platform for privacy preferences p3p lessons learnt for privacy standards
Skip this Video
Download Presentation
Platform for Privacy Preferences (P3P) : Lessons Learnt for Privacy Standards

Loading in 2 Seconds...

play fullscreen
1 / 21

Platform for Privacy Preferences (P3P) : Lessons Learnt for Privacy Standards - PowerPoint PPT Presentation

  • Uploaded on

Platform for Privacy Preferences (P3P) : Lessons Learnt for Privacy Standards. Workshop on technical standards and privacy by design A. Michael Froomkin Laurie Silvers & Mitchell Rubenstein Distinguished Professor of Law University of Miami August 21, 2012.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Platform for Privacy Preferences (P3P) : Lessons Learnt for Privacy Standards' - macey-wise

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
platform for privacy preferences p3p lessons learnt for privacy standards

Platform for Privacy Preferences (P3P): Lessons Learnt for Privacy Standards

Workshop on technical standards and privacy by design

A. Michael Froomkin

Laurie Silvers & Mitchell Rubenstein Distinguished Professor of Law

University of Miami

August 21, 2012

the problem p3p was designed to solve
The Problem P3P Was Designed to Solve
  • Privacy principle:
    • Users should control use of personal information about them held by others – or at least negotiate rules about it
  • But in fact:
    • Your browser says a lot about you
    • Users share data with web sites
    • Web privacy policies are
      • Under-specified
      • Unclear, complex, non-standard
      • Unread
the platform for privacy preferences p3p
The Platform for Privacy Preferences (P3P)
  • A standards-based approach
    • Server offers machine-readable policy
    • Web client retrieves privacy policy
      • Can be set to take action based on preset user preferences
      • User can import preferences from third parties
    • P3P enabled search engines could search for content with privacy settings
      • Exclude or downgrade or flag privacy-unfriendly sites
      • Similar triage could happen at browser level
how p3p works
How P3P Works
  • Standard definitions of data practices
    • Expressed in standardized vocabulary
  • User agent requests P3P policy reference file
    • May be on-site or in other location
  • User agent compares policy to user’s preferences, acts accordingly
    • E.g. ‘privacy bird’ displays happy or angry
    • Sites are hidden, or popup warnings display
    • User can query differences from preferences
p3p policy contents
P3P Policy Contents
  • Source: Lorrie F. Cranor, Praveen Guduru, and ManjulaArjula, "User Interfaces for Privacy Agents," ACM Transactions on Computer-Human Interaction (TOCHI) 13, no. 2 (June 2006): 135.
advantages of p3p
Advantages of P3P
  • User empowerment
    • No centralized content control
      • Some centralized semantic definitions
      • Extensible (XML)
    • No censorship (except by user choice)
    • P3P spec developed by W3C consensus process
  • Relies on voluntary implementation
    • User demand for privacy could drive adoption
  • US FTC liked the idea (“PICTS for privacy”)
al gore liked it
Al Gore Liked It

"I welcome this important new tool for privacy protection … It will empower individuals to maintain control over their personal information while using the World Wide Web."

-- US Vice President Al Gore (1998)

(Larry Lessig liked it too.)

oecd guidelines checklist
OECD Guidelines Checklist √
  • P3P did address
    • Issue of data collection directly from the user (web surfer)
    • Limitations on data use by web site can be specified, e.g.
      • Original purpose
      • Authority of Law
      • Consent
      • Emergency
    • Disclosure / openness of data usage
oecd guidelines checklist x
OECD Guidelines Checklist X
  • P3P didn’t address
    • Practices relating to data collection from third parties
    • Data storage and retention
    • Data quality
    • Anything beyond honor or external legal control for data mis-use or disclosure
    • User’s ability to access data about her
critiques 1
Critiques (1)
  • Formless – doesn’t set any minimum privacy protection
    • Sets no default
    • Policy must be set by user somehow
  • Doesn’t require Fair Information Practices (see checklist)
  • Too complex
  • Will exclude good sites that don’t use P3P
    • Procrustean policies – what about outliers?
critiques 2
Critiques (2)
  • Original spec allowed for negotiation between site and user, but this was removed from final, which became a take-it-or-leave-it proposition
  • Generalizes existing cookie problems – invisible stuff happens, user is lost or must make endless exhausting individual decisions
  • No internal enforcement mechanism, but…
    • Markets
    • External laws & regulations against fraud, lies, unfair competitive practices
critiques 3
Critiques (3)
  • P3P analysis happens after the browser connection
    • Hence massive data is already sent
      • IP#
      • MAC# (IPv6)
      • Browser fingerprint
      • Referrer source
  • Even if P3P were widely adopted, it fails
    • Providers likely to set protections low, making high-privacy browsing as difficult as no-cookie browsing

