The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.

Slides:

Advertisements

Similar presentations

EasyDirector® Simplifying the way you manage your business... Full-Featured Contact & Customer Relationship Management Tool Prepared by AITechConsulting.

Advertisements

Copyright © 2005 – Clickshare Service Corp. All rights reserved. Payment Aggregation & Affinity Management Clickshare for the Media Industry For more information.

Which server is right for you? Get in Contact with us

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

PRIVACY A Consumer Reporting Agency Perspective. Collect and Sell Information on People Credit Bureaus – Equifax, Experian & TransUnion – are CRA’s But.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Internet Privacy Policies Presented by: Paul Frenken President, COLAIP.

Using Digital Credentials On The World-Wide Web M. Winslett.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

Computers and Society Carnegie Mellon University Spring 2007 Cranor/Tongia 1 Regulating Online Speech / Privacy.

CMU Usable Privacy and Security Laboratory Power Strips, Prophylactics, and Privacy, Oh My! Julia Gideon, Serge Egelman, Lorrie.

Chapter 9 e-Commerce Systems.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.

FIRST COURSE Computer Concepts Internet and Microsoft Office Get to Know Your Computer.

The Privacy Tug of War: Advertisers vs. Consumers Presented by Group F.

Creating a Web Site Back to Table of Contents. Creating a Web Site Conceiving a Web Site Planning a Web Site 2 Creating a Web Site Section 9-1 Section.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2004 Lorrie Cranor 1 Privacy Self-Regulation.

Privacy and Encryption The threat of privacy due to the sale of sensitive personal information on the internet Definition of anonymity and how it is abused.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.

THE POTENTIAL FOR EFFECTIVE WEB CONTENT CONTROL BASED ON CURRENT TECHNOLOGY Carolyn Watters and Michael Shepherd Web Information Filtering Lab Faculty.

P3P A New Standard in Online Privacy Overview and Demos from Summer 2000.

An XPath-based Preference Language for P3P IBM Almaden Research Center Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu.

Staying Safe Online Keep your Information Secure.

E-Commerce and the Entrepreneur

Electronic Commerce & Marketing. What is E-Commerce? Business communications and transactions over networks and through computers, specifically –The buying.

E-commerce Vocabulary Terms. E-commerce Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the Internet.

E-commerce Vocabulary Terms By: Laura Kinchen. Buying and selling of goods, services, or information via World Wide Web, , or other pathways on the.

Privacy CSC385 Kutztown University Fall 2009 Oskars J. Rieksts.

Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.

Created by, Author Name, School Name—State FLUENCY WITH INFORMATION TECNOLOGY Skills, Concepts, and Capabilities.

How P3P Works Lorrie Faith Cranor P3P Specification Working Group Chair AT&T Labs-Research 4 February 2002

Smart Machines, Smart Privacy: Rules of the Road and Challenges Ahead The views expressed are those of the speaker and not necessarily those of the FTC.

Immunization Data Exchange (BYIM v 2.0*1) Transporting the Message to the IIS Nathan Bunker & John Parker Updated 08/05/2011.

1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.

HTTPA (Accountable Hyper Text Transfer Protocol) PhD Proposal Talk Oshani Seneviratne DIG, MIT CSAIL May 31, 2011.

P3P: User Empowerment Tools for Web Privacy Daniel J. Weitzner World Wide Web Consortium 23 April 2001 National Association of Attorneys General.

Web Metadata, what is it? Ora Lassila Visiting Scientist (from Nokia) Definition Applications Current Standardization Efforts.

Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002.

1 Personalization and Trust Personalization Mass Customization One-to-One Marketing Structure content & navigation to meet the needs of individual users.

© 2002 IBM Corporation IBM Zurich Research Laboratory W3C Workshop on the long term Future of P3P | June © 2003 IBM Corporation Shortcomings.

12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.

Location, Location, Location: The Emerging Crisis in Wireless Data Privacy Ari Schwartz & Alan Davidson Center for Democracy and Technology

Privacy Engineering for Digital Rights Management Systems By XiaoYu Chen.

1 Metadata –Information about information – Different objects, different forms – e.g. Library catalogue record Property:Value: Author Ian Beardwell Publisher.

Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.

U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.

Module 7: Marketing Tools Intuit Financial Services University Internet Banking Certification Training.

Anonymity on Web Transaction Department of Computer Science Ball State University Research Methods - CS 689 Uday Adhikari 7 th Dec

Chapter 11 Working with Credit Card Methods of Processing Credit Cards Preparing for Cyber Cash Authoring a Credit card Transaction.

The Platform for Privacy Preferences (P3P) Workshop on the Relationship between Privacy and Security Lorrie Faith Cranor P3P Specification Working Group.

ECT 455/HCI 513 ECT 4 55/HCI 513 E-Commerce Web Site Engineering Legal Issues.

PRIVACY, LAW & ETHICS MBA 563. Source: eMarketing eXcellence Chaffey et al. BH Overview: Establishing trust and confidence in the online world.

A.O.F. Internal Confidential Communication Project REVIEW PROTOCOL for SMART-HEALTH-COMPUTER STATIONS For Churches.

Privacy CSC385 Kutztown University Fall 2009 Oskars J. Rieksts.

CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ

Free But Effective Listing Building and Marketing Service How to easily and quickly grow a list of potential buyers and constantly send them marketing.

Government Protection Consumers protected by both laws and agencies at different levels Look at table on page 30.

1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.

Visibook is instant, simple, and dynamic appointment booking We're headquartered in San Francisco, California "Visibook is awesome. My entire studio was.

Jim Loter Director of Information Technology

Paypal PayPal is an e-commerce business allowing payments and money transfers to be made through the Internet. With a PayPal account, you can send and.

