Report: Major Privacy Technology Coming in Longhorn

Microsoft is working on a technology for Windows Longhorn called "Info-cards" that is designed to return control of personal data, such as credit cards and Social Security numbers, to users, according to a report published this week.

If the technology works and consumers, merchants and other partners adopt it, Info-cards could reduce the need for big merchant-side databases of personal information that are the juiciest targets for hackers, such as in the recent ChoicePoint data breach. Elements of the technology could also deter "phishing" attacks, in which users are lured to bogus bank or other Web sites to enter their personal financial information.

As laid out in an article in the Wall Street Journal on Monday, Info-cards would store personal information locally on a personal computer in an encrypted file. Computer users could then selectively disclose information about themselves to businesses or others online.

Only trusted Web sites would be able to decode the encrypted messages, and the sites would not need to store, and therefore secure, the information in a database. As a side benefit, the encrypted communication between users and back-end merchant software could reduce the need for insecure username/password combinations.

According to the Journal, Info-cards would use standard protocols that will be open to any Web site and could run on Unix or Linux as well as Windows. The details of such protocols are key to understanding how open they would actually be, but Microsoft executives did not provide extensive product plans for the article.

It is not the first time Microsoft has tried to address the problems of user security at disparate online sites. Microsoft Passport was the company's answer to the problem of multiple user passwords and the key to the company's now abandoned "Hailstorm" Web services initiative. Privacy concerns helped derail that effort, which could have put a massive, Microsoft-managed database at the center of transactions involving credit card numbers, health records and other highly sensitive information.

Passport was designed to let consumers use a single password to access most Web sites. It was not widely adopted by consumers, and partners and privacy advocates objected to the centralized data repository. The Federal Trade Commission also cited Microsoft for misrepresenting the security of the Passport system.

Differences with the Info-cards approach include no creation of a central information repository, and, in fact, the potential elimination of many smaller user information databases kept by Web site merchants, such as

Microsoft is expected to put out a first beta version of Longhorn by the end of June, with the final version of the OS shipping next year. It is not clear how much, if any, of the Info-card technology might be available in the beta version.

About the Author

Scott Bekker is editor in chief of Redmond Channel Partner magazine.


  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • 2020 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss. (Now updated with COVID-19-related event changes.)

  • Microsoft, Google and IBM Among First Members of Open Source Security Group

    Microsoft has joined a high-powered group of tech giants in a new industry foundation aimed at improving the security of open source software.

  • Microsoft In Talks To Acquire TikTok

    A deal between Microsoft and Beijing-based ByteDance is in the works that would have Microsoft acquiring some of ByteDance's holdings in the TikTok social media service.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.