The Platform for Privacy Preferences (P3P) February 2000 Update A user empowerment approach Marc Langheinrich ETH Zurich P3P Preference Group Chair
Outline P3P February 2000 Update Platform for Privacy Preferences � Policy Background – Government pressure & public concern – User empowerment approach � P3P overview – P3P goals and limitations – P3P-Howto: servers & clients – P3P privacy policies – P3P specification and related documents � P3P deployment – Timeline, Demo implementations
Policy Background February 2000 Update
Government Pressure I P3P February 2000 Update � US Federal Trade Commission (FTC) – Only 14% of initially surveyed sites that collect personal data had privacy policies posted (April ’97) – continues to study the issue and express concern � US Children’s Online Privacy Protection Act (COPPA) I. Policy Background – 90% of child-oriented sites collect personal data, less than 10% made effort to notify parents (March 98) – Requires Web sites to provide actual notice of their information practices and to obtain prior parental consent when dealing online with children age 12 and under – Goes into effect April 21, 2000
Government Pressure II P3P February 2000 Update � European Union directive 95/46/EC – In effect since October 1998 – No secondary use of data • without an individual’s informed consent I. Policy Background – No transfer of data to non-EU countries • unless there is adequate privacy protection – US & EU officials in ongoing talks since 2 years • Fear of trade wars • Next meeting February 21 • Conference in September will address the subject of an international convention
Public Concern I P3P February 2000 Update � April 1997 Louis Harris Poll of Internet users – 5% report an invasion of privacy while on the Internet – 53% are concerned that browsing information will be linked to their email address and disclosed I. Policy Background without their knowledge
Public Concern II P3P February 2000 Update � Georgia Tech WWW User Surveys – 71% ask for laws to protect Internet privacy – 73% willing to give out demographic information if uses of data known � 1999 AT&T/MIT/UC Study “Beyond Concern”: I. Policy Background – 61% would not give out contact information if data would be shared with others – 58% said they would be more likely to provide personal information if the site had both a privacy policy and a seal of approval from a well-known organization.
Revealing Personal Info P3P February 2000 Update � Advantages – home delivery of products – customized information and services – ability to buy things on credit I. Policy Background � Disadvantages – info might be used in unexpected ways – info might be disclosed to other parties
User Empowerment P3P February 2000 Update Develop tools that allow people to control the use and dissemination I. Policy Background of their personal information
Empowerment Tools P3P February 2000 Update � Prevent your actions from being linked to you – Crowds (AT&T Labs), Anonymizer, Freedom (zks.net) � Allow you to develop persistent relationships not linked to each other or you – Lucent Personal Web Assistant (Bell Labs) I. Policy Background � Make informed choices about how your information will be used – Platform for Privacy Preferences Project (W3C) � Know that assurances about information practices are trust worthy – TRUSTe, BBBOnline
P3P Overview February 2000 Update
Original Idea Behind P3P P3P February 2000 Update � A framework for automated privacy discussions – Web sites disclose their privacy practices in standard machine-readable formats – Web browsers automatically retrieve P3P II. P3P Overview privacy policies and compare them to users’ privacy preferences
P3P1.0 – A First Step P3P February 2000 Update � Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format – Can be deployed using existing web servers � This will enable users to use tools that: II. P3P Overview – Provide snapshots of sites’ policies – Compare policies with user preferences – Alert & advice the user
Future Versions of P3P P3P February 2000 Update � Allow web sites to offer a choice of policies – P3P 1.0 supports only one policy per resource � Allow for “negotiation” and explicit agreements to be reached between user agent and web site – P3P 1.0 features “take-or-leave” functionality � Allow for non-repudiation of agreements, signatures from third-party seal providers, etc. II. P3P Overview – P3P 1.0 comes in plain text, no possibility to prove that certain communication took place � Facilitate automated data transfer – P3P 1.0 requires external mechanisms (e.g., form-fill) to transfer data
P3P is a Partial Solution P3P February 2000 Update � P3P1.0 helps users understand privacy policies but is not a complete solution � Seal programs and regulations – help ensure that sites comply with their policies � Anonymity tools – reduce the amount of information revealed while browsing II. P3P Overview � Encryption tools – secure data in transit and storage � Laws and codes of practice – provide a base line level for acceptable policies
A simple HTTP transaction P3P February 2000 Update Web Server GET http://foo.com/x.html HTTP/1.1 GET http://foo.com/x.html HTTP/1.1 . . . Request web page . . . Request web page HTTP/1.1 200 OK HTTP/1.1 200 OK Content-Type: text/html II. P3P Overview Content-Type: text/html . . . Send web page . . . Send web page
A simple HTTP transaction P3P February 2000 Update With P3P 1.0 added Web Server GET http://foo.com/x.html HTTP/1.1 GET http://foo.com/x.html HTTP/1.1 . . . Request web page . . . Request web page HTTP/1.1 200 OK HTTP/1.1 200 OK Opt: http://www.w3.org/TR/WD-P3P/; ns=11 Opt: http://www.w3.org/TR/WD-P3P/; ns=11 II. P3P Overview 11-P3P: http://foo.com/p3p.xml 11-P3P: http://foo.com/p3p.xml Content-Type: text/html Content-Type: text/html . . . Send web page . . . Send web page GET http://foo.com/p3p.xml HTTP/1.1 GET http://foo.com/p3p.xml HTTP/1.1 . . . Request P3P Policy . . . Request P3P Policy HTTP/1.1 200 OK HTTP/1.1 200 OK . . . Send P3P Policy . . . Send P3P Policy
P3P Policies P3P February 2000 Update � Machine-readable (XML) version of web site privacy policies – Use P3P Vocabulary to express data practices – Use P3P Base Data Set to express type of data collected � Captures common elements of privacy II. P3P Overview policies but may not express everything – sites may provide further explanation in human- readable policies
The P3P Vocabulary P3P February 2000 Update � Who is collecting data? � What data is collected? � Does the data collector � For what purpose will provide access to my data be used? data? � Who are the data � What assurance is recipients (anyone there that this policy beyond the data II. P3P Overview will be followed? collector)? � Where is the human- � Hong long will data be readable privacy retained ? policy?
P3P Base Data Schema P3P February 2000 Update � A set of common data elements all P3P implementations should know about � Includes “ User. ” elements such as – name – Address – phone number, etc. II. P3P Overview � Includes “ Dynamic. ” elements such as – indicators that a site collects click-stream – uses cookies – collects info of a certain category, etc.
Example Privacy Policy P3P February 2000 Update TheCoolCatalog, Inc., of 123 Main Street, Seattle, WA 98103 USA, makes the following statement for the Web page at http://www.TheCoolCatalog.com/catalog/. We have a privacy seal from PrivacySeal.org, which provides assurance that we abide by our policy. We do not provide access capabilities to information we may have from you. We use cookies and collect your gender , information about your clothing preferences , and ( optionally ) your home address to customize our entry catalog pages and for our own research and product II. P3P Overview development. We retain this information indefinitely. We also maintain server logs that include information about visits to the http://www.CoolCatalog.com/catalog/ page, and the types of browsers our visitors use. We use this information in order to maintain and improve our web site. We retain this information indefinitely.
Recommend
More recommend