Referral to Community Support Services

"Our vision is to be earth's most customer-centric company; to build a place where people can come to find and discover anything they might want to buy.

Current Privacy Issues That May Affect Your Credit Union

Unit# 5: Internet and Worldwide Web

The Platform for Privacy Preferences Project

Presentation transcript:

The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998

2 Background Dynamic privacy negotiation concept has been around for a while ‘95-96: PICS for privacy discussions Fall ’96: Internet Privacy Working Group convened by CDT Summer ‘97: W3C launches P3P ‘96-98: Increasing government pressure and public concern motivates various self- regulatory efforts

3 Government Pressure European Union directive FTC “losing patience with self-regulation” 14% of surveyed sites that collect personal data had privacy policies posted last spring Children’s Online Privacy Protection Act

4 Public Concern April 1997 Louis Harris Poll of Internet users 5% say they have been the victim of an invasion of privacy while on the Internet 53% say they are concerned that information about which sites they visit will be linked to their address and disclosed without their knowledge

5 Threat or Tool? Threat: Technology can automate data collection and processing Tool: Technology can automate individual control over personal information

6 Revealing Personal Info Advantages home delivery of products customized information and services ability to buy things on credit Disadvantages info might be used in unexpected ways info might be disclosed to other parties

7 User Empowerment Approach Develop tools that allow people to control the use and dissemination of their personal information

8 Empowerment Tools Prevent your actions from being linked to you Crowds - AT&T Labs Allow you to develop persistent relationships not linked to each other or you Lucent Personal Web Assistant - Bell Labs Make informed choices about how your information will be used Platform for Privacy Preferences Project - W3C Know that assurances about information practices are trust worthy TRUSTe - Electronic Frontier Foundation and CommerceNet

9 Regulatory and self-regulatory framework ServiceUser The Internet Secure channel Negotiation agent/ trust engine Pseudonym agent Anonymizing agent

10 Platform for Privacy Preferences Project (P3P) A framework for automated privacy discussions under development by W3C Services communicate about practices Users exercise preferences over those practices User agent can facilitate automated decision making, prompt user, exchange data, etc.

11 Notice and Choice Fair Information Practice Principles

12 Simplifying Notice and Choice visual labels example: (old) TRUSTe machine readable labels example: Platform for Internet Content Selection (PICS)

13 Beyond Labeling Labels support notice, but provide only limited support of choice P3P also supports Multiple privacy policies Explicit agreements Negotiation

14 Basic P3P Concepts user agent user data repository preferences service proposal agreement user data practices

15 A Simple P3P Conversation user agent service User agent: Get index.html Service: Here is my P3P proposal - I collect click-stream data and computer information for web site and system administration and customization of site User agent: OK, I accept your proposal Service: Here is index.html

16 More Complicated Conversations Service offers choice of proposals User agent makes counter proposal User agent rejects proposal and asks service for another offer Upon agreement, user agent automatically sends requested data No agreement is reached (see “Automated Negotiation” paper with Paul Resnick)

17 Assertions that can be made in a P3P Proposal Proposal level Realm Disclosure URI Access Assurance Other disclosures Change agreement Retention Statement level Consequence Data category and/or element Purpose Identifiable use Recipients

18 P3P Vocabulary: Purposes Completion and support of current activity Web site and system administration Customization of site to individuals Research and development Contacting visitors for marketing of services or products Other uses

19 Data Referenced by category or element P3P methods may be used to transfer data referenced by element Coupling between privacy disclosure and data collection Base data set includes elements all implementations should know about Services may create their own elements Vocabulary includes 10 data categories

20 Data Repository Users can store elements they don’t mind providing to some services Services can gain read and/or write access through P3P agreements Elements can be automatically retrieved from repository when P3P methods or auto-fill forms are used

21 Info can be used only when necessary to complete a transaction home address household income phone number name Info I consider somewhat sensitive favorite beverage gender zip code hair color Info I do not consider sensitive health insurance ID bank account credit card number social security # Info I consider highly sensitive Info may be used to complete a transaction or customize content Info may be used by site for any purpose, but may not be disclosed to others Physical contact info financial account IDs Computer info demographics click-stream Data category Data element Preference User interface

22 W3C P3P Documents Syntax Harmonized Vocabulary Base Data Set P3P1.0 SpecificationImplementation Guide Guiding principles... APPEL (A P3P Preference Exchange Language)

23 Guiding Principles Information Privacy Notice and Communication Choice and Control Fairness and Integrity Security A statement of intent by members of the P3P working groups and a recommendation on how to use P3P to maximize privacy

24 APPEL A rule language that expresses what should be done with P3P proposals Not essential to P3P, but useful for: Sharing and installation of rulesets Communication to agents, search engines, proxies, or other servers Portability between products Could be replaced by XML or RDF query language

25 Implementation and Deployment Need user agent and server implementations Need Web sites to create P3P proposals Web sites can use P3P without a special server, but P3P-compliant server and tools allow them to take advantage of flexibility

26 Incremental adoption “Levels” allow implementers to ramp up gradually Good implementations provide incentives “Privacy watchdog” features to provide useful info about non-P3P-compliant sites Good data repository implementations in user agent save typing Good data management tools for Web servers Adoption drives more adoption

27 Keys to Success Good end-user implementations easy to use  easy to plug in “recommended settings”  not annoying use incremental adoption model privacy friendly Good server implementations and tools Adoption by many Web sites Users find it useful Endorsement by government- regulatory and self- regulatory organizations

Papers and demo of AT&T P3P Proposal Generator: P3P Web site at W3C: