Report: Major Privacy Technology Coming in Longhorn
- By Scott Bekker
Microsoft is working on a technology for Windows Longhorn called "Info-cards" that is designed to return control of personal data, such as credit cards and Social Security numbers, to users, according to a report published this week.
If the technology works and consumers, merchants and other partners adopt it, Info-cards could reduce the need for big merchant-side databases of personal information that are the juiciest targets for hackers, such as in the recent ChoicePoint data breach. Elements of the technology could also deter "phishing" attacks, in which users are lured to bogus bank or other Web sites to enter their personal financial information.
As laid out in an article in the Wall Street Journal on Monday, Info-cards would store personal information locally on a personal computer in an encrypted file. Computer users could then selectively disclose information about themselves to businesses or others online.
Only trusted Web sites would be able to decode the encrypted messages, and the sites would not need to store, and therefore secure, the information in a database. As a side benefit, the encrypted communication between users and back-end merchant software could reduce the need for insecure username/password combinations.
According to the Journal, Info-cards would use standard protocols that will be open to any Web site and could run on Unix or Linux as well as Windows. The details of such protocols are key to understanding how open they would actually be, but Microsoft executives did not provide extensive product plans for the article.
It is not the first time Microsoft has tried to address the problems of user security at disparate online sites. Microsoft Passport was the company's answer to the problem of multiple user passwords and the key to the company's now abandoned "Hailstorm" Web services initiative. Privacy concerns helped derail that effort, which could have put a massive, Microsoft-managed database at the center of transactions involving credit card numbers, health records and other highly sensitive information.
Passport was designed to let consumers use a single password to access most Web sites. It was not widely adopted by consumers, and partners and privacy advocates objected to the centralized data repository. The Federal Trade Commission also cited Microsoft for misrepresenting the security of the Passport system.
Differences with the Info-cards approach include no creation of a central information repository, and, in fact, the potential elimination of many smaller user information databases kept by Web site merchants, such as Amazon.com.
Microsoft is expected to put out a first beta version of Longhorn by the end of June, with the final version of the OS shipping next year. It is not clear how much, if any, of the Info-card technology might be available in the beta version.
Scott Bekker is editor in chief of Redmond Channel Partner magazine.