1 / 28

The Platform for Privacy Preferences Project (P3P)

The Platform for Privacy Preferences Project (P3P). Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998. Background. Dynamic privacy negotiation concept has been around for a while ‘95-96: PICS for privacy discussions

reuben
Télécharger la présentation

The Platform for Privacy Preferences Project (P3P)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Platform for Privacy Preferences Project (P3P) Lorrie Faith CranorAT&T Labs-ResearchP3P Interest Group Co-ChairOctober 1998

  2. Background • Dynamic privacy negotiation concept has been around for a while • ‘95-96: PICS for privacy discussions • Fall ’96: Internet Privacy Working Group convened by CDT • Summer ‘97: W3C launches P3P • ‘96-98: Increasing government pressure and public concern motivates various self-regulatory efforts

  3. Government Pressure • European Union directive • FTC “losing patience withself-regulation” • 14% of surveyed sites that collect personal data had privacy policies posted last spring • Children’s Online Privacy Protection Act

  4. Public Concern April 1997 Louis Harris Poll of Internet users • 5% say they have been the victim of an invasion of privacy while on the Internet • 53% say they are concerned that information about which sites they visit will be linked to their email address and disclosed without their knowledge

  5. Threat or Tool? Threat: Technology can automate data collection and processing Tool: Technology can automate individual control over personal information

  6. Revealing Personal Info • Advantages • home delivery of products • customized information and services • ability to buy things on credit • Disadvantages • info might be used in unexpected ways • info might be disclosed to other parties

  7. User Empowerment Approach Develop tools that allow people to control the use and dissemination of their personal information

  8. Empowerment Tools • Prevent your actions from being linked to you Crowds - AT&T Labs • Allow you to develop persistent relationships not linked to each other or you Lucent Personal Web Assistant - Bell Labs • Make informed choices about how your information will be used Platform for Privacy Preferences Project- W3C • Know that assurances about information practices are trust worthy TRUSTe - Electronic Frontier Foundation and CommerceNet

  9. The Internet Anonymizing agent Regulatoryandself-regulatoryframework Pseudonym agent Secure channel User Service Regulatoryandself-regulatoryframework Negotiation agent/trust engine

  10. Platform for Privacy Preferences Project (P3P) A framework for automated privacy discussions under development by W3C • Services communicate about practices • Users exercise preferences over those practices • User agent can facilitate automated decision making, prompt user, exchange data, etc.

  11. Fair Information Practice Principles NoticeandChoice

  12. Simplifying Notice and Choice • visual labels • example: (old) TRUSTe • machine readable labels • example: Platform for Internet Content Selection (PICS)

  13. Beyond Labeling • Labels support notice, but provide only limited support of choice • P3P also supports • Multiple privacy policies • Explicit agreements • Negotiation

  14. useragent service user datarepository datapractices preferences user Basic P3P Concepts proposal agreement

  15. useragent service A Simple P3P Conversation User agent: Get index.html Service: Here is my P3P proposal - I collect click-stream data and computer information for web site and system administration and customization of site User agent: OK, I accept your proposal Service: Here is index.html

  16. More Complicated Conversations • Service offers choice of proposals • User agent makes counter proposal • User agent rejects proposal and asks service for another offer • Upon agreement, user agent automatically sends requested data • No agreement is reached (see “Automated Negotiation” paper with Paul Resnick)

  17. Proposal level Realm Disclosure URI Access Assurance Other disclosures Change agreement Retention Statement level Consequence Data category and/or element Purpose Identifiable use Recipients Assertions that can be made in a P3P Proposal

  18. Completion and support of current activity Web site and system administration Customization of site to individuals Research and development Contacting visitors for marketing of services or products Other uses P3P Vocabulary:Purposes

  19. Data • Referenced by category or element • P3P methods may be used to transfer data referenced by element • Coupling between privacy disclosure and data collection • Base data set includes elements all implementations should know about • Services may create their own elements • Vocabulary includes 10 data categories

  20. Data Repository • Users can store elements they don’t mind providing to some services • Services can gain read and/or write access through P3P agreements • Elements can be automatically retrieved from repository when P3P methods or auto-fill forms are used

  21. Data element Userinterface health insurance ID credit card number favorite beverage household income social security # phone number home address bank account hair color zip code gender Data category name Info I consider highlysensitive Info I consider somewhat sensitive Info I do not consider sensitive click-stream financialaccount IDs demographics Physicalcontact info Computer info Info can be usedonly when necessaryto complete atransaction Info may be used to complete atransaction or customize content Info may be used by site for any purpose,but may not bedisclosed to others Preference

  22. P3P1.0 Specification Implementation Guide Syntax Guiding principles . . . Harmonized Vocabulary Base Data Set W3C P3P Documents APPEL (A P3P Preference Exchange Language)

  23. Information Privacy Notice and Communication Choice and Control Fairness and Integrity Security Guiding Principles A statement of intent by members of the P3P working groups and a recommendation on how to use P3P to maximize privacy

  24. APPEL • A rule language that expresses what should be done with P3P proposals • Not essential to P3P, but useful for: • Sharing and installation of rulesets • Communication to agents, search engines, proxies, or other servers • Portability between products • Could be replaced by XML or RDF query language

  25. Implementation and Deployment • Need user agent and server implementations • Need Web sites to create P3P proposals • Web sites can use P3P without a special server, but P3P-compliant server and tools allow them to take advantage of flexibility

  26. Incremental adoption • “Levels” allow implementers to ramp up gradually • Good implementations provide incentives • “Privacy watchdog” features to provide useful info about non-P3P-compliant sites • Good data repository implementations in user agent save typing • Good data management tools for Web servers • Adoption drives more adoption

  27. Good end-user implementations easy to use easy to plug in “recommended settings” not annoying use incremental adoption model privacy friendly Good server implementations and tools Adoption by many Web sites Users find it useful Endorsement by government-regulatory and self-regulatory organizations Keys to Success

  28. Papers and demo of AT&T P3P Proposal Generator:www.research.att.com/projects/p3p/P3P Web site at W3C:www.w3.org/p3p/

More Related