From: "Marc Berejka (LCA)" mberejka@microsoft.com Friends at the FTC ---- I have been on paternity leave since the beginning of the year, but have been getting on e-mail periodically to take care of some business. One of those tasks was to send in Richard Purcell's nomination to the Access/Security Advisory Committee last week. Below is the original of that e-mail, as it appears in the "sent" box of my e-mail program. I also "cc'd" myself on the original mail to ensure it left my computer and went out onto the network. Attached is the "cc" I received from myself. To my surprise, as I have been going through my back log of e-mail this evening, and found a message from the FTC indicating that you had received a blank message from me. Can you confirm that you did in fact receive Mr. Purcell's nomination? If not, have I rectified the matter by sending this along? Thank you. Marc Berejka From: Marc Berejka (LCA) VIA E-MAIL - advisorycommittee@ftc.gov January 5, 2000 Donald S. Clark
Dear Mr. Clark: Microsoft Corporation hereby nominates Richard Purcell to join the Commission's newly announced Advisory Committee on Online Access and Security. Mr. Purcell is Director of Microsoft's Corporate Privacy Group and has long played a central role in developing, implementing and monitoring information management practices at the company. In recent years, Mr. Purcell has also guided the development of software tools that enhance not only information management and security but, notably, customer access to certain personal information that Microsoft maintains. In addition, Mr. Purcell provides Microsoft's perspective to third-party organizations that deal with privacy matters and is a main point of contact for them, thus giving him a rich understanding of the policy landscape we face today. We believe, and are hopeful that the Commission will agree, that Mr. Purcell is uniquely well-suited to help the Advisory Committee meet its objectives. Microsoft is the worldwide leader in developing software for personal computers and computing devices. The company offers a wide range of products and services for business and personal use, each designed with the mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day. Microsoft also operates two of the nation's most popular sites on the World Wide Web, MSN.com and Microsoft.com, which are visited by millions upon millions of individuals monthly. Under Mr. Purcell's direction, the Corporate Privacy Group helps coordinate a variety of privacy initiatives. Microsoft is committed to being a leader in promoting effective privacy protection on the Web, and it is the Privacy Group's and Mr. Purcell's objective to help keep the company on that course. For example, as of January 1, 2000, Microsoft has restricted our online advertising to Web sites that have posted comprehensive privacy policies. We are also focused on the development of privacy-enhancing tools, such as the Platform for Privacy Preferences ("P3P"). And we are actively promoting an automated privacy statement generator, or "wizard," that helps small businesses easily create a statement of their own information practices. Mr. Purcell is responsible for assuring that these initiatives move forward in a coherent, mutually reinforcing fashion. As a large, global company and popular Web site operator, Microsoft not surprisingly runs a number of large databases to support its day-to-day operations. Mr. Purcell plays a similarly critical, coordinating role with respect to Microsoft's internal management of these information stores. Two aspects of Mr. Purcell's background are particularly noteworthy and relevant to the upcoming work of the Advisory Committee. Prior to becoming the company's Privacy Director, Mr. Purcell supervised databases that support Microsoft.com. That Web site is the one location where people from around the world and with a variety of interests can go to obtain comprehensive information about Microsoft products and services. It is also the site where users can deposit personal information about themselves and about the products and services they use in order to obtain from Microsoft support for and additional information about those products and services. Needless to say, given the popularity of Microsoft products and services, databases that support Microsoft.com are extensive and sensitive. Mr. Purcell personally wrote the specification for and oversaw the implementation of software that allows Microsoft.com databases to be managed consistent with fair information practices. That specification necessarily dealt with data security and integrity, both in terms of who has authority to access stored data and how to assure that only authorized people can access that information. And rare among Web sites, Mr. Purcell's specification for Microsoft.com also created a Web-based Personal Information Center or "PIC." The PIC is the spot on the site where a user who has submitted personal information within the site can gain access to that information to assure its accuracy and to modify it as the user wants. Thus, Mr. Purcell is well acquainted with the operational complexity of providing robust security and of providing access to personal information, and he is equally well acquainted with the cost of doing so. In addition, although Mr. Purcell is not a software programmer, he is a veteran of the software industry. He is one of several Microsoft employees working on the P3P project, and he is on the board of TrustE. And as a point person on Microsoft's privacy team, he has valuable experience investigating and articulating how information (personal or otherwise) is passed back and forth among Web sites, other information networks and software programs. It appears that much of the Advisory Committee's time will be consumed by exploring the practical aspects of information management in a computing and network environment that is becoming increasingly complex. For those on the Advisory Committee that might lack technical expertise, and for the public who might be attending Committee meetings, Mr. Purcell can offer plain-English descriptions of those complex topics. Moreover, to the extent the Committee might desire technical information on software issues deeper than those Mr. Purcell has encountered, he will be able to turn to the software experts at Microsoft for their views and then translate them, again in plain English, for the benefit of the Committee. We trust that the above is sufficient to qualify Mr. Purcell for the Committee. However, if the Commission needs additional information about Mr. Purcell and his qualifications, please do not hesitate to contact us. Sincerely, Marc Berejka ----- Message-ID: 5B3F16B2DB67D1119A0D00805F312AA2158445DD@RED-MSG-58 Subject: Advisory Committee on Online Access and Security - Nomination P004807 Date: Wed, 5 Jan 2000 15:05:40 -0800 X-Mailer: Internet Mail Service (5.5.2650.21) VIA E-MAIL - advisorycommittee@ftc.gov January 5, 2000 Donald S. Clark
