The Platform for Privacy Preferences Project (P3P) - PowerPoint PPT Presentation

About This Presentation
Title:

The Platform for Privacy Preferences Project (P3P)

Description:

... information for web site and system administration and customization of site ... Web site and system administration. Customization of site to individuals ... – PowerPoint PPT presentation

Number of Views:71
Avg rating:3.0/5.0
Slides: 29
Provided by: lorri5
Category:

less

Transcript and Presenter's Notes

Title: The Platform for Privacy Preferences Project (P3P)


1
The Platform for Privacy Preferences Project (P3P)
  • Lorrie Faith CranorATT Labs-ResearchP3P
    Interest Group Co-ChairOctober 1998

2
Background
  • Dynamic privacy negotiation concept has been
    around for a while
  • 95-96 PICS for privacy discussions
  • Fall 96 Internet Privacy Working Group convened
    by CDT
  • Summer 97 W3C launches P3P
  • 96-98 Increasing government pressure and public
    concern motivates various self-regulatory efforts

3
Government Pressure
  • European Union directive
  • FTC losing patience withself-regulation
  • 14 of surveyed sites that collect personal data
    had privacy policies posted last spring
  • Childrens Online Privacy Protection Act

4
Public Concern
  • April 1997 Louis Harris Poll of Internet users
  • 5 say they have been the victim of an invasion
    of privacy while on the Internet
  • 53 say they are concerned that information about
    which sites they visit will be linked to their
    email address and disclosed without their
    knowledge

5
Threat or Tool?
  • Threat Technology can automate data
    collection and processing
  • Tool Technology can automate individual
    control over personal information

6
Revealing Personal Info
  • Advantages
  • home delivery of products
  • customized information and services
  • ability to buy things on credit
  • Disadvantages
  • info might be used in unexpected ways
  • info might be disclosed to other parties

7
User Empowerment Approach
  • Develop tools that allow people to control the
    use and dissemination of their personal
    information

8
Empowerment Tools
  • Prevent your actions from being linked to you
  • Crowds - ATT Labs
  • Allow you to develop persistent relationships not
    linked to each other or you
  • Lucent Personal Web Assistant - Bell Labs
  • Make informed choices about how your information
    will be used
  • Platform for Privacy Preferences Project - W3C
  • Know that assurances about information practices
    are trust worthy
  • TRUSTe - Electronic Frontier Foundation and
    CommerceNet

9
(No Transcript)
10
Platform for Privacy Preferences Project (P3P)
  • A framework for automated privacy discussions
    under development by W3C
  • Services communicate about practices
  • Users exercise preferences over those practices
  • User agent can facilitate automated decision
    making, prompt user, exchange data, etc.

11
Fair Information Practice Principles
NoticeandChoice
12
Simplifying Notice and Choice
  • visual labels
  • example (old) TRUSTe
  • machine readable labels
  • example Platform for Internet Content
    Selection (PICS)

13
Beyond Labeling
  • Labels support notice, but provide only limited
    support of choice
  • P3P also supports
  • Multiple privacy policies
  • Explicit agreements
  • Negotiation

14
Basic P3P Concepts
proposal
agreement
15
A Simple P3P Conversation
  • User agent Get index.html
  • Service Here is my P3P proposal - I collect
    click-stream data and computer information for
    web site and system administration and
    customization of site
  • User agent OK, I accept your proposal
  • Service Here is index.html

16
More Complicated Conversations
  • Service offers choice of proposals
  • User agent makes counter proposal
  • User agent rejects proposal and asks service for
    another offer
  • Upon agreement, user agent automatically sends
    requested data
  • No agreement is reached
  • (see Automated Negotiation paper with Paul
    Resnick)

17
Assertions that can be made in a P3P Proposal
  • Proposal level
  • Realm
  • Disclosure URI
  • Access
  • Assurance
  • Other disclosures
  • Change agreement
  • Retention
  • Statement level
  • Consequence
  • Data category and/or element
  • Purpose
  • Identifiable use
  • Recipients

18
P3P VocabularyPurposes
  • Completion and support of current activity
  • Web site and system administration
  • Customization of site to individuals
  • Research and development
  • Contacting visitors for marketing of services or
    products
  • Other uses

19
Data
  • Referenced by category or element
  • P3P methods may be used to transfer data
    referenced by element
  • Coupling between privacy disclosure and data
    collection
  • Base data set includes elements all
    implementations should know about
  • Services may create their own elements
  • Vocabulary includes 10 data categories

20
Data Repository
  • Users can store elements they dont mind
    providing to some services
  • Services can gain read and/or write access
    through P3P agreements
  • Elements can be automatically retrieved from
    repository when P3P methods or auto-fill forms
    are used

21
Data element
Userinterface
health insurance ID
household income
favorite beverage
credit card number
social security
phone number
home address
bank account
hair color
zip code
gender
Data category
name
Info I consider somewhat sensitive
Info I do not consider sensitive
Info I consider highlysensitive
click-stream
financialaccount IDs
demographics
Physicalcontact info
Computer info
Info can be usedonly when necessaryto complete
atransaction
Info may be used to complete atransaction or
customize content
Info may be used by site for any purpose,but
may not bedisclosed to others
Preference
22
W3C P3P Documents
APPEL (A P3P Preference Exchange Language)
23
Guiding Principles
A statement of intent by members of the P3P
working groups and a recommendation on how to use
P3P to maximize privacy
  • Information Privacy
  • Notice and Communication
  • Choice and Control
  • Fairness and Integrity
  • Security

24
APPEL
  • A rule language that expresses what should be
    done with P3P proposals
  • Not essential to P3P, but useful for
  • Sharing and installation of rulesets
  • Communication to agents, search engines, proxies,
    or other servers
  • Portability between products
  • Could be replaced by XML or RDF query language

25
Implementation and Deployment
  • Need user agent and server implementations
  • Need Web sites to create P3P proposals
  • Web sites can use P3P without a special server,
    but P3P-compliant server and tools allow them to
    take advantage of flexibility

26
Incremental adoption
  • Levels allow implementers to ramp up gradually
  • Good implementations provide incentives
  • Privacy watchdog features to provide useful
    info about non-P3P-compliant sites
  • Good data repository implementations in user
    agent save typing
  • Good data management tools for Web servers
  • Adoption drives more adoption

27
Keys to Success
  • Good end-user implementations
  • easy to use
  • easy to plug in recommended settings
  • not annoying
  • use incremental adoption model
  • privacy friendly
  • Good server implementations and tools
  • Adoption by many Web sites
  • Users find it useful
  • Endorsement by government-regulatory and
    self-regulatory organizations

28
Papers and demo of ATT P3P Proposal
Generatorwww.research.att.com/projects/p3p/P3P
Web site at W3Cwww.w3.org/p3p/
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "The Platform for Privacy Preferences Project (P3P)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!