December 11, 2001
Senator Patrick Leahy
Chairman, Senate Judiciary Committee
Dear Chairman Leahy:
On December 12, the Senate Judiciary Committee will hold hearings to “examine the future of the Microsoft settlement.” We urge Committee Members to use this opportunity to question witnesses on the role that the settlement will play in protecting consumers from the privacy and security risks posed by Microsoft Passport and associated services.
Passport is an online identification and authentication system that will enable unprecedented profiling of individuals’ browsing and online shopping behaviors. It could literally become the tollbooth that controls Internet access for millions of consumers in the United States. Through tying Passport to the Microsoft Hotmail E-Mail system and to numerous exhortations to subscribe in the Windows XP Operating System, Microsoft already has been able to acquire 200 million Passport accounts.
On July 26, 2001, the Electronic Privacy Information Center (EPIC) submitted a detailed complaint to the Federal Trade Commission, endorsed by fifteen leading consumer advocacy groups, describing the serious privacy implications of Microsoft Windows XP and Microsoft Passport.  We alleged that the collection and use of personal information by the company would violate Section 5 of the Federal Trade Commission Act. On August 15, 2001, we submitted a supplement to the FTC further detailing the specific ways in which Microsoft XP and Passport would harm consumer interests.
The privacy and security risks outlined in the complaint include: online profiling made possible by the requirement that individuals sign on to Passport before viewing web content, an increase in the amount of unsolicited commercial e-mail from the sharing of e-mail addresses with Passport-affiliated sites, and stolen credit card data from numerous security holes in the Passport and Wallet systems.
The privacy and security risks are heightened in this situation because of Microsoft’s dominance in the operating system, browser, and office applications markets. Accordingly, we urge you to explore how the settlement will prevent Microsoft from continuing to use its market dominance to force consumers into subscribing to Microsoft Passport as a condition of Internet access. Further, we suggest that you consider how the settlement could be tailored to allow non-Microsoft alternatives in the operating system for online payment, electronic commerce, and other Internet-based commercial activity. Last, settlement negotiators should adopt restrictions on Microsoft that will prevent the company from using its market dominance to profile individuals and to share their personal information.
We appreciate your consideration of these issues. We would be pleased to meet with you or your staff to discuss these matters in more detail.
Timothy Muris, FTC Chairman
Sheila Anthony, FTC Commissioner
Mozelle W. Thompson, FTC Commissioner
Orson Swindle, FTC Commissioner
Thomas B. Leary, FTC Commissioner
 At http://www.epic.org/privacy/consumer/MS_complaint.pdf. At http://www.epic.org/privacy/consumer/MS_complaint2.pdf. Also see http://www.epic.org/privacy/consumer/microsoft/.