Microsoft: Privacy Champion?

The tech giant and others are getting serious about giving Web surfers more control over how information from their online behavior is used

In its haste to build software that gives computer users new ways to communicate, store data, and scour the Web for information, the tech industry has unleashed a raft of threats to consumer privacy. Recently, though, companies from across the tech spectrum have begun taking pains to rein in such risks amid a backlash from legislators, regulators and consumer advocates. Are the efforts lip service aimed at quelling the furor or might the tech industry finally be getting serious about protecting privacy?

One of the biggest strides comes from Microsoft (MSFT), which on July 23 will unveil a new privacy policy that gives users greater control over what the company does with information it gathers about their online behavior. Microsoft, the world's largest software maker, will let certain users decline to receive ads tailored to their Web surfing habits. The company will also sever the links between information about a computer and the Web searches carried out from that machine after 18 months.

What consumers do online and what companies do with that information strikes at the heart of the computing privacy debate. Companies are keen to cull and store such data so they can tailor products, services, and advertisements to a user's interests. But there's growing concern companies are learning too much about their customers' private lives and not doing enough to keep that information safe from prying eyes.

Senate Hearings Postponed Until Fall

Those worries will take center stage in Senate Judiciary Committee hearings on online marketing and a proposed acquisition that will give Google (GOOG) added control over the Internet advertising business. The proceedings had been scheduled for the week of July 23 but have been postponed until September or October. The committee will ask executives from Google, Microsoft, and Yahoo! (YHOO) to appear, according to a person familiar with the matter.

Competitors and privacy groups say Google's planned $3.1 billion purchase of DoubleClick would concentrate too much knowledge about Internet users' searching and Web browsing habits in Google's hands. The Federal Trade Commission in May began an investigation into the proposed tieup (see, 5/30/07, "Much Ado About DoubleClick"). Amid that grousing, Google said July 16 it will reduce the shelf life of "cookies," the software that embeds itself on a computer and tracks a user's Net habits. Google will ensure cookies expire after two years. Google also said it would make records of users' searches and other behavior on its site anonymous after 18 months.

The privacy battlefront isn't limited to ads. The next version of Apple's (AAPL) Mac OS X operating system, called "Leopard," will include new controls that can help users specify files they don't want backed up because they're too private to share. Leopard, due to be released in October, includes a feature called Time Machine that can continuously back up a Mac's hard drive to a server on a corporate network or a disk drive that's shared by users on a home network. Apple will let users elide certain files during the backup process, says Bud Tribble, Apple's vice-president of software technology and a designer of the original Macintosh software.

Brave New World of Hypertargeted Ads

Fears about online surveillance and misuse of personal information have been amplified as tech companies pitch ads to users based on their behavior to gain a bigger share of a U.S. online ad market that research company eMarketer estimates will swell to $21.7 billion in 2007 (see, 11/15/06, "Taking Aim at Targeted Advertising").

Weave in the ability to track users' whereabouts by collecting information from their mobile phones, and privacy advocates are warning of an emerging era of hypertargeted ads that could leave consumers open to privacy abuses (see, 4/23/07, "The Sell-Phone Revolution")

"The very idea of identity and privacy is changing really fast," says David Holtzman, chief executive officer of identity software startup Pseuds and author of the 2006 book Privacy Lost (Wiley). For one, when software is delivered as a Web service, every computer on the network over which it's delivered can be a weak link in the chain.

Loss of Anonymity

Sites that learn about a user's behavior can also present problems.'s (AMZN) product recommendation feature stores a profile of users' tastes and interests, and credit-card companies including Capital One Financial (COF) are building psychographic profiles of consumers based on their purchases. Both approaches could capture information of users' interests that many consider private, says Holtzman, who's consulted to both companies.

The rise in popularity of social networks like Facebook and News Corp.'s (NWS) means some Web users are contributing to their own loss of anonymity by disclosing more information than ever about their identities and tastes. Google Street Views has given Web browsers candid close-ups of people's daily lives (see, 6/22/07, "Google Is Watching You").

The need for tighter privacy is made all the more urgent by highly publicized cases of data loss. "If one company takes a step that looks like it protects privacy more, other companies feel the need to try to match it," says Joe Laszlo, an analyst at JupiterResearch. "If you're a company like Microsoft, Yahoo, or Google, the tradeoff has always been the more you know about the consumer, the more personalization you can give them. But you're also placing yourself in a position of trust. If you misuse that trust, consumers and regulators will come down hard on you."

Better Assessment of Web Ad Performance

Those concerns are at the crux of the policy changes at Microsoft and Google. In addition to setting time limits on its collection of private data, Microsoft on July 23 announced it's joining with, a search engine owned by IAC/InterActive (IACI), to try to develop industry standards for data collection and online advertising. The standards could help ease consumer fears about disclosing too much personal information as Microsoft promotes new versions of its e-mail, photo gallery, and blogging software that combine data stored on users' PCs with software delivered over the Web, says Microsoft Chief Privacy Architect Jeffrey Friedberg. "This is where we focus a lot of our privacy energy," he says. "There's no such thing as a completely offline, contained product anymore."

Microsoft, too, must demonstrate privacy protection bona fides as it, like Google, pursues an acquisition aimed at garnering a bigger slice of online ads, while at the same time complaining that buying DoubleClick will give Google an unfair advantage. Microsoft is paying $6 billion for aQuantive to help it better place and measure the performance of ads (see, 5/18/07, "Microsoft's Big Online Ad Buy"),

Pam Dixon, executive director of the World Privacy Forum, a public-interest research group, says she's pleased with some of the new policies being adopted by Microsoft and Google. Still, "these measures don't even begin to scratch the surface," she says. "We need substantive privacy protection." There's still considerable leeway for companies to assemble a lengthy dossier of information on consumers, she says. Why, for instance, do they need to retain information on servers for 18 months, she asks.

Questions like those will get plenty of air time amid ongoing scrutiny of the DoubleClick deal and other efforts by tech companies to mine customer data, and they'll keep up pressure on the industry to make consumer privacy paramount.

    Before it's here, it's on the Bloomberg Terminal. LEARN MORE