The Future of P3PThe Future of P3P

Ari Schwartz Center for Democracy and Technology

Lorrie Faith CranorAT&T Labs-Research

http://lorrie.cranor.org/

November 2002

Introduction to P3PIntroduction to P3P

3

Privacy policiesPrivacy policiesPolicies let consumers know

about site’s privacy practices

Consumers can then decide whether or not practices are acceptable, when to opt-in or opt-out, and who to do business with

The presence or privacy policies increases consumer trust

4

Privacy policy problemsPrivacy policy problemsBUT policies are often

difficult to understand hard to findtake a long time to readchange without notice

5

Platform for Privacy Preferences Project Platform for Privacy Preferences Project (P3P)(P3P)

Developed by the World Wide Web Consortium (W3C) http://www.w3.org/p3p/Final P3P1.0 Recommendation issued 16 April 2002

Offers an easy way for web sites to communicate about their privacy policies in a standard machine-readable formatCan be deployed using existing web servers

Enables the development of tools (built into browsers or separate applications) thatSummarize privacy policiesCompare policies with user preferencesAlert and advise users

6

P3P is part of the solutionP3P is part of the solutionP3P1.0 helps users understand privacy

policies but is not a complete solution

Seal programs and regulations help ensure that sites comply with their policies

Anonymity tools reduce the amount of information revealed

while browsing

Encryption tools secure data in transit and storage

Laws and codes of practice provide a base line level for acceptable policies

7

Basic componentsBasic components P3P provides a standard XML format that

web sites use to encode their privacy policies

Sites also provide XML “policy reference files” to indicate which policy applies to which part of the site

Sites can optionally provide a “compact policy” by configuring their servers to issue a special P3P header when cookies are set

No special server software required

User software to read P3P policies called a “P3P user agent”

12

P3P increases transparencyP3P increases transparency P3P clients can

check a privacy policy each time it changes

P3P clients can check privacy policies on all objects in a web page, including ads and invisible images

http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE

http://www.att.com/accessatt/

13

P3P in IE6P3P in IE6

Privacy icon on status bar indicates that a cookie has been blocked – pop-up appears the first time the privacy icon appears

Automatic processing of compact policies only;third-party cookies without compact policies blocked by default

14

Users can click on privacy icon forlist of cookies;

privacy summariesare available atsites that are P3P-enabled

15

Privacy summary report isgenerated automaticallyfrom full P3P policy

16

P3P in Netscape 7P3P in Netscape 7

Preview version similar to IE6, focusing, on cookies; cookies without compact policies (both first-party and third-party) are “flagged” rather than blocked by default

Indicates flagged cookie

17

AT&T Privacy BirdAT&T Privacy Bird Free download of beta from http://privacybird.com/

“Browser helper object” forIE 5.01/5.5/6.0

Reads P3P policies at all P3P-enabled sites automatically

Puts bird icon at top of browser window that changes to indicate whether site matches user’s privacy preferences

Clicking on bird icon gives more information

Current version is information only – no cookie blocking

18

Chirping bird is privacy Chirping bird is privacy indicatorindicator

19

Click on the bird for more Click on the bird for more infoinfo

20

Privacy policy summary - Privacy policy summary - mismatchmismatch

21

Users select warning Users select warning conditionsconditions

23

Why web sites adopt P3PWhy web sites adopt P3P Demonstrate corporate leadership on

privacy issuesShow customers they respect their privacyDemonstrate to regulators that industry is taking

voluntary steps to address consumer privacy concerns

Distinguish brand as privacy friendly

Prevent IE6 from blocking their cookies

Anticipation that consumers will soon come to expect P3P on all web sites

Individuals who run sites value personal privacy

24

P3P Early AdoptersP3P Early Adopters News and information sites – CNET, About.com

Search engines – Yahoo, Lycos

Ad networks – DoubleClick, Avenue A

Telecom companies – AT&T

Financial institutions – Fidelity

Computer hardware and software vendors – IBM, Dell, Microsoft, McAfee

Retail stores – Fortunoff, Ritz Camera

Government agencies – FTC, Dept. of Commerce, Ontario Information and Privacy Commissioner

Non-profits - CDT

25

P3P deployment overviewP3P deployment overview1. Create a privacy policy

2. Analyze the use of cookies and third-party content on your site

3. Determine whether you want to have one P3P policy for your entire site or different P3P policies for different parts of your site

4. Create a P3P policy (or policies) for your site

5. Create a policy reference file for your site

6. Configure your server for P3P

7. Test your site to make sure it is properly P3P enabled

26

What’s in a P3P policy?What’s in a P3P policy? Name and contact information for site

The kind of access provided

Mechanisms for resolving privacy disputes

The kinds of data collected

How collected data is used, and whether individuals can opt-in or opt-out of any of these uses

Whether/when data may be shared and whether there is opt-in or opt-out

Data retention policy

28

Generating P3P filesGenerating P3P files

Edit by handCut and paste from an exampleMake sure you use P3P validator to check for

errors http://www.w3.org/P3P/validator/

Use a P3P policy generatorRecommended: IBM P3P policy editor

http://www.alphaworks.ibm.com/tech/p3peditor

Get a bookWeb Privacy with P3P http://p3pbook.com/

29

Compact policiesCompact policies Provide very short summary of full P3P

policy for cookies

Not required

Must be used in addition to full policy

May only be used with cookies

Must commit to following policy for lifetime of cookies

May over simplify site’s policy

IE6 relies heavily on compact policies for cookie filtering – especially an issue for third-party cookies

30

ImpactsImpacts Somewhat early to evaluate P3P

Some companies that P3P-enable think about privacy in new ways and change their practicesSystematic assessment of privacy practices Concrete disclosures – less wiggle roomDisclosures about areas previously not discussed

in privacy policy

Hopefully we will see greater transparency, more informed consumers, and ultimately better privacy policies

31

ResourcesResources For further

information on P3P see: http://www.w3.org/P3P/ http://p3ptoolbox.org/ http://p3pbook.com/

The Future of P3PThe Future of P3P

33

WorkshopWorkshopW3C will hold workshop

November 12-13, 2002 to discuss future of P3P

Workshop seeks to identify areas for future workP3P 1.1P3P 2.0Related standards or guidelinesCoordination with other organizations

34

Legal issuesLegal issuesLegal certainty

GLBA

EU Directive

35

User agent guidelines and User agent guidelines and conformanceconformance

P3P spec places minimal requirements on user agents

User agents have taken different approaches to cookie blocking rules, displaying policy summaries, etc.

Potential exists that user agents may misrepresent site policies

User agent certification, guidelines, best practices, etc. might help

36

Vocabulary issuesVocabulary issuesAre there privacy practices that

cannot be described adequately by the P3P vocabulary?

37

Compact policies, cookies, and Compact policies, cookies, and performanceperformance

Compact policies added to spec to improve performance and make cookie-blocking decisions faster

Compact policies over simplify, causing problems for some web sites

Cookie policies are complicated by the requirement that they cover any data linked via cookies, and the broad scope of many cookies

38

Identity management and Identity management and negotiationnegotiation

Relationship between P3P and identity management systems

Consent mechanisms

Negotiation

39

Mobile devices and location Mobile devices and location privacyprivacy

How do you provide adequate notice on small devices?

How do you configure preferences on small devices?

Are extensions to P3P needed to address location privacy issues?

40

Next stepsNext steps

Identifying and engaging stakeholders

Coordination with other organizations

Getting buy-in and resources

P3P1.1

P3P2.0

Related standards or guidelines