Privacy-loving users would self-exclude from much of the web

was p3p the best tool
Was P3P the Best Tool?
  • Other purely client-side tools such as cookie-blockers, and anonymizers might be surer, but what was on offer then were only more narrow solutions
  • Top-down regulation was not likely, and certainly not likely across jurisdictions
  • Prospect of 3rd party rulesets would make life easy for users
  • XML was cool
take up was low
Take-Up Was Low
  • Less than 12 percent of the more than 3,000 websites TRUSTe certifies had an IE-compliant P3P compact policy in 2011.
  • 2010 Carnegie Mellon study of 33,139 websites with P3P compact policies (CPs) found
    • “errors in 11,176 of them, including 134 TRUSTe-certified websites and 21 of the top 100 most-visited sites”
    • errors at Microsoft’s and!
why p3p failed
Why P3P Failed

“The trouble with P3P was that consumers, lacking education or intuition about the risks of disseminating their personal data, had no incentive to spend this time on bargaining and even more importantly, the market had little or no incentive to pay or negotiate for data that they had previously collected for free. The model though, simply did not succeed. Although P3P was incorporated into Internet Explorer [6.0+] and other browsers, it has been largely ignored by the public and the market. No meaningful marketplace of choices among more or less privacy friendly websites evolved for the consumer.”

-- Lilian Edwards, Coding Privacy, 84 Chi.-Kent L. Rev. 861, 864 (2010)

in other words
In Other Words
  • P3P failed due to lack of incentives
    • Consumer behavior
      • Time involved
      • Privacy myopia
    • Web site operators
      • Do not want overhead
      • Do not want to pay to collect info
    • Info-brokers
      • Don’t want the grief or the costs
  • Plus, it felt complicated
      • (And, blockages inexplicable to some users)
what we learn from p3p s elegant failure
What We Learn from P3P’s Elegant Failure
  • Economics matter enormously
    • Parties need an incentive to install tools/use standards
      • End-users have privacy myopia
        • Privacy Bird wasn’t cute enough – or too beta
      • Site operators believe they can monetize info
        • Incentive cuts against adoption in many cases
  • Defaults matter
    • E.g. ‘Do not track’ by default is more effective
    • Ease-of-use matters
    • "The act of designing a social technology is not an easy one" -- Joseph Reagle, P3P project manager
abandoned specs considered dangerous
Abandoned Specs Considered Dangerous
  • No one swatting the bugs
    • Spec allows sites to use a trick to put a cookie despite IE user’s policy
      • Taken advantage of by 21/100 most visited sites including Facebook, several of Microsoft’s own sites, Amazon, IMDB, AOL, Mapquest, GoDaddy and Hulu.
      • E.g. “underspecified” policy in headers with no proposed uses listed; IE 6-8 interprets that as a policy to make no use.
    • Spec looks only at proposed uses – so if there seem to be none due to malice or typos…
user unfriendliness at work
User-Unfriendliness At Work?
  • Proper P3P Compact Policy (CP) statement:
      • ‘SAMo’ == ‘We [the site] share information with Legal entities following our practices,’
      • ‘TAI’ == ‘Information may be used to tailor or modify content or design of the site where the information is used only for a single visit to the site and not used for any kind of future customization.’
  • What Google sent:
    • P3P: CP="This is not a P3P policy! See for more info."
but don t forget the attractive aspects of p3p
But Don’t Forget the Attractive Aspects of P3P
  • Worth emulating
    • User-empowering
    • No censorship
      • Nor could it easily become a censorship tool
    • Extensible
    • Not centralized
      • Invited third parties to draft and disseminate policies
  • Worth debating
    • Regulatory / voluntary
    • Ties to legal regimes
      • Not really clear if this was tested by P3P
      • Failed to address transnational issues (what law?)