W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > September 2000

Re: P3P Comments

From: Lorrie Cranor <lorrie@research.att.com>
Date: Sun, 10 Sep 2000 16:21:57 -0400
Message-ID: <015401c01b64$c5039600$3a06cf87@research.att.com>
To: "Chris Klassen" <cklassen@KlassenEnterprises.com>, <www-p3p-public-comments@w3.org>

Thank you for your comments on the May 10 P3P working draft.
Let me try to respond to them.

> - Throughout the document, requirements are frequently addressed to
> "services", the organizations supporting websites.  Most of these
> organizations could not understand the P3P specification in its current
> form.  The HTML specification relies on the user agent to protect the user
> from HTML problems.  P3P would improve if a similar approach were used in
> it.  If this is not possible, then a W3C recommendation addressed
> specifically to "services", in non-technical language is needed.

While it would be nice if there was a technical means to protect users
from negligent web sites, I'm really not sure how this could be done.
Certainly there are some things a sophisticated user agent could look for,
like set cookie requests from sites that claim not to use cookies. But there
is a limit to what technology can do for us here. So I think we have to rely
on web sites to make accurate statements. We expect that web sites will
use tools to help them create their P3P policies, which should help.
We also expect that they will use less technical documentation. The
working group has started to create such documentation, but more is 
needed. See for example http://www.w3.org/P3P/usep3p.html

> - Data typing in the schema is not only not needed but might in fact create
> privacy issues.  A poorly built form designer might give up data to hidden
> (invisible) forms, or forms that violate their own P3P profiles.

We have removed typing, as will be reflected in our next public draft
(to be issued within the next two weeks hopefully).

> - P3P might benefit from a <CERTIFIERS> tag that allows organizations to
> "vouch" for privacy profile conformance.  This should include a link to the
> organization, a link to their personal "seal" graphic, a short statement on
> what they are "vouching" and possibly a digital signature.  Watchdog
> organizations like TRUSTe could use this mechanism when validating profile
> compliance, and user agents could render this information if that is
> important to the user.  The current <DISPUTES> tag does not address the
> normal role of the watchdog group and implies a role not all such groups
> will be willing to accept.

We believe the DISPUTES element adequately addresses this. For a vouching
organization to be useful, there must be some way for the consumer to contact
them and get them to take some action should a violation occur. We have
not found an example of an organization who might play this role and for which
DISPUTES would not be appropriate.

> - Similarly, P3P appears to contain no syntax that allows a site to "vouch"
> for the privacy practices of its agents.  This might be a useful concept,
> with several "degrees" of vouching.  Certainly it would be useful to have
> links to agents' P3P profiles.  This would allow watchdog applications to
> "crawl" the net, looking for contradictions.

Agents are obligated to treat data under the same policy as the principle,
so they do not need separate policies.

> - It is vital that P3P NOT include confirmations or "user acceptance".  It
> is extremely likely that P3P user agents will present users with information
> overload and users will often respond by click-through and not read the
> information.  Accepting and denying such challenges gives up certain privacy
> information.  A group that profiles acceptances and denials over a large
> number of sites can determine the "privacy sensitivity" of an individual and
> even determine that the deciding factor is, for example, race, religious,
> etc.  Also, the minimum information given to any site when accepting a
> challenge may well allow that site to establish identity.  This opens the
> door for auditing all of a user's Internet usage which would harm privacy
> tremendously.

Version 1 will not have any sort of "user acceptance" ability. This is a possibility
that will be considered for version 2, but will, of course, be open to discussion.


Lorrie Cranor
P3P Specification Working Group Chair
Received on Sunday, 10 September 2000 16:25:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:57:28 UTC