Presentation is loading. Please wait.

Presentation is loading. Please wait.

10 May 2001Platform for Privacy Preferences 1 The Platform for Privacy Preferences (P3P) Katherine Koch Matt Taylor Stanley Trepetin.

Published byGriffin Warner Modified over 8 years ago

Similar presentations

Presentation on theme: "10 May 2001Platform for Privacy Preferences 1 The Platform for Privacy Preferences (P3P) Katherine Koch Matt Taylor Stanley Trepetin."— Presentation transcript:

1

2 10 May 2001Platform for Privacy Preferences 1 The Platform for Privacy Preferences (P3P) Katherine Koch Matt Taylor Stanley Trepetin

3 10 May 2001 Platform for Privacy Preferences 2 Agenda Privacy Environment P3P Specification Privacy Policy Editors User Agents Conclusion

4 10 May 2001 Platform for Privacy Preferences 3 Privacy Environment Online privacy key: 1999 Survey: 92% of Americans concerned about privacy threats when interacting online. Websites collect information and consumers willing to provide it for certain benefits.

5 10 May 2001 Platform for Privacy Preferences 4 Privacy Environment Internet is unstable: – Poor data quality. – Organizational problems. – Security problems. – No (or difficult to read) notification.

6 10 May 2001 Platform for Privacy Preferences 5 Privacy Environment Resulting problems: – Annoyance. – Embarrassment. – Discrimination. All are unexpected.

7 10 May 2001 Platform for Privacy Preferences 6 Privacy Environment Responses: – Social: opt-out – Technical: cookie managers, encryption, etc – Legislative: Numerous proposed bills in US (and some passed). Considerable protection in EU.

8 10 May 2001 Platform for Privacy Preferences 7 Privacy Environment Insufficient: – Social: opt-out costly. – Technical: technology incompatible or not widespread. – Legislative: Sectoral in US. Enforcement lax in EU.

9 10 May 2001 Platform for Privacy Preferences 8 P3P - Background P3P solves prior problems: – Essentially opt-in Preference-based decision-making. – Economic and technical issues: Widespread: integrated into MS Internet Explorer 6. Standard (i.e. standardized) specification.

10 10 May 2001 Platform for Privacy Preferences 9 P3P - Background P3P solves prior problems (cont): – P3P works with all industries via enforceable privacy policies. Toysmart.com vs. FTC. – Privacy policies: created from consumer and government demand. However, “Notice-based” legislation is needed to ensure creation of policies.

11 10 May 2001 Platform for Privacy Preferences 10 P3P - Background Privacy policy maker creates policy. – Including optional human readable privacy policy. Consumers (via user agents): specify preferences, parse policy, and decide how to proceed.

12 10 May 2001 Platform for Privacy Preferences 11 P3P - Specification CatalogExample 4 Main St. Birmingham MI 48009

13 10 May 2001 Platform for Privacy Preferences 12 P3P - Specification strengths Robust notice: policy-wide: – Human readability: short and long descriptions. – New policies don’t apply to “old” data w/o consent.

14 10 May 2001 Platform for Privacy Preferences 13 P3P - Specification strengths Robust notice: data-specific: – PURPOSE - reason for data collection. – RECIPIENT – destination. – RETENTION – longetivity depends on purpose.

15 10 May 2001 Platform for Privacy Preferences 14 P3P - Specification strengths ACCESS to data. Enforcement: DISPUTES statement (e.g. applicable court, law, etc)

16 10 May 2001 Platform for Privacy Preferences 15 P3P - Specification strengths Development optimization: Compact Policies for cookies. Flexible vocabulary: Can handle new types of monitoring technologies.

17 10 May 2001 Platform for Privacy Preferences 16 P3P - Specification weakness Notice weakness: – No multiple policies per person or across individuals.

18 10 May 2001 Platform for Privacy Preferences 17 P3P - Specification No assurance that policies are being followed. No security standards.

19 10 May 2001 Platform for Privacy Preferences 18 P3P - Improvement Multiple privacy policies.

20 10 May 2001Platform for Privacy Preferences 19 P3P Policy Editors Utilities for drafting Specification- Compliant P3P Policies

21 10 May 2001 Platform for Privacy Preferences 20 Outline What P3P editing tools are currently available? What criteria should we use to evaluate these tools? What insight do these evaluations provide designers of future tools? What role does this play in P3P’s future?

