Microsoft's newest Media Player, included free with Windows XP software, has a privacy-invading feature that came to light last week. Media Player quietly keeps a log, stored on the user's own computer, of the DVD's it plays. So users who thought they were watching movies privately were actually leaving behind records of what they have viewed. The software also sends information back to Microsoft in a way that allows the company to match individuals with their music and movie choices.

It is not surprising that technological innovations can come at the cost of privacy. What is troubling is that in many recent cases, sensitive information has been compromised in ways that even a vigilant user had no way of guarding against. Last month, Eli Lilly & Company promised the Federal Trade Commission, as part of a legal settlement, that it would improve its online security after it unintentionally disseminated the e-mail addresses of more than 600 people taking Prozac. These instances are part of a growing problem, the ability of technology to capture vast amounts of personal information about users, often without their knowledge. As the industry wrestles with how much privacy protection to build in, two guiding principles are emerging: transparency and user control. Users should be told exactly what personal information is being collected and what will be done with it. And it should be made easy for users to withhold private information or set conditions for its use.

Last month Bill Gates, in a widely publicized companywide memorandum on "trustworthy" computing, endorsed the principles of transparency and user control. Microsoft has also promised to be sensitive to the privacy concerns that are arising out of Passport, its Internet identification-verification program, which can make online shopping more convenient but can monitor and keep records of the Web sites users visit and what they buy online. These are welcome commitments from a company that already has large amounts of personal information about millions of computer users.

But these principles can be difficult to put into practice. After the problem with Media Player was revealed, Microsoft amended its policy statement to tell users that it was logging DVD titles. But Microsoft did not tell users how to stop Media Player from logging the information. That means people still lack the "user control" they should have.

Privacy issues like these will be of growing concern as more personal information is collected by Passport and other sophisticated data-collecting systems. These vast stores of information could be used by the companies that collect it to build dossiers on individuals. The government could have access to these records simply by serving a subpoena. The data could also be seen by hackers or, as in the Eli Lilly case, released accidentally.

The industry's efforts at self-regulation are a good start. But as last week's Media Player revelations showed, they have been far from foolproof. The burden remains on companies like Microsoft to show that they can be trusted to build transparency and user control into their technology. If not, the government may need to step in to protect users' reasonable expectations of privacy. http://www.nytimes.com

LOAD-DATE: February 24, 2002