Abstract
As a "social protocol" aimed at providing a technological means to address concerns over Internet privacy, the Platform for Privacy Preferences (P3P) has been controversial since its announcement in 1997. In the U.S., critics have decried P3P as an industry attempt to avoid meaningful privacy legislation, while developers have portrayed the proposal as a tool for helping users make informed decisions about the impact of their Web surfing choices. This dispute touches upon the privacy model underlying P3P, the U.S. political context regarding privacy, and the technical components of the protocol. This article presents an examination of these factors, with an eye towards distilling lessons for developers of future social protocols.
- Ackerman, M. and Cranor, L. 1999. Privacy critics: UI components to safeguard users' privacy. In Proceedings of ACM Conference on Human Factors in Computing Systems, Extended Abstracts. ACM Press, New York, 258--259. Google Scholar
- ACLU. 1996. Reno v. ACLU supreme court brief.Google Scholar
- Adkinson, W., Eisenach, J., and Lenard, T. 2002. Privacy online: A report on the information practices and policies of commercial web sites. http://www.pff.org/publications/privacyonlinefinalael.pdf.Google Scholar
- Allen, C. 2001. Bits financial service roundtable, comments on P3P (1.0) specification working draft of 24 Sept. 2001. http://lists.w3.org/Archives/Public/www-p3p-public-comments/2001Oct/att-0015/01-BITS_comments.DOC.Google Scholar
- AT&T. 2002. At&T privacy bird. http://www.privacybird.com.Google Scholar
- Canadian Department of Justice. 1998. Privacy provisions highlights. http://canada.justice.gc.ca/en/news/nr/1998/attback2.html.Google Scholar
- Catlett, J. 1999. http://www.junkbusters.com/standards.html.Google Scholar
- Center for Democracy and Technology. 1998. Children's online privacy protection act of 1998 (COPPA). http://www.cdt.org/legislation/105th/privacy/coppa.html.Google Scholar
- Center for Democracy and Technology. 2001a. 105th Congress: Legislation affecting the internet. http://www.cdt.org/legislation/105th/privacy/.Google Scholar
- Center for Democracy and Technology. 2001b. 106th Congress: Legislation affecting the internet. http://www.cdt.org/legislation/106th/privacy/.Google Scholar
- Clausing, J. 1999. FTC asked to examine data profiling services. New York Times, Nov. 9. http://www.nytimes.com/library/tech/99/11/cyber/capital/09capital.html.Google Scholar
- Coyle, K. 1999. P3P: Pretty poor privacy? a social analysis of the platform for privacy preferences (P3P). http://www.kcoyle.net/p3p.html.Google Scholar
- Coyle, K. 2000. A response to "P3P and privacy: An update for the privacy community" by the Center for Democracy and Technology. http://www.kcoyle.net/response.html.Google Scholar
- Cranor, L. 2002a. Personal communication.Google Scholar
- Cranor, L. 2002b. The role of privacy advocates and data protection authorities in the design and deployment of the platform for privacy preferences. In Proceedings of Computers, Freedom, and Privacy, 2002. ACM Press, New York, 1--8. http://doi.acm.org/10.1145/543482.543506. Google Scholar
- Cranor, L. 2002c. Web Privacy with P3P. O'Reilly and Associates, Sebastopol, CA. Google Scholar
- Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., and Reagle, J. 2002a. The platform for privacy preferences 1.0 (P3P1.0) specification. W3C recommendation 28 Jan. 2002. http://www.w3.org/TR/2002/PR-P3P-20020128/.Google Scholar
- Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., and Reagle, J. 2002b. The platform for privacy preferences 1.0 (P3P1.0) specification. W3C proposed recommendation 16 April 2002. http://www.w3.org/TR/P3P/.Google Scholar
- Cranor, L., Marchiori, M., and Langheinrich, M. 2002. A P3P preference exchange language 1.0. W3C working draft 15 April 2002. http://www.w3.org/TR/P3P-preferences/.Google Scholar
- Cranor, L. and Reagle, J. 1998. Designing a social protocol: Lessons learned from the platform for privacy preferences. In Telephony, the Internet, and the Media, J. Mack-Mason and D. Waterman, Eds. Lawrence Erlbaum Associates, Mahwah, NJ.Google Scholar
- Cranor, L., Reagle, J., and Ackerman, M. 1999. Beyond concern: Understanding net users' attitudes about online privacy. Tech. Rep. TR 99.4.3, AT&T Labs-Research. http://www.research.att.com/resources/trs/TRs/99/99.4/99.4.3/report.htm.Google Scholar
- Cranor, L. and Schwartz, A. 1999. Response to Catlett's "open letter to P3P developers". http://www.w3.org/P3P/catlett-letter.txt.Google Scholar
- Cranor, L. and Wenning, R. 2002. Why P3P is a good privacy tool for consumers and companies. http://www.gigalaw.com/articles/2002-all/cranor-2002-04-all.html.Google Scholar
- Culnan, M. 1999. Georgetown internet privacy policy survey: Report to the Federal Trade Commission. http://www.msb.edu/faculty/culnanm/GIPPS/gipps1.pdf.Google Scholar
- DesAutels, P. 1997. Platform for privacy preferences (p3) project. http://www.w3.org/P3P/100797Update.html.Google Scholar
- Mulligan, D. and Schwartz, A. 2000. P3P and privacy: An update for the privacy community. http://www.cdt.org/privacy/pet/p3pprivacy.shtml.Google Scholar
- Electronic Privacy Information Center. 2000. Pretty poor privacy: An assessment of P3P and internet privacy. http://www.epic.org/Reports/prettypoorprivacy.html.Google Scholar
- European Commission Working Party on the Protection of Individuals with regard to the Processing of Personal Data. 1998. Platform for privacy preferences (P3P) and the open profiling standard (ops): Opinion of the working party. http://europa.eu.int/comm/internal_market/en/dataprot/wpdocs/wp11en.htm.Google Scholar
- Federal Trade Commission. 1996. Public workshop on consumer privacy on the global information infrastructure. http://www.ftc.gov/reports/privacy/privacy1.htm.Google Scholar
- Federal Trade Commission. 1998a. FTC fact sheet, Jan. 30, 1998: Relevant statutes enforced by the Federal Trade Commission. http://www.ftc.gov/opa/1998/9801/factshet.htm.Google Scholar
- Federal Trade Commission. 1998b. Privacy online: A report to Congress. http://www.ftc.gov/reports/privacy3/toc.htm.Google Scholar
- Federal Trade Commission. 1999. Self-regulation and privacy online: A Federal Trade Commission report to Congress. http://www.ftc.gov/os/1999/9907/privacy99.pdf.Google Scholar
- Federal Trade Commission. 2000. Privacy online: Fair information practices in the electronic marketplace: A Federal Trade Commission report to Congress. http://www.ftc.gov/reports/privacy2000/privacy2000.pdf.Google Scholar
- Friedman, B. and Nissenbaum, H. 1997. Bias in computer systems. In Human Values and the Design of Computer Technology, B. Friedman, Ed. CSLI Publications, Stanford, CA, 21--40. Google Scholar
- Goldberg, I. 2002. Privacy-enhancing technologies for the internet II: Five years later. In PET 2002 Workshop on Privacy-Enhancing Technologies. Lectuers Notes in Computer Science. Springer-Verlag, Berlin. Google Scholar
- Hunter, C. 2000. Recoding the architecture of cyberspace privacy: Why self-regulation and technology are not enough. http://www.asc.upenn.edu/usr/chunter/net_privacy_architecture.html.Google Scholar
- Kristol, D. 2001. HTTP cookies: Standards, privacy, and politics. ACM Trans. Internet Technol. 1, 2 (Nov.), 151--198. Google Scholar
- LaLiberte, D. 1999. Removing data transfer from P3P. http://www.w3.org/P3P/data-transfer.html.Google Scholar
- Lee, K. and Speyer, G. 1998. White paper: Platform for privacy preferences project (P3P) and citibank. http://www.w3.org/P3P/Lee_Speyer.html.Google Scholar
- Lessig, L. 1999. Code and Other Laws of Cyberspace. Basic Books, New York. Google Scholar
- Microsoft. 2001a. Microsoft P3P implementation in internet explorer 6.0 and windows fact sheet. http://www.microsoft.com/PressPass/press/2001/Mar01/PrivacyToolsIEfs.asp.Google Scholar
- Microsoft. 2001b. Use security and privacy features in Internet Explorer 6. http://www.microsoft.com/windowsxp/pro/using/howto/security/ie6.asp.Google Scholar
- Miller, J. 1997. The platform for privacy preferences (p3) project. http://www.w3.org/P3P/P3_overview_JM.html.Google Scholar
- Millett, L., Friedman, B., and Felten, E. 2001. Cookies and web browser design: Toward realizing informed consent online. In Proceedings of ACM Conference on Human Factors in Computing Systems (CHI 2001). ACM Press, New York, 46--52. Google Scholar
- Mulligan, D. 1998. Testimony before the senate committee on commerce, science, and transportation subcommittee on communications, Sept. 23, 1998. http://www.cdt.org/testimony/980923mulligan.shtml.Google Scholar
- Muris, T. J. 2001. Protecting consumers' privacy: 2002 and beyond remarks of FTC chairman Timothy J. Muris. http://www.ftc.gov/speeches/muris/privisp1002.htm.Google Scholar
- National Telecommunications and Information Administration. 1995. Privacy and the NII: Safeguarding telecommunications-related personal information. http://www.ntia.doc.gov/ntiahome/privwhitepaper.html.Google Scholar
- National Telecommunications and Information Administration. 1997. Privacy and self-regulation in the information age. http://www.ntia.doc.gov/reports/privacy/privacy_rpt.htm.Google Scholar
- Oram, A. 2000. Promises, promises, promises. http://www.cpsr.org/cpsr/nii/cyber-rights/web/p3p_promises.html.Google Scholar
- Organization for Economic Cooperation and Development. 1980. Recommendation of the council concerning guidelines governing the protection of privacy and transborder flows of personal data. http://europa.eu.int/comm/internal_market/en/dataprot/inter/priv.htm.Google Scholar
