sites. And, you know, we probably all have a number of Web sites where we've gone through the customization; we value what comes out of that. Even the advertising scenario is somewhat to the benefit of the user. After all, if you're going to see an ad, you might as well see an ad that might trigger your interests as something that might be valuable to you or something that you want to buy for someone. So even there, that is the information being used the appropriate way, the fact that that's targeted to you, not only is it more interesting, but it also, of course, allows the Web site that's free or very inexpensive to do more on your behalf because they've had that revenue. TV, of course, being the extreme there, where all the things you get to watch are completely free, because you're willing to have that advertising experience.

So there's a lot of information that will be stored on the Website. Now, how can we make sure that that information is secure? Well, there's many levels of technology here. One of them that's very key is making sure that as any weaknesses are found in these Web sites, that the ability to send around the updated software bits, that that's something that works extremely well.

Today on the Web, you know, when a weakness is found, a few Web sites will do the updates very rapidly, but if you look at the population of Web sites as a whole, most lag pretty dramatically. That is something that we believe software infrastructure can make a big difference in. We can make it so that sort of like Windows update on the PC, but in an even more transparent way, the fact of subscribing to those security updates and therefore having them replicate so that literally within, say, a couple days of any weakness being found, that those are propagated onto all the different Web sites; we think that's important.

We think a number of those bodies that I talked about getting involved in spreading information about best practices are a key part of this.

We've been creating a number of scripts, which are what we call "lockdown scripts," that really go through and check what people have done in terms of setting up these systems. There are some fairly basic things that actually explain a lot of the weaknesses that are out there. In fact, there were some documents put together, called the top ten security wholes that exist on Web sites, and, you know, they felt that explained about 80 percent of the weaknesses that are out there.

Inside these systems we need to have support for IP sec, support for very rich firewall capabilities. The definition of what a state-of-the-art firewall is has been moving up fairly dramatically, and that's a market where the way that we think about firewalls will be changing, because it's not just a matter of -- packet filtering is helpful, but we actually need to move up to higher levels of the protocol and be able to select in and select out activities in a richer way.

And a part of that is defining at the very beginning of these XML-based protocols, the RPC flavors are called SOAP, making sure that from the beginning we have the ability to define, an administrator to define exactly what kind of access they want.

And so we don't end up in this problem that some neat innovative services are completely blocked, or the other extreme, which is that opening up the door to these rich SOAP-based services creates a level of vulnerability that sort of basically defeats the idea of the firewall in the first place.

Well, one of the big issues is that as you go to these different Web sites, you engage in buying behavior, you ought to be able to know what the policy of that Web site is; you know, exactly what are they saying that they do with the information. And you ought to be able to do this in a way that doesn't require, you know, clicking five times to something six levels deep, and reading something that uses different terminology for different Web sites. You know, that makes it so impractical that it's probably as if it's really not there.

So you want to, based on the profile of the user and the profile of the Web site, you want the software as automatically as possible to declare, you know, is this a site that you're going to feel comfortable going to or not and create a good user interface that let's them see what's going on there.

There's been a lot of activity in the industry around this. The one that is particularly active right now is this idea of P3P. What are the protocols? What are the profiles that are going to let this sort of mutual consent take place? We think that this is a fundamental technology and that's why we've really gotten out in front of putting it into a beta test of the browser, getting user feedback on it, and even engaging with a lot of different people in the political sector to say, "You know, is this exactly how you think we ought to define this?"

It's been interesting, because a lot of the people who first came to this, you know, hadn't really looked at what would it take to create the system, what should the user interface look like. And as the dialogue's gone on, we've been able to share a lot and get very good feedback.

What we've come up with is something that we're very excited about and will be part of the Internet Explorer 6.0.

So I'd like to ask MICHAEL WALLENT, who's in charge of our product work in Internet Explorer, to come up and show us how P3P works.

MICHAEL WALLENT: Okay. Thank you, Bill.

BILL GATES: Thanks, Mike.

MICHAEL WALLENT: So as Bill mentioned, what I'd like to show you today is some of the privacy-enhancing technologies that we've included in IE 6. IE 6 does now support P3P. Now, P3P is the name for specifications done by the World Wide Web Consortium, where W3C called the Platform for Privacy Preferences.

And it really has two significant parts. One is that it defines the protocol for the site and the browser to talk back and forth, to share information. Now, what information does it actually share? Well, what it's sharing is the schema that describes what the site is doing, what data it's collecting, how it's collecting that information, who it's sharing with, a very large schema of information that hopefully the user can then have user preferences around to decide whether they'd like to accept or reject that type of interaction.

