Oops!
"We're not asking people to trust us on HailStorm promises on faith, but on how we act," Purcell said.
But if actions speak louder than words, Microsoft is off to a bad start that can be summarised in one word: Passport.
Today, consumers of Microsoft's Hotmail must use Passport to log on to the email service, with Passport storing their user name and password. Microsoft said there are approximately 100 million "active" users of Passport, though the company said it has set up more than 160 million Passport accounts. Consumers can also use Passport's wallet to make purchases at more than 70 sites, including 1-800-Flowers.com and RadioShack.com.
Passport is central to HailStorm, holding the key that will unlock consumers' HailStorm data.
"You provide the Passport, and then your schema is available to you," Gates said, acknowledging that Microsoft is banking on persuading current Passport users to sign on to HailStorm services. "It's our goal to have virtually everybody who uses the Internet to have one of these Passport connections."
But within days of Gates' comments, Microsoft was criticised for what users called Passport's draconian terms of use, taking issue with language that stated by "inputting data . . . or engaging in any other form of communication with or through the Passport Web site"--or any of its "associated services"--you grant Microsoft the rights to "use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer or sell any such communication."
Microsoft said the language was outdated, with Lorenzen noting that the company had "missed that section" of the document when it revised Passport's terms of use. "I cannot apologise enough to anyone who saw it," she said.
The EFF's Pierce found Microsoft's blunder troubling. "This is another reason why I'm sceptical that they can pull all of this together and make a product I would trust to use," she said. "How do you overlook this privacy policy? It was, what, 2 years old? I would have thought it would have been one of the first things they would have done, something that the chief privacy officer would coordinate. This is a big deal. If they can't even take the time and care to make sure their privacy policy is up to date, how can we be sure they will take the time and care to make sure all of our personal data is secure?"
