The launch of Facebook's Beacon advertising system in November put the social networking site in the middle of a controversy over privacy, as Beacon was criticized for being too aggressive and stealthy in collecting and broadcasting information about users' activities online. For that reason, few people right now would probably envy the job of Chris Kelly, Facebook's chief privacy officer and the person most responsible for explaining the site's policies to the public.

IDG News Service recently caught up with Kelly for a telephone interview. He answered questions about Beacon, saying the company is happy with it now after some revisions but acknowledging that the work isn't over, so we may yet see further modifications that address remaining privacy concerns.

He also tackled other hot topics, such as the company's efforts to protect minors from sexual predators as well as data portability, or the ability for users to move their data between different social networking services. Kelly said Facebook is in favor of data portability in principle but wary of it in part because of concerns about user privacy. That might surprise the critics who raised red flags over Beacon, but Kelly said there are legitimate concerns about privacy -- and security as well -- with data portability.

The following is an edited transcript of the conversation:

IDGNS: There has been a lot of talk recently about data portability, specifically about letting users of social networks export their data to other sites and applications. What's your take on data portability?

Chris Kelly: We've made it clear that we don't have a philosophical problem with data portability. The problem comes in because there are all sorts of privacy and security worries [related to it], and there are a whole bunch of people out there who would gladly attempt to exploit somebody else's personal information if they could get one point of entry into a network, for instance, and try to export as much data as possible.

So we want to make sure there are rules and controls around that to minimize the possibility of something going off. That is a critical part of all of the discussions, and it's something that, in a rush to call for data portability, most proponents haven't effectively considered. We're trying to make sure that everyone considers that. We joined the Data Portability Workgroup because we want to show that we're serious about having that conversation. But to just say that you can have a completely open system ignores that there are serious privacy and security challenges about that.

IDGNS: So given the privacy, security, and legal considerations that need to be taken into account, is a satisfying solution to data portability even possible?

Kelly: Any system needs to reflect the actual preferences of the end-user of the data, and the end possessor of the data is the data subject. At Facebook, we've obviously invested a great deal in building a preference-capturing system around that, and any portability scheme needs to reflect that type of information. We'll press for any data portability scheme to reflect the preferences of data subjects. That's a very important part of building an effective data portability setup.

IDGNS: What's your current position regarding Beacon, which has been such a big source of controversy?

Kelly: We've gotten Beacon to a point where it gives users control over the information they're bringing into Facebook from third-party Web sites and sharing with their friends. The users are coming to understand the technology better. As Mark [Zuckerberg, Facebook's founder and CEO] has said, we made some mistakes in the launch, but we think we've gotten Beacon to a very good point. We think users will have a great deal of comfort with how they share or don't share -- based on their own preferences -- actions on third-party Web sites off Facebook.

IDGNS: Mark Zuckerberg has indicated in recent interviews that Facebook continues to work on and refine Beacon to further address lingering privacy concerns. Is that your understanding?

Kelly: Yes, we learn a lot from user feedback and are constantly working to make the site more effective for our users.

IDGNS: Could you articulate the importance of the bill that New York's Attorney General Andrew Cuomo and state legislative leaders are pushing and that Facebook, among others, is backing?

Kelly: It's very important because it allows us to have unique identifiers that focus on sex offenders that we want to exclude from our site. We've been asking for this type of help from Attorney General Cuomo and some of the other attorneys general. State legislatures are listening right now and trying to make it required that when people register as sex offenders, they record any Internet and online IDs [they have] and to make it a crime to access the Internet using anything besides those identifiers. This is a big assistance to us because it lets us easily check if anybody is trying to sign up with those addresses.

IDGNS: How effective is that, considering you can get an e-mail address anytime without any verification as to who you are? Isn't this a cat-and-mouse game?

Kelly: This is where the social factor of Facebook's real-name culture comes in and the privacy controls that we have. Those are very effective in protecting people from those who might attempt to misrepresent themselves. But we also want to make sure that anyone who would do our users harm is easily excluded, and this bill will help with that quite a bit.

IDGNS: How feasible is it to come up with a tool or technology that lets social-networking site operators verify people's ages, in particular to identify -- and thus more closely protect -- underage users?

Kelly: You can have effective indicators of whether or not someone is actually a member of a community, like a high school. Facebook has always had technology to try to determine whether someone is a member of a network or not and has restricted access to their information based on that. That has a great effect in pushing towards a type of proxy age verification. It's not perfect, though, and a lot of the discussions of age verification have focused on attempting perfection in determining whether or not someone is of a certain age, and that type of perfection can't be legislated effectively.

