Storm over Hailstorm

I sincerely hope that Microsoft never makes the mistake of listening to its critics. But then, judging by the Redmond behemoth’s recent move – inviting internet users to part company with their personal details so that Microsoft can store them online in a database – my hopes will never be dashed.

It was inevitable that the announcement, in March 2001, that Microsoft was to launch what it refers to as a ‘web service’, that will allow internet users to store their personal details such as name, address, calendar and even credit card details online, would create controversy. Microsoft hardly helped to oil the wheels when it chose Hailstorm as the code name for the initiative, providing journalists with a ready-made metaphor of conflict and bad tidings.

This display of charming naivety from the company that is nicknamed the Evil Empire and has been compared to Darth Vader’s Death Star by Bill Gates’ rival, Sun Microsystems CEO Scot McNeally (1), begs the question: does Microsoft realise the size of the battle it is in for?

Microsoft launched Hailstorm in March 2001 (2) as a crucial component of its .Net vision. .Net is an ambitious attempt to establish a framework for the way that software is built to run over the internet. If it is adopted by the software industry, .Net will be used by companies to provide services over the internet that are a quantum leap ahead of today’s static and relatively unintelligent websites.

Hailstorm is the ‘user credentials’ component of .Net, which will include services with names like myProfile, myLocation, myCalendar and myWallet. Users store their personal details where Hailstorm can access them, and they configure it to release selected information to companies that provide personalised websites, online shopping and other more tailored experiences on the internet.

Together, Hailstorm and .Net could offer some truly Jetson-like experiences. Picture this: you are at the gym working out on an exercise bike when the sitcom repeat you were watching on the bike’s LCD screen is interrupted with a message telling you that, due to a last-minute cancellation, there are now two tickets available for that play you tried to buy tickets for last week but was completely booked up.

You look up your babysitting service’s website on the same LCD screen on which you were watching the sitcom to see if there is a babysitter free from 7pm, and there is; you check your spouse’s calendar in case he or she had something planned already, but it’s showing a free slot, so you make the booking. The babysitter and your spouse both get notified about what is happening – the babysitter’s calendar is automatically updated, and your address details are added to his or her address book, along with some background information about your kids.

If that’s just a little more lifestyle than you can stomach, there are numerous other examples of how something like Hailstorm could improve your life. If you have a specialist professional interest you could register your interests and be kept up to date automatically on new developments appearing on websites all over the world; or if you have a favourite pop band you could register your interest and be kept informed of their every move and merchandise release; or you could make your medical records available, so that if you are in a serious accident the paramedics in the ambulance can view your medical history as they drive you to the hospital.

This may seem like a vision of the far-off future, but it does not require a major technological breakthrough. The foundations for building such advanced services have already been built and are made up, as always in the internet world, by a host of acronyms – TCP/IP, XML, SOAP, and so on. This does not mean to say that achieving a more intelligent internet is easy, but there is at least some general agreement among organisations as diverse as the W3C, Sun and Microsoft about how to go about doing it.

But aside from the technology, there are some immense barriers that need to be overcome before consumers can hope to see such services becoming commonplace.

If the media and industry analysts are to be believed, not least among these barriers is concern over privacy. In fact, in many ways privacy concerns appear to present as big a barrier to the development of next-generation websites as any technical challenges that need to be overcome.

A recent survey by PriceWaterhouseCoopers (3) found that only five percent of respondents were willing to give out their credit card details when using the internet, and that a majority of consumers – nearly three quarters – prefer to opt out of providing information on the internet when they are given the choice to do so.

Another survey, by Yankelovich Partners, found that 90 percent of those surveyed said they felt privacy protection of personal information is the most important issue. Additionally, 46 percent think the government needs to regulate privacy more carefully, and 79 percent leave websites when they require personal information to proceed (4).

But is privacy really as important to people as these figures would have us believe? For example, there is considerable variance in the results of the PriceWaterhouseCoopers study depending on the respondent’s location, with the UK generally proving a touch more paranoid than Germany and Scandanavia. This might suggest that the nature of the public debate in these countries influences the opinions of respondents heavily. A key fact that flies in the face of some of the more gloomy findings is that more money is being spent online by more people than ever before, and the internet is becoming more of a part of people’s everyday lives and less of a threatening unknown quantity.

However the figures are interpreted, the privacy debate surrounding Hailstorm suggests that a combination of scepticism on the part of the general public, a vocal opposition in the privacy lobby and other enemies of Microsoft – of which there are many – and restrictive privacy legislation could smother the Hailstorm initiative in its infancy.

The root of the matter is whether the public will trust an organisation like Microsoft with a centralised database of personal information about millions of people. Critics of the initiative argue that the public would be foolish to adopt the system, no matter how much convenience it may offer. For example, Bob Lewin, CEO of TRUSTe – an organisation that grants its seal of approval to sites that it has vetted – acknowledges that .Net and Hailstorm may offer convenience, but says that ‘the price for convenience is the risk. It really boils down to convenience and the level of risk [consumers] are willing to take. From our point of view, putting it all together is not the best idea’ (5).

Other critics are less measured. ‘I think this is really awful’, said Deborah Pierce, a staff attorney at the Electronic Frontier Foundation. ‘This is all of your personal information. You might have doctor’s appointments, prescriptions you take. It could subject the consumer to all sorts of problems if it got out, from identity theft to job discrimination. I think it’s a bad idea.’

It would be naive to expect a commercial organisation not to attempt to gain from owning such a huge pool of data were it in a position to. A case in point is the embarrassment Microsoft experienced recently, when the terms of use of its Passport service – which will be a key component of Hailstorm – were brought to the public’s attention. The terms were reported to be draconian by most standards, including the statement that, by using the service, users granted Microsoft permission to ‘use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication’ (6). Microsoft removed the offending terms shortly after the publicity started and apologised profusely, but it did nothing to win public trust.

Leaving aside Microsoft’s poor PR record, there is little doubt that users would benefit enormously from an initiative such as Hailstorm, and Microsoft is one of the few organisations in the world with the clout and the bottle to try to pull such an ambitious and potentially controversial project off. To the extent that the internet is a public space, it needs individuals to put their personalities online, in order to deliver the rewarding and vibrant experience that it is capable of. Just as I find nothing threatening about my local Odd Bins trying to sell me a Rioja I haven’t tried because they know I like Spanish wine, I see nothing threatening in websites greeting me by name and trying to sell me something I want – it would certainly make a change from websites trying to sell me something I don’t want.

Hailstorm might be a big money spinner, but Big Brother? I don’t think so.

Jason Burton is a technical consultant for a London-based internet
integration agency.

(1) Sun’s Scott McNealy casts it in near-apocalyptic terms. ‘There’s two camps’, he says, ‘those in Redmond, who live on the Death Star, and the rest of us, the rebel forces.’ (Newsweek, December 1996)

(2) Microsoft Announces ‘HailStorm’, a New Set of XML Web Services Designed to Give Users Greater Control, 19 March 2001, Microsoft.com

(3) e-Privacy solutions: bridging the B2C divide e-Privacy issues among European consumers, PriceWaterhouseCoopers (Research commissioned October 2000)

(4) The Great Online Privacy Debate: Part 1, 14 December 2000, emarketer.com

(5) ‘In Microsoft do you trust?’, Connie Guglielmo and Doug Brown Interactive Week, 15 April 2001

(6) All your data (and biz plans) are [sic] belong to Microsoft, Andrew Orlowski in San Francisco, The Register, 30 March 2001