The Platform for Privacy Preferences (P3P) February 2000 Update A - - PowerPoint PPT Presentation

the platform for privacy preferences p3p
SMART_READER_LITE
LIVE PREVIEW

The Platform for Privacy Preferences (P3P) February 2000 Update A - - PowerPoint PPT Presentation

Mar 26, 2024 378 likes •767 views

The Platform for Privacy Preferences (P3P) February 2000 Update A user empowerment approach Marc Langheinrich ETH Zurich P3P Preference Group Chair Outline P3P February 2000 Update Platform for Privacy Preferences Policy Background

slide-1
SLIDE 1

February 2000 Update

The Platform for Privacy Preferences

A user empowerment approach

Marc Langheinrich P3P Preference Group Chair

(P3P)

ETH Zurich

slide-2
SLIDE 2

P3P February 2000 Update

Outline

Policy Background

– Government pressure & public concern – User empowerment approach

P3P overview

– P3P goals and limitations – P3P-Howto: servers & clients – P3P privacy policies – P3P specification and related documents

P3P deployment

– Timeline, Demo implementations Platform for Privacy Preferences

slide-3
SLIDE 3

February 2000 Update

Policy Background

slide-4
SLIDE 4

P3P February 2000 Update

Government Pressure I

US Federal Trade Commission (FTC)

– Only 14% of initially surveyed sites that collect personal data had privacy policies posted (April ’97) – continues to study the issue and express concern

US Children’s Online Privacy Protection Act (COPPA)

– 90% of child-oriented sites collect personal data, less than 10% made effort to notify parents (March 98) – Requires Web sites to provide actual notice of their information practices and to obtain prior parental consent when dealing online with children age 12 and under – Goes into effect April 21, 2000

  • I. Policy Background
slide-5
SLIDE 5

P3P February 2000 Update

Government Pressure II

European Union directive 95/46/EC

– In effect since October 1998 – No secondary use of data

  • without an individual’s informed consent

– No transfer of data to non-EU countries

  • unless there is adequate privacy protection

– US & EU officials in ongoing talks since 2 years

  • Fear of trade wars
  • Next meeting February 21
  • Conference in September will address the subject of an

international convention

  • I. Policy Background
slide-6
SLIDE 6

P3P February 2000 Update

Public Concern I

April 1997 Louis Harris Poll of Internet users

– 5% report an invasion of privacy while on the Internet – 53% are concerned that browsing information will be linked to their email address and disclosed without their knowledge

  • I. Policy Background
slide-7
SLIDE 7

P3P February 2000 Update

Public Concern II

Georgia Tech WWW User Surveys

– 71% ask for laws to protect Internet privacy – 73% willing to give out demographic information if uses of data known

1999 AT&T/MIT/UC Study “Beyond Concern”:

– 61% would not give out contact information if data would be shared with others – 58% said they would be more likely to provide personal information if the site had both a privacy policy and a seal of approval from a well-known

  • rganization.
  • I. Policy Background
slide-8
SLIDE 8

P3P February 2000 Update

Revealing Personal Info

Advantages

– home delivery of products – customized information and services – ability to buy things on credit

Disadvantages

– info might be used in unexpected ways – info might be disclosed to other parties

  • I. Policy Background
slide-9
SLIDE 9

P3P February 2000 Update

User Empowerment

  • I. Policy Background

Develop tools that allow people to control the use and dissemination

  • f their personal information
slide-10
SLIDE 10

P3P February 2000 Update

Empowerment Tools

Prevent your actions from being linked to you

– Crowds (AT&T Labs), Anonymizer, Freedom (zks.net)

Allow you to develop persistent relationships not linked to each other or you

– Lucent Personal Web Assistant (Bell Labs)

Make informed choices about how your information will be used

– Platform for Privacy Preferences Project (W3C)

Know that assurances about information practices are trust worthy

– TRUSTe, BBBOnline

  • I. Policy Background
slide-11
SLIDE 11

February 2000 Update

P3P Overview

slide-12
SLIDE 12

P3P February 2000 Update

Original Idea Behind P3P

A framework for automated privacy discussions

– Web sites disclose their privacy practices in standard machine-readable formats – Web browsers automatically retrieve P3P privacy policies and compare them to users’ privacy preferences

