Due to growing privacy concerns - and repeated and difficult questions from CNET - Microsoft has moved to curb its WiFi location database.
In a statement, the company says it is "keenly aware of the sensitivity around all privacy issues, especially those surrounding geolocation."
In addition, Microsoft says its commitment to privacy means that "not only will we seek to build privacy into products, but we'll also engage with key stakeholders in government, industry, academia, and public-interest groups to develop more effective privacy and data protection measures. We will continue to update our service with improvements that benefit the consumer in both positioning accuracy as well as individual privacy."
Over the past five months, CNET had sent a series of questions to Microsoft, most of which had gone unanswered. Here is an abbreviated list of the technology magazine's privacy concerns:
- When did Microsoft start collecting location data from mobile devices?
- How frequently do devices running Windows Phone 7 transmit the data to Microsoft? Every 15 minutes? Hourly? Daily?
- Is the connection encrypted? If so, using what method?
- What information, exactly, is transmitted?
- You say the information collected includes a "randomly generated unique device ID." Is that device ID ever changed? If it is changed, how often does it change?
- You say the randomly generated ID is "retained for a limited period." How long is that? Is the ID then deleted or only partially anonymized?
- Given a street address or pair of GPS coordinates, is Microsoft able to produce the location logs associated with that generated ID, if legally required to do so?
- Have you received any civil subpoenas, requests from law enforcement, or any other form of compulsory process for access to geolocation data?
- Do you make this location database publicly accessible?
- How many entries are in this database?
Just two weeks ago, CNET called out Microsoft yet again, accusing the software giant of collecting the locations of millions of laptops, cell phones, and other WiFi devices around the world, making them available online without taking any privacy precautions.
CNET also claimed Microsoft does not provide an opt-out mechanism that would allow someone to remove his or her WiFi address from the Live.com database.
So is Microsoft's move to "develop more effective privacy and data protection measures" genuine, or the result of repeated and effective questioning by CNET's diligent editorial team?