Microsoft Corp. agreed on Thursday to submit to 20 years of U.S. government oversight of its online identity service in order to settle charges that it misled consumers about security and privacy standards.
Microsoft's Passport service, which aims to make online shopping easier by storing passwords and credit-card numbers, came under scrutiny by the U.S. Federal Trade Commission last year after privacy groups said it would give the software giant unprecedented control over users' personal information.
FTC officials said they found that Microsoft did not adequately protect users' personal information, and that the service tracked users' Web-browsing habits without their knowledge.
The company also falsely claimed that it would enhance the security of Internet transactions, the FTC said.
"They were saying that they had reasonable and appropriate security procedures. We thought those promises were deceptive," FTC Chairman Timothy Muris told reporters, adding that he was unaware of any breaches to the system.
Microsoft agreed to stop making false claims about Passport's data-collection practices and security protections, and agreed to set up an enhanced computer-security system that must pass independent review every two years, for a period of 20 years.
Microsoft paid no fines, but would face fines of $11,000 per count if it does not maintain the security program, an amount that could add up quickly given the service's 200-plus million users.
News source: Reuters - U.S., Microsoft Settle Privacy Charges