Privacy as a Corporate Privacy as a Corporate ImperativeImperative

Microsoft’sMicrosoft’s Privacy Privacy VisionVision

Brian ArbogastBrian ArbogastCorporate Vice President, Exec Sponsor of PrivacyCorporate Vice President, Exec Sponsor of PrivacyCommunication Services PlatformCommunication Services PlatformMSN and Personal Services Division, MicrosoftMSN and Personal Services Division, Microsoft

How We Invest in PrivacyHow We Invest in PrivacyThree categories of investmentsThree categories of investments

Help consumers take control of privacyHelp consumers take control of privacyHelp businesses take control of privacyHelp businesses take control of privacyHelp Microsoft take control of privacyHelp Microsoft take control of privacy

Some common threadsSome common threadsDrive awareness of issuesDrive awareness of issuesEmpower through technologyEmpower through technology

Environmental AssumptionsEnvironmental AssumptionsRobust information use is a prerequisite for Robust information use is a prerequisite for success in a service economy success in a service economy

Consumer trust is a necessity for Consumer trust is a necessity for maintaining success in a service economymaintaining success in a service economy

Value X Security X Privacy = TRUSTValue X Security X Privacy = TRUSTIrrelevanceIrrelevance xx VolumeVolume xx Disrespect Disrespect == ALIENATIONALIENATION

Reputational risk and business opportunity Reputational risk and business opportunity are realare real

Taking Control within MSTaking Control within MSThe goalThe goal

From regulatory compliance to competitive differentiationFrom regulatory compliance to competitive differentiationDrive customer satisfaction and improved brand valueDrive customer satisfaction and improved brand value

The keysThe keysBuilding privacy safeguards into the company’s DNABuilding privacy safeguards into the company’s DNA

Integration into existing processes & practices Integration into existing processes & practices Accountability throughout the organizationAccountability throughout the organization

Aligning business, IT, and other enterprise stakeholders Aligning business, IT, and other enterprise stakeholders Managing Privacy directly maps to corporate visionManaging Privacy directly maps to corporate vision

Helping customers realize the full potential of technologyHelping customers realize the full potential of technologyPutting more control of information in their handsPutting more control of information in their handsIncreasing their level of trust with the companyIncreasing their level of trust with the company

Corporate initiative with increasing visibilityCorporate initiative with increasing visibilityPrivacy leads throughout each major business unitPrivacy leads throughout each major business unit

Helping Businesses Take ControlHelping Businesses Take Control

Provide platforms for data governanceProvide platforms for data governanceWindows XP, Windows Server 2003Windows XP, Windows Server 2003

Encrypted File SystemEncrypted File SystemCrypto API Component (CAPICOM)Crypto API Component (CAPICOM)Authorization ManagerAuthorization ManagerWindows Windows SharePointSharePoint ServicesServicesWindows Rights Management ServicesWindows Rights Management Services

Office System 2003Office System 2003Information Rights ManagementInformation Rights ManagementOffice 2003 Sarbanes Oxley AcceleratorOffice 2003 Sarbanes Oxley Accelerator

BizTalk Server 2004BizTalk Server 2004BizTalk Accelerator for HIPAABizTalk Accelerator for HIPAA

See JC Cannon’s talk at 10:15 for more infoSee JC Cannon’s talk at 10:15 for more info

Windows Rights Management Windows Rights Management Services (RMS)Services (RMS)Information protection technology that augments Information protection technology that augments security strategiessecurity strategies

Users can easily safeguard Users can easily safeguard sensitive information from sensitive information from unauthorized useunauthorized useOrganizations can centrally Organizations can centrally manage internal information manage internal information usage policiesusage policiesDevelopers can build flexible, Developers can build flexible, customizable information customizable information protection solutions protection solutions

RMS protects RMS protects information both information both online and online and offline, inside offline, inside and outside of and outside of the firewall. the firewall.

