There's a mountain of reasons why this is a bad idea, beginning with the technical and ending with the philosophical.

For starters, the moment all your data is collected in one place, any failure in security at that place becomes catastrophic. The Microsoft Control Room becomes a classic "single point of failure" -- an Achilles' heel that, once pierced, would give an electronic trespasser uniquely comprehensive access to your preassembled data profile.

Even if you're not afraid of break-ins, there's the more mundane likelihood of system failure. Once you've moved your calendar, address book and key files into Microsoft's Control Room, you're out of luck if, for example, Microsoft's domain name servers go down.

These vulnerabilities are real and serious. But even if Microsoft were somehow able to build a foolproof, fail-safe fortress of a system, there'd still be reason to doubt the wisdom of handing Microsoft your data. Depending on how you used it, HailStorm would know who you were, where you were, what you were doing and when you did it, how much money you had and how you spent it. It would hold the keys to your life. How would you feel about handing those keys over to Microsoft?

At the moment, Microsoft is riding a wave of confidence based on the likelihood that a federal appeals court will overturn or set aside the breakup order that emerged from its antitrust trial. HailStorm is in principle an "open" system, since it's based on standards like XML (for data transfer) and SOAP (for applications to call one another), but Microsoft is utterly candid about its plans to build HailStorm directly into the structure of its next version of Windows. Damn the courts -- full integration ahead!

But there's a poisonous legacy from the antitrust ordeal that could derail the HailStorm master plan, even if Microsoft ends up with a total victory in court, and even if HailStorm fails to raise a single antitrust enforcer's eyebrow. After all, anyone who paid attention to the trial came away with a vivid sense of Microsoft's corporate character. Its leaders emerged as ruthless hardball players, who'd (it was charged) threatened to "cut off the air supply" of competitors, sneered at jurists who dared to suggest that browsers could be separated from operating systems and generally behaved like high-tech Huns. All of this has made them awfully good at seizing market share. But are they the kind of folks you want to entrust with every scrap of your private info?

In the HailStorm rollout, Microsoft officials took pains to emphasize that "the user owns the data" -- if they didn't, of course, their service would be dead on arrival. I don't believe that Microsoft has any ulterior motives right now, or that its spokespeople are insincere today in professing respect for their users' privacy. But it only takes a little poking around the fine print on Microsoft's Web sites to get a picture of how HailStorm could evolve in ways that might give you the willies.

HailStorm is to be built on the foundation of Microsoft's Passport software, a service that lets you enter your personal data once and then reuse it on multiple Web sites. Passport currently features an industry-standard policy that assures users of their privacy. But it also boasts a "Terms of Use" featuring clauses that, were they applied to HailStorm, would make any user blanch.

Try this one on for size: "By posting messages, uploading files, inputting data, submitting any feedback or suggestions, or engaging in any other form of communication with or through the Passport Web Site, you warrant and represent that you own or otherwise control the rights necessary to do so and you are granting Microsoft and its affiliated companies permission to: Use, modify, copy, distribute, transmit, publicly display, publicly perform, reproduce, publish, sublicense, create derivative works from, transfer, or sell any such communication ... Microsoft is under no obligation to post or use any materials you may provide and may remove such materials at any time in Microsoft's sole discretion."

Now, even if we give Microsoft the benefit of the doubt and assume that it will remove such clauses from the Passport Terms of Use before HailStorm gets off the ground, the presence of such language today on a site where Microsoft collects users' personal information is remarkable. What good is it for Microsoft to say "the user owns the data" if, at the same time, the company is asserting rights to do anything it wants with that data? And even if Microsoft revises the policy for HailStorm, who's to say the policy won't be revised again in the future -- when, say, Microsoft decides it needs to eke a few more percentage points of profit from the program?

Today, Microsoft assures us that it "will not mine, target, sell or publish any HailStorm user data without explicit user consent." But once all that data is sitting on Microsoft's servers, the company will face a powerful temptation to tinker with the fine print and "monetize" your data in aggressive ways. Which is one good reason to store the information where you can keep an eye on it -- on your own hard drive.

I think Gates and company are honest when they say that they're trying to "build user-centric experiences": They believe that finding a way to connect disparate technologies in a seamless way, and making personal data more accessible, benefit everyone. They're right. But then they insist that the best way to achieve this is via a paid service owned and operated by Microsoft. Who'd buy that?

Recent Stories