IDGNS: A couple of weeks ago, MySpace and almost all state attorneys general announced an initiative outlining safety guidelines for social networking sites. Is that something Facebook plans to sign on to?

Kelly: That agreement substantially reflected an agreement we had previously reached with Attorney General Cuomo, and we're very glad that MySpace has stepped up in this effort. We think that going forward, there will be a variety of principles agreed upon among certain leading Internet sites.

IDGNS: Is it fair to say that the relationship between U.S. state attorneys general and social networking companies has significantly improved in recent months? It used to be quite adversarial and contentious.

Kelly: At Facebook, we've always tried to maintain a very open and honest dialogue with all the attorneys general and law enforcement agencies, and I think we're getting to a very good point with these law enforcement agencies and the industry in a broader way.

IDGNS: How realistic is it to expect a site like Facebook, which has about 60 million active users, to properly monitor what so many people are doing to prevent inappropriate or illegal behavior?

Kelly: We use very sophisticated social designs in terms of limiting access to people's information based on networks that they share in their real-world lives, and further, we use technology to look for anomalous behavior, things that may be concerning. It helps to keep our users safer and also to prevent spam and to create a more comfortable environment for our users. We have a pretty large customer service team that deals with both reports and with the potentially anomalous behavior highlighted by the technology.

IDGNS: Have you improved your response times when members report complaints about content or actions on the site? That seemed to be a big complaint Attorney General Cuomo's office had with Facebook at some point.

Kelly: Yes, absolutely.

IDGNS: Does Facebook do enough to make sure its average member understands how to manage the very granular privacy settings you offer?

Kelly: I think the average Facebook user understands very well that we take privacy extraordinarily seriously. There's always a balance to be struck between the ease of use and completeness in providing privacy control. We try to strike that balance very well, but we always listen to user feedback about that in terms of how we give them more control over what information they share and with whom.

IDGNS: How much monitoring do you do of, say, photos or videos uploaded to the site? Do those go through automated screening, or do you depend more on members manually flagging stuff they see?

Kelly: Most of the automated tools we've tested in terms of recognizing inappropriate images and things like that are ineffective. We've found that users are some of the best reporters on that, and our reporting infrastructure is extraordinarily effective in removing inappropriate content quickly and in holding those users who attempt to post them responsible by cutting off their account.

IDGNS: As chief privacy officer, what are some of your goals for this year?

Kelly: As the site and the Internet as a whole evolve, we want to continue giving people a great deal of control over what personal information they share and with whom. We want to continue to reflect the social graph very accurately, and privacy is a critical part of that, so we'll continue to bake it into the design of the site and provide people with the most effective privacy controls on the Internet.

After weeks of speculation, it appears that the general public will soon be able to get its hands on the first beta of Microsoft's follow-up to Windows Vista. A message on the MDC (MSDN Developer Conference) site states that all attendees of the upcoming MDC events, a series of Microsoft-sponsored road shows running from early December through mid-February, will receive a Windows 7 Beta 1 DVD in the mail "when they become available."

Microsoft isn't giving an exact delivery date for the Windows 7 beta, but some reports speculate the disc will be ready before January 13.

[ InfoWorld's Randall C. Kennedy and OSNews' Thom Holwerda debated the best way to assess Windows 7's changes ]

Some bloggers, the few who've actually tested the pre-beta code, have voiced concerns about the Windows 7 feature set. Infoworld's Randall C. Kennedy, for instance, recently declared that Windows 7 was essentially a slightly tweaked version of Vista. Other reports have praised-with some reservations-Windows 7's interface improvements, such as a vastly remodeled Windows Taskbar.

Microsoft has indicated that Windows 7 will likely be ready by late 2009 or early 2010, and given the lack of spectacular new features in Vista's replacement, there's no reason to think that Redmond won't meet that timeline. Certainly, the average Vista user would be thrilled if the hated User Account Control security feature would simply go away. Early indications are that it won't, but UAC will undergo some major changes in Windows 7.

PC World is an InfoWorld affiliate.

IT vendors may be growing increasingly desperate amid the global economic downturn, but customers must employ a range of tactics -- not just bullying -- to extract cost savings from them, a group of Forrester Research analysts said during a client teleconference Wednesday.

Companies simply can't use a shotgun-style approach and expect to succeed, said software licensing analyst Duncan Jones: "Anything that is undifferentiated, like a general letter that goes out [to vendors] saying we've got to cut everyone's maintenance by 10 percent? That's not going anywhere."

