W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > October 2001

Re: Citing your work on P3P

From: Lorrie Cranor <lorrie@research.att.com>
Date: Wed, 31 Oct 2001 12:22:28 -0500
Message-ID: <01a201c16230$a669fa40$3e06cf87@research.att.com>
To: "Ruchika Agrawal" <ruchika@Stanford.EDU>, <p3p-comments@w3.org>
Cc: "Barbara Simons" <simons@acm.org>, <www-p3p-public-comments@w3.org>
Ruchika,

Thank you for giving us an opportunity to review
your web site at
http://www.stanford.edu/~ruchika/P3P/.
While we appreciate your efforts
at presenting an objective overview by quoting
others, the quotes you have selected are not
necessarily representative (indeed, presenting
an objective picture through any selection of
opinionated quotes is probably an impossible task...
you might consider choosing a word other than objective
to describe what you are doing). In addition, some of
the quotes go beyond the level of opinion and
make statements that are factually incorrect.
We have provided some specific examples of
the inaccuracies we've found below, and
are also attaching a list of false and misleading
statements from the Junkbuster and
EPIC et al paper that you cite. Good luck with
your research project and do let us know if we
can be of further assistance.

Regards,

Lorrie Cranor
P3P Specification Working Group Chair



On the proponents side of the What is P3P page, the
excerpt from Roger Clarke is from a 1998
paper that is now out of date. In particular,
P3P no longer involves the concept of negotiated
agreement (this was removed in 1999). This is no
longer an accurate statement of what P3P is.

On the opponents side, there are a number
of statements that are factually incorrect.
We don't expect to agree with all of the opinions
expressed on the opponents side, but we
really don't think its a good idea for you to
repeat false statements made by P3P
opponents.

On the Understanding Privacy Page, we don't
think its fair to characterize the comments as
those of proponents and opponents of P3P.
Among both groups there are a wide variety
of opinions on these issues. Those that you
chose to include here are not necessarily
representative of either group and indeed there
are probably members of both groups who
would agree with both sets of statements.

The EPIC paper comments on the EU:
"The European Union, which does have baseline,
legally enforceable privacy rights in the form of the EU Data Directive, has
explicitly rejected P3P as part of its privacy protection framework." are
also false. Please read the
rest of the document that is being cited here and decide for yourself
whether you think it constitutes a complete rejection of P3P
http://www.epic.org/privacy/internet/ec-p3p.html.  Also, this document was
from several years ago. Many of the concerns expressed in the document
have since been addressed.

In the critiques section, more false statements; "There is no user base and
no user demand"

"Concerned users will configure their P3P user agents to reflect high
privacy protections. However, when these users attempt to access the
majority of commercial web sites, endless pop-up windows warning them that a
site wishes to go beyond their specified privacy preferences will result. "
(This assumes that P3P user agents will use
pop-up windows to inform users. This is not the case with most
P3P user agents.)




Received on Wednesday, 31 October 2001 12:23:02 GMT

This archive was generated by hypermail 2.2.0+W3C-0.1 : Tuesday, 21 September 2004 12:14:17 GMT