Privacy as a Corporate Privacy as a Corporate ImperativeImperative
Microsoft’sMicrosoft’s Privacy Privacy VisionVision
Brian ArbogastBrian ArbogastCorporate Vice President, Exec Sponsor of PrivacyCorporate Vice President, Exec Sponsor of PrivacyCommunication Services PlatformCommunication Services PlatformMSN and Personal Services Division, MicrosoftMSN and Personal Services Division, Microsoft
How We Invest in PrivacyHow We Invest in PrivacyThree categories of investmentsThree categories of investments
Help consumers take control of privacyHelp consumers take control of privacyHelp businesses take control of privacyHelp businesses take control of privacyHelp Microsoft take control of privacyHelp Microsoft take control of privacy
Some common threadsSome common threadsDrive awareness of issuesDrive awareness of issuesEmpower through technologyEmpower through technology
Environmental AssumptionsEnvironmental AssumptionsRobust information use is a prerequisite for Robust information use is a prerequisite for success in a service economy success in a service economy
Consumer trust is a necessity for Consumer trust is a necessity for maintaining success in a service economymaintaining success in a service economy
Value X Security X Privacy = TRUSTValue X Security X Privacy = TRUSTIrrelevanceIrrelevance xx VolumeVolume xx Disrespect Disrespect == ALIENATIONALIENATION
Reputational risk and business opportunity Reputational risk and business opportunity are realare real
Taking Control within MSTaking Control within MSThe goalThe goal
From regulatory compliance to competitive differentiationFrom regulatory compliance to competitive differentiationDrive customer satisfaction and improved brand valueDrive customer satisfaction and improved brand value
The keysThe keysBuilding privacy safeguards into the company’s DNABuilding privacy safeguards into the company’s DNA
Integration into existing processes & practices Integration into existing processes & practices Accountability throughout the organizationAccountability throughout the organization
Aligning business, IT, and other enterprise stakeholders Aligning business, IT, and other enterprise stakeholders Managing Privacy directly maps to corporate visionManaging Privacy directly maps to corporate vision
Helping customers realize the full potential of technologyHelping customers realize the full potential of technologyPutting more control of information in their handsPutting more control of information in their handsIncreasing their level of trust with the companyIncreasing their level of trust with the company
Corporate initiative with increasing visibilityCorporate initiative with increasing visibilityPrivacy leads throughout each major business unitPrivacy leads throughout each major business unit
Helping Businesses Take ControlHelping Businesses Take Control
Provide platforms for data governanceProvide platforms for data governanceWindows XP, Windows Server 2003Windows XP, Windows Server 2003
Encrypted File SystemEncrypted File SystemCrypto API Component (CAPICOM)Crypto API Component (CAPICOM)Authorization ManagerAuthorization ManagerWindows Windows SharePointSharePoint ServicesServicesWindows Rights Management ServicesWindows Rights Management Services
Office System 2003Office System 2003Information Rights ManagementInformation Rights ManagementOffice 2003 Sarbanes Oxley AcceleratorOffice 2003 Sarbanes Oxley Accelerator
BizTalk Server 2004BizTalk Server 2004BizTalk Accelerator for HIPAABizTalk Accelerator for HIPAA
See JC Cannon’s talk at 10:15 for more infoSee JC Cannon’s talk at 10:15 for more info
Windows Rights Management Windows Rights Management Services (RMS)Services (RMS)Information protection technology that augments Information protection technology that augments security strategiessecurity strategies
Users can easily safeguard Users can easily safeguard sensitive information from sensitive information from unauthorized useunauthorized useOrganizations can centrally Organizations can centrally manage internal information manage internal information usage policiesusage policiesDevelopers can build flexible, Developers can build flexible, customizable information customizable information protection solutions protection solutions
RMS protects RMS protects information both information both online and online and offline, inside offline, inside and outside of and outside of the firewall. the firewall.