The Future: Web ServicesThe Future: Web Services

Your CompanyYour Company Internal SystemsInternal Systems

PartnersPartners CustomersCustomers

SecuritySecurity

Reliable MessagingReliable Messaging

TransactionsTransactions

Helping Consumers Take ControlHelping Consumers Take Control

SpamSpamDeceptive Software (Deceptive Software (akaaka spywarespyware))Child ProtectionChild Protection

Some common pillars for eachSome common pillars for eachTechnologyTechnologyEducationEducationLegislationLegislationLitigation / EnforcementLitigation / Enforcement

Stopping SpamStopping SpamA multiA multi--faceted approachfaceted approach

The Spam ProblemThe Spam ProblemJunk email represents >60% of email trafficJunk email represents >60% of email traffic

Up from 8%, just 3 years agoUp from 8%, just 3 years ago

14.5 billion spam emails sent each day14.5 billion spam emails sent each dayCost to business $20.5B/yr globallyCost to business $20.5B/yr globally

Risk to security and privacyRisk to security and privacyVirusesVirusesPhisherPhisher scams, ID Theftscams, ID Theft

Low cost of entry + High profit + AnonymityLow cost of entry + High profit + AnonymityAll the economics favor the spammerAll the economics favor the spammer

EducationEducationwww.microsoft.comwww.microsoft.com\\spamspam

Industry Associations Industry Associations Standards and policyStandards and policyGovtGovt PartnershipsPartnerships

New lawsNew laws EnforcementEnforcement

eMaileMail useruser

Prevention Prevention AgentsAgents

Attack Attack detection detection Sender Sender reputation reputation Outbound Outbound filteringfiltering

Proof: Identity & EvidenceProof: Identity & Evidence““SenderIDSenderID” ” CallerIDCallerID/SPF/SPFComputational CyclesComputational CyclesCertificatesCertificatesSender Sender SafelistsSafelists

Protection FiltersProtection FiltersSmartScreenSmartScreenAt gateway, server At gateway, server and desktopand desktopUpdate ServiceUpdate Service

SpywareSpywareWhat You Don’t Know Can Hurt YouWhat You Don’t Know Can Hurt You

What is Deceptive Software?What is Deceptive Software?

Includes spyware and its variants:Includes spyware and its variants:Unauthorized Unauthorized adwareadware, browser hijackers, dialers, browser hijackers, dialers

Common theme: use of deceptionCommon theme: use of deceptionUsers often tricked and/or unawareUsers often tricked and/or unawareDifficult uninstalls and sneaky reinstallsDifficult uninstalls and sneaky reinstalls

Customers frustrated, feel out of controlCustomers frustrated, feel out of controlSystems can become unusableSystems can become unusable

With proper consent features can be desirableWith proper consent features can be desirablePersonalization, reduced cost, better experiencePersonalization, reduced cost, better experience

Pursuing Holistic StrategyPursuing Holistic Strategy

Consumer EducationConsumer EducationLaunched Launched www.microsoft.com/spywarewww.microsoft.com/spyware portalportal

Technology InvestmentsTechnology InvestmentsReleasing enhancements in XP SP2 Releasing enhancements in XP SP2

Industry CooperationIndustry CooperationIdentifying Best Practices (key to self regulation)Identifying Best Practices (key to self regulation)Active in CDT Working GroupActive in CDT Working Group

Enforcement DeterrentEnforcement DeterrentEngaged FTC (Workshop and Investigations)Engaged FTC (Workshop and Investigations)

Legislation Legislation -- as neededas neededFocus on bad behavior not software featuresFocus on bad behavior not software features

Range of BehaviorsRange of Behaviors

DeceptiveDeceptive GoodGoodQuestionableQuestionable ExemplaryExemplary

Cert/Logo Programs?Cert/Logo Programs?EnforcementEnforcement

Prevention/DetectionPrevention/Detection

Hole

HoleHole

PopPop--Under ExploitUnder Exploit

Some XP SP2 Some XP SP2 Enhancements that Help Enhancements that Help Address the ProblemAddress the Problem

New Popup BlockerNew Popup Blocker

Right click to get more options

Information Bar provides Notice and Choice

New Download BlockerNew Download Blocker

Unless download was user initiated, install prompt is

suppressed until user expresses interest

Harder to Leave Your Front Door Harder to Leave Your Front Door OpenOpen

Slide L

New AddNew Add--on Manageron Manager

User can Enable/Disable

ActiveX Controls and Browser

Helper Objects (e.g. Toolbars)

