According to a report in Bloomberg News, Microsoft has reached a settlement with the Federal Trade Commission (FTC) regarding consumer privacy violations in its .NET Passport service. The settlement, which will likely be formally announced later today, apparently involves an "enforcement action" on the part of the FTC. The agency accused Microsoft of not adequately protecting user names, email addresses, credit-card numbers and purchasing habits from hacker attack. The software giant faces similar charges in Europe.
The FTC began its .NET Passport investigation in July 2001 after various privacy groups complained that the service deceived consumers into believing that personal information would be kept secure. The groups also charged that Microsoft required Windows XP users to sign up for the service to take advantage of certain OS features. The groups asked the FTC to force Microsoft to remove the requirement that users sign up for .NET Passport to use these features and to allow customers to easily opt-out of personal information sharing.
While terms of the settlement are currently unknown, I'll have more about this story as developments progress.