(continued from previous page)
spyware and phishing. So we are really focusing on spyware as part of spam. Now we are focusing on phishing, but it is still part of the spam problem. As we block spam reaching the user's mailbox, it becomes one less way of launching a phishing attack, which can also lead to identity theft.
What is the single biggest issue facing privacy? Is it phishing?Cullen: It is really tough to identify one big issue...A year ago, the term "phishing" didn't exist. Spyware, a year ago, was about tracking where users went for the purpose of feeding them ads. Now it is about keystroke-loggers being put on people's PCs.
Take spam. We block 3.2 billion pieces of spam per day across MSN and Outlook, but still 65 percent of the world's e-mail is spam. That's why we felt that the whole Sender ID framework was good, and now 25 percent of the mail that MSN receives has the Sender ID framework. So that means we can now focus on the 75 percent, as opposed to the whole 100 percent.
Collectively, all of these things allow us to really narrow the funnel down, so that we can really focus on the bad people.
Do you think that the chip and PIN initiative in the United Kingdom and elsewhere, which calls for a personal indentification number to be entered with every card payment, is the way to go forward with privacy?
Cullen: Chip and PIN is great, but there are some operational issues with it. What happens if I lose it, for example? Does that mean that I am left stranded? I think that there are multiple different types of solutions.
In other parts of the world, they are looking at two-factor authentication. In places like the U.S. and Canada, Internet banking tends to be rolled out without the use of smart cards. They just use password and user ID.
It's not just about the financial institution knowing who they are dealing with. Are we, as users, telling them we are dealing with a financial institution? In our view, authentication needs to be very two-way.
From the authentication point of view, is there any particular method you favor?
We've done an awful lot of thinking about this, and the system itself needs to be able to exist with multiple different kinds of technology solutions. It has to be very interoperable, as opposed to one single solution. We think that is the answer. So we have designed a set of principles, collaboratively. Even people from the open-source community helped to create this, and as a result of that, all of our technology solutions will actually meet those standards. They are called the seven laws of identity and were created over the past year. In our view, these are the laws a successful identity management framework needs to exist by.
Because we helped create them, these will be the standards that we meet in terms of identity solutions that we roll out for our customers.
Colin Barker of ZDNet UK reported from London.
See more CNET content tagged:
identity theft, phishing, spam, Microsoft Corp., security
Security is a real concern, but it should not make all of us blind !
Uhm, I really don't have to say much, his statement stands on its own.
Well OK maybe just a thing or two:
A year ago phising didn't EXIST?!
Pfffffffffffffewwwwwwwww.
And Cullen is the "Chief Privacy Strategist" for Microsoft.
HOLY CROW BAT MAN!
I thought I could say more on the subject, but frankly I'm to friggin stunned, my brain actually hurts from reading this mans naive, uninformed, ignorant assertions and opinions which as far as I can tell aren't based in any reality along the Space-Time Continuum that everyone else is living in.
Yikes!
Rev.
- No chance
- by July 12, 2005 8:18 PM PDT
- It'll never fly beyond a passport-doomed experiment until it's open and patent free. What is so difficult to understand about this?
- Like this Reply to this comment
-
(4 Comments)