The following report details the audit performed on the Microsoft Phishing Filter. The Windows Live Policy and Privacy Team defined the scope of the engagement and the assertions to be included in the review. Jefferson Wells planned and performed the documentation reviews , interviews of key personnel and testing to validate the technical design and processes related to the identified assertions.
The objective of the review was to determine the validity of the assertions for the Microsoft Phishing Filter. The assertions tested were identified as appropriate statements that, when tested and validated, would assess the transmission and/or collection of personal information when using the Microsoft Phishing Filter. Jefferson Wells used the Microsoft definition for personal information in performing the review. The Microsoft definition of personal information, also referred to as personally identifiable information (PII) in this report is:
“Personally Identifiable Information means any information that identifies or can be used to identify, contact, or locate the person to whom such information pertains, or from which identification or contact information of an individual person can be derived. Some examples of PII include first and last name, address, and e -mail address.”
The audit consisted of a review of the Microsoft Phishing Filter, which was limited to the Phishing Filter client side feature in Internet Explorer 7, MSN Toolbar Add-in for Internet Explorer 6 along with the Phishing Filter’s URL Reputation Web Service.
Click here to download the full report