Are identities safer on laptops than central databases? |
 |
By Staff report
31 Mar 2005 | SearchWindowsSecurity.com |
|
|
If recent headlines about identity theft and hacked corporate databases have you worried, news from Microsoft's Michael Stephenson may provide some comfort. Stephenson, director of the software giant's Windows Server division, said plans are afoot to bake better ID security into Windows.
But the planned approach could prove controversial, given this week's news that a laptop storing nearly 100,000 Social Security numbers was stolen from the University of California at Berkeley.
Stephenson told the Reuters news agency the goal behind the company's "info-card" technology is to give users more control over their personal information so they can shop and access services online without the fear of hackers stealing their identities. He did not say if the technology will be built into the current Windows XP or if it'll be melded into the future launch of a new Internet Explorer browser and version of Windows, code-named Longhorn.
"We're trying to make the end-user experience as simple as possible," Stephenson said, adding that Microsoft's "goal is to make sure that this is as broadly accessible as possible."
The question now is if the company's planned "info-card" technology will fare better than similar efforts from Redmond in recent years. The Reuters report noted that the initiative appears similar to two software tools the company proposed in 2001 called Passport and Hailstorm.
Hailstorm was quietly shelved after privacy advocates said it put too much sensitive information into the hands of a single company and partners expressed similar reservations. Passport, used to provide a single log-in for multiple Web sites and store basic personal information, did not gain the wide audience that Microsoft hoped for. Online marketplace eBay Inc., an early Passport adopter, stopped providing the service in January, Reuters said.
While these endeavors involved the use of centrally stored information beyond the personal desktop, the new technology would store it on the PC. "It's going to put control of digital IDs into the hands of an end-user. The end-user will be in full control," Stephenson said.
Since the latest headlines are about personal information on a stolen laptop and not a hacked database, Microsoft's latest approach is still likely to generate some debate.
The laptop -- containing information on most individuals who applied to graduate school between fall 2001 and spring 2004, graduate students who enrolled between fall 1989 and fall 2003, and recipients of doctoral degrees from 1976 through 1999 -- was taken from a restricted area of Berkeley's graduate offices March 11. School officials said there's no evidence the data has been retrieved or misused.
U.S. Sen. Dianne Feinstein, D-Calif., responded to the news Tuesday by calling for more government protection against identity theft.
"The incident at Berkeley was the latest in a series of recent compromises of Social Security numbers or other personal financial information that could be used by identity thieves," Feinstein said. "It clearly demonstrates the need for a comprehensive approach to identity theft in order to give Americans more control over their personal information."
This article originally appeared on SearchSecurity.com.
|
