Microsoft Gathers Customer Data from Windows Vista

Windows Vista and the services either integrated into the operating system or orbiting around it collect customer data for Microsoft. From the Windows Genuine Advantage mechanism to the Windows Media Player, customer activity and behavior is recorded and centralized by Microsoft. In this context, Microsoft is dealing with issues of privacy, but Tina R. Knutson, a Senior Privacy Program Manager in Microsoft's Corporate Privacy Group revealed that while security aims to safeguard the data, privacy is synonymous with placing control firmly in the hand of the user.

"Anytime we collect your data, we know that the experience can either increase your trust or destroy it. If you understand what's being collected, why it's being collected, what the benefits are (to you - not to Microsoft!), and how you can control it in the future, you are much more likely to trust us. In order to build trust when collecting data, we believe that clear and accurate communication is paramount," Knutson explained.

Microsoft has integrated privacy even into the Secure Development Lifecycle, the company's internal security design and development process that are the foundation for Windows Vista. But Knutson has given the example of the data collected via Windows Media Player, in order to put eventual questions related to how Microsoft is handling the information to rest.

"When Windows Media Player collects information about a DVD you're watching, it's better to know up front that this information is used to provide you with media information such as DVD title and cover art. If you don't know this and have to extrapolate why Microsoft might want to know the DVDs you're watching, it could seem pretty creepy," Knutson said.

The bottom line is that Microsoft set firm limitations for itself the moment it disclosed the initial capture of data. Any other usage of the data that was not brought to the attention of the user is off limits. "In integrating privacy considerations into the SDL, we're spreading the word that all of the commitments made at the time of collection apply to that data until it is destroyed," Knutson concluded.