
53451b887a48fb31f26501c5124beabf.ppt
- Количество слайдов: 28
The Platform for Privacy Preferences Project (P 3 P) Lorrie Faith Cranor AT&T Labs-Research P 3 P Interest Group Co-Chair October 1998
Background n Dynamic privacy negotiation concept has been around for a while n ‘ 95 -96: PICS for privacy discussions n Fall ’ 96: Internet Privacy Working Group convened by CDT n Summer ‘ 97: W 3 C launches P 3 P n ‘ 96 -98: Increasing government pressure and public concern motivates various selfregulatory efforts 2
Government Pressure n European Union directive n FTC “losing patience with self-regulation” l 14% of surveyed sites that collect personal data had privacy policies posted last spring n Children’s Online Privacy Protection Act 3
Public Concern April 1997 Louis Harris Poll of Internet users l 5% say they have been the victim of an invasion of privacy while on the Internet l 53% say they are concerned that information about which sites they visit will be linked to their email address and disclosed without their knowledge 4
Threat or Tool? Threat: Technology can automate data collection and processing Tool: Technology can automate individual control over personal information 5
Revealing Personal Info n Advantages l home delivery of products l customized information and services l ability to buy things on credit n Disadvantages l info might be used in unexpected ways l info might be disclosed to other parties 6
User Empowerment Approach Develop tools that allow people to control the use and dissemination of their personal information 7
Empowerment Tools n Prevent your actions from being linked to you Crowds - AT&T Labs n Allow you to develop persistent relationships not linked to each other or you Lucent Personal Web Assistant - Bell Labs n Make informed choices about how your information will be used Platform for Privacy Preferences Project - W 3 C n Know that assurances about information practices are trust worthy TRUSTe - Electronic Frontier Foundation and Commerce. Net 8
The Internet Anonymizing agent Regulatory and self-regulatory framework User Secure channel Pseudonym agent Negotiation agent/ trust engine Service Regulatory and self-regulatory framework 9
Platform for Privacy Preferences Project (P 3 P) A framework for automated privacy discussions under development by W 3 C l Services communicate about practices l Users exercise preferences over those practices l User agent can facilitate automated decision making, prompt user, exchange data, etc. 10
Fair Information Practice Principles Notice and Choice 11
Simplifying Notice and Choice n visual labels l example: (old) TRUSTe n machine readable labels l example: Platform for Internet Content Selection (PICS) 12
Beyond Labeling n Labels support notice, but provide only limited support of choice n P 3 P also supports l Multiple privacy policies l Explicit agreements l Negotiation 13
Basic P 3 P Concepts proposal user agent service agreement user data repository preferences data practices 14
A Simple P 3 P Conversation service user agent User agent: Get index. html Service: Here is my P 3 P proposal - I collect click-stream data and computer information for web site and system administration and customization of site User agent: OK, I accept your proposal Service: Here is index. html 15
More Complicated Conversations n Service offers choice of proposals n User agent makes counter proposal n User agent rejects proposal and asks service for another offer n Upon agreement, user agent automatically sends requested data n No agreement is reached (see “Automated Negotiation” paper with Paul Resnick) 16
Assertions that can be made in a P 3 P Proposal level Statement level n Realm n Consequence n Disclosure URI n Data category and/or element n Access n Assurance n Other disclosures l Change agreement l Retention n Purpose n Identifiable use n Recipients 17
P 3 P Vocabulary: Purposes n Completion and support of current activity n Web site and system administration n Customization of site to individuals n Research and development n Contacting visitors for marketing of services or products n Other uses 18
Data n Referenced by category or element n P 3 P methods may be used to transfer data referenced by element l Coupling between privacy disclosure and data collection n Base data set includes elements all implementations should know about n Services may create their own elements n Vocabulary includes 10 data categories 19
Data Repository n Users can store elements they don’t mind providing to some services n Services can gain read and/or write access through P 3 P agreements n Elements can be automatically retrieved from repository when P 3 P methods or auto-fill forms are used 20
er gend User interface e r g bevera zip code favorite colo Info I consider somewhat sensitive hair h ouse hold inco me phone nu mber ddress e nam Info I consider highly sensitive home a ban k acco unt number ce ID insuran y# urit sec financial account IDs credit car d health ial soc Data category Data element Info I do not consider sensitive click-stream Physical contact info demographics Computer info Info can be used Info may be used to Info may be used by only when necessary complete a site for any purpose, to complete a transaction or but may not be transaction customize content disclosed to others Preference 21
W 3 C P 3 P Documents P 3 P 1. 0 Specification Implementation Guide Syntax Guiding principles Harmonized Vocabulary Base Data Set . . . APPEL (A P 3 P Preference Exchange Language) 22
Guiding Principles A statement of intent by members of the P 3 P working groups and a recommendation on how to use P 3 P to maximize privacy n Information Privacy n Choice and Control n Notice and Communication n Fairness and Integrity n Security 23
APPEL n A rule language that expresses what should be done with P 3 P proposals n Not essential to P 3 P, but useful for: l Sharing and installation of rulesets l Communication to agents, search engines, proxies, or other servers l Portability between products n Could be replaced by XML or RDF query language 24
Implementation and Deployment n Need user agent and server implementations n Need Web sites to create P 3 P proposals n Web sites can use P 3 P without a special server, but P 3 P-compliant server and tools allow them to take advantage of flexibility 25
Incremental adoption n “Levels” allow implementers to ramp up gradually n Good implementations provide incentives l “Privacy watchdog” features to provide useful info about non-P 3 P-compliant sites l Good data repository implementations in user agent save typing l Good data management tools for Web servers n Adoption drives more adoption 26
Keys to Success n Good end-user implementations l easy to use «easy to plug in “recommended settings” «not annoying l use incremental adoption model l privacy friendly n Good server implementations and tools n Adoption by many Web sites n Users find it useful n Endorsement by governmentregulatory and selfregulatory organizations 27
Papers and demo of AT&T P 3 P Proposal Generator: www. research. att. com/projects/p 3 p/ P 3 P Web site at W 3 C: www. w 3. org/p 3 p/