Minding Your Own Business The Platform for Privacy

Зарегистрируйтесь, чтобы просмотреть полный документ!

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research http: //www. research. att. com/~lorrie/ June 1999

Revealing Personal Info n Advantages l home delivery of products l customized information and services l ability to buy things on credit n Disadvantages l info might be used in unexpected ways l info might be disclosed to other parties 2

User Empowerment Approach Develop tools that allow people to control the use and dissemination of their personal information 3

Empowerment Tools n Prevent your actions from being linked to you Crowds - AT&T Labs; The Anonymizer - anonymizer. com n Allow you to develop persistent relationships not linked to each other or you Lucent Personal Web Assistant - Bell Labs n Make informed choices about how your information will be used Platform for Privacy Preferences Project - W 3 C n Know that assurances about information practices are trust worthy TRUSTe - Electronic Frontier Foundation and Commerce. Net 4

Platform for Privacy Preferences Project (P 3 P) A framework for automated privacy discussions under development by W 3 C l Services communicate about practices l Users exercise preferences over those practices l User agent can facilitate automated decision making, prompt user, exchange data, etc. 5

Simplifying Notice and Choice n visual labels l example: TRUSTe n machine readable labels l example: Platform for Internet Content Selection (PICS) 6

Beyond Labeling n Labels support notice, but provide only limited support of choice n P 3 P supports choice by supporting l Multiple privacy policies l Explicit agreements (or rejection of proposed privacy policy) l Single-round “negotiation” 7

Basic P 3 P Concepts proposal user agent service agreement user data repository preferences data practices 8

A Simple P 3 P Conversation service user agent User agent: Get index. html Service: Here is my P 3 P proposal - I collect click-stream data and computer information for web site and system administration and customization of site User agent: OK, I accept your proposal Service: Here is index. html 9

Other Possible P 3 P Conversations n Service offers choice of proposals n Upon agreement, user agent automatically sends requested data n No agreement is reached 10

Data n Referenced by category or element l Vocabulary includes 10 data categories n Base data set includes elements all implementations should know about n Services may create their own elements n “P 3 P methods” may be used to transfer data referenced by element l Coupling between privacy disclosure and data collection 11

Data Repository n Users can store elements they don’t mind providing to some services n Services can gain access to stored elements through P 3 P agreements n Elements can be automatically retrieved from repository when P 3 P methods or auto-fill forms are used 12

W 3 C P 3 P Documents P 3 P 1. 0 Specification Implementation Guide Syntax Guiding principles Harmonized Vocabulary Base Data Set . . . APPEL (A P 3 P Preference Exchange Language) 13

Guiding Principles A statement of intent by members of the P 3 P working groups and a recommendation on how to use P 3 P to maximize privacy n Information Privacy n Choice and Control n Notice and Communication n Fairness and Integrity n Security 14

APPEL n A rule language that expresses what should be done with P 3 P proposals n Not essential to P 3 P, but useful for: l Sharing and installation of rulesets l Communicating to agents, search engines, proxies, or other servers l Portability between products n Could be replaced by XML or RDF query language 15

P 3 P Proposal n A web site encodes its privacy practices in the form of a P 3 P proposal n Automated tools can be used to do the actual encoding n User agents are expected to translate information in proposals into a more user friendly format 16

Types of Assertions Proposals can contain 2 types of assertions: n proposal level: assertions that apply generally to the whole proposal l “we are a member of TRUSTe” n statement level: assertions that apply to a specific type of data l “we collect information about your computer for web site and system administration” 17

Assertions that can be made in a P 3 P Proposal level Statement level n Entity n Realm n Disclosure URI n Access n Assurance n Other disclosures n Consequence n Data category and/or element n Purpose n Identifiable use n Recipients l Change agreement l Retention 18

P 3 P Implementation and Deployment n Need user agent and server implementations n Need Web sites to create P 3 P proposals n Web sites can use P 3 P without a special server, but P 3 P-compliant server and tools allow them to take advantage of choice mechanisms 19

AT&T P 3 P Implementations n P 3 P proposal generator l generates P 3 P proposal and humanreadable policy from web-based questionnaire l written in Perl and implemented as a CGI script n Privacy Minder l a P 3 P user agent l written in Java as a client-side proxy 20

Privacy Minder Demo 21

Resources and Feedback n For further info on P 3 P see: http: //www. w 3. org/P 3 P/ n For AT&T P 3 P implementations and papers see: http: //www. research. att. com/projects/p 3 p/ n Send your comments to p 3 p-comments@w 3. org or discuss with a P 3 P working group member 22

Скачать презентацию Minding Your Own Business The Platform for Privacy

775e12186beb19e89ec5ab87a1c4edca.ppt

Количество слайдов: 22