Presentation is loading. Please wait.

Presentation is loading. Please wait.

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Published byRosanna Flynn Modified over 10 years ago

Similar presentations

Presentation on theme: "Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research"— Presentation transcript:

1 Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research http://www.research.att.com/~lorrie/ June 1999

2 2 Revealing Personal Info Advantages home delivery of products customized information and services ability to buy things on credit Disadvantages info might be used in unexpected ways info might be disclosed to other parties

3 3 User Empowerment Approach Develop tools that allow people to control the use and dissemination of their personal information

4 4 Empowerment Tools Prevent your actions from being linked to you Crowds - AT&T Labs; The Anonymizer - anonymizer.com Allow you to develop persistent relationships not linked to each other or you Lucent Personal Web Assistant - Bell Labs Make informed choices about how your information will be used Platform for Privacy Preferences Project - W3C Know that assurances about information practices are trust worthy TRUSTe - Electronic Frontier Foundation and CommerceNet

5 5 Platform for Privacy Preferences Project (P3P) A framework for automated privacy discussions under development by W3C Services communicate about practices Users exercise preferences over those practices User agent can facilitate automated decision making, prompt user, exchange data, etc.

6 6 Simplifying Notice and Choice visual labels example: TRUSTe machine readable labels example: Platform for Internet Content Selection (PICS)

7 7 Beyond Labeling Labels support notice, but provide only limited support of choice P3P supports choice by supporting Multiple privacy policies Explicit agreements (or rejection of proposed privacy policy) Single-round “negotiation”

8 8 Basic P3P Concepts user agent user data repository preferences service proposal agreement user data practices

9 9 A Simple P3P Conversation user agent service User agent: Get index.html Service: Here is my P3P proposal - I collect click-stream data and computer information for web site and system administration and customization of site User agent: OK, I accept your proposal Service: Here is index.html

10 10 Other Possible P3P Conversations Service offers choice of proposals Upon agreement, user agent automatically sends requested data No agreement is reached

11 11 Data Referenced by category or element Vocabulary includes 10 data categories Base data set includes elements all implementations should know about Services may create their own elements “P3P methods” may be used to transfer data referenced by element Coupling between privacy disclosure and data collection

12 12 Data Repository Users can store elements they don’t mind providing to some services Services can gain access to stored elements through P3P agreements Elements can be automatically retrieved from repository when P3P methods or auto-fill forms are used

13 13 W3C P3P Documents Syntax Harmonized Vocabulary Base Data Set P3P1.0 SpecificationImplementation Guide Guiding principles... APPEL (A P3P Preference Exchange Language)

14 14 Guiding Principles Information Privacy Notice and Communication Choice and Control Fairness and Integrity Security A statement of intent by members of the P3P working groups and a recommendation on how to use P3P to maximize privacy

15 15 APPEL A rule language that expresses what should be done with P3P proposals Not essential to P3P, but useful for: Sharing and installation of rulesets Communicating to agents, search engines, proxies, or other servers Portability between products Could be replaced by XML or RDF query language

16 16 P3P Proposal A web site encodes its privacy practices in the form of a P3P proposal Automated tools can be used to do the actual encoding User agents are expected to translate information in proposals into a more user friendly format

17 17 Types of Assertions Proposals can contain 2 types of assertions: proposal level: assertions that apply generally to the whole proposal “we are a member of TRUSTe” statement level: assertions that apply to a specific type of data “we collect information about your computer for web site and system administration”

18 18 Assertions that can be made in a P3P Proposal Proposal level Entity Realm Disclosure URI Access Assurance Other disclosures Change agreement Retention Statement level Consequence Data category and/or element Purpose Identifiable use Recipients

19 19 P3P Implementation and Deployment Need user agent and server implementations Need Web sites to create P3P proposals Web sites can use P3P without a special server, but P3P-compliant server and tools allow them to take advantage of choice mechanisms

20 20 AT&T P3P Implementations P3P proposal generator generates P3P proposal and human- readable policy from web-based questionnaire written in Perl and implemented as a CGI script Privacy Minder a P3P user agent written in Java as a client-side proxy

21 21 Privacy Minder Demo

22 22 Resources and Feedback For further info on P3P see: http://www.w3.org/P3P/ For AT&T P3P implementations and papers see: http://www.research.att.com/projects/p3p/ Send your comments to p3p-comments@w3.org or discuss with a P3P working group member

Download ppt "Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research"

Similar presentations

THE DONOR PROJECT Titia van der Werf-Davelaar. Project Financed by: Innovation of Scientific Information Provision (IWI) Duration: –phase 1: 1 may 1998.

THE DONOR PROJECT Titia van der Werf-Davelaar. Project Financed by: Innovation of Scientific Information Provision (IWI) Duration: –phase 1: 1 may 1998.
ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.

ELTSS Alignment to Nationwide Interoperability Roadmap DRAFT: For Stakeholder Consideration in response to public comment.
Semantic Web Thanks to folks at LAIT lab Sources include :

Semantic Web Thanks to folks at LAIT lab Sources include :
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2005 Lorrie Cranor 1 Privacy Authorization Languages.
P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.

P3P Implementation Tips : Observations for approaching Design, Build and Deploy PricewaterhouseCoopers Brendon Lynch.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.

The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.
1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.

1 Introduction to XML. XML eXtensible implies that users define tag content Markup implies it is a coded document Language implies it is a metalanguage.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.

Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.
Web Privacy Topics Andy Zeigler Senior Program Manager, Internet Explorer Microsoft.

Web Privacy Topics Andy Zeigler Senior Program Manager, Internet Explorer Microsoft.
Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.

Tcl Agent : A flexible and secure mobile-agent system Paper by Robert S. Gray Dartmouth College Presented by Vipul Sawhney University of Pennsylvania.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.

Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.
Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.

Mgt 240 Lecture Website Construction: Software and Language Alternatives March 29, 2005.
July 25, 2005 PEP Workshop, UM 2005 1 A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.
Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.

Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.

Similar presentations

Ads by Google