Post on 17-Dec-2015
Minding Your Own Business
The Platform for Privacy Preferences Project and Privacy Minder
Lorrie Faith CranorAT&T Labs-Research
http://www.research.att.com/~lorrie/
June 1999
2
Revealing Personal InfoRevealing Personal Info
Advantageshome delivery of productscustomized information and servicesability to buy things on credit
Disadvantagesinfo might be used in unexpected waysinfo might be disclosed to other parties
3
User Empowerment Approach
User Empowerment Approach
Develop tools that allow people to control the use and dissemination of their personal information
4
Empowerment ToolsEmpowerment Tools Prevent your actions from being linked to you
Crowds - AT&T Labs; The Anonymizer - anonymizer.com
Allow you to develop persistent relationships not linked to each other or youLucent Personal Web Assistant - Bell Labs
Make informed choices about how your information will be used Platform for Privacy Preferences Project - W3C
Know that assurances about information practices are trust worthyTRUSTe - Electronic Frontier Foundation and CommerceNet
5
Platform for Privacy Preferences Project (P3P)
Platform for Privacy Preferences Project (P3P)
A framework for automated privacy discussions under development by W3C
Services communicate about practices
Users exercise preferences over those practices
User agent can facilitate automated decision making, prompt user, exchange data, etc.
6
Simplifying Notice and Choice
Simplifying Notice and Choice
visual labelsexample: TRUSTe
machine readable labelsexample: Platform for Internet
Content Selection (PICS)
7
Beyond LabelingBeyond Labeling
Labels support notice, but provide only limited support of choice
P3P supports choice by supportingMultiple privacy policiesExplicit agreements (or rejection of
proposed privacy policy)Single-round “negotiation”
8
Basic P3P ConceptsBasic P3P Concepts
useragent
user datarepository
preferences
service
proposal
agreementuser
datapractices
9
A Simple P3P ConversationA Simple P3P Conversation
useragent
service
User agent: Get index.html
Service: Here is my P3P proposal - I collect click-stream data and computer information for web site and system administration and customization of site
User agent: OK, I accept your proposal
Service: Here is index.html
10
Other Possible P3P Conversations
Other Possible P3P Conversations
Service offers choice of proposals
Upon agreement, user agent automatically sends requested data
No agreement is reached
11
DataData Referenced by category or element
Vocabulary includes 10 data categories
Base data set includes elements all implementations should know about
Services may create their own elements
“P3P methods” may be used to transfer data referenced by elementCoupling between privacy disclosure and data collection
12
Data RepositoryData Repository
Users can store elements they don’t mind providing to some services
Services can gain access to stored elements through P3P agreements
Elements can be automatically retrieved from repository when P3P methods or auto-fill forms are used
13
W3C P3P DocumentsW3C P3P Documents
Syntax
Harmonized Vocabulary
Base Data Set
P3P1.0 Specification Implementation Guide
Guiding principles
. . .
APPEL (A P3P Preference
Exchange Language)
14
Guiding PrinciplesGuiding Principles
Information Privacy
Notice and Communication
Choice and Control
Fairness and Integrity
Security
A statement of intent by members of the P3P working groups and a recommendation on
how to use P3P to maximize privacy
15
APPELAPPELA rule language that expresses what should
be done with P3P proposals
Not essential to P3P, but useful for:Sharing and installation of rulesetsCommunicating to agents, search engines, proxies,
or other serversPortability between products
Could be replaced by XML or RDF query language
16
P3P ProposalP3P Proposal
A web site encodes its privacy practices in the form of a P3P proposal
Automated tools can be used to do the actual encoding
User agents are expected to translate information in proposals into a more user friendly format
17
Types of AssertionsTypes of Assertions
Proposals can contain 2 types of assertions:
proposal level: assertions that apply generally to the whole proposal “we are a member of TRUSTe”
statement level: assertions that apply to a specific type of data“we collect information about your computer for
web site and system administration”
18
Assertions that can be made in a P3P Proposal
Assertions that can be made in a P3P Proposal
Proposal level Entity Realm Disclosure URI Access Assurance Other disclosures
Change agreementRetention
Statement level Consequence Data category
and/or element Purpose Identifiable use Recipients
19
P3P Implementation and Deployment
P3P Implementation and Deployment
Need user agent and server implementations
Need Web sites to create P3P proposals
Web sites can use P3P without a special server, but P3P-compliant server and tools allow them to take advantage of choice mechanisms
20
AT&T P3P ImplementationsAT&T P3P Implementations
P3P proposal generatorgenerates P3P proposal and human-readable
policy from web-based questionnairewritten in Perl and implemented as a CGI
script
Privacy Mindera P3P user agentwritten in Java as a client-side proxy
21
Privacy Minder DemoPrivacy Minder Demo
22
Resources and FeedbackResources and Feedback
For further info on P3P see: http://www.w3.org/P3P/
For AT&T P3P implementations and papers see: http://www.research.att.com/projects/p3p/
Send your comments to p3p-comments@w3.org or discuss with a P3P working group member