  • II. P3P Overview
slide-13
SLIDE 13

P3P February 2000 Update

P3P1.0 – A First Step

Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable format

– Can be deployed using existing web servers

This will enable users to use tools that:

– Provide snapshots of sites’ policies – Compare policies with user preferences – Alert & advice the user

  • II. P3P Overview
slide-14
SLIDE 14

P3P February 2000 Update

Future Versions of P3P

Allow web sites to offer a choice of policies

– P3P 1.0 supports only one policy per resource

Allow for “negotiation” and explicit agreements to be reached between user agent and web site

– P3P 1.0 features “take-or-leave” functionality

Allow for non-repudiation of agreements, signatures from third-party seal providers, etc.

– P3P 1.0 comes in plain text, no possibility to prove that certain communication took place

Facilitate automated data transfer

– P3P 1.0 requires external mechanisms (e.g., form-fill) to transfer data

  • II. P3P Overview
slide-15
SLIDE 15

P3P February 2000 Update

P3P is a Partial Solution

P3P1.0 helps users understand privacy policies but is not a complete solution Seal programs and regulations

– help ensure that sites comply with their policies

Anonymity tools

– reduce the amount of information revealed while browsing

Encryption tools

– secure data in transit and storage

Laws and codes of practice

– provide a base line level for acceptable policies

  • II. P3P Overview
slide-16
SLIDE 16

P3P February 2000 Update

A simple HTTP transaction

Web Server GET http://foo.com/x.html HTTP/1.1

. . . Request web page

GET http://foo.com/x.html HTTP/1.1

. . . Request web page

HTTP/1.1 200 OK Content-Type: text/html

. . . Send web page

HTTP/1.1 200 OK Content-Type: text/html

. . . Send web page

  • II. P3P Overview
slide-17
SLIDE 17

P3P February 2000 Update

A simple HTTP transaction

Web Server

With P3P 1.0 added

GET http://foo.com/x.html HTTP/1.1

. . . Request web page

GET http://foo.com/x.html HTTP/1.1

. . . Request web page

HTTP/1.1 200 OK Opt: http://www.w3.org/TR/WD-P3P/; ns=11 11-P3P: http://foo.com/p3p.xml Content-Type: text/html

. . . Send web page

HTTP/1.1 200 OK Opt: http://www.w3.org/TR/WD-P3P/; ns=11 11-P3P: http://foo.com/p3p.xml Content-Type: text/html

. . . Send web page

GET http://foo.com/p3p.xml HTTP/1.1

. . . Request P3P Policy

GET http://foo.com/p3p.xml HTTP/1.1

. . . Request P3P Policy

HTTP/1.1 200 OK

. . . Send P3P Policy

HTTP/1.1 200 OK

. . . Send P3P Policy

  • II. P3P Overview
slide-18
SLIDE 18

P3P February 2000 Update

P3P Policies

Machine-readable (XML) version of web site privacy policies

– Use P3P Vocabulary to express data practices – Use P3P Base Data Set to express type of data collected

Captures common elements of privacy policies but may not express everything

– sites may provide further explanation in human- readable policies

  • II. P3P Overview
slide-19
SLIDE 19

P3P February 2000 Update

The P3P Vocabulary

Who is collecting data? Does the data collector provide access to my data? What assurance is there that this policy will be followed? Where is the human- readable privacy policy? What data is collected? For what purpose will data be used? Who are the data recipients (anyone beyond the data collector)? Hong long will data be retained?

  • II. P3P Overview
slide-20
SLIDE 20

P3P February 2000 Update

P3P Base Data Schema

A set of common data elements all P3P implementations should know about Includes “User.” elements such as

– name – Address – phone number, etc.

Includes “Dynamic.” elements such as

– indicators that a site collects click-stream – uses cookies – collects info of a certain category, etc.

  • II. P3P Overview
slide-21
SLIDE 21

P3P February 2000 Update

Example Privacy Policy

TheCoolCatalog, Inc., of 123 Main Street, Seattle, WA 98103 USA, makes the following statement for the Web page at http://www.TheCoolCatalog.com/catalog/. We have a privacy seal from PrivacySeal.org, which provides assurance that we abide by our policy. We do not provide access capabilities to information we may have from you. We use cookies and collect your gender, information about your clothing preferences, and (optionally) your home address to customize our entry catalog pages and for our own research and product

  • development. We retain this information indefinitely.

