Transcript The Platform for Privacy Preferences Project (P3P)

Minding Your Own
Business
The Platform for Privacy
Preferences Project
and Privacy Minder
Lorrie Faith Cranor
AT&T Labs-Research
http://www.research.att.com/~lorrie/
June 1999
Revealing Personal Info
Advantages
home delivery of products
customized information and services
ability to buy things on credit
Disadvantages
info might be used in unexpected ways
info might be disclosed to other parties
2
User Empowerment
Approach
Develop tools that allow people
to control the use and
dissemination of their personal
information
3
Empowerment Tools
 Prevent your actions from being linked to you
Crowds - AT&T Labs; The Anonymizer - anonymizer.com
 Allow you to develop persistent relationships
not linked to each other or you
Lucent Personal Web Assistant - Bell Labs
 Make informed choices about how your
information will be used
Platform for Privacy Preferences Project - W3C
 Know that assurances about information
practices are trust worthy
TRUSTe - Electronic Frontier Foundation and CommerceNet
4
Platform for Privacy
Preferences Project (P3P)
A framework for automated privacy
discussions under development by W3C
Services communicate about practices
Users exercise preferences over those practices
User agent can facilitate automated decision
making, prompt user, exchange data, etc.
5
Simplifying Notice and
Choice
visual labels
example: TRUSTe
machine readable labels
example: Platform for Internet
Content Selection (PICS)
6
Beyond Labeling
Labels support notice, but provide
only limited support of choice
P3P supports choice by supporting
Multiple privacy policies
Explicit agreements (or rejection of
proposed privacy policy)
Single-round “negotiation”
7
Basic P3P Concepts
proposal
user
agent
service
user
agreement
user data
repository
preferences
data
practices
8
A Simple P3P Conversation
service
user
agent
User agent: Get index.html
Service: Here is my P3P proposal - I collect
click-stream data and computer
information for web site and system
administration and customization of site
User agent: OK, I accept your proposal
Service: Here is index.html
9
Other Possible P3P
Conversations
Service offers choice of proposals
Upon agreement, user agent
automatically sends requested data
No agreement is reached
10
Data
 Referenced by category or element
 Vocabulary includes 10 data categories
 Base data set includes elements all
implementations should know about
 Services may create their own elements
 “P3P methods” may be used to transfer data
referenced by element
 Coupling between privacy disclosure and data collection
11
Data Repository
Users can store elements they don’t
mind providing to some services
Services can gain access to stored
elements through P3P agreements
Elements can be automatically
retrieved from repository when P3P
methods or auto-fill forms are used
12
W3C P3P Documents
P3P1.0 Specification
Implementation Guide
Syntax
Guiding principles
...
Harmonized Vocabulary
Base Data Set
APPEL
(A P3P Preference
Exchange Language)
13
Guiding Principles
A statement of intent by members of the P3P
working groups and a recommendation on
how to use P3P to maximize privacy
 Information
Privacy
 Notice and
Communication
 Choice and Control
 Fairness and
Integrity
 Security
14
APPEL
A rule language that expresses what
should be done with P3P proposals
Not essential to P3P, but useful for:
Sharing and installation of rulesets
Communicating to agents, search engines,
proxies, or other servers
Portability between products
Could be replaced by XML or RDF
query language
15
P3P Proposal
A web site encodes its privacy
practices in the form of a P3P
proposal
Automated tools can be used to do
the actual encoding
User agents are expected to translate
information in proposals into a more
user friendly format
16
Types of Assertions
Proposals can contain 2 types of assertions:
 proposal level: assertions that apply
generally to the whole proposal
 “we are a member of TRUSTe”
 statement level: assertions that apply to a
specific type of data
 “we collect information about your computer for
web site and system administration”
17
Assertions that can be
made in a P3P Proposal
Proposal level
Statement level
 Entity
 Consequence
 Realm
 Disclosure URI
 Data category
and/or element
 Access
 Purpose
 Assurance
 Identifiable use
 Other disclosures
 Recipients
 Change agreement
 Retention
18
P3P Implementation and
Deployment
Need user agent and server
implementations
Need Web sites to create P3P
proposals
Web sites can use P3P without a
special server, but P3P-compliant
server and tools allow them to take
advantage of choice mechanisms
19
AT&T P3P
Implementations
P3P proposal generator
generates P3P proposal and humanreadable policy from web-based
questionnaire
written in Perl and implemented as a CGI
script
Privacy Minder
a P3P user agent
written in Java as a client-side proxy
20
Privacy Minder Demo
21
Resources and Feedback
For further info on P3P see:
http://www.w3.org/P3P/
For AT&T P3P implementations and papers
see:
http://www.research.att.com/projects/p3p/
Send your comments to
[email protected] or discuss with a
P3P working group member
22