Microsoft plants secret users' code

Click to follow
MICROSOFT, WHOSE software runs most of the world's personal computers, admitted yesterday that its latest version of Windows generates a unique serial number secretly planted within electronic documents that could be used to trace the authors' identities.

In a disclosure with enormous privacy implications, Microsoft said it is investigating whether it is collecting the serial numbers from customers even if they indicated they didn't want them disclosed.

"If it is, it's just a bug," said Robert Bennett, Microsoft's group product manager for Windows. "If it is indeed happening, ... we'll absolutely fix that."

A programmer, Richard M Smith of Brookline, Massachusetts, noticed last week that documents he created using Microsoft's Word and Excel programs in tandem with the Windows 98 operating system included within their hidden software code a 32-digit number unique to his computer.

The number also appears in a log of information transmitted to Microsoft when customers register their copies of Windows 98, even if they say they don't want their computer details sent to the company.

Microsoft's Word and Excel programs are among the most widely used, and its Windows operating systems run roughly 85 per cent of the world's personal computers.

"Nobody to my knowledge has had a database that would allow a piece of written material to be traced back to who wrote it," said Mr Smith, president of Phar Lap Software. "I don't expect Microsoft to do that kind of tracing, but it's sort of unprecedented."

Mr Bennett said Microsoft will create a software tool to let customers remove the number, which he said is meant to help to diagnose customers' technical problems.

Mr Smith suggested, however, that Microsoft could also use the technology to identify stolen copies of Windows by comparing the hardware serial number with a 20-digit Windows product number that also is transmitted when a customer registers. The industry claims annual losses from software piracy at more than $11.4bn (pounds 7.125bn).

"If they suddenly see the same product ID number with different hardware ID numbers, it gives them evidence for court that there's software piracy," Mr Smith said.

Mr Bennett said Microsoft was looking into whether the number, called a Globally Unique Identifier, ever was obtained from customers who did not want details about their hardware disclosed, such as their network addresses. The identifier is partly based on a 12-digit number unique to each network adapter, a hardware device common in business computers that allows high-speed Internet connections. Mr Bennett promised that Microsoft will wipe any of those numbers from its internal databases that the company can determine may have been inadvertently collected.

Privacy activists were not mollified. "This is going to be a clean-up job larger than the Exxon Valdez oil spill," said Jason Catlett, president of Junkbusters, of Green Brook, New Jersey, which lobbies on privacy issues. "There are billions of tattooed documents out there." Microsoft was a founding member of the Online Privacy Alliance, a Washington-based trade group organised last year to lobby against new federal privacy laws. (AP)

Network, Review, pages 11-14