The Platform for Privacy Preferences Project (P3P)
Lorrie Faith CranorAT&T Labs-Research
P3P Interest Group Co-Chair
October 1998
2
Background Dynamic privacy negotiation concept has been
around for a while ‘95-96: PICS for privacy discussions Fall ’96: Internet Privacy Working Group convened
by CDT Summer ‘97: W3C launches P3P ‘96-98: Increasing government pressure and
public concern motivates various self-regulatory efforts
3
Government PressureEuropean Union directiveFTC “losing patience with
self-regulation”14% of surveyed sites that collect personal
data had privacy policies posted last spring
Children’s Online Privacy Protection Act
4
Public ConcernApril 1997 Louis Harris Poll of Internet users5% say they have been the victim of an
invasion of privacy while on the Internet
53% say they are concerned that information about which sites they visit will be linked to their email address and disclosed without their knowledge
5
Threat or Tool?Threat: Technology can automate
data collection and processing
Tool: Technology can automate individual control over
personal information
6
Revealing Personal InfoAdvantages
home delivery of productscustomized information and servicesability to buy things on credit
Disadvantagesinfo might be used in unexpected waysinfo might be disclosed to other parties
7
User Empowerment Approach
Develop tools that allow people to control the use and dissemination of their personal information
8
Empowerment Tools Prevent your actions from being linked to you
Crowds - AT&T Labs
Allow you to develop persistent relationships not linked to each other or youLucent Personal Web Assistant - Bell Labs
Make informed choices about how your information will be used Platform for Privacy Preferences Project - W3C
Know that assurances about information practices are trust worthyTRUSTe - Electronic Frontier Foundation and CommerceNet
9
Regulatoryand
self-regulatoryframework
Regulatoryand
self-regulatoryframework
ServiceUser
The Internet
Secure channel
Negotiation agent/trust engine
Pseudonym agent
Anonymizing agent
10
Platform for Privacy Preferences Project (P3P)
A framework for automated privacy discussions under development by W3CServices communicate about practices
Users exercise preferences over those practices
User agent can facilitate automated decision making, prompt user, exchange data, etc.
11
Noticeand
Choice
Fair Information Practice Principles
12
Simplifying Notice and Choice
visual labelsexample: (old) TRUSTe
machine readable labelsexample: Platform for Internet
Content Selection (PICS)
13
Beyond LabelingLabels support notice, but provide
only limited support of choiceP3P also supports
Multiple privacy policiesExplicit agreementsNegotiation
14
Basic P3P Concepts
useragent
user datarepository
preferences
service
proposal
agreementuser
datapractices
15
A Simple P3P Conversationuser
agentservice
User agent: Get index.html
Service: Here is my P3P proposal - I collect click-stream data and computer information for web site and system administration and customization of site
User agent: OK, I accept your proposal
Service: Here is index.html
16
More Complicated Conversations
Service offers choice of proposals User agent makes counter proposal User agent rejects proposal and asks service
for another offer Upon agreement, user agent automatically
sends requested data No agreement is reached (see “Automated Negotiation” paper with Paul Resnick)
17
Assertions that can be made in a P3P Proposal
Proposal level Realm Disclosure URI Access Assurance Other disclosures
Change agreementRetention
Statement level Consequence Data category
and/or element Purpose Identifiable use Recipients
18
P3P Vocabulary:Purposes
Completion and support of current activity
Web site and system administration
Customization of site to individuals
Research and development
Contacting visitors for marketing of services or products
Other uses
19
Data Referenced by category or element P3P methods may be used to transfer data
referenced by elementCoupling between privacy disclosure and data collection
Base data set includes elements all implementations should know about
Services may create their own elements Vocabulary includes 10 data categories
20
Data RepositoryUsers can store elements they don’t
mind providing to some servicesServices can gain read and/or write
access through P3P agreementsElements can be automatically
retrieved from repository when P3P methods or auto-fill forms are used
21
Info can be usedonly when necessary
to complete atransaction
home address
household income
phone number
name
Info I consider
somewhat sensitive
favorite beverage
gender
zip code
hair color
Info I do not consider sensitive
health insurance ID
bank accountcredit card num
ber
social security #
Info I consider
highlysensitive
Info may be used to complete a
transaction or customize content
Info may be used by site for any purpose,
but may not bedisclosed to others
Physicalcontact info
financialaccount IDs
Computer infodemographics
click-stream
Datacategory
Dataelement
Preference
Userinterface
22
W3C P3P Documents
Syntax
Harmonized Vocabulary
Base Data Set
P3P1.0 Specification Implementation Guide
Guiding principles
. . .
APPEL (A P3P Preference
Exchange Language)
23
Guiding Principles
Information Privacy
Notice and Communication
Choice and Control Fairness and
Integrity Security
A statement of intent by members of the P3P working groups and a recommendation on
how to use P3P to maximize privacy
24
APPELA rule language that expresses what should
be done with P3P proposalsNot essential to P3P, but useful for:
Sharing and installation of rulesetsCommunication to agents, search engines, proxies, or
other serversPortability between products
Could be replaced by XML or RDF query language
25
Implementation and Deployment
Need user agent and server implementations
Need Web sites to create P3P proposalsWeb sites can use P3P without a special
server, but P3P-compliant server and tools allow them to take advantage of flexibility
26
Incremental adoption “Levels” allow implementers to ramp up
gradually Good implementations provide incentives
“Privacy watchdog” features to provide useful info about non-P3P-compliant sites
Good data repository implementations in user agent save typing
Good data management tools for Web servers
Adoption drives more adoption
27
Keys to Success Good end-user
implementationseasy to use
easy to plug in “recommended settings”
not annoyinguse incremental
adoption modelprivacy friendly
Good server implementations and tools
Adoption by many Web sites
Users find it useful Endorsement by
government-regulatory and self-regulatory organizations
Papers and demo of AT&T P3P Proposal Generator:
www.research.att.com/projects/p3p/
P3P Web site at W3C:www.w3.org/p3p/