April 21, 1998


by Andy Oram
American Reporter Correspondent

CAMBRIDGE, MASS.—It’s a newsworthy event when the World Wide Web Consortium (W3C) makes a policy announcement on the issue of privacy. This standard-setting organization, which shoulders a heavy responsibility for the technical development of the Web as a universal medium, normally restricts its pronouncements to computer languages, data formats, and communication protocols. Social policy is sometimes implicit, but rarely takes the spotlight.

Yet at last week’s annual Web conference, the importance of protecting user privacy was featured in the keynote speech by the inventor of the Web, Tim Berners-Lee, as well as in press reports on the conference. A panel on privacy was also held. So the Consortium has tapped into something: the public definitely worries about leaky Web servers that take your personal information to sell you chotchkas, then turn around and contact a marketing firm to sell them your data.

Nor would the Consortium raise the issue without offering a solution. Since June of 1997 they have been working on a system called Platform for Privacy Preferences (P3P) that promises to “enable data protection control, choice, and flexibility for Web interactions.”

As a technical approach to a social issue, P3P deserves more public discussion. If legislatures and policy makers accept the challenges it offers, it may help to enforce the protection of our data. If, as is all too likely, policy makers hide behind P3P and call it a complete solution, we will be worse off than before it hit the scene.

For the lay person, the best way to view P3P is as a way of exchanging an online privacy contract. For instance, when you log in to a commercial Web site, it may send a hidden proposal with its home page saying, in effect, “If you give us your home address and credit card number, we will use it for internal purposes and never share it with anyone else.”

Your browser checks this highly structured message against your “preferences,” perhaps looking at settings you previously entered into the browser, or perhaps showing you a dialog box asking you if you approve. Once you approve to at least the minimal exchange of information required by the server, the proposal becomes an agreement that the server abides by.

When you make a purchase, the server can ask your browser for your address and credit card number. Since the browser has kept track of the agreement, these are duly sent over the Web, perhaps using another well-known protocol called SSL to protect the data from prying intruders.

You may then be shown another form with a warranty to fill out, and the server may slip in another proposal asking if it can share the information in the form with other firms. Your browser, depending on how you’ve configured it, may reject the proposal and refuse to send that information.

The system is a bit complicated for the general public to understand and fashion to their needs, but there are technical ways to alleviate this problem too. A paper by Lorrie Faith Cranor and Joseph Reagle, Jr., from the groups who are trying to make P3P a working system, suggests that respected public organizations develop a variety of sample privacy policies. Each user can choose a general policy that’s comfortable, and let the browser handle the details.

But now it’s time to step back and ask what problems P3P is really solving. How much of a dent will it make on current privacy violations?

First, we must remember that the vast majority of people give away their data without even going on the Web. P3P provides a wall around one’s browser, but it doesn’t protect you when you fill out an insurance form at the medical clinic, use your credit card at the car rental outfit, or even use another Internet channel such as electronic mail.

Second, P3P can’t control what the company you gave your information to (the service provider) does with it. To be sure, the agreement you negotiate may include promises not to sell your information, and even list an organization responsible for assuring compliance. These options are part of a recommended P3P “vocabulary,” or sample clauses for agreements.

But to enforce the agreement takes a lot more effort. Someone has to check whether the provider is calling in auditors as promised, detect when an agreement is violated, take the guilty correspondent to court, and persuade the court that the agreement applies. Clearly, either strong laws or a body of legal precedent are required.

The W3C is quite aware of the limits to technology; its representatives have said that the legal status of P3P agreements and the enforcement of provisions is outside of their scope.

Many countries, notably in Europe, already have laws protecting individuals’ privacy. P3P could be useful if hung on that legal framework.

But the United States is holding back. On the heels of Berners-Lee’s remarks on privacy last week came a statement by Ira Magaziner, the chief policy in the White House on the Internet. Rather than laws, he stressed the responsibility that consumers should take for protecting their own privacy online. While there’s nothing new in this U.S. government stance, the publicity around P3P certainly contributed to his blase assessment of the government’s role.

Marc Rotenberg, Director of the Electronic Privacy Information Center, examines the promise of “Privacy Enhancing Techniques” such as P3P and writes that true solutions would be “ultimately those that minimize or eliminate the collection of personal information. Phone cards, metro cards, and electronic cash are all good examples.” In contrast, under the wrong circumstances, P3P might not retard data leakage so much as facilitate it.

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

Editor, O’Reilly Media
Author’s home page
Other articles in chronological order
Index to other articles