Professional Documents
Culture Documents
Preferences (P3P)
Katherine Koch
Matt Taylor
Stanley Trepetin
10 May 2001
Agenda
Privacy
Environment
P3P Specification
Privacy Policy Editors
User Agents
Conclusion
10 May 200
Privacy Environment
Online
Websites
10 May 200
Privacy Environment
Internet
is unstable:
10 May 200
Privacy Environment
Resulting
All
problems:
Annoyance.
Embarrassment.
Discrimination.
are unexpected.
10 May 200
Privacy Environment
Responses:
Social: opt-out
Technical: cookie managers, encryption, etc
Legislative:
Numerous
10 May 200
Privacy Environment
Insufficient:
in US.
Enforcement lax in EU.
10 May 200
P3P - Background
P3P
Essentially opt-in
Preference-based
decision-making.
10 May 200
P3P - Background
P3P
vs. FTC.
10 May 200
P3P - Background
Privacy
Consumers
10
10 May 200
P3P - Specification
11
<POLICY xmlns="http://www.w3.org/2000/12/P3Pv1"
discuri="http://www.catalog.example.com/PrivacyPracticeBrowsing.html">
<ENTITY>
<DATA-GROUP>
<DATA ref="#business.name">CatalogExample</DATA>
<DATA ref="#business.contact-info.postal.street">4 Main St.</DATA>
<DATA ref="#business.contact-info.postal.city">Birmingham</DATA>
<DATA ref="#business.contact-info.postal.stateprov">MI</DATA>
<DATA ref="#business.contact-info.postal.postalcode">48009</DATA>
</DATA-GROUP>
</ENTITY>
<ACCESS><nonident/></ACCESS>
<DISPUTES-GROUP>
<DISPUTES resolution-type="independent"
service="http://www.PrivacySeal.example.org"
short-description="PrivacySeal.example.org">
<REMEDIES><correct/></REMEDIES>
</DISPUTES>
</DISPUTES-GROUP>
<STATEMENT>
<PURPOSE><admin/><develop/></PURPOSE>
<RECIPIENT><ours/></RECIPIENT>
<RETENTION><stated-purpose/></RETENTION>
<DATA-GROUP>
<DATA ref="#dynamic.clickstream"/>
</DATA-GROUP>
</STATEMENT>
</POLICY>
10 May 200
12
notice: policy-wide:
10 May 200
13
notice: data-specific:
10 May 200
to data.
Enforcement: DISPUTES statement (e.g.
applicable court, law, etc)
14
10 May 200
for cookies.
Flexible
15
10 May 200
16
weakness:
10 May 200
P3P - Specification
No
17
10 May 200
P3P - Improvement
Multiple
18
privacy policies.
10 May 200
19
10 May 2001
Outline
What
20
10 May 200
Editing Tools
IBM
21
10 May 200
Evaluation Criteria
Technical
Criteria
Correctness
Specification-compliant/error-free
Consistency
Utilities
Completeness
Must
22
10 May 200
Evaluation Criteria
Viability
23
in Industry
10 May 200
Advantages
Disadvantages
24
10 May 200
25
10 May 200
26
10 May 200
27
10 May 200
Error Pane
28
10 May 200
29
10 May 200
30
10 May 200
31
10 May 200
Advantages
Disadvantages
32
10 May 200
YOUpowered.com
GUI Interface
33
10 May 200
YOUpowered.com
Correctness
34
10 May 200
YOUpowered.com
Completeness
35
10 May 200
YOUpowered.com
Consistency
36
10 May 200
YOUpowered.com
Viability in Industry
37
No compact policies
10 May 200
PrivacyBot.com
38
10 May 200
Provides flexibility
Files/Code are output in a simple and user friendly
way
Disadvantages
39
10 May 200
This
40
10 May 200
Simple Design
41
Box for each policy, policy reference file, html link tag, http
headers, and any compact policies
Each box has instructions on what to do with the text, where to
put the file, where to paste the code, etc.
Exporting to a local file structure, as in the YouPowered.com,
tool can be confusing
Explanations allow users to integrate P3P into their site easily
10 May 200
Design Recommendations
42
10 May 200
Design Recommendations
What
must be achieved?
Correctness
Consistency
Completeness
User
friendly
Scalable
Detailed, accurate policy reference files
Integration utilities
43
10 May 200
Design Recommendations
44
Whats missing?
10 May 200
Design Recommendations
45
10 May 200
46
10 May 200
10 May 200
User Agent
Implementations
48
10 May 2001
User
Criteria
Agent Evaluations
Recommendations
49
10 May 200
Users
50
10 May 200
Users
51
10 May 200
Seamless
52
Browsing Experience
10 May 200
Default
53
Behaviors
10 May 200
54
10 May 200
Explorer 6.0
Orby Privacy Plus
Privacy Minder
Privacy Bank
55
10 May 200
Internet Explorer 6
Microsoft
More
Cookie
Management Features
56
10 May 200
Helping
57
of personal information
10 May 200
Seamless
58
Browsing Experience
Privacy Icon
10 May 200
Default
59
Behaviors
If Internet Explorer 6 were to require all first-party Web sites to have a P3P
compact policy for the user to be "remembered" by the site using persistent
cookie placement, it would break user personalization on the Web. It would
also place significant undue hardship on small first-party sites that dont have
the resources and expertise to understand, create and implement a P3P CP
by the time Internet Explorer 6 is scheduled to ship in early summer 2001.
10 May 200
Users
Free software
No configuration required to use the P3P features
Third
60
Parties
Compact policies
10 May 200
Internet Explorer 6
Status
61
10 May 200
Add-on
to Internet Explorer
Manage cookies, remember passwords, store
personal data, fill forms
62
10 May 200
of personal information
63
10 May 200
users make
informed decisions
flags
Implicit/Explicit sites
Privacy policies
64
10 May 200
User
65
expectations
10 May 200
Seamless
66
Browsing Experience
10 May 200
Default
67
Behaviors
10 May 200
YOUpowered
Users
Third
68
Parties
10 May 200
69
10 May 200
Privacy Minder
AT&T
70
10 May 200
Privacy Bank
Stores
71
10 May 200
72
10 May 200
Integrate
73
10 May 200
74
10 May 200
Full control
Specify
preferences in detail
No automatic data transfer
75
identifiable, non-identifiable
10 May 200
The Future
76
10 May 2001
Conclusion
Improvements:
77
Specification.
Policy editors.
User agents.
10 May 200
Conclusion
Work
78
10 May 200