Скачать презентацию The Platform for Privacy Preferences Project P 3 Скачать презентацию The Platform for Privacy Preferences Project P 3

53451b887a48fb31f26501c5124beabf.ppt

  • Количество слайдов: 28

The Platform for Privacy Preferences Project (P 3 P) Lorrie Faith Cranor AT&T Labs-Research The Platform for Privacy Preferences Project (P 3 P) Lorrie Faith Cranor AT&T Labs-Research P 3 P Interest Group Co-Chair October 1998

Background n Dynamic privacy negotiation concept has been around for a while n ‘ Background n Dynamic privacy negotiation concept has been around for a while n ‘ 95 -96: PICS for privacy discussions n Fall ’ 96: Internet Privacy Working Group convened by CDT n Summer ‘ 97: W 3 C launches P 3 P n ‘ 96 -98: Increasing government pressure and public concern motivates various selfregulatory efforts 2

Government Pressure n European Union directive n FTC “losing patience with self-regulation” l 14% Government Pressure n European Union directive n FTC “losing patience with self-regulation” l 14% of surveyed sites that collect personal data had privacy policies posted last spring n Children’s Online Privacy Protection Act 3

Public Concern April 1997 Louis Harris Poll of Internet users l 5% say they Public Concern April 1997 Louis Harris Poll of Internet users l 5% say they have been the victim of an invasion of privacy while on the Internet l 53% say they are concerned that information about which sites they visit will be linked to their email address and disclosed without their knowledge 4

Threat or Tool? Threat: Technology can automate data collection and processing Tool: Technology can Threat or Tool? Threat: Technology can automate data collection and processing Tool: Technology can automate individual control over personal information 5

Revealing Personal Info n Advantages l home delivery of products l customized information and Revealing Personal Info n Advantages l home delivery of products l customized information and services l ability to buy things on credit n Disadvantages l info might be used in unexpected ways l info might be disclosed to other parties 6

User Empowerment Approach Develop tools that allow people to control the use and dissemination User Empowerment Approach Develop tools that allow people to control the use and dissemination of their personal information 7

Empowerment Tools n Prevent your actions from being linked to you Crowds - AT&T Empowerment Tools n Prevent your actions from being linked to you Crowds - AT&T Labs n Allow you to develop persistent relationships not linked to each other or you Lucent Personal Web Assistant - Bell Labs n Make informed choices about how your information will be used Platform for Privacy Preferences Project - W 3 C n Know that assurances about information practices are trust worthy TRUSTe - Electronic Frontier Foundation and Commerce. Net 8

The Internet Anonymizing agent Regulatory and self-regulatory framework User Secure channel Pseudonym agent Negotiation The Internet Anonymizing agent Regulatory and self-regulatory framework User Secure channel Pseudonym agent Negotiation agent/ trust engine Service Regulatory and self-regulatory framework 9

Platform for Privacy Preferences Project (P 3 P) A framework for automated privacy discussions Platform for Privacy Preferences Project (P 3 P) A framework for automated privacy discussions under development by W 3 C l Services communicate about practices l Users exercise preferences over those practices l User agent can facilitate automated decision making, prompt user, exchange data, etc. 10

Fair Information Practice Principles Notice and Choice 11 Fair Information Practice Principles Notice and Choice 11

Simplifying Notice and Choice n visual labels l example: (old) TRUSTe n machine readable Simplifying Notice and Choice n visual labels l example: (old) TRUSTe n machine readable labels l example: Platform for Internet Content Selection (PICS) 12

Beyond Labeling n Labels support notice, but provide only limited support of choice n Beyond Labeling n Labels support notice, but provide only limited support of choice n P 3 P also supports l Multiple privacy policies l Explicit agreements l Negotiation 13

Basic P 3 P Concepts proposal user agent service agreement user data repository preferences Basic P 3 P Concepts proposal user agent service agreement user data repository preferences data practices 14

A Simple P 3 P Conversation service user agent User agent: Get index. html A Simple P 3 P Conversation service user agent User agent: Get index. html Service: Here is my P 3 P proposal - I collect click-stream data and computer information for web site and system administration and customization of site User agent: OK, I accept your proposal Service: Here is index. html 15