The Future: Web ServicesThe Future: Web Services
Your CompanyYour Company Internal SystemsInternal Systems
PartnersPartners CustomersCustomers
SecuritySecurity
Reliable MessagingReliable Messaging
TransactionsTransactions
Helping Consumers Take ControlHelping Consumers Take Control
SpamSpamDeceptive Software (Deceptive Software (akaaka spywarespyware))Child ProtectionChild Protection
Some common pillars for eachSome common pillars for eachTechnologyTechnologyEducationEducationLegislationLegislationLitigation / EnforcementLitigation / Enforcement
Stopping SpamStopping SpamA multiA multi--faceted approachfaceted approach
The Spam ProblemThe Spam ProblemJunk email represents >60% of email trafficJunk email represents >60% of email traffic
Up from 8%, just 3 years agoUp from 8%, just 3 years ago
14.5 billion spam emails sent each day14.5 billion spam emails sent each dayCost to business $20.5B/yr globallyCost to business $20.5B/yr globally
Risk to security and privacyRisk to security and privacyVirusesVirusesPhisherPhisher scams, ID Theftscams, ID Theft
Low cost of entry + High profit + AnonymityLow cost of entry + High profit + AnonymityAll the economics favor the spammerAll the economics favor the spammer
EducationEducationwww.microsoft.comwww.microsoft.com\\spamspam
Industry Associations Industry Associations Standards and policyStandards and policyGovtGovt PartnershipsPartnerships
New lawsNew laws EnforcementEnforcement
eMaileMail useruser
Prevention Prevention AgentsAgents
Attack Attack detection detection Sender Sender reputation reputation Outbound Outbound filteringfiltering
Proof: Identity & EvidenceProof: Identity & Evidence““SenderIDSenderID” ” CallerIDCallerID/SPF/SPFComputational CyclesComputational CyclesCertificatesCertificatesSender Sender SafelistsSafelists
Protection FiltersProtection FiltersSmartScreenSmartScreenAt gateway, server At gateway, server and desktopand desktopUpdate ServiceUpdate Service
SpywareSpywareWhat You Don’t Know Can Hurt YouWhat You Don’t Know Can Hurt You
What is Deceptive Software?What is Deceptive Software?
Includes spyware and its variants:Includes spyware and its variants:Unauthorized Unauthorized adwareadware, browser hijackers, dialers, browser hijackers, dialers
Common theme: use of deceptionCommon theme: use of deceptionUsers often tricked and/or unawareUsers often tricked and/or unawareDifficult uninstalls and sneaky reinstallsDifficult uninstalls and sneaky reinstalls
Customers frustrated, feel out of controlCustomers frustrated, feel out of controlSystems can become unusableSystems can become unusable
With proper consent features can be desirableWith proper consent features can be desirablePersonalization, reduced cost, better experiencePersonalization, reduced cost, better experience
Pursuing Holistic StrategyPursuing Holistic Strategy
Consumer EducationConsumer EducationLaunched Launched www.microsoft.com/spywarewww.microsoft.com/spyware portalportal
Technology InvestmentsTechnology InvestmentsReleasing enhancements in XP SP2 Releasing enhancements in XP SP2
Industry CooperationIndustry CooperationIdentifying Best Practices (key to self regulation)Identifying Best Practices (key to self regulation)Active in CDT Working GroupActive in CDT Working Group
Enforcement DeterrentEnforcement DeterrentEngaged FTC (Workshop and Investigations)Engaged FTC (Workshop and Investigations)
Legislation Legislation -- as neededas neededFocus on bad behavior not software featuresFocus on bad behavior not software features
Range of BehaviorsRange of Behaviors
DeceptiveDeceptive GoodGoodQuestionableQuestionable ExemplaryExemplary
Cert/Logo Programs?Cert/Logo Programs?EnforcementEnforcement
Prevention/DetectionPrevention/Detection
Hole
HoleHole
PopPop--Under ExploitUnder Exploit
Some XP SP2 Some XP SP2 Enhancements that Help Enhancements that Help Address the ProblemAddress the Problem
New Popup BlockerNew Popup Blocker
Right click to get more options
Information Bar provides Notice and Choice
New Download BlockerNew Download Blocker
Unless download was user initiated, install prompt is
suppressed until user expresses interest
Harder to Leave Your Front Door Harder to Leave Your Front Door OpenOpen
Slide L
New AddNew Add--on Manageron Manager
User can Enable/Disable
ActiveX Controls and Browser
Helper Objects (e.g. Toolbars)
Neutralize unwanted software
Child Online Child Online SafetySafety