Dear Mr. Clark: Microsoft Corporation hereby nominates Richard Purcell to join the Commission's newly announced Advisory Committee on Online Access and Security. Mr. Purcell is Director of Microsoft's Corporate Privacy Group and has long played a central role in developing, implementing and monitoring information management practices at the company. In recent years, Mr. Purcell has also guided the development of software tools that enhance not only information management and security but, notably, customer access to certain personal information that Microsoft maintains. In addition, Mr. Purcell provides Microsoft's perspective to third-party organizations that deal with privacy matters and is a main point of contact for them, thus giving him a rich understanding of the policy landscape we face today. We believe, and are hopeful that the Commission will agree, that Mr. Purcell is uniquely well-suited to help the Advisory Committee meet its objectives. Microsoft is the worldwide leader in developing software for personal computers and computing devices. The company offers a wide range of products and services for business and personal use, each designed with the mission of making it easier and more enjoyable for people to take advantage of the full power of personal computing every day. Microsoft also operates two of the nation's most popular sites on the World Wide Web, MSN.com and Microsoft.com, which are visited by millions upon millions of individuals monthly. Under Mr. Purcell's direction, the Corporate Privacy Group helps coordinate a variety of privacy initiatives. Microsoft is committed to being a leader in promoting effective privacy protection on the Web, and it is the Privacy Group's and Mr. Purcell's objective to help keep the company on that course. For example, as of January 1, 2000, Microsoft has restricted our online advertising to Web sites that have posted comprehensive privacy policies. We are also focused on the development of privacy-enhancing tools, such as the Platform for Privacy Preferences ("P3P"). And we are actively promoting an automated privacy statement generator, or "wizard," that helps small businesses easily create a statement of their own information practices. Mr. Purcell is responsible for assuring that these initiatives move forward in a coherent, mutually reinforcing fashion. As a large, global company and popular Web site operator, Microsoft not surprisingly runs a number of large databases to support its day-to-day operations. Mr. Purcell plays a similarly critical, coordinating role with respect to Microsoft's internal management of these information stores. Two aspects of Mr. Purcell's background are particularly noteworthy and relevant to the upcoming work of the Advisory Committee. Prior to becoming the company's Privacy Director, Mr. Purcell supervised databases that support Microsoft.com. That Web site is the one location where people from around the world and with a variety of interests can go to obtain comprehensive information about Microsoft products and services. It is also the site where users can deposit personal information about themselves and about the products and services they use in order to obtain from Microsoft support for and additional information about those products and services. Needless to say, given the popularity of Microsoft products and services, databases that support Microsoft.com are extensive and sensitive. Mr. Purcell personally wrote the specification for and oversaw the implementation of software that allows Microsoft.com databases to be managed consistent with fair information practices. That specification necessarily dealt with data security and integrity, both in terms of who has authority to access stored data and how to assure that only authorized people can access that information. And rare among Web sites, Mr. Purcell's specification for Microsoft.com also created a Web-based Personal Information Center or "PIC." The PIC is the spot on the site where a user who has submitted personal information within the site can gain access to that information to assure its accuracy and to modify it as the user wants. Thus, Mr. Purcell is well acquainted with the operational complexity of providing robust security and of providing access to personal information, and he is equally well acquainted with the cost of doing so. In addition, although Mr. Purcell is not a software programmer, he is a veteran of the software industry. He is one of several Microsoft employees working on the P3P project, and he is on the board of TrustE. And as a point person on Microsoft's privacy team, he has valuable experience investigating and articulating how information (personal or otherwise) is passed back and forth among Web sites, other information networks and software programs. It appears that much of the Advisory Committee's time will be consumed by exploring the practical aspects of information management in a computing and network environment that is becoming increasingly complex. For those on the Advisory Committee that might lack technical expertise, and for the public who might be attending Committee meetings, Mr. Purcell can offer plain-English descriptions of those complex topics. Moreover, to the extent the Committee might desire technical information on software issues deeper than those Mr. Purcell has encountered, he will be able to turn to the software experts at Microsoft for their views and then translate them, again in plain English, for the benefit of the Committee. We trust that the above is sufficient to qualify Mr. Purcell for the Committee. However, if the Commission needs additional information about Mr. Purcell and his qualifications, please do not hesitate to contact us. Sincerely, Marc Berejka CC: "'lmazzarella@ftc.gov'" <lmazzarella@ftc.gov>, "'h... |