More Complicated Conversations n Service offers choice of proposals n User agent makes counter More Complicated Conversations n Service offers choice of proposals n User agent makes counter proposal n User agent rejects proposal and asks service for another offer n Upon agreement, user agent automatically sends requested data n No agreement is reached (see “Automated Negotiation” paper with Paul Resnick) 16

Assertions that can be made in a P 3 P Proposal level Statement level Assertions that can be made in a P 3 P Proposal level Statement level n Realm n Consequence n Disclosure URI n Data category and/or element n Access n Assurance n Other disclosures l Change agreement l Retention n Purpose n Identifiable use n Recipients 17

P 3 P Vocabulary: Purposes n Completion and support of current activity n Web P 3 P Vocabulary: Purposes n Completion and support of current activity n Web site and system administration n Customization of site to individuals n Research and development n Contacting visitors for marketing of services or products n Other uses 18

Data n Referenced by category or element n P 3 P methods may be Data n Referenced by category or element n P 3 P methods may be used to transfer data referenced by element l Coupling between privacy disclosure and data collection n Base data set includes elements all implementations should know about n Services may create their own elements n Vocabulary includes 10 data categories 19

Data Repository n Users can store elements they don’t mind providing to some services Data Repository n Users can store elements they don’t mind providing to some services n Services can gain read and/or write access through P 3 P agreements n Elements can be automatically retrieved from repository when P 3 P methods or auto-fill forms are used 20

er gend User interface e r g bevera zip code favorite colo Info I er gend User interface e r g bevera zip code favorite colo Info I consider somewhat sensitive hair h ouse hold inco me phone nu mber ddress e nam Info I consider highly sensitive home a ban k acco unt number ce ID insuran y# urit sec financial account IDs credit car d health ial soc Data category Data element Info I do not consider sensitive click-stream Physical contact info demographics Computer info Info can be used Info may be used to Info may be used by only when necessary complete a site for any purpose, to complete a transaction or but may not be transaction customize content disclosed to others Preference 21

W 3 C P 3 P Documents P 3 P 1. 0 Specification Implementation W 3 C P 3 P Documents P 3 P 1. 0 Specification Implementation Guide Syntax Guiding principles Harmonized Vocabulary Base Data Set . . . APPEL (A P 3 P Preference Exchange Language) 22

Guiding Principles A statement of intent by members of the P 3 P working Guiding Principles A statement of intent by members of the P 3 P working groups and a recommendation on how to use P 3 P to maximize privacy n Information Privacy n Choice and Control n Notice and Communication n Fairness and Integrity n Security 23

APPEL n A rule language that expresses what should be done with P 3 APPEL n A rule language that expresses what should be done with P 3 P proposals n Not essential to P 3 P, but useful for: l Sharing and installation of rulesets l Communication to agents, search engines, proxies, or other servers l Portability between products n Could be replaced by XML or RDF query language 24

Implementation and Deployment n Need user agent and server implementations n Need Web sites Implementation and Deployment n Need user agent and server implementations n Need Web sites to create P 3 P proposals n Web sites can use P 3 P without a special server, but P 3 P-compliant server and tools allow them to take advantage of flexibility 25

Incremental adoption n “Levels” allow implementers to ramp up gradually n Good implementations provide Incremental adoption n “Levels” allow implementers to ramp up gradually n Good implementations provide incentives l “Privacy watchdog” features to provide useful info about non-P 3 P-compliant sites l Good data repository implementations in user agent save typing l Good data management tools for Web servers n Adoption drives more adoption 26

Keys to Success n Good end-user implementations l easy to use «easy to plug Keys to Success n Good end-user implementations l easy to use «easy to plug in “recommended settings” «not annoying l use incremental adoption model l privacy friendly n Good server implementations and tools n Adoption by many Web sites n Users find it useful n Endorsement by governmentregulatory and selfregulatory organizations 27

Papers and demo of AT&T P 3 P Proposal Generator: www. research. att. com/projects/p Papers and demo of AT&T P 3 P Proposal Generator: www. research. att. com/projects/p 3 p/ P 3 P Web site at W 3 C: www. w 3. org/p 3 p/