Originally created 03/10/99

Microsoft pledges software fix for privacy controversy



WASHINGTON -- Reacting to privacy concerns over a flaw in Windows, Microsoft Corp. is promising to offer software to strip out an identifying number that could be used to trace the authorship of some electronic documents.

Steven Sinofsky, a vice president for Microsoft's Office products, said late Monday the company also almost certainly will offer a patch for the tens of millions of customers who use its popular collection of Office 97 business programs, which include Word and Excel.

That software fix, to be administered by customers themselves, would prevent the identifier number from being quietly embedded within electronic documents in the future.

"We take these things very seriously," Sinofsky said.

The company previously promised only to allow customers to remove the serial number from their computers, not from individual documents, such as business letters and spreadsheets.

Microsoft confirmed over the weekend that its latest version of Windows generates a unique serial number for each computer that is partly planted within some documents.

Separately, the company also acknowledged it may have been harvesting those serial numbers from customers -- along with their names and addresses -- even when customers had explicitly indicated they didn't want the numbers disclosed.

Privacy groups complained that the list of serial numbers, together with names and addresses, could be used to trace electronic documents to a specific computer even when an author wished to remain anonymous.

Richard M. Smith of Brookline, Mass., the software programmer who first noticed the numbers hidden within his Microsoft files, compared the situation to a person's Social Security number being stamped on every document he creates.

Smith said Monday that Microsoft was acting appropriately.

"For the document problem, that's what they need to do," Smith said. "There are a lot of documents that already have the stuff in it. You don't want to be storing those (numbers) in there."

Those numbers are part of a 32-digit identifier created by Windows 98 whenever customers register their software with Microsoft.

The company said late Monday it still was investigating whether it might be inadvertently collecting the numbers during the electronic registration process for Windows.

But Microsoft announced Monday on its Web site that it will change the procedure "to not send the hardware ID, unless the user checks the option to send hardware information to Microsoft."

It acknowledged "there are hypothetical scenarios in which this number could be used to learn something about the user's system without his or her knowledge."

The number appears in a log of information transmitted to Microsoft, even when customers say they don't want details about their computers sent to the company.

The controversy was aggravated by the prominence of Microsoft's products: Its bundle of affected business programs is used by nearly 90 percent of consumers of such programs, and its dominant Windows operating systems run most of the world's personal computers.