22 10 May 2001 Platform for Privacy Preferences 21 Editing Tools IBM P3P Policy Editor YOUpowered.com/Consumer Trust PrivacyBot.com Privacy Information Management System (PIMS) P3P Policy Wizard

23 10 May 2001 Platform for Privacy Preferences 22 Evaluation Criteria Technical Criteria – Correctness Specification-compliant/error-free policies that can be used by any user-side agent. – Consistency Utilities that verify that the P3P policy is consistent with what was originally intended. – Completeness Must accommodate all data practices, collection methods, and provide the full flexibility of the spec.

24 10 May 2001 Platform for Privacy Preferences 23 Evaluation Criteria Viability in Industry – Low cost, easily obtained – Easy to use – Scale well to web sites of increased size and complexity Apply multiple policies to a domain, and its cookies and embedded content, through policy-ref Aid user in integration of P3P into the site

25 10 May 2001 Platform for Privacy Preferences 24 IBM P3P Policy Editor Advantages – Strong interface for defining data collection – Utilities that warn user of errors or possible inconsistencies – XML to HTML translation to verify consistency Disadvantages – Poor integration utilities, for creating detailed policy reference files, and exporting the necessary files/code.

26 10 May 2001 Platform for Privacy Preferences 25 IBM P3P Policy Editor Defining Data Collection Practices Clear Data Definitions/GUI Interface – Left pane contains Base Data Schema elements user, third party, business, and dynamic – Right pane contains the data collected by the policy Define data groups with usage attributes Move elements from the left pane into groups on the right to include them in the policy Any number of groups can be defined – This provides a useful, organized way of representing the site’s data collection helping to ensure consistency

27 10 May 2001 Platform for Privacy Preferences 26 IBM P3P Policy Editor

28 10 May 2001 Platform for Privacy Preferences 27 IBM P3P Policy Editor Defining New Data Structures A new data set can be defined in the left pane – Elements can be added from the base data schema or can be user defined – Data sets and elements can be moved into any number of data groups on the right pane Mechanism exploits the flexibility in data definitions provided by the specification

29 10 May 2001 Platform for Privacy Preferences 28 IBM P3P Policy Editor Correctness Error Pane – Below the two data definition panes – Prompts user to supply any specification requirements that have not been met required attributes, such as entity, or access information data groups that contain no elements, recipients, purpose, etc. – Warns user about possible mistakes does not provide action for disputes claims to not collect any data, is this right?

30 10 May 2001 Platform for Privacy Preferences 29 IBM P3P Policy Editor Consistency XML to HTML translation – Translates the XML policy into English using a standardized template – This outlines what the XML policy states so that the user can be sure it is consistent with he/she intended to state Policy Element Pane – Outlines the data elements, their group, purpose, and recipient – A summary of the data definitions helps ensure consistency

31 10 May 2001 Platform for Privacy Preferences 30 IBM P3P Policy Editor Completeness Drafting multiple policies for different directories of the domain is not straight forward – Multiple policies cannot be edited simultaneously – Policy reference file is difficult to generate Uniquely associating policy with cookies or embedded content is difficult – No mechanism for embedded or cookie include/exclude – Mechanism for compact policies is unclear

32 10 May 2001 Platform for Privacy Preferences 31 IBM P3P Policy Editor Viability in Industry Free, Easy to use solution for defining data practices Utilities for verifying correctness and consistency Poor/Lacking mechanisms for uniquely associating multiple policies with directories of the domain,cookies, or embedded content Poor Mechanisms for providing the user with the necessary files/code to integrate P3P into the web site Not a scalable solution for web sites of significant complexity

33 10 May 2001 Platform for Privacy Preferences 32 YOUpowered.com Consumer Trust Policy Editor Advantages – Strong interface for creating multiple policies for a domain and associating them with directories, cookies, and embedded content – Provides much flexibility Disadvantages – Data definition utilities less clear than IBM editor – Does not verify correctness or consistency – Allows less technically savvy user to create ambiguous and incorrect policies

34 10 May 2001 Platform for Privacy Preferences 33 YOUpowered.com GUI Interface – Allows user to toggle between different domains and their policies to allow the user to edit their attributes Left pane is a pull down menu containing the policies and system configuration Right pane toggles as selection is made to allow user to edit the attributes – Provides user with the ability to manipulate multiple policies simultaneously

35 10 May 2001 Platform for Privacy Preferences 34 YOUpowered.com Correctness Errors managed as user inputs information into menus and forms – no error pane that makes user aware of errors – no mechanism that warns user of possible inconsistencies as in the IBM editor – Not all errors can be prevented in this manner