Neutralize unwanted software

Child Online Child Online SafetySafety

Developing a comprehensive, global Developing a comprehensive, global corporatecorporate--wide initiative aimed at wide initiative aimed at ensuring the protection of children ensuring the protection of children

onlineonline

Children’s Online SafetyChildren’s Online SafetyMS’s Children’s MS’s Children’s CyberSafetyCyberSafety CouncilCouncilKey PartnershipsKey Partnerships

International Center for Missing and Exploited International Center for Missing and Exploited Children; National Center for Missing and Children; National Center for Missing and Exploited ChildrenExploited ChildrenLaw Enforcement, InterpolLaw Enforcement, InterpolInIn--Hope Hope U.S. U.S. CyberSafeCyberSafe Cities ProgramCities Program

TechnologyTechnologyChild Exploitation Linkage Tracking System Child Exploitation Linkage Tracking System Content filtering, MSN 9 parental controlsContent filtering, MSN 9 parental controls

AwarenessAwareness--raisingraisingOnlineOnline--safety sites, tutorials and resourcessafety sites, tutorials and resourcesOnline parents’ guideOnline parents’ guide

Education and Technology: Education and Technology: International Centre and MicrosoftInternational Centre and Microsoft

Partnership with the Nat’l Center for Missing Partnership with the Nat’l Center for Missing and Exploited Children and the Int’l Center and Exploited Children and the Int’l Center for Missing and Exploited Children to train for Missing and Exploited Children to train WW law enforcement on how to investigate WW law enforcement on how to investigate those who prey on children and traffic child those who prey on children and traffic child pornography onlinepornography online

Lyon, France Lyon, France –– launched at Interpol, 12/03launched at Interpol, 12/03Costa Rica Costa Rica –– February 2004February 2004Brazil Brazil –– April 2004April 2004More to come around the globeMore to come around the globe

Hundreds of WW LE representatives trainedHundreds of WW LE representatives trained

Continue to offer innovative Continue to offer innovative technology designed to help protect technology designed to help protect children when they are on the Internetchildren when they are on the InternetContinue to educate parents and Continue to educate parents and children about ways to help stay safechildren about ways to help stay safeContinue to work with governments Continue to work with governments and law enforcement to address and law enforcement to address online crimes against childrenonline crimes against children

Our CommitmentsOur Commitments

In Closing …In Closing …

We are increasing our focus on We are increasing our focus on consumer education re. online safetyconsumer education re. online safety

How can we partner to be more effective How can we partner to be more effective here?here?

You are on the front line in helping your You are on the front line in helping your own organization take control of privacyown organization take control of privacy

How can we help?How can we help?Call to actionCall to action

Safeguard your organization’s reputation Safeguard your organization’s reputation Have your mail admin publish “Have your mail admin publish “SenderIDSenderID” info” info

ResourcesResourcesSender ID Technical infoSender ID Technical info

www.microsoft.com/mscorp/twc/privacy/spam_callerid.mspxwww.microsoft.com/mscorp/twc/privacy/spam_callerid.mspxQ&A: Microsoft's Steps to Enhancing Your Online Privacy Q&A: Microsoft's Steps to Enhancing Your Online Privacy

www.microsoft.com/presspass/features/2004/jun04/06www.microsoft.com/presspass/features/2004/jun04/06--09privacy.asp09privacy.aspGeneral InformationGeneral Information

www.microsoft.com/privacywww.microsoft.com/privacywww.microsoft.com/spamwww.microsoft.com/spamwww.microsoft.com/spywarewww.microsoft.com/spywarewww.microsoft.com/protectwww.microsoft.com/protect

Consumer Online Safety & SecurityConsumer Online Safety & Securitysecurity.msn.comsecurity.msn.comwww.staysafeonline.comwww.staysafeonline.comwww.bewebaware.cawww.bewebaware.ca

BizTalk Server BizTalk Server –– HIPAA Accelerator HIPAA Accelerator www.microsoft.com/biztalk/evaluation/hipaa/default.aspwww.microsoft.com/biztalk/evaluation/hipaa/default.asp

Office Solution Accelerator for SarbanesOffice Solution Accelerator for Sarbanes--Oxley Oxley www.microsoft.com/office/solutions/accelerators/sarbanes/defaultwww.microsoft.com/office/solutions/accelerators/sarbanes/default.mspx.mspx

©© 2003 Microsoft Corporation. All rights reserved.2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.