Developing a comprehensive, global Developing a comprehensive, global corporatecorporate--wide initiative aimed at wide initiative aimed at ensuring the protection of children ensuring the protection of children
onlineonline
Children’s Online SafetyChildren’s Online SafetyMS’s Children’s MS’s Children’s CyberSafetyCyberSafety CouncilCouncilKey PartnershipsKey Partnerships
International Center for Missing and Exploited International Center for Missing and Exploited Children; National Center for Missing and Children; National Center for Missing and Exploited ChildrenExploited ChildrenLaw Enforcement, InterpolLaw Enforcement, InterpolInIn--Hope Hope U.S. U.S. CyberSafeCyberSafe Cities ProgramCities Program
TechnologyTechnologyChild Exploitation Linkage Tracking System Child Exploitation Linkage Tracking System Content filtering, MSN 9 parental controlsContent filtering, MSN 9 parental controls
AwarenessAwareness--raisingraisingOnlineOnline--safety sites, tutorials and resourcessafety sites, tutorials and resourcesOnline parents’ guideOnline parents’ guide
Education and Technology: Education and Technology: International Centre and MicrosoftInternational Centre and Microsoft
Partnership with the Nat’l Center for Missing Partnership with the Nat’l Center for Missing and Exploited Children and the Int’l Center and Exploited Children and the Int’l Center for Missing and Exploited Children to train for Missing and Exploited Children to train WW law enforcement on how to investigate WW law enforcement on how to investigate those who prey on children and traffic child those who prey on children and traffic child pornography onlinepornography online
Lyon, France Lyon, France –– launched at Interpol, 12/03launched at Interpol, 12/03Costa Rica Costa Rica –– February 2004February 2004Brazil Brazil –– April 2004April 2004More to come around the globeMore to come around the globe
Hundreds of WW LE representatives trainedHundreds of WW LE representatives trained
Continue to offer innovative Continue to offer innovative technology designed to help protect technology designed to help protect children when they are on the Internetchildren when they are on the InternetContinue to educate parents and Continue to educate parents and children about ways to help stay safechildren about ways to help stay safeContinue to work with governments Continue to work with governments and law enforcement to address and law enforcement to address online crimes against childrenonline crimes against children
Our CommitmentsOur Commitments
In Closing …In Closing …
We are increasing our focus on We are increasing our focus on consumer education re. online safetyconsumer education re. online safety
How can we partner to be more effective How can we partner to be more effective here?here?
You are on the front line in helping your You are on the front line in helping your own organization take control of privacyown organization take control of privacy
How can we help?How can we help?Call to actionCall to action
Safeguard your organization’s reputation Safeguard your organization’s reputation Have your mail admin publish “Have your mail admin publish “SenderIDSenderID” info” info
ResourcesResourcesSender ID Technical infoSender ID Technical info
www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspxwww.microsoft.com/mscorp/twc/privacy/spam_callerid.mspxQ&A: Microsoft's Steps to Enhancing Your Online Privacy Q&A: Microsoft's Steps to Enhancing Your Online Privacy
www.microsoft.com/presspass/features/2004/jun04/06www.microsoft.com/presspass/features/2004/jun04/06--09privacy.asp09privacy.aspGeneral InformationGeneral Information
www.microsoft.com/privacywww.microsoft.com/privacywww.microsoft.com/spamwww.microsoft.com/spamwww.microsoft.com/spywarewww.microsoft.com/spywarewww.microsoft.com/protectwww.microsoft.com/protect
Consumer Online Safety & SecurityConsumer Online Safety & Securitysecurity.msn.comsecurity.msn.comwww.staysafeonline.comwww.staysafeonline.comwww.bewebaware.cawww.bewebaware.ca
BizTalk Server BizTalk Server –– HIPAA Accelerator HIPAA Accelerator www.microsoft.com/biztalk/evaluation/hipaa/default.aspwww.microsoft.com/biztalk/evaluation/hipaa/default.asp
Office Solution Accelerator for SarbanesOffice Solution Accelerator for Sarbanes--Oxley Oxley www.microsoft.com/office/solutions/accelerators/sarbanes/defaultwww.microsoft.com/office/solutions/accelerators/sarbanes/default.mspx.mspx
©© 2003 Microsoft Corporation. All rights reserved.2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.