Microsoft Corp has said it will modify features in Windows 98 and Office 97 that helped create a database of personal information about Microsoft customers. The company said it had intended that the features would only work if deliberately activated by users during the registration process. But on Friday March 5, group product manager Robert Bennett was forced to admit that users of Windows 98 who are also using Ethernet adapter cards transmit a unique hardware identification number when they register their operating system with Microsoft – even when they specifically choose not to do so. Richard Smith, president of Phar Lap Software Inc, is credited with discovering the problem. He told Reuters he feared Microsoft was amassing a database of Ethernet addresses. I don’t think this is a bug, he said. I think it’s very intentional.
After the issue became the basis of a front page story in The New York Times, Microsoft conceded that the feature is potentially far more invasive than the controversial serial number Intel proposed to include in its Pentium III microprocessor. Unlike Intel’s plan, Microsoft’s hardware identifier links to the names and personal details of individual Windows 98 users, as well as to documents created by those users. Privacy advocates fear that the availability of this information will lead to abuses of personal privacy. The centralized repository is also vulnerable to hackers, while authorities could potentially subpoena information contained in it.
Yet Microsoft officials told the Times that they had never considered the privacy implications of the Globally Unique Identifier (GUID), and Bennett assured Reuters that the bug would be fixed in an update sometime in the next few months. Privacy activists are unimpressed both by the excuse and by Microsoft’s apparent lack of urgency in resolving the issue. Junkbusters Corp has issued an advisory to consumers, warning of the risks and demanding that the company speed the patch and make some effort to repair the damage already done.
Microsoft has already caused millions of privacy landmines to be strewn across cyberspace, said Junkbusters president Jason Catlett, and consumers are inadvertently adding more every minute. Microsoft created this problem, and they must take responsibility for fixing it promptly and thoroughly. Microsoft’s early statements indicate that they are hoping to get away with doing very little, very slowly. Catlett emphasized that Microsoft’s customers have a right to know when companies assign them ID numbers. Secret tracking is an invasion of privacy, he said.
