Microsoft's HailStorm has
Privacy Implications for Financial Industry
By Ivy Schmerken
Wall Street &
September 17, 2001
As Microsoft gets ready to ship Windows XP on Oct. 25th-the next
generation of the dominant desktop operating system-financial services
institutions will undoubtedly be eyeing HailStorm-a personalized
notification service that is being bundled into XP or can be purchased
separately. Should Wall Street firms consider upgrading their desktops
to Windows XP to take advantage of the new functionality?
With its ongoing anti-trust battle, competitors and some critics say
the functionality bundled into XP presents the same anti-competitive
issues raised by the government's anti-trust case, and that Microsoft
is using the monopoly position of its desktop software to dominate
authentication and messaging on the Internet.
HailStorm Web services are organized around the concepts of my
calendar, my accounts, my documents and my location, explains Jeremy
Lehman, Microsoft chief technologist for financial markets, adding that
the end-user is not required to use Windows XP or any other Microsoft
platform. Microsoft has shown HailStorm to work on Unix, Macintosh,
Blackberry Rim pagers and other devices, he says. A retail securities
arm of a global universal bank is planning how HailStorm will allow
customers to receive intimately personalized investment advice. "The
bank would like to find a technology to allow their financial advisors
to scale out to reach those down-market individuals in a more personal
manner," says Lehman.
HailStorm works in tandem with Passport-an authentication and Web
registration service-that will allow the user to store personal
financial data, such as credit card payment information, online in an
electronic type of wallet and share that information with other Web
sites to conduct e-commerce transactions. Banks and brokerage houses
could design vertical applications using the HailStorm services but
would they feel comfortable using Passport to store employee or client
personal identity information?
"Personal information management and Web authentication and
identification services-compare that to a media player and you're
talking about the difference between a firecracker and a nuclear bomb,"
says Kevin Meek, a lawyer who heads the technology practice group at
Houston-based Baker Botts.
"If people are going to have problems with media players and instant
messaging, can you imagine what it'll be like when Microsoft is not
only that, but they're the bank and the stock exchange and (decide)
whether or not you'll get on a plane?," asks Meek.
Today, 160 million-plus Passport accounts are issued to users of
Microsoft's Hotmail email service. Privacy concerns were initially
raised over collecting and monitoring everything that a consumer is
doing, notes Hagay Shefi, CEO
of GoldTier Technologies. "You have the
physical evidence of where I'm flying and what hotels I'm staying in,
and what restaurants I'm eating in and what stores I'm buying from,
who's my cell phone provider and who's my broker," says Shefi. "You're
naked," he adds.
In response, privacy organizations have filed a petition with the
Federal Trade Commission to investigate these practices. A complaint
filed by the Electronic Privacy Information Center (EPIC), argues that
"Microsoft has engaged, and is engaging in unfair and deceptive trade
practices intended to profile, track and monitor millions of Internet
But Microsoft's Lehman denies any of this is true. "The end user owns
all the information. It would be up to the end user to opt what they
want to expose to the bank. Everything about Passport and HailStorm are
at the discretion and control of the user. Microsoft will not let it
out," he insists, noting that Microsoft has gone to great lengths to
build in the security and win the confidence of consumers. In a move to
silence its critics, Microsoft struck an alliance in July with VeriSign
Inc.-an Internet trust authority-to support deployment of HailStorm.
But one sticky point is that initially all Passport and HailStorm Web
services will be hosted in Microsoft data centers located worldwide. At
a future point, Microsoft will provide the technology and set of
processes to partners for hosting their own HailStorm services. There
is already interest from banks, market data firms and global financial
networks, hints Lehman, who calls this a "federated model."
But, "If they're going to migrate this stuff back into the B2B world,
then they're going to have to address some of the (privacy)
issues-where does the intellectual property live, who really controls
the authentication and verification of identities," says Bob Lamoreaux,
chief technology officer of WorldStreet Corporation, who is piloting
HailStorm for the next generation of its institutional pre-trade
information service. Lamoreaux says that Microsoft is very open and
interested in listening to what the financial industry is telling it.