Boston Globe Online / Business / Microsoft admits Passport flaw, says error fixed "Under a settlement last summer, the government accused Microsoft of deceptive claims about Passport's security. In response, the company pledged to take reasonable safeguards to protect those accounts, submit to audits every two years for the next 20 years or risk fines up to $11,000 per violation.
Microsoft declined to say yesterday whether it had contacted the FTC. The agency's assistant director for financial practices, Jessica Rich, said any follow-up investigation would be conducted privately, but she added, ''We routinely look into issues that may bear on compliance with our orders.''
Sanctions or fines could be calculated various ways under federal laws, but Rich confirmed that each Passport account that was vulnerable could constitute a separate violation.
''If we were to find that they didn't take reasonable safeguards to protect the information, that could be an order violation,'' Rich said."
Theoretically, that would set the maximum fine at $2.2 trillion -- although experts said any fine would be significantly lower. Sanctions imposed by the FTC will depend on technical details of the flaw and the adequacy Microsoft's response over the next few days to prevent any recurrence."