Newsmaker: Putting privacy first at Microsoft

Let's hope that Peter Cullen enjoys thankless jobs--because he's got one now.

After the recent row kicked up by a Microsoft antipiracy tool, Cullen was selected to help undo the PR damage and mend fences with upset customers.

The controversy stemmed from Microsoft's failure to make the proper privacy disclosures with its Windows Genuine Advantage Notifications tool. It didn't disclose that the software connected to a Microsoft server after each start-up, which irked users and had one critic liken the tool to spyware.

Cullen, Microsoft's chief privacy strategist, has been very involved with the issue and readily admits that the software maker dropped the ball on WGA Notifications. The flap puts him on the front line, rather than his usual role behind the scenes.

For the most part, Cullen, who joined Microsoft three years ago from the Royal Bank of Canada in Toronto, is happy with his role at the software giant. He works on things such as guidelines for developers and privacy policies.

Like other Microsoft employees, Cullen, who calls Vancouver home, is proud of having an impact at the Redmond, Wash., software giant. He's working to make long privacy policies a part of history and helping to make Windows Vista the most privacy-sensitive operating system Microsoft has ever built.

CNET News.com sat down with Cullen on Thursday at the Computer History Museum in Mountain View, Calif., after he participated in a panel discussion on privacy and technology.

Q: What would you say the biggest difference is between working at Microsoft and working at a bank?
Cullen: The dilemmas--think of Windows Automatic Updates, as one. You could make an argument that, for the good of the user and even the good of the ecosystem, Automatic Updates should be turned on by default. People should have patched machines. But that would be contrary to our belief about user control; users need to have a choice.

In the three years that you have been at Microsoft now, what do you think is the single most important thing you've been able to achieve?
Cullen: Integrating privacy into the process, into the way the company does business. For example, we now have a very prescriptive set of privacy standards that guide the development of all products and services that's integrated into the development process, as opposed to having it as a standalone checkpoint.

Is there one thing that you've done that millions of people worldwide will have seen?
Cullen: The best example is the way we've radically changed privacy notices. We were probably one of the first companies to implement the short form, or layered form, of privacy notice. In the case of MSN, that means that 250 million people have access to a much more streamlined privacy notice. That has since been expanded to all online services, and Microsoft Office 2007 will be one of the first boxed products that comes out with a layered, or short form, privacy notice.

This short form is because longer forms are simply impossible to read?
Cullen: In the spirit of trying to be very upfront and include everything, privacy notices have become incredibly long. The previous MSN notice was 13 pages long--that's a lot to ask anybody, to read it. Users want to know very specific information, so the answer was to put those specific things into an executive summary of a single page.

Q: Microsoft has been under fire recently for a program called WGA Notifications that connected to a Microsoft server every time a PC starts up, which was not disclosed. Are you aware of this?
Cullen: Yes. We spent a lot of time focusing on the type of disclosure and type of notice around validation. That is really the part where the user's information, at least the system information, is being transferred back to Microsoft. We didn't spend the same amount of time on the notification side of it, which really transmits no information about the user back to Microsoft.

It's important to go back to the fundamental goal of Windows Genuine Advantage and the risk of pirated software. A lot of people believe that it might be about the revenue, but in actual fact, it is about the security and privacy of the users. Some research that we've done finds that the incidence of malware (malicious software) is a lot higher on pirated software, so we really are trying to make sure that users really have the opportunity to protect themselves.

More Newsmakers

[Maccess]

So is that why you're screwing up XP privacy now with "phone home" WGA?

...Vista can be marketed as a privacy sensitive OS?

The problem with Microsoft's claim that it has a right to check each Windows installation for verification is that it totally ignores others right to privacy and right to their own IP which just happens to be on a computer running XP.

As you know, people tend to be defensive about their IP. Holding that hostage to a beta version of WGA privacy checks is simply irresponsible.

I wonder what the corporate market thought of that move? Pushing software into their users that updates a third party on their system status.

I hope the intrusive WGA checks are not a ploy to damage XP, so you can market Vista as a "privacy sensitive" OS.

We already have privacy sensitive Windows, they're called Windows 98 and Windows 2000.

[aabcdefghij987654321]

Behind the times aren't you?

MS has already posted instructions on how to remove WGA entirely if you desire.

[Seaspray0]

It's still spyware

It meets all the requirements: You cannot install updates without installing the windows genuine advantage update first. The genuine advantage reports information about your computer back to microsoft on every bootup. I have been a supporter of microsoft's OS (MCSE) and there's little doubt you will convince me that you didn't F**k up this time.

