We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not a subscriber? Subscribe now for unlimited access to online articles.

Business Report

Keeping Things Private at Microsoft

The company and its rivals have important differences when it comes to protecting personal information, says its chief privacy officer.

Earlier this year, Microsoft caused a stir by running big newspaper ads charging that its archrival, Google, was trampling on personal privacy by gathering ever more information on users. Some saw the ads as disingenuous: Microsoft uses some similar practices in its own search engine, Bing.

But inside Microsoft, the claim that it is better at privacy is an article of faith. Microsoft’s efforts began in the 1990s, when it battled security holes in its Windows operating system. Back then, privacy meant not having your computer infected with a hacker’s malware. Today, it means companies don’t abuse your personal data. Journalist Lee Gomes spoke with Brendon Lynch, Microsoft’s chief privacy officer.

TR: Why did Microsoft criticize Google?

This story is part of our July/August 2012 Issue
See the rest of the issue

Lynch: It was recognizing that there is angst in the environment, that there is concern around privacy for a lot of consumers. We feel proud about the way we build privacy features and controls, and we wanted people to know that there was a choice out there.

Bing recently began letting users sign in with Facebook and share search results. Do you handle social media any differently?

People have to opt in to any experience where search results are shared. Also, Facebook requires users to be 13 or older to access its services, whereas Bing’s social search features will only surface results for users who are 18 or older.

What exactly is Microsoft’s philosophy on user privacy?

It’s what we call “privacy by design”; privacy should be built into our products and services from the ground up. A centerpiece of our program is the privacy review process, which enables engineers and product designers to assess the privacy implications of new products from the earliest stages of development. We have about 50 full-time privacy professionals at Microsoft, and roughly 2,000 privacy reviews are conducted each year.

What did Microsoft learn during the 1990s, when conspiracy theorists accused you of using Windows updates to spy on people?

That really helped us understand the importance of trust. Windows updates keep society protected from online threats. So we wanted to ensure that we had strong privacy controls in Windows Update, so that people would trust it and use it. One of the things we did was to have independent auditors crawl all over what we were doing and then issue a report that assured everyone we were collecting only the data we said we were collecting.

Does “privacy” mean something different to Microsoft than it did 15 years ago?

Security as it relates to data is primarily about the protection of that data, but privacy is something much broader: “what is the correct use of the data?” There was a lot more focus on security in the early days at Microsoft, but we’ve been investing deeply over the last 10 years to get us ready for this moment when privacy would become much more important. The big privacy challenge of our time will be enabling society to benefit from information-centric innovations while ensuring that personal privacy is protected.

A lot of people criticize how Web privacy is handled in the United States, in that it forces users to keep up with an endless list of privacy notices that they never really read.

It is clear that the current framework of notice and choice and consent is under some strain. It puts a lot of the burden on the individual to be able to understand what is happening and then make informed choices. The reality is that some really want to be able to read a privacy statement and have controls and make choices. But our research also tells us that the vast majority of people really just want to feel protected and want to be able to trust online.

Do devices like the Kinect game controller present new privacy challenges?

There are some privacy sensitivities—it can do voice recognition, it can do facial recognition. Protecting privacy in this case involved making sure that none of this information leaves the Kinect device. It’s not storing the information or sharing it with anything else.

Hear more from Microsoft at EmTech Digital.

Register now
Next in this Business Report
The Value of Privacy

Internet advertising is the global $70 billion business that powers services like Google and Facebook. But has tracking of Web users gone too far?

Want more award-winning journalism? Subscribe to Print + All Access Digital.
  • Print + All Access Digital {! insider.prices.print_digital !}*

    {! insider.display.menuOptionsLabel !}

    The best of MIT Technology Review in print and online, plus unlimited access to our online archive, an ad-free web experience, discounts to MIT Technology Review events, and The Download delivered to your email in-box each weekday.

    See details+

    12-month subscription

    Unlimited access to all our daily online news and feature stories

    6 bi-monthly issues of print + digital magazine

    10% discount to MIT Technology Review events

    Access to entire PDF magazine archive dating back to 1899

    Ad-free website experience

    The Download: newsletter delivered daily

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.