Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.

Published byIsabella Suzan Willis Modified over 9 years ago

Similar presentations

Presentation on theme: "The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998."— Presentation transcript:

1 The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998

2 2 Background Dynamic privacy negotiation concept has been around for a while ‘95-96: PICS for privacy discussions Fall ’96: Internet Privacy Working Group convened by CDT Summer ‘97: W3C launches P3P ‘96-98: Increasing government pressure and public concern motivates various self- regulatory efforts

3 3 Government Pressure European Union directive FTC “losing patience with self-regulation” 14% of surveyed sites that collect personal data had privacy policies posted last spring Children’s Online Privacy Protection Act

4 4 Public Concern April 1997 Louis Harris Poll of Internet users 5% say they have been the victim of an invasion of privacy while on the Internet 53% say they are concerned that information about which sites they visit will be linked to their email address and disclosed without their knowledge

5 5 Threat or Tool? Threat: Technology can automate data collection and processing Tool: Technology can automate individual control over personal information

6 6 Revealing Personal Info Advantages home delivery of products customized information and services ability to buy things on credit Disadvantages info might be used in unexpected ways info might be disclosed to other parties

7 7 User Empowerment Approach Develop tools that allow people to control the use and dissemination of their personal information

8 8 Empowerment Tools Prevent your actions from being linked to you Crowds - AT&T Labs Allow you to develop persistent relationships not linked to each other or you Lucent Personal Web Assistant - Bell Labs Make informed choices about how your information will be used Platform for Privacy Preferences Project - W3C Know that assurances about information practices are trust worthy TRUSTe - Electronic Frontier Foundation and CommerceNet

9 9 Regulatory and self-regulatory framework ServiceUser The Internet Secure channel Negotiation agent/ trust engine Pseudonym agent Anonymizing agent

10 10 Platform for Privacy Preferences Project (P3P) A framework for automated privacy discussions under development by W3C Services communicate about practices Users exercise preferences over those practices User agent can facilitate automated decision making, prompt user, exchange data, etc.

11 11 Notice and Choice Fair Information Practice Principles

12 12 Simplifying Notice and Choice visual labels example: (old) TRUSTe machine readable labels example: Platform for Internet Content Selection (PICS)

13 13 Beyond Labeling Labels support notice, but provide only limited support of choice P3P also supports Multiple privacy policies Explicit agreements Negotiation

14 14 Basic P3P Concepts user agent user data repository preferences service proposal agreement user data practices

15 15 A Simple P3P Conversation user agent service User agent: Get index.html Service: Here is my P3P proposal - I collect click-stream data and computer information for web site and system administration and customization of site User agent: OK, I accept your proposal Service: Here is index.html

16 16 More Complicated Conversations Service offers choice of proposals User agent makes counter proposal User agent rejects proposal and asks service for another offer Upon agreement, user agent automatically sends requested data No agreement is reached (see “Automated Negotiation” paper with Paul Resnick)

17 17 Assertions that can be made in a P3P Proposal Proposal level Realm Disclosure URI Access Assurance Other disclosures Change agreement Retention Statement level Consequence Data category and/or element Purpose Identifiable use Recipients

18 18 P3P Vocabulary: Purposes Completion and support of current activity Web site and system administration Customization of site to individuals Research and development Contacting visitors for marketing of services or products Other uses

19 19 Data Referenced by category or element P3P methods may be used to transfer data referenced by element Coupling between privacy disclosure and data collection Base data set includes elements all implementations should know about Services may create their own elements Vocabulary includes 10 data categories

20 20 Data Repository Users can store elements they don’t mind providing to some services Services can gain read and/or write access through P3P agreements Elements can be automatically retrieved from repository when P3P methods or auto-fill forms are used

21 21 Info can be used only when necessary to complete a transaction home address household income phone number name Info I consider somewhat sensitive favorite beverage gender zip code hair color Info I do not consider sensitive health insurance ID bank account credit card number social security # Info I consider highly sensitive Info may be used to complete a transaction or customize content Info may be used by site for any purpose, but may not be disclosed to others Physical contact info financial account IDs Computer info demographics click-stream Data category Data element Preference User interface

22 22 W3C P3P Documents Syntax Harmonized Vocabulary Base Data Set P3P1.0 SpecificationImplementation Guide Guiding principles... APPEL (A P3P Preference Exchange Language)

23 23 Guiding Principles Information Privacy Notice and Communication Choice and Control Fairness and Integrity Security A statement of intent by members of the P3P working groups and a recommendation on how to use P3P to maximize privacy

24 24 APPEL A rule language that expresses what should be done with P3P proposals Not essential to P3P, but useful for: Sharing and installation of rulesets Communication to agents, search engines, proxies, or other servers Portability between products Could be replaced by XML or RDF query language

25 25 Implementation and Deployment Need user agent and server implementations Need Web sites to create P3P proposals Web sites can use P3P without a special server, but P3P-compliant server and tools allow them to take advantage of flexibility

26 26 Incremental adoption “Levels” allow implementers to ramp up gradually Good implementations provide incentives “Privacy watchdog” features to provide useful info about non-P3P-compliant sites Good data repository implementations in user agent save typing Good data management tools for Web servers Adoption drives more adoption

27 27 Keys to Success Good end-user implementations easy to use  easy to plug in “recommended settings”  not annoying use incremental adoption model privacy friendly Good server implementations and tools Adoption by many Web sites Users find it useful Endorsement by government- regulatory and self- regulatory organizations

28 Papers and demo of AT&T P3P Proposal Generator: www.research.att.com/projects/p3p/ P3P Web site at W3C: www.w3.org/p3p/

Download ppt "The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998."

Similar presentations

EasyDirector® Simplifying the way you manage your business... Full-Featured Contact & Customer Relationship Management Tool Prepared by AITechConsulting.

EasyDirector® Simplifying the way you manage your business... Full-Featured Contact & Customer Relationship Management Tool Prepared by AITechConsulting.
Copyright © 2005 – Clickshare Service Corp. All rights reserved. Payment Aggregation & Affinity Management Clickshare for the Media Industry For more information.

Copyright © 2005 – Clickshare Service Corp. All rights reserved. Payment Aggregation & Affinity Management Clickshare for the Media Industry For more information.
Which server is right for you? Get in Contact with us 021- 671 2170

Which server is right for you? Get in Contact with us
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.

PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Regulating Online Speech / Privacy.

Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Regulating Online Speech / Privacy.
CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.
Chapter 9 e-Commerce Systems.

Chapter 9 e-Commerce Systems.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.
FIRST COURSE Computer Concepts Internet and Email Microsoft Office Get to Know Your Computer.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.
The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.
Creating a Web Site Back to Table of Contents. Creating a Web Site Conceiving a Web Site Planning a Web Site 2 Creating a Web Site Section 9-1 Section.

Creating a Web Site Back to Table of Contents. Creating a Web Site Conceiving a Web Site Planning a Web Site 2 Creating a Web Site Section 9-1 Section.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Privacy Self-Regulation.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Privacy Self-Regulation.
Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.
July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Similar presentations

Ads by Google