36 10 May 2001 Platform for Privacy Preferences 35 YOUpowered.com Completeness Policy Reference files are easily created – when a policy is being edited actively, the attributes of its policy reference file can be edited include/exclude cookie-include/exclude embedded-include/exclude – affords user full flexibility of the specification The lacking correctness features cripple these added features – policy reference files can be created with errors and ambiguities

37 10 May 2001 Platform for Privacy Preferences 36 YOUpowered.com Consistency Lacks XML to HTML translation utilities Data definition is done through menus and a less organized GUI tool, leading to more possible errors Does not summarize the policy for the entire domain, after the policies have been applied through a policy reference file

38 10 May 2001 Platform for Privacy Preferences 37 YOUpowered.com Viability in Industry Has the Completeness characteristics of a scalable solution for industry – No compact policies Lacks the correctness and consistency requirements to be a good tool

39 10 May 2001 Platform for Privacy Preferences 38 PrivacyBot.com Generates P3P compliant policies Charges fees for this service, as well as dispute mediation services Provides forms for the user, which it uses to generate a P3P policy for $100 – editing this policy costs $10 – XML cannot be previewed before this fee is paid User has minimal input in the construction of the XML Verification of completeness, consistency, and correctness is difficult with a third party delivering the policy as part of a suite of services Does not focus on generating a comprehensive policy, that is stored locally, and can be interpreted by any variety of user agents Focus is on seal verification and service model

40 10 May 2001 Platform for Privacy Preferences 39 PIMS P3P Policy Wizard Advantages – Provides flexibility – Files/Code are output in a simple and user friendly way Disadvantages – Generally requires more technically competent users

41 10 May 2001 Platform for Privacy Preferences 40 PIMS P3P Policy Wizard Tool caters to the technically competent – Prompts the user for the information required for the XML statements – User must copy XML code into a box for data statements and new data structure definitions This design affords flexibility, but sacrifices consistency and correctness

42 10 May 2001 Platform for Privacy Preferences 41 PIMS P3P Policy Wizard Exports files/code in an HTML document – Box for each policy, policy reference file, html link tag, http headers, and any compact policies – Each box has instructions on what to do with the text, where to put the file, where to paste the code, etc. Simple Design – Exporting to a local file structure, as in the YouPowered.com, tool can be confusing – Explanations allow users to integrate P3P into their site easily

43 10 May 2001 Platform for Privacy Preferences 42 Design Recommendations Do any of these tools provide a scalable solution for P3P compliance? Do the sum of the strengths of the tools achieve the technical and business goals? How can this be done?

44 10 May 2001 Platform for Privacy Preferences 43 Design Recommendations What must be achieved? Correctness Consistency Completeness User friendly Scalable – Detailed, accurate policy reference files – Integration utilities

45 10 May 2001 Platform for Privacy Preferences 44 Design Recommendations Combine the strengths of the YOUpowered, IBM, and PIMS tools – YOUpowered tool provides ability to edit multiple policies simultaneously and construct and edit detailed policy reference files – IBM tool provides a useful GUI for defining data groups, and new data sets, in an organized way – PIMS tool allows user to export files/code in a simple and fault- tolerant way What’s missing?

46 10 May 2001 Platform for Privacy Preferences 45 Design Recommendations Correctness Verification Utilities utility must be added to create warnings and errors for policy reference file – multiple policies point to same URI – this policy is not referenced to anything Consistency Verification Utilities XML to HTML translation for a web site with multiple policies Summary of data elements across domain with multiple policies

47 10 May 2001 Platform for Privacy Preferences 46 What does this mean for P3P? Comprehensive compliance tool is easy to conceive What user-side demand might force its development or widespread use?

48 10 May 2001 Platform for Privacy Preferences 47 Future of P3P Editors It should not be the case that editor-side friction prevents propagation of P3P use throughout the commercial web Could be easily integrated into web authoring tools, or offered as a stand alone utility If user-side demand requires the adoption of P3P, commercial sites should have a tool that facilitates compliance.

49 10 May 2001Platform for Privacy Preferences 48 P3P User Agents User Agent Implementations

50 10 May 2001 Platform for Privacy Preferences 49 P3P User Agents Evaluation Criteria – Public Policy, Technical, Business User Agent Evaluations – Internet Explorer 6, Orby Privacy Plus, Privacy Minder, Privacy Bank Recommendations

51 10 May 2001 Platform for Privacy Preferences 50 Evaluation Criteria: Policy What is the tool intended to do? Users need control of their personal information – What data does the tool allow the user to control? – Cookies, Identifiable, Non-Identifiable? Users don’t want to read the privacy policies – How does the tool help the user make an informed decision about a site’s practices?