[ For more on how to deal with the recession, check out InfoWorld's special report: IT and the financial crisis. ]

Analyst Paul Roehrig, who focuses on outsourcing and IT services, said it is difficult and awkward to extract price concessions on a signed contract.

"Either you're begging or threatening.... Those [tactics] tend to work, but only for a short time," he said, adding, "unless you're really overpaying, there's really not that much room in the provider's margin where they can lower the price point without changing the service level."

And if a customer does succeed in lowering its services costs, "the vendor is going to immediately substitute junior people," said analyst John McCarthy, whose coverage areas include offshoring.

Instead of begging for a rate cut, customers could instead ask their vendors to assign more seasoned workers to their projects, resulting in productivity gains and cost savings, McCarthy said.

Meanwhile, the tactics are different for software licenses and maintenance agreements, according to Jones.

"One of the problems is, you're dealing with a software rep who has different goals than you. He needs to sell new licenses and has no interest in helping you cut costs," he said. "But if you get up higher in the organization, there are going to be people who care more about the long-term relationship, and there's flexibility there."

That said, now is the time to push for bigger discounts on new licenses, as sales representatives "are desperate to meet their number by end of the year," Jones added.

Companies could even indicate they'd be happy to let any outstanding deals float over into 2009, he said: "That will probably be too late for the rep, so try it as a tactic and see how much flexibility you've got."

Also, customers could use money they're prepared to spend on new software as leverage, Jones said: "Anything you're trying to get, like cutting maintenance on products you're not using, you might be able to get that as a quid pro quo for spending in another area."

Beyond maximizing their buying power, companies should save money by determining which software assets no longer need a maintenance contract, Jones said: "You save costs with minimal impact on the business, but you put pressure on other vendors because it shows you're seriously looking at everything."

A similar approach should be taken to IT services contracts, Roehrig said. "If you're asking for the highest levels of service, you're going to be paying top dollar, when the reality is that the enterprise can function just fine with not everyone having gold-plated service."

Companies should also try to get more value out of outsourcing in general through strategic hiring, he said. "If I had money as a client to invest in one thing ... I would get someone who really knows how to manage a service provider. Some of the best outsourcing deals I've come up against have really good people who know how to get a service provider to do what you want."

Customers should also seek to lower the total number of service providers they contract with, leading the way to bigger volume discounts, Roehrig said. But he noted that this can be difficult for heavily federated organizations to accomplish.

It's also possible to save money by actually helping one's vendor cut costs, according to Jones.

If four divisions within a company are negotiating separately with a vendor, they should consider consolidating those relationships, he said: "I would go to the vendor and say, how can I earn cost reductions by dealing with you in a centralized fashion?"

Microsoft on Wednesday unveiled a free plug-in for Firefox to translate Open XML documents, an update to its document translator, and a toolkit for Java developers that was built under the umbrella of its Document Interoperability Initiative.

The group released the OpenXML Document Viewer as an open source project on its Codeplex Web site. The viewer translates documents in the Open XML format, which became an ISO standard in April after much contentious debate , to HTML so they can be viewed on a browser. The viewer, which is still in the preview stage, eliminates the need for a user to install Microsoft Office or any other productivity tool set.

[ Discover the top-rated IT products as rated by the InfoWorld Test Center. ]

The first implementation developed by MindTree and Microsoft works with Firefox 3.0 running on Windows or Linux and translates font types, images, text styles, diagrams, tables, and hyperlinks. In early to mid-2009, the project will add support for Opera and add server-side features.

The software was released during a Document Interoperability Initiative (DII) meeting this week in Belgium.

Microsoft created DII in March with the help of Novell, Mark Logic, Quickoffice, DataViz, and Nuance Communications. The goal was to foster interoperability between document formats, most notably Open XML and the Open Document Format (ODF).

"Basically this is Microsoft sincerely going out and following up with what they did with OpenXML," said Peter O'Kelly, principal analyst with O'Kelly Consulting.

As part of that follow-up, Microsoft plans to support ODF in Office 2007 SP2, which is slated to ship next year.

On top of the Firefox plug-in, DII released Version 2.5 of the Open XML/ODF Translator , which supports Office 2003, 2007 and XP. The new version includes a set of ODF 1.1 compatible templates and chart enhancements for spreadsheet programs.

The templates provide preformatted documents, such as a business letter or fax sheet, that are based on either ODF or Open XML and allow predetermined conversions between formats.

