Passports Lessons

Microsoft officials are putting up a brave front with regard to the future of the company's Passport authentication service.

Microsoft officials are putting up a brave front with regard to the future of the companys Passport authentication service, but the recent defections by key partners Monster and eBay were telling blows from which the service may never fully recover. Microsofts rivals should be careful not to celebrate prematurely. It remains to be seen whether Passports setbacks are a victory for alternative authentication services or a pothole on the road to customer and enterprise acceptance of a critical component in large-scale electronic commerce.

Microsoft needs only to look in the mirror to find the reasons for Passports problems. For the past three years, Passport has been a leaky ship of inadequate security and unimpressive reliability, endangering all aboard it. Independent audits have found that Passport is not as secure as Microsoft claims it to be.

Two years ago, the Federal Trade Commission pulled no punches in saying that "Microsoft falsely represented that ... it employs reasonable and appropriate measures ... to maintain and protect the privacy and confidentiality of consumers personal information."

Further, the FTC found that Microsoft misrepresented Passport as more secure than alternatives and that Microsoft had falsely maintained that Passport collected no personally identifiable information when it did, in fact, maintain such histories, albeit for limited periods of time. The FTC ordered Microsoft "to implement and maintain a comprehensive information security program ... certified as meeting or exceeding the standards in the consent order by an independent professional every two years."

These condemnations and strictures, and Passports more recent marketplace setbacks, have created opportunities for its chief rival, the Liberty Alliance.

We dont expect, or even desire, Microsoft to give up on Passport, but we do urge Microsoft and the alliance to seize this moment to hammer out their differences and bring e-business suppliers and buyers a trustworthy, standards-based, vendor-neutral and interoperable solution.

The task is too important and complex, though, to be left entirely to market forces. The Liberty Alliance published guidelines for privacy best practices, but since the alliance does not have the ability to do more than make suggestions, it will be up to lawmakers to ensure that privacy is protected. Companies that use the specifications provided by the alliance should be required by law to disclose to consumers exactly what information they intend to share and the names of the partner companies with which they share it.

Passports reliability has disappointed sellers, and its protection of privacy has disappointed buyers. Online business depends on the satisfaction of these needs by Microsoft, by the Liberty Alliance and by other industry associations, as well as by legislators and regulators. The convenience granted by single sign-on cannot come at the cost of consumer trust and privacy.

Were interested in your opinion. Tell us what you think at


Check out eWEEK.coms for Microsoft and Windows news, views and analysis.