Specifically what this means, and how we're dealing with it in IE 6 is how we deal with cookies. Cookies have been a very interesting issue to have dealt with over the past year or so, and we felt that the most important application of P3P was initially around cookies.

So I'd like to show you some examples of this today. And this functionality that we're showing will be introduced, as I mentioned, in Internet Explorer version 6, first in the beta of what we call our Windows Whistler product, which is the next version of Windows.

So I'm first going to log in and we've taken the liberty of creating two accounts, both a bill and a safe bill account. And I'm of course going to log in now using a secure password with both letters, numbers, upper case, lower case and special characters just to make sure it can't be cracked. But I'm not going to say what that is, of course.

So I'll log in. This is actually Windows Whistler that we're seeing here in the logon process. You can see it looks pretty interesting I hope.

So the first thing I'm going to do and show is the experience that a user would have, starting up in browsing with IE 6. When they go to a site that may have defined already a privacy policy but hasn't yet gone through and translated that privacy policy into either a P3P vocabulary or what we call a P3P compact header, which is actually the bit of information that we're going to share back and forth to determine whether the cookie can be accepted.

So I'm going to go do my -- it's called the QuickSports demonstration.

Let me make sure the door doesn't block this.

Okay, so this is QuickSports.com. Now, as I mentioned, this site has a privacy policy as I see on the bottom, but they're not actually sending that P3P compact header down to the browser. So what's happened here is I know this site was using a third-party persistent cookie. And what we've done is we've actually blocked that cookie so it hasn't been set and it wouldn't be read either. I know that because I see the little red exclamation point down in the status bar of the browser, right next to where I would see the SSL lock icon.

If I go ahead and click on that, I can see that there was an issue. And it tells me, "Oh, buy cool stuff. You know, gee, there was a problem."

As Bill mentioned in his presentation, one of the issues that we're really concerned about is to make sure that this privacy information and the ability for users to customize their privacy settings are really, really easy to control. So if I click on the "settings" button, which is obviously right here in the dialogue, I go to my new privacy settings UI, which looks very similar to the zone security UI that we introduced in Internet Explorer version 4 back in 1996.

I'll get into more detail on this as we go forward in the demonstration. But I hope you can see how simple it is to get into my privacy settings from just two clicks.

Okay. So now I'd like to go to a different page, a different site. Now, this site, SportsOutfitter.com, is ahead of the curve in this demonstration in sense, in that this is a demonstration site that we've created. They have a privacy policy. They have gone ahead and translated that privacy policy into an XML P3P privacy header, as well as created a P3P compact header that they'll send down.

Now, it's important to note that we actually have introduced some tools that make that significantly easier, so we have what we call the statement generator available on the bCentral site, which essentially allows someone to go through a wizard or interview process about what their site does or doesn't do, and it will generate both a P3P large vocabulary as well as the compact header that can be easily included on the appropriate calls on the server.

So I notice that this page has a policy. The policy matches with my settings. And I see the green icon on the bottom indicating that everything is good. So I can go to another page that I happen to know is using a third-party cookie, the shopping cart. Once again, it's got a policy, it's got a compact header that comes through, and it works. And I see the green icon.

Now, what I'd like to note here is the default policy that we're going to be advancing in the browser. We've actually thought long and hard and gotten much feedback about default policy -- that is, user policy -- in the system. And the conclusion that we came to was what we think is a good first step is that if a Web site has a policy, they translate it into the P3P model and they give users notice and choice about the information practices of that site, then we will allow their cookie interaction.

Now, that's the case, except in some cases of specific information required by law, such as medical information, where the site needs to have an opt-in model in order for that information to be collected. But we don't think that it's appropriate in the default to set a bar on practice. We think that simply if the site has a policy, has notice and choice for the users, that that's an appropriate first step for Microsoft to take.

Now, as I saw or as we saw earlier in that settings demonstration, and what I'll show in a second, is it's very easy for users to dial that up and have higher security settings before the default -- the model I outlined is what we strongly believe is the right first step to take.

So what I'd like to do now is actually go ahead and switch users. Now, Microsoft and Windows has always supported the ability for different users of Windows on the same machine to have different settings, whether it's for the browser or for Windows configuration, et cetera. But a feature that we've introduced in Whistler is what we call fast user switching that allows people to log in and log out very quickly between users. And I'll do that now.

