Responding to a formal complaint by privacy groups, the FTC determined that Microsoft made deceptive claims and misrepresented the security surrounding the design and use of Passport, which promises consumers a single, convenient method for identifying themselves across different Web sites.
Marc Rotenberg, the head of the Washington-based Electronic Privacy Information Center, which organized the complaint in July 2001, described Thursday's settlement as "the most significant Internet privacy case to date," because it involved such a prominent technology company and an Internet service already used by more than 200 million people.
Privacy groups, led by the EPIC, had complained that Passport represented unfair and deceptive trade practices, alleging that Microsoft inadequately explained how it would track consumers' visits across its Web properties and make it difficult not to use the system or later to stop using it.
A Microsoft spokesman declined to comment Thursday, but the company previously said the formal complaint by privacy groups was "replete with factual errors, misrepresentations and speculations that demonstrate fundamental misunderstandings of [Microsoft's] products, services and technologies.
Rotenberg said the FTC determined that Microsoft made deceptive claims about purchases made using the Passport service and that Microsoft did not disclose all the personal information it collected from consumers.
In the settlement, Microsoft agreed not to make future misrepresentations about the information it collects and to abide by specific security requirements for operating Passport. It also agreed to undergo independent audits every two years for the next 20 years to ensure compliance with the FTC agreement, Rotenberg said.
The FTC was expected to describe the terms of its settlement at a news conference later in the day.
More than 200 million people have signed up for Passport accounts, which are difficult to avoid when using Microsoft's flagship Windows XP operating system. The software prompts consumers: "You need a Passport to use Windows XP Internet communications features (such as instant-messaging, voice chat and video), and to access Net-enabled features."
Passport is integral to Microsoft's most important upcoming technology services, including its .NET initiative. Using the service, consumers could entrust Microsoft or other organizations to centrally hold their personal information -- such as credit card numbers or medical records -- and make it available whenever needed.
Microsoft last year slightly reduced the amount of information consumers must provide to sign up for a Passport account.
In November, Microsoft acknowledged a serious flaw in the "e-wallet" feature of its Passport technology that could have allowed hackers to steal credit card numbers and personal information of about 2 million customers.
It temporarily shut down access by all consumers to their virtual wallets during several days for repairs to the network and testing. That move inconvenienced buyers at roughly 70 e-commerce Web sites that support Microsoft's wallet technology, called "Express Purchase."
Copyright 2002. Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