[kamwmail-cnet1]

LOL Hire a PR Front and the Techies continue their lunacy.

Typical microsoft still doesn't get it. They need a new public relations advisor. People who gets annoyed at microsoft are NOT your typical braindead populance you can lie easily to. Hiring a PR Frontman while the techies still continue to program invasions to privacies won't wash with this group.

[curtegg]

Suffer

I love this continuing saga users have with MS and their intrusive
policies and DRM schemes. Be lemmings and cannonball off your
cliff. VISTA will be much worse.

[ForestRJ]

Ummm Was that an answer?

You know, I found the entire response related to the Spyware Program WGA from Microsofts Cullen, to be 'UNANSWERED'; in full and part. I love how this guy danced around the subject. He barely touched the surface, I was expecting at minimum the truth& We are MS, we can do what we please, when we please; and if you or your readers dont like it, find another OS, because we dont give a damn. At least this would have been directly to the point, if not 100% honest.

I admit there are pirated versions of the software out there, and that in itself is wrong. But most of those people are not going to update/upgrade the program as a whole. Most of those who use the pirated version of XP Pro/Home, are not going to take the chance that they are discovered. Thus it is redundant to think this Spyware/Parasite that MS has come up with, is going to make much of an effect, if any. I have talked to people on Voice Video chats that practically brag about having a Pirate Copy of Windows, but& They will not go to the MS Site for updates. So they are basically running Windows Rel. 1 or 2 with minimal security and/or critical updates, if any at all. Thus they will either be hacked, hijacked or otherwise crash in short time. Thus, taking care of MS Pirated OS problem.

I know MS has a lot of smart people scampering around, pretending to give a crap about us (the end user). But in reality is, WGA is Spyware (if not a parasite as well)! It gathers Personal Information and sends it back to someone elses system/server for analysis. Yet, they call it a utility to help find and/or deter Software Piracy? Give me a break! Sending Spyware and Parasitic Programs to you, hidden with a series of complicated code, let alone the fifty million pages of text you need to read to know precisely what is being installed on YOUR PC. Just to update your security? This in itself sounds like some covert black bag operation on a corporate level.

I see a series of major law suits in the future for MS. Because you and I both know, someone will claim they lost personal/confidential data due to WGA, and they will have an authentic copy of the Windows Software, that for some strange reason was wrongly classified as Pirated Software. I hope it is a US Government Agency, and I hope they take MS to the cleaners over this. MS is acting like a culmination of people with delusions of being Deities. Thus they can do what ever they damn well please to us lowly mortals.

[ForestRJ]

Stopping Windows Genuine Advantage dead in its tracks?

I have a Legal copy MS XP first of all, with the numbers and all that crap. But, I found this on another site, and it works for me. I simply made another folder named 'Security Risk' and pasted the contents within it. Just in case I needed to copy it back (like the article suggest).

Stopping Windows Genuine Advantage dead in its tracks- and still getting the updates

{[someone posted this and thought i would share it with you, its located here] or read it bellow}

As a disclaimer: I run a legitimate copy of Windows XP. It came pre-installed on my IBM Lenovo ThinkPad T42p. I am not advocating piracy or anything else that may or may not be illegal. All I am doing is showing you how to save yourself a few precious spaces in your RAM as well as stop your machine from calling home into Microsoft every 14 days.

All this said& here goes:

I ran my weekly Windows Update and it wanted to install the Windows Genuine Advantage Validation Tool (KB892130) hotfix. I HAD to install it, otherwise I wouldnt get any updates to my machine.

So, I accept it, go through the install, but once it was done, I didnt reboot. Instead, I went into: C:\WINDOWS\SOFTWAREDISTRIBUTION\DOWNLOAD\ and located a folder (mine was:
CD6812FEF1FD3E79D9350B24A76108F1; yours may vary) and that folder contained the following files:

legitcheckcontrol.dll
spmsg.dll
update/
4 _downloadprogress_.state
17 _file_to_execute_.txt
34 _unpacked_.state
50 _useselfcontained_.state

the update directory contained:

update.exe
update.inf
update.ver
updspapi.dll
wga.cat
wgacustom.dll

All you have to do now is move (my preferred method, in case I have to put it back) or delete the CD6812FEF1FD3E79D9350B24A76108F1 directory, and restart.

WGA doesnt finish its install, but from Windows Updates point of view, its all good.

There you go& have fun, and be safe!