W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > January 2000

Some Comments on P3P

From: Christopher D. Hunter <chunter@asc.upenn.edu>
Date: Tue, 04 Jan 2000 13:47:30 -0400
Message-ID: <38723225.CAD496FF@asc.upenn.edu>
To: www-p3p-public-comments@w3.org
CC: Lawrence Lessig <lessig@pobox.com>, "Simson L. Garfinkel" <simsong@vineyard.net>, Oscar Gandy <OGandy@asc.upenn.edu>
P3P Development Team,

I would like to call your attention to a policy paper I have recently
written critiquing industry self-regulation and P3P.  My paper is
basically a longer version of Jason Catlett's recent P3P comments.  I
hope that my work will provide you with a good overview of why many
privacy rights groups are somewhat skeptical of P3P.

Recoding the Architecture of Cyberspace Privacy: Why Self-Regulation and
Technology Are Not Enough

http://www.asc.upenn.edu/usr/chunter/p3p.html


I would like to thank Lorrie Cranor for her helpful comments.  After
discussing recent developments with her I am somewhat more confident
that P3P may have a role to play once basic OECD-like privacy laws are
passed in the US.  I would encourage the P3P development team to give a
much clearer explanation of how an APPEL policy could enforce such laws.
 A step-by-step explanation of an APPEL rule that would enforce the EU
Data Directive would be very valuable.  Even with such a description
however, I still believe that P3P will suffer from complexity and
information asymmetry critiques.

Finally, a few comments at the syntax level of the most recent P3P spec draft:

- Under the POLICY entity or the DISCLOSURE element, why not require
sites to also list a contact person and the address of the company? 
This type of addition would go a long way towards ameliorating the
information asymmetry critique.  I also believe that it will become a
necessity if governments eventually set up "privacy clearinghouses"
which certify company privacy practices.  Perhaps all of this can
already be done with APPEL?

- I believe that the DISCLOSURE access element needs to be expanded. 
Rather than offer a rather worthless statement that a site may give you
access to some information they have collected, why not require that
this element be attached to every data type collected.  I suppose that
this would look something like this:

<DATA name="user.gender"/  access="yes/no">

This would increase the level of specificity, thus allowing users
greater control over their disclosure decisions.

- The Categories element needs to be extended and tweaked.  Perhaps the
most obvious category that should be added is "Health Information,"
which many surveys show people are particularly concerned about.  The
Demographic and Socio-economic Data category should be disaggregated
into multiple separate categories such as Race, Income, etc.  People
value these elements differently and would likely not want them lumped
into one general category.  I'm sure the EU would be particularly
interested in a Race or Protected Minority category.  This opens up a
can of political worms, but the current Demographic/Socio-economic
category is far to broad and limits end users ability to express exact
privacy preferences.

- I am somewhat concerned that an APPEL rule could also make blocking
decisions based on PICS labels.  I don't think that a "privacy
enhancing" technology should also be in the business of content
filtering.  I foresee groups distributing APPEL rule sets claiming that
they are meant to protect privacy, when in fact their is a hidden
censorship/access limitation agenda.

I hope that my paper and comments are of use to your development team,
and I look forward to any comments you may have.


Christopher D. Hunter
Ph.D. Candidate
Annenberg School for Communication
University of Pennsylvania
215-732-4612
chunter@asc.upenn.edu
http://www.asc.upenn.edu/usr/chunter/
Received on Tuesday, 4 January 2000 13:40:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.1 : Tuesday, 21 September 2004 12:14:16 GMT