title: An decision to be applauded


by: Scott Bradner  


This column is frequently quite critical of Microsoft -- particularly regarding the security of the software systems they sell.  The idea that the default setup of exchange encourages the development of Melissia-like viruses totally baffles me -- but now it is time to praise Microsoft for something they have done.


A while back (late 1998 "Rough seas in safe harbors") I wrote about the US government's "Save Harbor" proposal to make it possible for US companies to do business in Europe without having to meet the tough European privacy regulations.  In that column I did not much like the Safe Harbor plan - it actually codified the ability of US companies to treat US citizens as second-class citizens when it comes to privacy.


To date there have not been all that many US companies who have agreed to the rules.  (The rules and the list of companies who have agreed are at http://www.export.gov/safeharbor/.) A number of major US companies and even some people from the current administration have called the rules impracticable, claim that they will inhibit US businesses and cost billions of dollars to implement.  Of the 42 companies who have signed the only ones I recognized were Dunn and Bradstreet, Hewlett Packard, and TRUSTe.  Considering how many US companies do business in Europe and the fact that these companies have to agree to follow the European regulations or agree to the Safe Harbor rules by this July or stop doing business in Europe, only having 42 companies sign up is a rather poor response.  Maybe the companies who have not signed up are still hoping that the administration will be able to convince the Europeans that violating privacy is good for the economy.


The decision on May 16th by Microsoft to agree to the Safe Harbor rules will put considerable pressure on other companies to also agree and on the administration to not try to water down the rules.  In one blow Microsoft has undercut the doomsayers that have been claiming that actually respecting the privacy of Internet users will put them out of business, those whose business is violating privacy (like the credit history business) and their sycophants in the administration, for whom anything is for sale.


But Microsoft has gone one better.  They have announced that they will use the same rules for all of their customers, European and non-European alike --no second class citizens in the Microsoft Internet -- and they will move over time to an opt-in model for much of their information gathering.  The Safe Harbor rules only require an opt-out process.


With this move Microsoft has moved into the lead in the privacy game in a very positive way.  It is not something I would have expected.  Even though I'm a Mac person I guess I will have to pay more attention to what is going on in Seattle.


disclaimer: I notice that Harvard has not agreed to these rules even though they have a European presence but I have no information that this because of any specific decision so the above is my opinion.