Microsoft Corp. has quickly rewritten its Passport password service's terms of use, after customers and privacy advocates loudly complained about that the document appeared to grant the company ownership of users' content.
At the heart of the current debate was wording in the original terms of use agreement that appeared to give Microsoft wide-ranging control of information, including passwords, that its customers store using the Passport service. Passport lets users register a single user name and password that works at numerous Web sites, eliminating the need to re-register at every site.
Over the last few days new awareness of the terms of service spread in the user community. PCWorld.com also received numerous complaints. In particular, users expressed alarm that Microsoft's access to personal data would become more dire when people store files on Microsoft's servers, which is part of the company's .Net strategy.
Faced with a brewing public-relations fiasco, Microsoft on Wednesday night posted revised terms of use, which indicate the company will own only customer communications exchanged with Microsoft itself.
Prelude to a HailStorm
Passport's original terms of use contained several statements regarding ownership of content that raised the ire of customers. But the most concern was focused on wording that granted Microsoft and unspecified affiliates the right to "use, modify, copy, distribute, transmit, publicly display," and take other actions with any messages, files, or data entered into the Passport Web site.
Part of the reason Passport's terms of use drew so much attention this week is that Microsoft plans to use its Passport service as a component of other upcoming Web-based services including the HailStorm hosting services.
Hailstorm will let users store content on Microsoft servers, for access from any Web-enabled device.
Because Passport is an integral part of HailStorm, critics charged that Microsoft was positioning itself to take control of anything users stored on its servers, from business plans to fiction writing to financial records.
Microsoft: Just a Mistake
"We were in error for having that up there," says Tom Pilla, a Microsoft spokesperson. The company hadn't updated the terms of use to reflect the company's policies and Passport's current privacy statement, he says.
The privacy statement would have trumped the erroneous terms of use anyway, he says.
It's unclear what brought about the uproar regarding the terms of use, as they've been posted on the site for some time, Pilla says. He denies that the terms of use for today's Passport grant Microsoft ownership of other user-generated content, such as material users would eventually store on HailStorm servers.
"These terms of use have nothing to do with HailStorm," he says. While Passport will be a part of HailStorm, that service will have its own terms of use, Pilla adds.
Microsoft Security?
Regardless of Microsoft's intentions with its Passport terms of service, analyst William Knowles of the c4i.org security group questions why anyone would trust their data -- from passwords to business content -- to Microsoft.
"Microsoft has all of these existing security issues," he says, referring to last year's hacker attack on the company as well as ongoing security problems with its various products.
"Now Microsoft wants to be this data center and to have all your information. It's a total hacker target," he says.
Microsoft's Pilla admits the company has had its ups and downs with security. "We've had both good and bad experiences," he says.
Microsoft has learned from those experiences, and plans to be successful here, he says. "We plan to work hard on this issue," he says.