- Reagle, J. and Cranor, L. 1999. The platform for privacy preferences. Commun. ACM 42, 2 (Feb.), 48--55. Google Scholar
- Rein, B., Stephens, G., and Lebowitz, H. 1999. Analysis of P3P and u.s. patent 5,862,325. http://www.w3.org/TR/P3P-analysis.html.Google Scholar
- Resnick, P. and Miller, J. 1996. Pics: Internet access controls without censorship. Commun. ACM 39, 10 (Oct.), 87--93. Google Scholar
- Rotenberg, M. 1999. EPIC testimony on Internet privacy before the Subcommittee on Courts and Intellectual Property, Committee of the Judiciary U.S. House of Representatives. May 27, 1999. http://www.epic.org/privacy/internet/EPIC_testimony_599.html.Google Scholar
- Rotenberg, M. 2001. Fair information practices and the architecture of privacy (what Larry doesn't get). Stanford Technology Law Rev.Google Scholar
- Schwartz, A. 2001. Utilizing privacy controls in data transfer technologies. Statement before the Federal Trade Commission Workshop on "The information marketplace: Merging and exchanging consumer data". March 13, 2001. http://www.cdt.org/testimony/010313schwartz.shtml.Google Scholar
- Scoblionkov, D. 1998. E-commerce gets one last chance. Wired News, July 21. http://www.wired.com/ news/politics/0,1283,13895,00.html.Google Scholar
- Shneiderman, B. and Rose, A. 1997. Social impact statements: Engaging public participation in information technology design. In Human Values and the Design of Computer Technology, B. Friedman, Ed. CSLI Publications, Stanford, CA, 117--133. Google Scholar
- Smith, A. 2001. Adam Smith leads P3P privacy resolution. http://www.house.gov/apps/ list/press/wa09_smith/010607pr.html.Google Scholar
- Sullivan, J. 1999. Volunteer army to fight patent. Wired News, May 3. http://www.wired.com/news/politics/0,1283,19452,00.html.Google Scholar
- Thibadeau, R. 2000. A critique of P3P: Privacy on the web. http://dollar.ecom.cmu.edu/p3pcritique.Google Scholar
- TRUSTe. 2002. Truste: Make privacy your choice. http://www.truste.com.Google Scholar
- Walker, L. 2001. Browser aimed at protecting users' privacy. Washington Post, March 29.Google Scholar
- Weitzner, D. 2000. June 21 2000 platform for privacy preferences (P3P) project interop report. http://www.w3.org/P3P/p3p-interop-report-20000621.html.Google Scholar
- Weitzner, D. and Cranor, L. 2002. Response to bits (19 June 2002) letter re: Legal status of P3P policy statements. http://lists.w3.org/Archives/Public/www-p3p-public-comments/2002Jul/0001.html.Google Scholar
- White House. 1997. A framework for global electronic commerce. http://eleccomm/ecomm.htm.Google Scholar
- World Wide Web Consortium. 1997. World Wide Web Consortium announces completion of P3P project phase one: Industry leaders collaborate to ensure user privacy concerns are respected on the Web (October 30, 1997). http://www.w3.org/P3P/press_release.html.Google Scholar
- World Wide Web Consortium. 1998. W3C publishes first public working draft of P3P1.0: Collaborative efforts by key industry players and privacy experts promote Web privacy and commerce (May 19, 1998). http://www.w3.org/Press/1998/P3P.html.Google Scholar
- World Wide Web Consortium. 2002a. About the World Wide Web Consortium (W3C). http://www.w3.org/Consortium/.Google Scholar
- World Wide Web Consortium. 2002b. P3P and privacy faq. http://www.w3.org/P3P/P3Pfaq.html.Google Scholar
- World Wide Web Consortium. 2002c. World Wide Web Consortium issues P3P 1.0 as a W3C recommendation. http://www.w3.org/2002/04/p3p-pressrelease.Google Scholar
- World Wide Web Consortium. 2002d. World Wide Web Consortium (W3C) members. http://www.w3.org/Consortium/Member/List.Google Scholar
Index Terms
- The platform for privacy preference as a social protocol: An examination within the U.S. policy context
Recommendations
A Comparative Study of Privacy Mechanisms and a Novel Privacy Mechanism [Short Paper]
Information and Communications SecurityAbstractPrivacy of PII(Personally Identifiable Information) on the Internet is a major concern of a netizen. On the Internet different service providers are supposed to publish their own privacy policies but understanding of these policies is a major ...
Privacy critics: UI components to safeguard users' privacy
CHI EA '99: CHI '99 Extended Abstracts on Human Factors in Computing SystemsCreating usable systems to protect online privacy is an inherently difficult problem. Privacy critics are semi-autonomous agents that help people protect their online privacy by offering suggestions and warnings. Two sample critics are presented.
User interfaces for privacy agents
Most people do not often read privacy policies because they tend to be long and difficult to understand. The Platform for Privacy Preferences (P3P) addresses this problem by providing a standard machine-readable format for website privacy policies. P3P ...
Comments