Commentary/HailStorm: A Radical Approach to New Problems

As Microsoft Corp. detailed some of the new Internet services it will offer through .NET, code-named HailStorm, the company focused on the technologies involved and the benefits to users and businesses.

But the most important questions about HailStorm have nothing to do with technology. They have everything to do with whether consumers and businesses are best served by Microsoft playing the central role in the economy it is attempting to carve out for itself – as keeper of everyone’s personal data and guardian of everyone’s privacy.

Microsoft this week eloquently described the new technology problems consumers face in this age of mobile phones, wireless devices, multiple home computers, workplace Internet access and dozens of password-based Internet sites for shopping or information.

Redmond provided an early look at 14 services (See related story) under the umbrella of HailStorm that would help people share their calendar, contact and personal information in peer-to-peer fashion and give credit card and demographic information to businesses at their discretion.

Ideally, the services would help consumers consolidate and manage their currently scattered personal information, and they would give consumers more centralized control over how or if their names are sold to telemarketers and other businesses. It would also let consumers act from a unified personal profile on any device.

The approach is a classic Redmond recipe, a tantalizing vision of the future, laced with a heavy dependence on Microsoft technologies for it all to be realized.

Despite all the talk about standards (XML, UDDI, SOAP), Microsoft revealed the rub this week. Microsoft wants to host everyone’s personal data.

Microsoft moved to get in front of the privacy and trust issues in public statements to journalists and analysts Monday and in a nine-page white paper on its Web site.

“HailStorm turns the industry debate over online privacy on its head,” said Bob Muglia, group vice president for .NET services. “It starts with the fundamental assumption that the user owns and controls their personal information so only the user decides with whom they share their information and under what terms.”

Positioning itself as a leader in the area of privacy, Microsoft promised to be responsible with people’s data. “Microsoft has committed that we won’t mine, target, sell or publish any HailStorm user data. Every interaction with a user’s data will always be an affirmative consent opt-in model: personal information can be released only with the explicit authorization of the user who owns that data,” according to the Microsoft white paper.

Consumers will have to pay attention to the specific way that Microsoft words this promise when the services are actually available. Will Microsoft include this vow in its standard licensing prompt, and will the licensing agreement have the boilerplate statement that Microsoft reserves the right to change the agreement at any time? That aside, should Microsoft ever go into bankruptcy, (don’t laugh unless you know exactly what market conditions will be five years from now), what would happen to all the data, then?

Whether or not Microsoft actually means what it says about consumer privacy, is already a lightning rod for hack attacks. You can bet that if Microsoft was suddenly the repository for every credit card number on the planet, the frequency and intensity of those attempts would skyrocket.

Microsoft is aware of the risk. “Reliability will be critical to the success of the HailStorm services, and good operations are a core competency required to ensure that reliability. Microsoft has lots of experience, both good and bad, operating some of the largest sites on the Internet, including Hotmail, MSN, and Passport,” according to Microsoft’s white paper.

The company promises “significant operational investments” with physically redundant data centers, common best practices across services, caching and a distributed model.

Two recent developments must be considered in the “bad” category that Microsoft alludes to. One is the recent break in that may have allowed a bad actor to view Redmond’s source code. The other is the recent DNS problems that made Microsoft’s sites unavailable for the better part of several days. Either situation represents exactly the kind of situation that would spell disaster if Microsoft were the guardian of everyone’s credit card data.

Microsoft wants to charge everyone for this service. End users will pay, perhaps based on features selected or on frequency of use. Developers will pay for the tools to develop software that integrates with HailStorm. Corporations will pay to obtain a license to access the HailStorm services.

Microsoft’s white paper on the corporate licenses: “Service operators will also have a certificate-based license relationship with Microsoft allowing them to use HailStorm services, which will make it possible to ensure that no service using HailStorm is abusive of the resources involved, affecting other users of the services. That certificate will make it possible to filter abusers of the system.

“Obtaining a certificate and the ongoing right to use HailStorm will have a cost associated with it,” the white paper continues. “We expect, however, that this cost will be significantly less than that of operating similar services themselves.”

This should be a subject of robust debate. What Microsoft says sounds good. There should be some policing to make sure that any company that makes a mockery of the privacy protections afforded by the technology can be locked out.

The question is, can Microsoft be trusted to make this determination? Remember the antitrust case. This is the company that talked of cutting off the air supply to competitors. This is also the company that charged very different prices to OEMs to license its operating system.

A Microsoft with this kind of control over everyone’s personal information is in the position to make or break any company that wants to conduct business-to-consumer transactions on the Web.

There will be time to consider whether Microsoft is appropriate for these role. Microsoft doesn’t plan to beta the services until later this year, with general availability in 2002. Meanwhile, major competitors such as IBM and Sun have their own plans for Web services, and Microsoft won’t be able to create this Leviathan overnight.

Microsoft should be congratulated for coming out with a concrete and provocative roadmap for moving forward on the Web. Some of the issues Redmond has tried to address deserve to be open to public debate. The rest of us have a couple of years to figure out if it’s in our interest to join Microsoft on this little adventure.

Scott Bekker is editor in chief of You can respond to this commentary by e-mailing [email protected].

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


comments powered by Disqus

Subscribe on YouTube