Cashing In

Ever dream of owning the printing press that cranks out money? Who hasn't? For most of us, that's a dream that will never come true.

But Bill Gates not only has the dream; he's got the plan. Before year-end, Microsoft will begin releasing the programming elements of a Web payment system called HailStorm. This is undoubtedly the most important part of Microsoft's long-term .NET initiative of selling its software as Internet services: It's how Microsoft will get paid. And Microsoft would like your e-commerce site to use its currency, too.

HailStorm doesn't involve physical greenbacks, of course. It's a collection of XML Web page tags and Simple Object Access Protocol calls that will let Microsoft and other Web sites access a database of information describing the financial condition of every HailStorm subscriber. The database will include Web site passwords, shipping information and billing information. Eventually, it will contain e-mail addresses, phone numbers and calendar entries. Social Security and driver's license numbers also could be added, and maybe even medical records. Rob Enderle, a research fellow at Giga Information Group, calls it "a virtual you-everything and anything that defines you will be stored for quick access electronically."

HailStorm could provide a far more intimate portrait of a subscriber's financial worth and future prospects than can be found anywhere today. It would bring all your financial data together in one place-although Microsoft .NET general manager Ruthann Lorentzen assures us users will control who can see what.

What does the HailStorm program offer subscribers? Initially, the convenience of not having to fill out ID, billing and shipping information on Web sites-and, eventually, the ability to transfer data among users. One example would be expediting the purchase of an airline ticket and sharing changes in a travel itinerary with the e-mail and calendar programs of clients and co-workers.

Hailstorm's precursor-Microsoft's Passport user-authentication system already boasts some 160 million accounts across Microsoft and third party Web sites. Only AOL and Yahoo! have comparable reach, so any system Microsoft adopts is bound to significantly impact Internet businesses.

For one thing, a widely used digital currency could grease the skids of Internet commerce. Moreover, HailStorm could provide a mechanism to help Web sites turn from ad-based to subscription-supported revenue models-or, at least, a hybrid in which consumers pay for value-added services. Microsoft itself plans to finance HailStorm primarily through subscriptions.

Microsoft will also charge application and Web site developers a one-time fee for use of HailStorm software tools, support and services, with additional charges for heavy use. But if it works, HailStorm could pay for itself in advertising savings alone. Forget about the expensive shotgun approach of most mass media ads. HailStorm is the ultimate loyalty program in which you'll have enough data regarding consumers' demographics and spending habits to send only customized messages that will likely be well received.

Microsoft promises heightened security and consistent privacy policies-two oft-cited hurdles to e-commerce. But that's where the ride gets a little bumpy.

Central Bank of the Web

The problem is that Microsoft will be the only company with unrestricted control of both the servers and the programming mechanism by which others access HailStorm info.

"The idea that Microsoft can be trusted as the repository of your personal information is about as far from the average consumer's image of Microsoft as you can get," says Enderle. Giga Information Group surveys suggest users wouldn't feel comfortable even if a third-party fiduciary were involved.

Microsoft is going to great lengths to assure everyone that it will honor user privacy and not sell subscriber information to third parties. But there's currently no law to make it keep that promise, points out GartnerGroup research fellow Richard Hunter. He notes that, until subscriber protests forced a change, the terms of use for the Passport service granted Microsoft ownership of all content stored there.

"That behavior by a major corporation-especially one that wants to be everyone's home court-is not the kind of thing that builds trust," Hunter says.

Microsoft hasn't been shy about changing terms of use for its other products once it achieves market dominance. It recently eliminated support for not-so-old versions of its software, increased support charges for newer ones and changed corporate licensing policies "without warning and in ways that are clearly not in the best interests of users," says Hunter. "Would they do the same with HailStorm?"

That's pretty much up to Microsoft. It reserves the right to revoke its HailStorm developer licenses, so as "to ensure that no service using HailStorm abuses the resources involved." That seems prudent, but also lets Microsoft dictate how HailStorm information is distributed and how much it costs.

Even if you're comfortable with Microsoft as your banker, the aggregation of so much critical information creates an almost impossible security challenge, says Hunter. Microsoft is already every hacker's favorite target, and it has a spotty record at repelling attacks-even when its own source code is at risk.

GartnerGroup sees losses to cybercrime increasing 1,000 to 10,000 percent through 2004, as hackers figure out it's easier to steal a few bucks from millions of people at one time than to rob a bank.

Ultimately, HailStorm is one of those long-build-out visions Microsoft is so good at selling: Establish a standard before anyone else does, then spend a few years working out the bugs.

The new millennium hasn't been kind to Microsoft so far. But apparently, there's still a healthy supply of its most valuable commodity: Microsoft moxie.