Microsoft storm warning

The HailStorm program will put all your data in one convenient place -- and leave Bill Gates with the keys.

Published March 28, 2001 6:43PM (EST)

Once upon a time there was a Control Room. At least that's what I remember it being called. I was a high school student in the 1970s, learning some basic computer skills on Teletypes connected to minicomputers at a local university. As long as you were just working at your station, you were fine; no one bothered you. But if you sent output to what was then quaintly known as the line printer, you had to pick up your sheaves of green and white paper in a bin at the Control Room -- a back office where guys with beards puttered around and tended to hulking tape drives. Trouble was, more often than not the job never made it to the line printer, or the paper ran out or jammed, or some other random glitch intervened. If you tried to get help from the Control Room guys they'd just mutter something and ignore you -- they had better things to do.

Within a few years the advent of the desktop computer meant those guys were on their way out. Personal computing was a fine thing in its own right -- but I've always thought that it won a lot of converts among people who'd just had enough of the Control Room guys and wanted a little revenge.

Well, the Control Room is back -- in the guise of Microsoft's new HailStorm initiative.

In case you haven't yet read about it, you may need a brief explanation of HailStorm. If you have read about it, you definitely need an explanation, because this is surely one of the murkiest product announcements in history.

If you dig through the mountains of buzzwords in Microsoft's HailStorm "white paper," you eventually discover that HailStorm is Microsoft's effort to make computing more convenient by allowing you to A) collect all your personal information in one format intelligible across many platforms and devices, and B) store all that information with -- who else? -- Microsoft. For a fee, of course.

Somehow, Microsoft -- which, after all, is uniquely identified with the triumph of personal computing over the old-fashioned, centralized mainframe -- has turned its back on its own history. The financial analysts have long been telling the company that it has to move away from selling software and begin selling services, and HailStorm is an answer to that -- but it's a peculiarly retrograde one.

The HailStorm launch propaganda is full of rhetoric about empowering users ("HailStorm Puts You in Control") to protect their own data. "People are frustrated and confused," the white paper declares. "Sometimes it seems that every program, every Web site, every device has its own set of rules ... People are not in control of the technology that surrounds them. We have important data and personal information scattered in hundreds of places across the technology landscape, locked away in applications, product registration databases, cookies, and Web site user tracking databases."

Well, the last sentence is accurate. And while that situation may sometimes be inconvenient, it is also reassuring. Many of us worry less about having to learn a new set of rules every now and then than about the forbidding prospect of somebody assembling all that "important data and personal information" into one cross-referenced master profile. For instance, the database in which our prescription drugs are registered should be separate from the one in which our other purchases may be stored. Cookies spook some people, but at least they're always stored on your own computer, leaving you with the "control" to delete them.

HailStorm purports to give us more control. But there is no escaping the simple fact that Microsoft is asking us all to move our data from its current home on our desktops into a paid service on a server inside a Microsoft data center -- Bill Gates' Control Room.

There's a mountain of reasons why this is a bad idea, beginning with the technical and ending with the philosophical.

For starters, the moment all your data is collected in one place, any failure in security at that place becomes catastrophic. The Microsoft Control Room becomes a classic "single point of failure" -- an Achilles' heel that, once pierced, would give an electronic trespasser uniquely comprehensive access to your preassembled data profile.

Even if you're not afraid of break-ins, there's the more mundane likelihood of system failure. Once you've moved your calendar, address book and key files into Microsoft's Control Room, you're out of luck if, for example, Microsoft's domain name servers go down.

These vulnerabilities are real and serious. But even if Microsoft were somehow able to build a foolproof, fail-safe fortress of a system, there'd still be reason to doubt the wisdom of handing Microsoft your data. Depending on how you used it, HailStorm would know who you were, where you were, what you were doing and when you did it, how much money you had and how you spent it. It would hold the keys to your life. How would you feel about handing those keys over to Microsoft?

At the moment, Microsoft is riding a wave of confidence based on the likelihood that a federal appeals court will overturn or set aside the breakup order that emerged from its antitrust trial. HailStorm is in principle an "open" system, since it's based on standards like XML (for data transfer) and SOAP (for applications to call one another), but Microsoft is utterly candid about its plans to build HailStorm directly into the structure of its next version of Windows. Damn the courts -- full integration ahead!

But there's a poisonous legacy from the antitrust ordeal that could derail the HailStorm master plan, even if Microsoft ends up with a total victory in court, and even if HailStorm fails to raise a single antitrust enforcer's eyebrow. After all, anyone who paid attention to the trial came away with a vivid sense of Microsoft's corporate character. Its leaders emerged as ruthless hardball players, who'd (it was charged) threatened to "cut off the air supply" of competitors, sneered at jurists who dared to suggest that browsers could be separated from operating systems and generally behaved like high-tech Huns. All of this has made them awfully good at seizing market share. But are they the kind of folks you want to entrust with every scrap of your private info?

In the HailStorm rollout, Microsoft officials took pains to emphasize that "the user owns the data" -- if they didn't, of course, their service would be dead on arrival. I don't believe that Microsoft has any ulterior motives right now, or that its spokespeople are insincere today in professing respect for their users' privacy. But it only takes a little poking around the fine print on Microsoft's Web sites to get a picture of how HailStorm could evolve in ways that might give you the willies.

HailStorm is to be built on the foundation of Microsoft's Passport software, a service that lets you enter your personal data once and then reuse it on multiple Web sites. Passport currently features an industry-standard policy that assures users of their privacy. But it also boasts a "Terms of Use" featuring clauses that, were they applied to HailStorm, would make any user blanch.

Try this one on for size: "By posting messages, uploading files, inputting data, submitting any feedback or suggestions, or engaging in any other form of communication with or through the Passport Web Site, you warrant and represent that you own or otherwise control the rights necessary to do so and you are granting Microsoft and its affiliated companies permission to: Use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication ... Microsoft is under no obligation to post or use any materials you may provide and may remove such materials at any time in Microsoft's sole discretion."

Now, even if we give Microsoft the benefit of the doubt and assume that it will remove such clauses from the Passport Terms of Use before HailStorm gets off the ground, the presence of such language today on a site where Microsoft collects users' personal information is remarkable. What good is it for Microsoft to say "the user owns the data" if, at the same time, the company is asserting rights to do anything it wants with that data? And even if Microsoft revises the policy for HailStorm, who's to say the policy won't be revised again in the future -- when, say, Microsoft decides it needs to eke a few more percentage points of profit from the program?

Today, Microsoft assures us that it "will not mine, target, sell or publish any HailStorm user data without explicit user consent." But once all that data is sitting on Microsoft's servers, the company will face a powerful temptation to tinker with the fine print and "monetize" your data in aggressive ways. Which is one good reason to store the information where you can keep an eye on it -- on your own hard drive.

I think Gates and company are honest when they say that they're trying to "build user-centric experiences": They believe that finding a way to connect disparate technologies in a seamless way, and making personal data more accessible, benefit everyone. They're right. But then they insist that the best way to achieve this is via a paid service owned and operated by Microsoft. Who'd buy that?


By Scott Rosenberg

Salon co-founder Scott Rosenberg is director of MediaBugs.org. He is the author of "Say Everything" and Dreaming in Code and blogs at Wordyard.com.

MORE FROM Scott Rosenberg


Related Topics ------------------------------------------

Microsoft