1 / 78

The Platform for Privacy Preferences (P3P)

The Platform for Privacy Preferences (P3P). Katherine Koch Matt Taylor Stanley Trepetin. Agenda. Privacy Environment P3P Specification Privacy Policy Editors User Agents Conclusion. Privacy Environment.

sheila
Télécharger la présentation

The Platform for Privacy Preferences (P3P)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Platform for Privacy Preferences (P3P) Katherine Koch Matt Taylor Stanley Trepetin Platform for Privacy Preferences

  2. Agenda • Privacy Environment • P3P Specification • Privacy Policy Editors • User Agents • Conclusion Platform for Privacy Preferences

  3. Privacy Environment • Online privacy key: 1999 Survey: 92% of Americans concerned about privacy threats when interacting online. • Websites collect information and consumers willing to provide it for certain benefits. Platform for Privacy Preferences

  4. Privacy Environment • Internet is unstable: • Poor data quality. • Organizational problems. • Security problems. • No (or difficult to read) notification. Platform for Privacy Preferences

  5. Privacy Environment • Resulting problems: • Annoyance. • Embarrassment. • Discrimination. • All are unexpected. Platform for Privacy Preferences

  6. Privacy Environment • Responses: • Social: opt-out • Technical: cookie managers, encryption, etc • Legislative: • Numerous proposed bills in US (and some passed). • Considerable protection in EU. Platform for Privacy Preferences

  7. Privacy Environment • Insufficient: • Social: opt-out costly. • Technical: technology incompatible or not widespread. • Legislative: • Sectoral in US. • Enforcement lax in EU. Platform for Privacy Preferences

  8. P3P - Background • P3P solves prior problems: • Essentially opt-in • Preference-based decision-making. • Economic and technical issues: • Widespread: integrated into MS Internet Explorer 6. • Standard (i.e. standardized) specification. Platform for Privacy Preferences

  9. P3P - Background • P3P solves prior problems (cont): • P3P works with all industries via enforceable privacy policies. • Toysmart.com vs. FTC. • Privacy policies: created from consumer and government demand. However, “Notice-based” legislation is needed to ensure creation of policies. Platform for Privacy Preferences

  10. P3P - Background • Privacy policy maker creates policy. • Including optional human readable privacy policy. • Consumers (via user agents): specify preferences, parse policy, and decide how to proceed. Platform for Privacy Preferences

  11. P3P - Specification <POLICY xmlns="http://www.w3.org/2000/12/P3Pv1" discuri="http://www.catalog.example.com/PrivacyPracticeBrowsing.html"> <ENTITY> <DATA-GROUP> <DATA ref="#business.name">CatalogExample</DATA> <DATA ref="#business.contact-info.postal.street">4 Main St.</DATA> <DATA ref="#business.contact-info.postal.city">Birmingham</DATA> <DATA ref="#business.contact-info.postal.stateprov">MI</DATA> <DATA ref="#business.contact-info.postal.postalcode">48009</DATA> </DATA-GROUP> </ENTITY> <ACCESS><nonident/></ACCESS> <DISPUTES-GROUP> <DISPUTES resolution-type="independent" service="http://www.PrivacySeal.example.org" short-description="PrivacySeal.example.org"> <REMEDIES><correct/></REMEDIES> </DISPUTES> </DISPUTES-GROUP> <STATEMENT> <PURPOSE><admin/><develop/></PURPOSE> <RECIPIENT><ours/></RECIPIENT> <RETENTION><stated-purpose/></RETENTION> <DATA-GROUP> <DATA ref="#dynamic.clickstream"/> </DATA-GROUP> </STATEMENT></POLICY> Platform for Privacy Preferences

  12. P3P - Specification strengths • Robust notice: policy-wide: • Human readability: short and long descriptions. • New policies don’t apply to “old” data w/o consent. Platform for Privacy Preferences

  13. P3P - Specification strengths • Robust notice: data-specific: • PURPOSE - reason for data collection. • RECIPIENT – destination. • RETENTION – longetivity depends on purpose. Platform for Privacy Preferences

  14. P3P - Specification strengths • ACCESS to data. • Enforcement: DISPUTES statement (e.g. applicable court, law, etc) Platform for Privacy Preferences

  15. P3P - Specification strengths • Development optimization: Compact Policies for cookies. • Flexible vocabulary: Can handle new types of monitoring technologies. Platform for Privacy Preferences

  16. P3P - Specification weakness • Notice weakness: • No multiple policies per person or across individuals. Platform for Privacy Preferences

  17. P3P - Specification • No assurance that policies are being followed. • No security standards. Platform for Privacy Preferences

  18. P3P - Improvement • Multiple privacy policies. Platform for Privacy Preferences

  19. P3P Policy Editors Utilities for drafting Specification-Compliant P3P Policies Platform for Privacy Preferences

  20. Outline • What P3P editing tools are currently available? • What criteria should we use to evaluate these tools? • What insight do these evaluations provide designers of future tools? • What role does this play in P3P’s future? Platform for Privacy Preferences

  21. Editing Tools • IBM P3P Policy Editor • YOUpowered.com/Consumer Trust • PrivacyBot.com • Privacy Information Management System (PIMS) P3P Policy Wizard Platform for Privacy Preferences

  22. Evaluation Criteria • Technical Criteria • Correctness • Specification-compliant/error-free policies that can be used by any user-side agent. • Consistency • Utilities that verify that the P3P policy is consistent with what was originally intended. • Completeness • Must accommodate all data practices, collection methods, and provide the full flexibility of the spec. Platform for Privacy Preferences

  23. Evaluation Criteria • Viability in Industry • Low cost, easily obtained • Easy to use • Scale well to web sites of increased size and complexity • Apply multiple policies to a domain, and its cookies and embedded content, through policy-ref • Aid user in integration of P3P into the site Platform for Privacy Preferences

  24. IBM P3P Policy Editor • Advantages • Strong interface for defining data collection • Utilities that warn user of errors or possible inconsistencies • XML to HTML translation to verify consistency • Disadvantages • Poor integration utilities, for creating detailed policy reference files, and exporting the necessary files/code. Platform for Privacy Preferences

  25. IBM P3P Policy EditorDefining Data Collection Practices • Clear Data Definitions/GUI Interface • Left pane contains Base Data Schema elements • user, third party, business, and dynamic • Right pane contains the data collected by the policy • Define data groups with usage attributes • Move elements from the left pane into groups on the right to include them in the policy • Any number of groups can be defined • This provides a useful, organized way of representing the site’s data collection helping to ensure consistency Platform for Privacy Preferences

  26. IBM P3P Policy Editor Platform for Privacy Preferences

  27. IBM P3P Policy EditorDefining New Data Structures • A new data set can be defined in the left pane • Elements can be added from the base data schema or can be user defined • Data sets and elements can be moved into any number of data groups on the right pane • Mechanism exploits the flexibility in data definitions provided by the specification Platform for Privacy Preferences

  28. IBM P3P Policy EditorCorrectness • Error Pane • Below the two data definition panes • Prompts user to supply any specification requirements that have not been met • required attributes, such as entity, or access information • data groups that contain no elements, recipients, purpose, etc. • Warns user about possible mistakes • does not provide action for disputes • claims to not collect any data, is this right? Platform for Privacy Preferences

  29. IBM P3P Policy EditorConsistency • XML to HTML translation • Translates the XML policy into English using a standardized template • This outlines what the XML policy states so that the user can be sure it is consistent with he/she intended to state • Policy Element Pane • Outlines the data elements, their group, purpose, and recipient • A summary of the data definitions helps ensure consistency Platform for Privacy Preferences

  30. IBM P3P Policy EditorCompleteness • Drafting multiple policies for different directories of the domain is not straight forward • Multiple policies cannot be edited simultaneously • Policy reference file is difficult to generate • Uniquely associating policy with cookies or embedded content is difficult • No mechanism for embedded or cookie include/exclude • Mechanism for compact policies is unclear Platform for Privacy Preferences

  31. IBM P3P Policy EditorViability in Industry • Free, Easy to use solution for defining data practices • Utilities for verifying correctness and consistency • Poor/Lacking mechanisms for uniquely associating multiple policies with directories of the domain,cookies, or embedded content • Poor Mechanisms for providing the user with the necessary files/code to integrate P3P into the web site • Not a scalable solution for web sites of significant complexity Platform for Privacy Preferences

  32. YOUpowered.com Consumer Trust Policy Editor • Advantages • Strong interface for creating multiple policies for a domain and associating them with directories, cookies, and embedded content • Provides much flexibility • Disadvantages • Data definition utilities less clear than IBM editor • Does not verify correctness or consistency • Allows less technically savvy user to create ambiguous and incorrect policies Platform for Privacy Preferences

  33. YOUpowered.com • GUI Interface • Allows user to toggle between different domains and their policies to allow the user to edit their attributes • Left pane is a pull down menu containing the policies and system configuration • Right pane toggles as selection is made to allow user to edit the attributes • Provides user with the ability to manipulate multiple policies simultaneously Platform for Privacy Preferences

  34. YOUpowered.comCorrectness • Errors managed as user inputs information into menus and forms • no error pane that makes user aware of errors • no mechanism that warns user of possible inconsistencies as in the IBM editor • Not all errors can be prevented in this manner Platform for Privacy Preferences

  35. YOUpowered.comCompleteness • Policy Reference files are easily created • when a policy is being edited actively, the attributes of its policy reference file can be edited • include/exclude • cookie-include/exclude • embedded-include/exclude • affords user full flexibility of the specification • The lacking correctness features cripple these added features • policy reference files can be created with errors and ambiguities Platform for Privacy Preferences

  36. YOUpowered.comConsistency • Lacks XML to HTML translation utilities • Data definition is done through menus and a less organized GUI tool, leading to more possible errors • Does not summarize the policy for the entire domain, after the policies have been applied through a policy reference file Platform for Privacy Preferences

  37. YOUpowered.comViability in Industry • Has the Completeness characteristics of a scalable solution for industry • No compact policies • Lacks the correctness and consistency requirements to be a good tool Platform for Privacy Preferences

  38. PrivacyBot.com • Generates P3P compliant policies • Charges fees for this service, as well as dispute mediation services • Provides forms for the user, which it uses to generate a P3P policy for $100 • editing this policy costs $10 • XML cannot be previewed before this fee is paid • User has minimal input in the construction of the XML • Verification of completeness, consistency, and correctness is difficult with a third party delivering the policy as part of a suite of services • Does not focus on generating a comprehensive policy, that is stored locally, and can be interpreted by any variety of user agents • Focus is on seal verification and service model Platform for Privacy Preferences

  39. PIMS P3P Policy Wizard • Advantages • Provides flexibility • Files/Code are output in a simple and user friendly way • Disadvantages • Generally requires more technically competent users Platform for Privacy Preferences

  40. PIMS P3P Policy Wizard • Tool caters to the technically competent • Prompts the user for the information required for the XML statements • User must copy XML code into a box for data statements and new data structure definitions • This design affords flexibility, but sacrifices consistency and correctness Platform for Privacy Preferences

  41. PIMS P3P Policy Wizard • Exports files/code in an HTML document • Box for each policy, policy reference file, html link tag, http headers, and any compact policies • Each box has instructions on what to do with the text, where to put the file, where to paste the code, etc. • Simple Design • Exporting to a local file structure, as in the YouPowered.com, tool can be confusing • Explanations allow users to integrate P3P into their site easily Platform for Privacy Preferences

  42. Design Recommendations • Do any of these tools provide a scalable solution for P3P compliance? • Do the sum of the strengths of the tools achieve the technical and business goals? • How can this be done? Platform for Privacy Preferences

  43. Design Recommendations • What must be achieved? • Correctness • Consistency • Completeness • User friendly • Scalable • Detailed, accurate policy reference files • Integration utilities Platform for Privacy Preferences

  44. Design Recommendations • Combine the strengths of the YOUpowered, IBM, and PIMS tools • YOUpowered tool provides ability to edit multiple policies simultaneously and construct and edit detailed policy reference files • IBM tool provides a useful GUI for defining data groups, and new data sets, in an organized way • PIMS tool allows user to export files/code in a simple and fault-tolerant way • What’s missing? Platform for Privacy Preferences

  45. Design Recommendations • Correctness Verification Utilities • utility must be added to create warnings and errors for policy reference file • multiple policies point to same URI • this policy is not referenced to anything • Consistency Verification Utilities • XML to HTML translation for a web site with multiple policies • Summary of data elements across domain with multiple policies Platform for Privacy Preferences

  46. What does this mean for P3P? • Comprehensive compliance tool is easy to conceive • What user-side demand might force its development or widespread use? Platform for Privacy Preferences

  47. Future of P3P Editors • It should not be the case that editor-side friction prevents propagation of P3P use throughout the commercial web • Could be easily integrated into web authoring tools, or offered as a stand alone utility • If user-side demand requires the adoption of P3P, commercial sites should have a tool that facilitates compliance. Platform for Privacy Preferences

  48. P3P User Agents User Agent Implementations Platform for Privacy Preferences

  49. P3P User Agents • Evaluation Criteria • Public Policy, Technical, Business • User Agent Evaluations • Internet Explorer 6, Orby Privacy Plus, Privacy Minder, Privacy Bank • Recommendations Platform for Privacy Preferences

  50. Evaluation Criteria: PolicyWhat is the tool intended to do? • Users need control of their personal information • What data does the tool allow the user to control? • Cookies, Identifiable, Non-Identifiable? • Users don’t want to read the privacy policies • How does the tool help the user make an informed decision about a site’s practices? Platform for Privacy Preferences

More Related