Internet World on W3C's P3P Interop

Date view Thread view Subject view Author view

From: Sally Khudairi (sk@zotgroup.com)
Date: Wed Jun 21 2000 - 18:13:47 PDT


W3C's Privacy Standard Moves Forward amid Criticism

By Tom Perrotta

Proponents of the P3P privacy standard stressed the
importance of clear privacy policies and user control at a
demonstration in Lower Manhattan on Wednesday, but privacy
advocates contended that the standard wouldn't improve
privacy but would give many Web users a false sense of
security.

P3P (Platform for Privacy Preferences Project) stores
privacy preferences on browsers -- "do not give my
personal information to third parties" -- and then
compares those preferences with a Web site's privacy
policy -- "we give information to third parties." In the
event of such a discrepancy, users will be warned and given
a "human readable" (that is, light on mumbo jumbo)
document that summarizes the company's privacy policies.

Lorrie Cranor, senior researcher at AT&T Labs and chair of
the P3P-specification working group, said the goal of P3P is
to make it easy for users to learn what data Web sites
collect, what they do with it, whether they keep it on file,
and whether users can opt-out of cookies or data collection.
P3P is being developed by the World Wide Web Consortium
( http://www.w3.org/P3P/ ) in collaboration with numerous
companies, including America Online, Microsoft, and AT&T.

And what's to guarantee that P3P-compliant companies will
adhere to their privacy policies? Well, nothing.

"Simply expressing a bad policy in clear language
doesn't help," said Jason Catlett, president of privacy
group Junkbusters Corp. and perhaps P3P's biggest opponent.
"I don't see the practical aspect of this."

Catlett believes P3P is more concerned with giving users a
chance to give up their privacy than with giving them a
chance to protect it. He said P3P would promote more data
collection than we have now on the Web, because it's in the
best interest of browser makers to set low privacy settings
as a default. If the default settings are were low, users who
downloaded a P3P-compliant browser and didn't change its
settings might mistakenly think they were being protected by
P3P.

Representatives of the Web's two most popular browsers --
Microsoft Internet Explorer and America Online's Netscape --
said they had not determined the default settings for their
initial P3P browsers, which are expected to be released later
this year.

Other possible snags abound. A plain-English P3P privacy
policy doesn't necessarily apply to an entire site; companies
can make exceptions and tell users how to find out more about
them. P3P will warn users when a site is not compliant with
P3P, which may taint the image of a company with a strong
privacy policy but no desire to implement the necessary XML.
Catlett was also dismayed by a privacy haggling feature that
P3P developers may add in the near future, which would allow
users to negotiate with Web sites about what information
they'll need to give up in order to use the site.

In addressing these and other criticisms, AT&T's Cranor
emphasized that P3P is an important first step and that
giving users more knowledge about data collection can't be a
bad thing. She also pointed out that P3P itself may make it
possible to build tools to solve some of these problems. One
such product would give users claiming privacy violations a
way of proving that a policy promised a certain thing on a
certain day -- and might include a digital signature to
certify the agreement.

... ... ... ... ... ... ... ... ... ... ... ... ...
S A L L Y K H U D A I R I <sk@zotgroup.com>
http://www.zotgroup.com/ +1.617.542.5335 ext./201
ZOT Group | 327 Summer Street | Boston, MA 02210 USA


Date view Thread view Subject view Author view

This archive was generated by hypermail 2b29 : Wed Jun 21 2000 - 18:18:49 PDT