DII also introduced an software developer kit for Java developers that aids in working with Open XML documents. The project aligns with the Apache POI project, which provides Java libraries for reading and writing in Microsoft Office formats.

All the DII software was released as open source projects.

"We have been seeing that a lot of people now understand that what is most important is the end user," said Jean Paoli, general manager of interoperability strategy for Microsoft. "Since for maybe a year now, we are seeing far less passion about the format issue and more rationality."

Network World is an InfoWorld affiliate

Scotland is to host two pioneering datacenters, with plans being announced to build an eco-friendly cloud centre in Inverness, and the world's largest computing facility in Lockerbie.

A new business park, a "sustainable village" with hundreds of homes and what is claimed to be the world's largest datacenter, are to be built in the south-west of Scotland under an ambitious £800 million development plan.

[ Find out more on being environmentally responsible while saving money. And stay up to date on green tech with InfoWorld's Sustainable IT blog, with our Green Tech Topic Center, and with the Green Tech newsletter. ]

The Peelhouses datacenter in Lockerbie, which is being built by Scottish firm Lockerbie Data Centres, will use green energy generated from wind turbines and a new bio-mass power station.

The entire facility will be spread over 250,000 square metres, including the development of 800 new homes in the village. Waste heat generated by the banks of computer servers will be reused to heat the new village as well as the existing town, and the business park

Scottish IT services company Alchemy Plus, with backing from Microsoft, has revealed plans to build a £20 million cloud computing center on the Inverness harbour. Inverness was chosen as an ideal site for the large computing facilities because of its cold climate, which Alchemy intends to harness to reduce the need for cooling.

[ Learn more about what cloud computing really means from InfoWorld's cloud computing primer. ]

The 20,000-square-foot facility is billed as Scotland's first eco-friendly computing facility, with the heat created by the center being used to warm nearby businesses, including a nearby hotel.

The Inverness center will operate on a cloud computing model, enabling users to subscribe on a monthly basis for the IT resources their businesses uses. Alchemy claims this companies that took part in an 18-month pilot saw an average cost savings of 28 percent.

Lockerbie Data Centres still waiting for planning permission of its plans, but chief executive John Hume said he had already received interest from a number of IT firms keen to get involved with the project.

Hume said: "The worldwide shortage of suitable data storage and the high demand for local affordable housing presents a unique opportunity for Scotland and local residents."

"With global demand for data storage expected to double by 2012, demand already outstrips supply."

Chief executive of Alchemy Plus, Peter Swanson, echoed similar sentiments on the demand for datacenter space. "The current economic downturn is driving a rapid shift towards cloud-based services which offer greater economy and flexibility."

Computerworld UK is an InfoWorld affiliate.

VMware has introduced View 3, the updated version of its virtual data infrastructure (VDI) offering. The company claimed that the new product would reduce desktop storage demands by as much as 70 percent.

In addition, the company said that it could "decouple" a desktop from specific locations to create a personalized view of that desktop, accessible from any other device -- so that a desktop could now be visible from a laptop in another office.

[ Read about VMware's VDI Storage Considerations guide. And stay up to date on the latest virtualization developments with InfoWorld's Virtualization Report blog and newsletter. ]

Jocelyn Goldfein, VMware's global manager for its desktop business said that the move supported the current trend towards mobile working. "Users are no longer tied to a desk," she said. "They use PCs, thin clients, notebooks or even smartphones."

Goldfein said that View3 was part of the vClient initiative announced at VMWorld. She said that the company was now looking at the desktop in the same way that it had looked at the datacenter. "The problem with desktop virtualization is that you still need a device. When you consolidate in a datacenter, you can get rid of 90 percent of the servers, you can't do that with the desktop." She added that View 3 would help bring virtualized desktops to devices.

The main element in View3 is View Composer. This uses a new technology called Linked Clone to generate many virtual desktops from a master image. Only desktops could be created in seconds and centrally controlled by View Manager.

Tommy Armstrong, VMware's senior marketing manager for enterprise desktops said that View 3 users would be able to provision many machines with common software -- for example, Windows, with that "golden master" as VMware calls it. He said that this could also be used for patch management.

In addition, the company has released Offline Desktop, a feature that provides the means to securely move virtual desktops between the datacenter and a local laptop or desktop. The company claimed that this would enable users to "check out" a virtual desktop onto an ordinary PC, such as a laptop, run the virtual desktop locally, and then check it back in to the datacenter.

Techworld is an InfoWorld affiliate.