The Platform for Privacy Preferences Project (P3P)
Download
Report
Transcript The Platform for Privacy Preferences Project (P3P)
The Platform for Privacy
Preferences Project (P3P)
Lorrie Faith Cranor
AT&T Labs-Research
P3P Interest Group Co-Chair
October 1998
Background
Dynamic privacy negotiation concept has
been around for a while
‘95-96: PICS for privacy discussions
Fall ’96: Internet Privacy Working Group
convened by CDT
Summer ‘97: W3C launches P3P
‘96-98: Increasing government pressure
and public concern motivates various selfregulatory efforts
2
Government Pressure
European Union directive
FTC “losing patience with
self-regulation”
14% of surveyed sites that collect personal
data had privacy policies posted last spring
Children’s Online Privacy
Protection Act
3
Public Concern
April 1997 Louis Harris Poll of
Internet users
5% say they have been the victim of an
invasion of privacy while on the Internet
53% say they are concerned that
information about which sites they visit will
be linked to their email address and
disclosed without their knowledge
4
Threat or Tool?
Threat: Technology can automate
data collection and
processing
Tool: Technology can automate
individual control over
personal information
5
Revealing Personal Info
Advantages
home delivery of products
customized information and services
ability to buy things on credit
Disadvantages
info might be used in unexpected ways
info might be disclosed to other parties
6
User Empowerment
Approach
Develop tools that allow people
to control the use and
dissemination of their personal
information
7
Empowerment Tools
Prevent your actions from being linked to you
Crowds - AT&T Labs
Allow you to develop persistent relationships
not linked to each other or you
Lucent Personal Web Assistant - Bell Labs
Make informed choices about how your
information will be used
Platform for Privacy Preferences Project - W3C
Know that assurances about information
practices are trust worthy
TRUSTe - Electronic Frontier Foundation and CommerceNet
8
The Internet
Anonymizing agent
Regulatory
and
self-regulatory
framework
User
Secure
channel
Pseudonym agent
Negotiation agent/
trust engine
Service
Regulatory
and
self-regulatory
framework
9
Platform for Privacy
Preferences Project (P3P)
A framework for automated privacy
discussions under development by W3C
Services communicate about practices
Users exercise preferences over those practices
User agent can facilitate automated decision
making, prompt user, exchange data, etc.
10
Fair Information Practice
Principles
Notice
and
Choice
11
Simplifying Notice and
Choice
visual labels
example: (old) TRUSTe
machine readable labels
example: Platform for Internet
Content Selection (PICS)
12
Beyond Labeling
Labels support notice, but provide
only limited support of choice
P3P also supports
Multiple privacy policies
Explicit agreements
Negotiation
13
Basic P3P Concepts
proposal
user
agent
service
user
agreement
user data
repository
preferences
data
practices
14
A Simple P3P Conversation
service
user
agent
User agent: Get index.html
Service: Here is my P3P proposal - I collect
click-stream data and computer
information for web site and system
administration and customization of site
User agent: OK, I accept your proposal
Service: Here is index.html
15
More Complicated
Conversations
Service offers choice of proposals
User agent makes counter proposal
User agent rejects proposal and asks
service for another offer
Upon agreement, user agent automatically
sends requested data
No agreement is reached
(see “Automated Negotiation” paper with Paul Resnick)
16
Assertions that can be
made in a P3P Proposal
Proposal level
Statement level
Realm
Consequence
Disclosure URI
Data category
and/or element
Access
Assurance
Other disclosures
Change agreement
Retention
Purpose
Identifiable use
Recipients
17
P3P Vocabulary:
Purposes
Completion and
support of current
activity
Web site and
system
administration
Customization of
site to individuals
Research and
development
Contacting visitors
for marketing of
services or
products
Other uses
18
Data
Referenced by category or element
P3P methods may be used to transfer data
referenced by element
Coupling between privacy disclosure and data collection
Base data set includes elements all
implementations should know about
Services may create their own elements
Vocabulary includes 10 data categories
19
Data Repository
Users can store elements they don’t
mind providing to some services
Services can gain read and/or write
access through P3P agreements
Elements can be automatically
retrieved from repository when P3P
methods or auto-fill forms are used
20
Data
element
User
interface
Data
category
financial
account IDs
Info I
consider
highly
sensitive
Info I
consider
somewhat
sensitive
Info I do not
consider
sensitive
click-stream
Physical
contact info
Info can be used
only when necessary
to complete a
transaction
demographics
Info may be used to
complete a
transaction or
customize content
Computer info
Info may be used by
site for any purpose,
but may not be
disclosed to others
Preference
21
W3C P3P Documents
P3P1.0 Specification
Implementation Guide
Syntax
Guiding principles
...
Harmonized Vocabulary
Base Data Set
APPEL
(A P3P Preference
Exchange Language)
22
Guiding Principles
A statement of intent by members of the P3P
working groups and a recommendation on
how to use P3P to maximize privacy
Information
Privacy
Notice and
Communication
Choice and Control
Fairness and
Integrity
Security
23
APPEL
A rule language that expresses what
should be done with P3P proposals
Not essential to P3P, but useful for:
Sharing and installation of rulesets
Communication to agents, search engines,
proxies, or other servers
Portability between products
Could be replaced by XML or RDF
query language
24
Implementation and
Deployment
Need user agent and server
implementations
Need Web sites to create P3P
proposals
Web sites can use P3P without a
special server, but P3P-compliant
server and tools allow them to take
advantage of flexibility
25
Incremental adoption
“Levels” allow implementers to ramp up
gradually
Good implementations provide incentives
“Privacy watchdog” features to provide useful info
about non-P3P-compliant sites
Good data repository implementations in user
agent save typing
Good data management tools for Web servers
Adoption drives more adoption
26
Keys to Success
Good end-user
implementations
easy to use
easy to plug in
“recommended
settings”
not annoying
use incremental
adoption model
privacy friendly
Good server
implementations and
tools
Adoption by many
Web sites
Users find it useful
Endorsement by
governmentregulatory and selfregulatory
organizations
27
Papers and demo of AT&T P3P
Proposal Generator:
www.research.att.com/projects/p3p/
P3P Web site at W3C:
www.w3.org/p3p/