We also maintain server logs that include information about visits to the http://www.CoolCatalog.com/catalog/ page, and the types of browsers our visitors use. We use this information in order to maintain and improve our web site. We retain this information indefinitely.

  • II. P3P Overview
slide-22
SLIDE 22

P3P February 2000 Update

P3P/XML Encoding

<POLICY xmlns="http://www.w3.org/2000/P3Pv1" entity=“TheCoolCatalog, 123 Main Street, Seattle, WA 98103, USA"> <DISPUTES-GROUP> <DISPUTES service="http://www.PrivacySeal.org" resolution-type="independent" description="PrivacySeal, a third-party seal provider" image="http://www.PrivacySeal.org/Logo.gif"/> </DISPUTES-GROUP> <DISCLOSURE discuri="http://www.CoolCatalog.com/Practices.html" access="none"/> <STATEMENT> <CONSEQUENCE-GROUP> <CONSEQUENCE>a site with clothes you would appreciate</CONSEQUENCE> </CONSEQUENCE-GROUP> <RECIPIENT><ours/></RECIPIENT> <RETENTION><indefinitely/></RETENTION> <PURPOSE><custom/><develop/></PURPOSE> <DATA-GROUP> <DATA name="dynamic.cookies" category="state"/> <DATA name="dynamic.miscdata" category="preference"/> <DATA name="user.gender"/> <DATA name="user.home." optional="yes"/> </DATA-GROUP> </STATEMENT> <STATEMENT> <RECIPIENT><ours/></RECIPIENT> <PURPOSE><admin/><develop/></PURPOSE> <RETENTION><indefinitely/></RETENTION> <DATA-GROUP> <DATA name="dynamic.clickstream.server"/> <DATA name="dynamic.http.useragent"/> </DATA-GROUP> </STATEMENT> </POLICY>

  • II. P3P Overview
slide-23
SLIDE 23

P3P February 2000 Update

User Privacy Preferences

P3P 1.0 agents may (optionally) take action based on user preferences

– Users should not have to trust privacy defaults set by software vendors – User agents that can read APPEL (A P3P Preference Exchange Language) files can offer users a number of canned choices developed by trusted organizations – Preference editors allow users to adapt existing preferences to suit own tastes, or create new preferences from scratch

  • II. P3P Overview
slide-24
SLIDE 24

P3P February 2000 Update

Example Preferences

1. Requests for personal information which will be given out to 3rd parties should be rejected. 2. The user does not mind revealing click-stream and user agent information to sites that collect no

  • ther information. However, she insists that the

service provides some form of assurance. 3. All other requests for data transfer should result in a warning (indicating a conflict with her privacy preferences).

  • II. P3P Overview
slide-25
SLIDE 25

P3P February 2000 Update

Example Ruleset

<APPEL:APPEL xmlns:APPEL="http://www.w3.org/TR/APPEL"> <APPEL:RULESET crtdby="W3C" crtdon="13-Nov-1999 09:12:32 GMT"> <APPEL:RULE behavior="reject" description="Service collects identifiable data for 3rd parties"> <POLICY><STATEMENT> <DATA-GROUP quantifier="only"><DATA name=“User.*"/></DATA-GROUP> <RECIPIENT quantifier="any"> <same/><other/><published/><delivery/><public/><unrelated/> <RECIPIENT/> </STATEMENT></POLICY> </APPEL:RULE> <APPEL:RULE behavior="accept" description="Service only collects clickstream data"> <POLICY><STATEMENT> <DATA-GROUP quantifier="only"> <DATA name="Dynamic.HTTP.UserAgent"/> <DATA name="Dynamic.ClickStream.Server"/> </DATA-GROUP> </STATEMENT> <DISCLOSURE discURI="*"/> <DISPUTES-GROUP><DISPUTES org="*"/></DISPUTES-GROUP> </POLICY> </APPEL:RULE> <APPEL:RULE behavior="warn" description="Suspicious Policy. Beware!"> <APPEL:OTHERWISE/> </APPEL:RULE> </APPEL:RULESET></APPEL:APPEL>