52 10 May 2001 Platform for Privacy Preferences 51 Evaluation Criteria: Policy What is the tool intended to do? Users should be able to trust the user agent – Does the tool act on behalf of only the user? Users should know what to expect from the user agent – Are the claims the tool makes legitimate?

53 10 May 2001 Platform for Privacy Preferences 52 Evaluation Criteria: Technical Design Implications “Novice” and “Advanced” Users – Is the tool easy to use? – Is it suitable for all types of users? Seamless Browsing Experience – Does the tool interrupt the user’s browsing?

54 10 May 2001 Platform for Privacy Preferences 53 Evaluation Criteria: Technical Design Implications Security – Does the agent store and transmit the user’s personal information securely? Default Behaviors – How does the tool protect the user’s information in its default settings?

55 10 May 2001 Platform for Privacy Preferences 54 Evaluation Criteria: Business Effected Parties What is the effect on: – Software Developer : What are the business goals? – User : What are the costs? – Third Parties : Implications for web sites?

56 10 May 2001 Platform for Privacy Preferences 55 P3P User Agents Internet Explorer 6.0 Orby Privacy Plus Privacy Minder Privacy Bank

57 10 May 2001 Platform for Privacy Preferences 56 Internet Explorer 6 Microsoft – Beta version available, Release Summer 2001 More Cookie Management Features

58 10 May 2001 Platform for Privacy Preferences 57 Internet Explorer 6: Policy What is the tool intended to do? Control of personal information – More control of cookie placement with compact policies – Personally-identifiable information, recipients Helping users make informed decisions – Compare cookie’s policy to user’s preferences – Only allows cookies that match preferences – Show site’s policy

59 10 May 2001 Platform for Privacy Preferences 58 Internet Explorer 6: Technical Design Implications “Novice” and “Advanced” Users – 5 Privacy Settings (3 in Preview) – Site-by-Site Cookie Settings – Import Preferences (Not in Preview) Seamless Browsing Experience – Privacy Icon

60 10 May 2001 Platform for Privacy Preferences 59 Internet Explorer 6: Technical Design Implications Security – Doesn’t store personal info for cookie management Default Behaviors – Policy required for 3 rd party cookies, but not 1 st. – “If Internet Explorer 6 were to require all first-party Web sites to have a P3P compact policy for the user to be "remembered" by the site using persistent cookie placement, it would break user personalization on the Web. It would also place significant undue hardship on small first-party sites that don’t have the resources and expertise to understand, create and implement a P3P CP by the time Internet Explorer 6 is scheduled to ship in early summer 2001.”

61 10 May 2001 Platform for Privacy Preferences 60 Internet Explorer 6: Business Effected Parties Microsoft – Actively involved in P3P effort Users – Free software – No configuration required to use the P3P features Third Parties – Compact policies

62 10 May 2001 Platform for Privacy Preferences 61 Internet Explorer 6 Status bar informative, but not disruptive IE6 could expose a wide audience to P3P Limitation: Only uses compact policies – Could encourage sites to implement CP’s

63 10 May 2001 Platform for Privacy Preferences 62 Orby Privacy Plus YOUpowered – Version 3.0 April 2001 Add-on to Internet Explorer Manage cookies, remember passwords, store personal data, fill forms

64 10 May 2001 Platform for Privacy Preferences 63 Orby Privacy Plus: Policy What is the tool intended to do? Control of personal information – Track Eraser deletes cookies when you leave, doesn’t control placement – Manages data transfer to SmartSense sites Personal Demographic Financial Behavioral

65 10 May 2001 Platform for Privacy Preferences 64 Orby Privacy Plus: Policy What is the tool intended to do? Helping users make informed decisions – “Orby Trust” rating – Site Information window Information flags Implicit/Explicit sites Privacy policies

66 10 May 2001 Platform for Privacy Preferences 65 Orby Privacy Plus: Policy What is the tool intended to do? On behalf of only the user – SmartSense sites can store behavioral profiles – Share with other sites through Orby! – User can turn off sharing User expectations – “You can access and change your information forever and whenever you want.” – May be misleading

67 10 May 2001 Platform for Privacy Preferences 66 Orby Privacy Plus: Technical Design Implications “Novice” and “Advanced” Users – 4 Security levels for data transfer – Site-by-site preferences – Not enough flexibility for advanced users Seamless Browsing Experience – Trust score does not give enough information

68 10 May 2001 Platform for Privacy Preferences 67 Orby Privacy Plus: Technical Design Implications Security – Encrypted, password-protected profile Default Behaviors – “Private” security level – Allows cookies