As you can imagine, I'm going to probably go back to that, or I will go back to the Safe Bill user. So instead of saying log off, I'm going to say switch user. I get back to my initial logon screen very quickly. That was pretty quick. And I'm going to log in as Safe Bill, typing in my, of course, very secure password correctly. And now we're going to log in as that Safe Bill persona. Notice the background's different because I have different settings because it's a different user.

But what I'm going to do first is I'm actually going to go to a site and I'm going to immediately go in and change the settings. I actually haven't changed the settings yet. I'll go into my privacy cabinet. This is the normal way that people can configure their privacy options, by going to "options" and then clicking on the "privacy" tab. And I'm going to dial this all the way up to high.

The other thing to note on this dial log that we think is a good thing to do is we allow users to import a user policy from a third-party location. So if any number of advocacy groups determine that they'd like to publish what they believe are appropriate policies for users, they can do that, and users can easily include that and make it their privacy policies. So it's not just Microsoft saying what the bar is, but this'll be a very easy way for people to include settings from different organizations, as appropriate.

But in any case, in here I'm going to go to high, click on "okay", and now refresh this page. And I'm going to notice that I get, you know, the privacy violation icon. This is the case, even though this is just using a first-party cookie, the information practices of this site don't map to the user policy that's been established.

So then I can go ahead and check out another example, the hockey equipment, actually. We'll go to hockey equipment. And I see that once again this site does not meet my privacy policy that I've established and my user preference that I've established. I can double-click and see why that's the case.

Now, one of the things that Bill mentioned was is we want to make it really easy for users to see the actual written English-language policy of a given Web site. So if you, in this dialogue, where there's some defect or disconnect between your policy and the site's policy, I can just double-click on the URL and I get a nice-looking dialog that actually lays out in plain English, as defined by P3P, what the privacy policy of that site actually is.

So I hope that this shows a couple of things. One is how this privacy information is integrated into the browsing experience and is very easy for end users to deal with. We also think that, given the defaults we've set up and given the easy mechanisms that we've established, it'll be very easy for Web sites to establish this and create a really good privacy experience for their users.

So I'd also like to thank the folks on my team who are sitting in the audience as well for helping me produce this demo. This has been a ton of work, as you can imagine. And I think that one of the real important things we've done over the summer is working closely with industry and with the W3C to create a standard that is both good for end users, good for advocates, and good for privacy and industry as well. So I'd just like to thank them, and thank you for your attention.

(Applause.)

BILL GATES: So that ability to switch user accounts very easily is an interesting feature in the privacy sense as well, because since it's been very difficult and just takes a lot of time to log out, reboot, there's often been cases where a machine that's used by multiple people, you're really mixing the information of those two different people; their favorites, their history, things of that nature. And the only way to disentangle that is to make it very easy to switch quickly from one user to another. So that's another feature that was driven by a lot of scenarios, including some privacy scenarios.

So I just want to wrap up here pretty quickly. We ourselves are very involved in the security and privacy issues. We're trying to make ourselves a model in terms of how we administer the systems, how we create tools to make that relatively straightforward, to keep the servers up-to-date, and yet not have to have draconian requirements about can people use their portable computers, can people share information with our partners.

We do see increased use of things like IPsec. A good example of that is we, for a while, had a private network inside Microsoft for our human resources group. They were concerned enough about the sensitivity of the information that they were sending across the network that they had gone to a significant expense and some inconvenience in terms of their general access to go and make sure that network traffic didn't go on the standard backbone.

We've been able to eliminate that now because IPsec is in as a standard feature of the system, and so we've really got the best of both worlds. We've got the assurance. There's no tapping taking place on that. And yet we don't have the expense or the inconvenience that comes with that.

We are sure that in all the releases we're doing in our products, whether it's the quick fix updates that come to Windows Update or the yearly versions or the major advances in the product, that the concerns we're discussing at this conference will be a key input that will drive those things forward; you know, things like making absolutely sure that viruses don't take up people's time, don't become a problem. That is achievable with software technology; being a leader to make sure that the user feels like they're in control and so that they've got tools to see what's going on with their information, like you just saw. Those are things that the magic of software, given the focus that we have on it, we think can improve this situation quite a bit. This is not just a zero-sum game of taking a tradeoff and then expecting people to live with that. And so we've incorporated this into our new initiative, which is what we call the .NET strategy that really heightens the importance of all these things.

  

© 2009 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy Statement