  • II. P3P Overview
slide-26
SLIDE 26

P3P February 2000 Update

P3P 1.0 Documents

A P3P Preference Exchange Language (APPEL) Appendix P3P Guiding Principles P3P 1.0 Specification

“Last call” working draft currently available for public review through April 2000 http://www.w3.org/TR/P3P

  • II. P3P Overview

New public working draft should be out in February

slide-27
SLIDE 27

February 2000 Update

P3P Deployment

slide-28
SLIDE 28

P3P February 2000 Update

Timeline

June 1997 – W3C P3P kickoff meeting 1997-1999 – Many working drafts published October 1999 – W3C patent analysis published http://www.w3.org/TR/P3P-analysis November 1999 – “Last call” working draft published http://www.w3.org/TR/P3P April 30, 2000 - Last call period ends P3P eligible to become W3C “recommendation” after two interoperable implementations are available

  • III. P3P Deployment
slide-29
SLIDE 29

P3P February 2000 Update

P3P WG Participants

  • America Online (AOL)
  • AT&T Labs
  • Center for Democracy and

Technology (CDT)

  • Citibank
  • Digital Equipment Corporation
  • Engage Technologies
  • Fordham Law School
  • Geotrust
  • Hong Kong Privacy

Commissioner‘s Office

  • IBM
  • Information and Privacy

Commission/Ontario

  • Microsoft
  • MatchLogic
  • NCR
  • NEC
  • [Netscape]
  • Nokia
  • Privacy Bank
  • Privacy Commissioner of

Schleswig-Holstein

  • Sony
  • The DMA
  • TRUSTe
  • University of California/Irvine
  • VeriSign
  • ...
slide-30
SLIDE 30

P3P February 2000 Update

Outreach and Deployment

P3P Policy Outreach Working Group convened in October 1999 P3P European Workshop P3P European Interest Group (02/2000) Many prototype/demo implementations Currently looking for user agent implementations and commitments from web sites to use P3P

  • III. P3P Deployment
slide-31
SLIDE 31

P3P February 2000 Update

Interest in Europe

September meeting between P3P-WG and European Commission working party

– Article 29 WG, DG13, DG15, etc.

Interest in using P3P to complement and help enforce EU laws Plan to work together to create APPEL files corresponding to national laws

– Process should help identify remaining holes in P3P vocabulary

Several European demonstration projects plan to include P3P

  • III. P3P Deployment
slide-32
SLIDE 32

P3P February 2000 Update

P3P Demo Prototypes

AT&T Privacy Minder AT&T P3P Proposal Generator ENC Privacy Information Management System IBM P3P Parser Microsoft Privacy Wizard NEC P3P for Perl NCR P3P user agent demo

  • III. P3P Deployment

http://www.w3.org/P3P/implementations

slide-33
SLIDE 33

P3P February 2000 Update

NEC‘s P3P-4-Perl Module

Implemented in Perl as server-side proxy Works with IE5 (DOM-compliant) Open Source license

  • http://www.w3.org/P3P/contributed/nec.co.jp/

Site does not use P3P

  • III. P3P Deployment

Change privacy settings View site’s privacy policy

slide-34
SLIDE 34

P3P February 2000 Update

AT&T P3P Prototype

Implemented in Java as client-side proxy Designed to work with any web browser Open Source license

  • http://www.research.att.com/projects/p3p/pm/
  • III. P3P Deployment

Site uses P3P Site uses cookies Site has a privacy seal Select privacy settings View site’s privacy policy

slide-35
SLIDE 35

February 2000 Update

The Take Home Message

slide-36
SLIDE 36

P3P February 2000 Update

P3P …

Is …

– a user empowerment tool – is not a solution in itself – a first step (1.0), aimed at ease of deployment

Provides …

– a vocabulary & base data set to express privacy practices – a protocol for publishing privacy practices

Needs …

– no special software on server side – P3P-aware client software, tools – industry support

  • IV. The Take Home Message
slide-37
SLIDE 37

P3P February 2000 Update

Resources and Feedback

Send comments to

www-p3p-public-comments@w3.org

For further info on P3P see

http://www.w3.org/P3P/

  • IV. The Take Home Message