The New York Times
Sunday, March 7, 1999

Microsoft to Alter Software in Response to Privacy Concerns

by John Markoff

SAN FRANCISCO -- The Microsoft Corporation moved to defuse a potentially explosive privacy issue today, saying it would modify a feature of its Windows 98 operating system that has been quietly used to create a vast data base of personal information about computer users.

Microsoft conceded that the feature, a unique identifying number used by Windows and other Microsoft products, had the potential to be far more invasive than a traceable serial number in the Intel Corporation's new Pentium III that has privacy advocates up in arms. The difference is that the Windows number is tied to an individual's name, to identifying numbers on the hardware in his computer and even to documents that he creates.

The combination of the Windows number with all these data, the company said, could result in the ability to track a single user and the documents he created across vast computer networks. Hackers could compromise the resulting data base, or subpoenas might allow authorities to gain access to information that would otherwise remain private and unavailable. Privacy advocates fear that availability will lead to abuses.

"We're definitely sensitive to any privacy concerns", Robert Bennett, Microsoft's group product manager for Windows, said.

"The software was not supposed to send this information unless the computer user checked a specific option."

Mr. Bennett said the option to collect the information had been added to the software so that Microsoft support employees would be able to help users diagnose problems with their computers more accurately. He said the Redmond, Wash., software giant had never intended to use the data for marketing purposes.

In response to a complaint from a software programmer in Massachusetts, Microsoft will not only alter the way the registration program works in the next maintenance release of Windows 98, Mr. Bennett said. He said Microsoft technicians would look through the company's data bases and expunge information that had been improperly collected as a result of earlier versions.

The company is also exploring the possibility of creating a free utility program that would make it possible for Windows users to delete the serial number information from a small data base in the part of Windows system known as the registry, where it is now collected.

Microsoft has been discussing the issue with a Cambridge, Mass., programmer who contacted the company earlier this week after discovering that the Microsoft Office business software was creating unique numbers identifying a user's personal computer and embedding them in spreadsheet and word processing documents.

The programmer, Robert M. Smith, who is the president of Phar Lap Software Inc., a software tools development company, told the company that he believed the practice created a potential threat to privacy.

Microsoft officials said earlier this week that the numbers generated by the company's software were part of an effort to keep different components from interfering with each other in an increasingly complex world of networked computers.

However, Mr. Smith said that the number, in effect, created a "digital fingerprint" that could be used to match a document created by a word processing or spreadsheet program with a particular computer.

On Thursday, after further studying the "registration wizard" -- the software module that enables customers to register their copies of Windows 98 operating system for support and updates -- Mr. Smith discovered that the number, known as a Globally Unique Identifier, was being transmitted to Microsoft as part of a list of registration information that generally includes the owner's name, address, phone number and other demographic information as well as details about the hardware and software on or attached to the user's computer.

"Microsoft never asked me if it was O.K. to send in this number, and they never said it was being sent", Mr. Smith said. "They are apparently building a data base that relates Ethernet adapter addresses to personal information."

Ethernet adapters are cards inserted in a personal computer that enable it to connect to high-speed networks within organizations and through them to the Internet.

The controversy erupted just weeks after Intel, maker of the most widely used processors for machines that use the Windows operating system, agreed to make it possible for computer manufacturers to set its new Pentium III computer chip so that a serial number on the chip would not be recorded without the computer user's permission.

Privacy activists have been attacking both companies, arguing that identification numbers can be easily misused to create electronic monitoring systems. Such systems could track a computer user's behavior in cyberspace or create dossiers of personal information about individuals.

The issue has sparked a heated debate over the fundamental technology of modern computer networks and software systems, which routinely employ serial numbers to identify individual computers and software modules, known as "objects", that can be shared by a number of programs.

But the Intel number only identified a computer. The Windows number identifies a person. And because the Windows number created a potential linkage between individuals and confidential documents they created, privacy advocates said they were outraged.

"I think this is horrendous", said Jason Catlett, president of Junkbusters, a consumer privacy organization based in Greenbrook, N.J. "They're tattooing a number into each file. Think of the implications. If some whistle blower sends a file, it can be traced back to the person himself. It's an extremely dangerous feature. Why did they do it?"

Privacy groups have long warned about the dangers of centralized information and of monitoring electronic behavior. The groups have been discussing the implications of the serial number on the Pentium III with Intel, and while some privacy advocates acknowledge that the number can play an important role in protecting both privacy and security, others have called for a boycott of Intel, arguing that the likelihood of misuse of the number outweighs its benefits.

Beyond the fear of a centralized Big Brother, they add that the rise of the Internet has made it possible for individual companies to freely use detailed personal information for commercial ends.

"The problem is the absence of legal rules that limit the collection and use of personal information", said Marc Rotenberg, director of the Electronic Privacy Information Center in Washington.

"It's clear to me that large Internet companies such as Microsoft, AOL, and Netscape will try to squeeze out privacy."

Microsoft executives said on Friday evening that they had developed the feature for technical reasons related to the need to distinguish between millions of different hardware and software objects on the Internet. They said they had never considered the privacy implications.

According to Microsoft software engineers, the roots of the company's numbering system go back to a system developed by computer researchers at the Open Software Foundation in Cambridge in the early 1990's.

In an effort to develop technology that would enable computer systems to communicate across a network, a numbering system known as a Universally Unique Identifier, or UUID, was established as part of a software standard known as the Distributed Computing Environment, or DCE. Microsoft relied on this standard when it developed a remote computing capability for Windows known as Object Linking and Embedding, or OLE.

The company's designers changed UUID to GUID, for Globally Unique Identifier, and that term is now widely used by software applications.

For example, the GUID is used in setting "cookies" -- files that World Wide Web sites send to a visitor's hard drive to identify the user later and to track his or her travels through the Web.

Copyright © 1999 by The New York Times Company. All Rights Reserved. Reprinted with permission.