69 10 May 2001 Platform for Privacy Preferences 68 Orby Privacy Plus: Business Effected Parties YOUpowered – Sell SmartSense to sites and distribute Orby free Users – Free for users Third Parties – SmartSense sites can receive data from Orby

70 10 May 2001 Platform for Privacy Preferences 69 Orby Privacy Plus Behavioral profiling, but can turn off sharing Trust Score not informative enough Cookie management not as flexible as IE Form filling is nice, but doesn’t use P3P

71 10 May 2001 Platform for Privacy Preferences 70 Privacy Minder AT&T Research Prototype (1999) Similar to Orby, but not full user agent Import preferences using APPEL Icons show site status Pop-up window shows information about forms

72 10 May 2001 Platform for Privacy Preferences 71 Privacy Bank Stores user’s information online User’s indicate sharing preferences Provides form filler that uses P3P

73 10 May 2001 Platform for Privacy Preferences 72 User Agent Recommendations Why are the current tools not adequate? No one tool for managing cookies and other data collection Can import preferences, but no utility for creating them

74 10 May 2001 Platform for Privacy Preferences 73 User Agent Recommendations What about the kids? What about the kids? – Special settings for children, COPPA Integrate into the browser.

75 10 May 2001 Platform for Privacy Preferences 74 User Agent Recommendations Show the user what he needs to know to make a decision. – Show meaningful icons, not a rating – Separate window for detailed information – Show policy information on forms

76 10 May 2001 Platform for Privacy Preferences 75 User Agent Recommendations Give users the power. – Full control… Specify preferences in detail No automatic data transfer – Of all types of personal data… Cookies, identifiable, non-identifiable

77 10 May 2001Platform for Privacy Preferences 76 The Future…

78 10 May 2001 Platform for Privacy Preferences 77 Conclusion P3P great step forward in privacy protection: – Standardized, highly flexible privacy protection specification which facilitates tool development. – Implementing tools should soon be widely used. Improvements: – Specification. – Policy editors. – User agents.

79 10 May 2001 Platform for Privacy Preferences 78 Conclusion Work in tandem with other security technologies. “Notice-based” legislation still needed. P3P can become a great privacy protecting platform.

Download ppt "10 May 2001Platform for Privacy Preferences 1 The Platform for Privacy Preferences (P3P) Katherine Koch Matt Taylor Stanley Trepetin."

Similar presentations

IATI Technical Advisory Group Technical Proposals Simon Parrish IATI Technical Advisory Group, DIPR March 2010.

IATI Technical Advisory Group Technical Proposals Simon Parrish IATI Technical Advisory Group, DIPR March 2010.
Pennsylvania BANNER Users Group 2006 Integrate Your Decision Support with Cognos 8.

Pennsylvania BANNER Users Group 2006 Integrate Your Decision Support with Cognos 8.
Interaction Design: Visio

Interaction Design: Visio
Business Development Suit Presented by Thomas Mathews.

Business Development Suit Presented by Thomas Mathews.
Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.

Unit 11 Using the Internet & Browsing the Web.  Define the Internet and the Web  Set up & troubleshoot an Internet connection  Categorize webs sites.
U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.

U.S. Department of Commerce Web Advisory Group Implementing Machine Readable Privacy Requirements of the E-Gov Act.
PantherSoft Financials Smart Internal Billing. Agenda  Benefits  Security and User Roles  Definitions  Workflow  Defining/Modifying Items  Creating.

PantherSoft Financials Smart Internal Billing. Agenda  Benefits  Security and User Roles  Definitions  Workflow  Defining/Modifying Items  Creating.
P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.

P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.
Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.

Case Tools Trisha Cummings. Our Definition of CASE  CASE is the use of computer-based support in the software development process.  A CASE tool is a.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
Www.lumension.com © Copyright 2008 - Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.

© Copyright Lumension Security Lumension Security PatchLink Enterprise Reporting™ 6.4 Overview and What’s New.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.
Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.

Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.

Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.

Principle of Functional Verification Chapter 1~3 Presenter : Fu-Ching Yang.
4.01B Authoring Languages and Web Authoring Software 4.01 Examine webpage development and design.

4.01B Authoring Languages and Web Authoring Software 4.01 Examine webpage development and design.
Glenn Research Center at Lewis Field Software Assurance of Web-based Applications SAWbA Tim Kurtz SAIC/GRC Software Assurance Symposium 2004.

Glenn Research Center at Lewis Field Software Assurance of Web-based Applications SAWbA Tim Kurtz SAIC/GRC Software Assurance Symposium 2004.

Similar presentations

Ads by Google