Microsoft's unprincipled action
Network World, 03/15/99
That did not take long. Only a few
weeks after the brouhaha over Intel's
addition of a serial number to the
Pentium III processor, along comes the disclosure that Microsoft
has
been inserting unique serial numbers of its own in files created
with
its Office suite of programs.
That's not all. Back in Redmond, Wash., Microsoft has also been
building a database of which users are tied to which serial
numbers.
So if you are a whistle-blower who wants to remain anonymous, do
not write your exposé using Microsoft Word. Your target could
just
subpoena Microsoft to find out the name of the software user who
created the file.
Microsoft quickly announced that it would modify the registration
software to stop the software from sending the serial number to
Redmond. The company is going to scrub the serial numbers it has
received from its database and is thinking about creating a free
utility
program for removing the serial number from a user's computer.
Microsoft says the serial numbers were created as part of an
effort to
make it easier for Microsoft support technicians to diagnose
problems that resulted from interactions between software
packages.
The company says it never considered the privacy implications of
the
feature.
I'm willing to accept that, even though I'm not quite sure how a
software-specific serial number helps in diagnosing such
problems.
But it is quite troubling that Microsoft was oblivious to the
privacy
aspects. Intel claims that it was also blindsided by the privacy
advocates' attacks.
What is so hard to understand about the issues here? Even though
Sun CEO Scott McNealy told us last month to get over the fact
that
people no longer have any privacy, it seems a no-brainer that it
is not
a good idea privacy-wise to create yet another way to keep track
of
what people do or create. But somehow this level of understanding
seems to be unachievable in corporate America.
I sometimes wonder if there are any people in some of these
organizations - people would have seen that if they do these
sorts of
things to others they are also doing them to themselves.
Missing from most of the debate over the Intel and Microsoft
missteps and the ongoing fight over other personal data has been
a
statement of principle.
Here is an easy one to remember: People should be able to say who
can get information about them and for what that data can be
used. If
Intel and Microsoft had thought about this simple principle,
neither
would have done what it did.
Disclaimer: If Harvard has principles beyond "Veritas,"
I'm not the
one to intone them. Thus, the above is mine alone.