A Few Comments on "P3P and Privacy: An Update for the Privacy Community"

To: Diedre Mulligan, Ari Schwartz, Ann Cavoukian, and Michael Gurski,

I recently had the opportunity to read your paper "P3P and Privacy: An
Update for the Privacy Community,"
(http://www.cdt.org/privacy/pet/p3pprivacy.shtml) and think on the whole
it is a quite reasonable document.  The most important point, and one
that you will need to hammer other W3C members with, particularly the
DMA, is that P3P alone is not enough to protect peoples privacy.  Make
this point loud, clear, and often, because Congress loves to think that
technological solutions are all that is needed.  Current legislative
support for filters in libraries is a perfect example of this blind
faith in technological solutions to complex social problems.

Here are a few of my more critical comments:

- At the beginning of the document you comment that P3P "will bring a
measure of ease and regularity to Web users wishing to decide when and
under what circumstances to disclose personal information."  This seems
like a very premature conclusion given that no one has demonstrated a
simple to configure, edit, and use P3P browser module.  Lorrie's own
comments (http://www.webtechniques.com/archives/1999/09/ackerman/) point
to the incredible complexity of the system.  Complexity can be addressed
in two ways.  One, develop an interface which reflects the vast array of
possible privacy preferences.  This interface will be incredibly complex
and daunting for the average user to set up.  The other option is to use
some type of simplified template.  However, using a template means
decreasing transparency as users are forced to buy into preset and
perhaps poorly described "protection categories."  Who will develop
these templates?  The only people with the economic resources to do so
will be industry sponsored groups who will have an incentive to set low
privacy protection defaults.  This seems to me to be disempowering. 
Perhaps my fears will be set aside at the June 21st "Test Drive" of P3P
implementations, but given the infinite set of individuals privacy
preferences, and the near infinite set of information that datamarketers
would like to collect, I'm not particularly confident that P3P will ever
be able to produce an empowering, yet easy to use, end user interface.

- In the same paragraph you comment "It offers an important opportunity
to build greater technical support for privacy-informed Web users." 
Well what about all of the non privacy-informed users?  The evidence
I've seen shows that the vast majority of net users have no idea how
much personally identifiable information can be gleaned from simple web
surfing.  These uninformed surfers will simply accept industry
distributed default templates, which may in fact hide the many ways that
sites collect personal information.

- On page two you note that P3P "does help create a framework for
informed choice on the part of consumers."  Again, consumers will be
forced to accept the rules of P3P templates which means that template
developers and not individual consumers are really making the informed
choices.  By analogy, are consumers making an informed choice when they
choose to accept all cookies by default?  Well, sort of.  I tried
surfing with cookies turned off and realized that it was simply
impossible.  As a result, I was forced to make the decision to once
again accept all cookies by default.  Does that mean I'm making informed
choices about what cookies I will accept?  The same thing will happen
with P3P default templates, people will be forced to trade in truly
informed choice for ease of surfing.

- Also on page two you comment that the "W3C does not wish to become the
forum for public policy debates."  This "techno-policy-neutral" position
is ludicrous.  The instant the W3C conceived of privacy as a set of
"preferences" and not a fundamental human right, they themselves made a
policy decision.  After all, the W3C could have decided instead to
develop a protocol which would enhance anonymity or pseudonymity, but of
course it didn't.  The W3C should simply admit that it's Technology and
Society Domain is inevitably a public policy organization, which just so
happens to have the power to implement its values through code.

- On page four, item number two, you note that with P3P "Users could
more easily read privacy statements before entering web sites." 
Unfortunately, end users will not be reading the policies, rather their
user agents will.  Given the problems I see arising with templates, this
may actually be disempowering.

- Under item number three you comment that P3P will cut through current
privacy policy legalese.  In my opinion it will simply substitute
complicated human readable legalese with complicated machine readable
legalese.  Have you ever tried to read through an APPEL rule line by
line?!  Once again clarity and informed choice will be in the eye of the
beholder, or should I say the P3P template developers.

- On page five, item number four you point to P3P potentially leading to
a plethora of new privacy protecting standards, organizations, and
technologies.  This may be true, but the W3C's own experiences with PICS
and PICS label bureaus shows that third parties are unlikely to arise. 
Instead, one or two default P3P templates will develop, thus limiting
consumer choice.  The best analogy is the emergence of RSACi and
SafeSurf as the only widely supported PICS-based rating systems.  All of
this points to the need of the W3C and its member organizations, to
better understand the network and standardization effects which will be
applied to any newly released Internet protocol.  An excellent
discussion of these forces as they apply to privacy, is provided by
Jerry Kang in his "Information Privacy in Cyberspace Transactions" essay
which appeared in the Stanford Law Review, Vol. 50, April 1998.


In conclusion, it's heartening to see that the W3C's most recent release
of the P3P specification has responded, at least in part, to the
information asymmetry and categorization concerns raised by myself,
Karen Coyle, and many others.  Nevertheless, the protocol still faces
serious issues, especially with regards to implementation.  If the
complexity, templates, and network effects arguments are not adequately
addressed, P3P, like PICS before, will likely fail to be adopted by a
critical mass of web sites and end users.


Christopher D. Hunter
Ph.D. Candidate
Annenberg School for Communication
University of Pennsylvania
215-732-4612
chunter@asc.upenn.edu 
http://www.asc.upenn.edu/usr/chunter/

Received on Thursday, 13 April 2000 13:00:43 UTC