Upload
isabella-suzan-willis
View
216
Download
2
Tags:
Embed Size (px)
Citation preview
The Platform for Privacy Preferences Project (P3P)
Lorrie Faith CranorAT&T Labs-Research
P3P Interest Group Co-Chair
October 1998
2
BackgroundBackground Dynamic privacy negotiation concept has been
around for a while
‘95-96: PICS for privacy discussions
Fall ’96: Internet Privacy Working Group convened by CDT
Summer ‘97: W3C launches P3P
‘96-98: Increasing government pressure and public concern motivates various self-regulatory efforts
3
Government PressureGovernment Pressure
European Union directive
FTC “losing patience withself-regulation”14% of surveyed sites that collect personal
data had privacy policies posted last spring
Children’s Online Privacy Protection Act
4
Public ConcernPublic Concern
April 1997 Louis Harris Poll of Internet users
5% say they have been the victim of an invasion of privacy while on the Internet
53% say they are concerned that information about which sites they visit will be linked to their email address and disclosed without their knowledge
5
Threat or Tool?Threat or Tool?
Threat: Technology can automate data collection and
processing
Tool: Technology can automate individual control over
personal information
6
Revealing Personal InfoRevealing Personal Info
Advantageshome delivery of productscustomized information and servicesability to buy things on credit
Disadvantagesinfo might be used in unexpected waysinfo might be disclosed to other parties
7
User Empowerment Approach
User Empowerment Approach
Develop tools that allow people to control the use and dissemination of their personal information
8
Empowerment ToolsEmpowerment Tools Prevent your actions from being linked to you
Crowds - AT&T Labs
Allow you to develop persistent relationships not linked to each other or youLucent Personal Web Assistant - Bell Labs
Make informed choices about how your information will be used Platform for Privacy Preferences Project - W3C
Know that assurances about information practices are trust worthyTRUSTe - Electronic Frontier Foundation and CommerceNet
9
Regulatoryand
self-regulatoryframework
Regulatoryand
self-regulatoryframework
ServiceUser
The Internet
Secure channel
Negotiation agent/trust engine
Pseudonym agent
Anonymizing agent
10
Platform for Privacy Preferences Project (P3P)
Platform for Privacy Preferences Project (P3P)
A framework for automated privacy discussions under development by W3C
Services communicate about practices
Users exercise preferences over those practices
User agent can facilitate automated decision making, prompt user, exchange data, etc.
12
Simplifying Notice and Choice
Simplifying Notice and Choice
visual labelsexample: (old) TRUSTe
machine readable labelsexample: Platform for Internet
Content Selection (PICS)
13
Beyond LabelingBeyond Labeling
Labels support notice, but provide only limited support of choice
P3P also supportsMultiple privacy policiesExplicit agreementsNegotiation
14
Basic P3P ConceptsBasic P3P Concepts
useragent
user datarepository
preferences
service
proposal
agreementuser
datapractices
15
A Simple P3P ConversationA Simple P3P Conversation
useragent
service
User agent: Get index.html
Service: Here is my P3P proposal - I collect click-stream data and computer information for web site and system administration and customization of site
User agent: OK, I accept your proposal
Service: Here is index.html
16
More Complicated Conversations
More Complicated Conversations
Service offers choice of proposals
User agent makes counter proposal
User agent rejects proposal and asks service for another offer
Upon agreement, user agent automatically sends requested data
No agreement is reached
(see “Automated Negotiation” paper with Paul Resnick)
17
Assertions that can be made in a P3P Proposal
Assertions that can be made in a P3P Proposal
Proposal level
Realm
Disclosure URI
Access
Assurance
Other disclosuresChange agreementRetention
Statement level
Consequence
Data category and/or element
Purpose
Identifiable use
Recipients
18
P3P Vocabulary:Purposes
P3P Vocabulary:Purposes
Completion and support of current activity
Web site and system administration
Customization of site to individuals
Research and development
Contacting visitors for marketing of services or products
Other uses
19
DataData Referenced by category or element
P3P methods may be used to transfer data referenced by elementCoupling between privacy disclosure and data collection
Base data set includes elements all implementations should know about
Services may create their own elements
Vocabulary includes 10 data categories
20
Data RepositoryData Repository
Users can store elements they don’t mind providing to some services
Services can gain read and/or write access through P3P agreements
Elements can be automatically retrieved from repository when P3P methods or auto-fill forms are used
21
Info can be usedonly when necessary
to complete atransaction
home address
household income
phone number
name
Info I consider
somewhat sensitive
favorite beverage
gender
zip code
hair color
Info I do not consider sensitive
health insurance ID
bank accountcredit card num
ber
social security #
Info I consider
highlysensitive
Info may be used to complete a
transaction or customize content
Info may be used by site for any purpose,
but may not bedisclosed to others
Physicalcontact info
financialaccount IDs
Computer infodemographics
click-stream
Datacategory
Dataelement
Preference
Userinterface
22
W3C P3P DocumentsW3C P3P Documents
Syntax
Harmonized Vocabulary
Base Data Set
P3P1.0 Specification Implementation Guide
Guiding principles
. . .
APPEL (A P3P Preference
Exchange Language)
23
Guiding PrinciplesGuiding Principles
Information Privacy
Notice and Communication
Choice and Control
Fairness and Integrity
Security
A statement of intent by members of the P3P working groups and a recommendation on
how to use P3P to maximize privacy
24
APPELAPPELA rule language that expresses what should
be done with P3P proposals
Not essential to P3P, but useful for:Sharing and installation of rulesetsCommunication to agents, search engines, proxies,
or other serversPortability between products
Could be replaced by XML or RDF query language
25
Implementation and Deployment
Implementation and Deployment
Need user agent and server implementations
Need Web sites to create P3P proposals
Web sites can use P3P without a special server, but P3P-compliant server and tools allow them to take advantage of flexibility
26
Incremental adoptionIncremental adoption
“Levels” allow implementers to ramp up gradually
Good implementations provide incentives “Privacy watchdog” features to provide useful info
about non-P3P-compliant sitesGood data repository implementations in user agent
save typingGood data management tools for Web servers
Adoption drives more adoption
27
Keys to SuccessKeys to Success
Good end-user implementationseasy to use
easy to plug in “recommended settings”
not annoying
use incremental adoption model
privacy friendly
Good server implementations and tools
Adoption by many Web sites
Users find it useful
Endorsement by government-regulatory and self-regulatory organizations