AW: Disavowing Legal Liability

> I fear that the P3P protocol is too dangerous and incomplete for

First of all, the P3P as such is neither "dangerous" nor a protocol at the
current stage. It is an extension to the widely adopted HTT Protocol. If you
think HTTP or TCP/IP is dangerous then help working on the next generation
of those protocols.
I agree that Compact Policies are too short to reflect all aspects of a full
P3P policy. So if you are worried about Compact Policies, use full policies
instead. Correct me if I'm wrong, but to my knowledge IE6 would recognize
that there is a P3P policy in effect for the URI when it finds a P3P header
and would apply some of the rules that should apply to sites WITH a privacy
policy. Only the specific settings (identifiable information vs.
non-identifiable information) can't be taken into account when using this
approach. I came upon this in the Beta when I did not yet have a Compact
Policy. Maybe this has been changed in the release version.

> Comments welcome.

Your DSA token is the worst thing that has been posted to this list. It is
technically wrong according to the Spec and morally in violation of privacy
rights worldwide. If the United States is such a free country then why are
you trying to prevent users from making a free decision about what
information to pass on to someone else. Wasn't it the freedom and democracy
of our nations that has been touched just last week and which in turn has
been condemned by so many people around the globe?

Neither Microsoft nor W3C forces anyone to write P3P policies. If one does
write any because he/she is an honest person, then this way or that way he
is subject to legal liability. You do not seem to be honest. You are
proposing openly to make false statements about one's privacy policies in
order to bypass the intended behavior of a P3P-compliant user agent, and you
are trying to justify this with talk of legal liability. If you were truly
concerned about legal liability, you would warn webmasters not to create P3P
policy files or headers instead of making them issue false statements for
which they will be liable! (Another indication for your true motives is your
disability of giving answers to my previous reply.)

And to answer your other post: You yourself are getting into a catch: By
creating P3P files/headers you are following the rules of the Specification
you don't want to have control over you. So if you do want the Specification
not to have control over you or another corporation then SIMPLY DON'T
IMPLEMENT IT! This is the only way to deny the Specification's legitimacy.

Do you think a person that accepts the technical rules of HTTP or FTP is a
fool because it transports data for which he/she can be liable?

Have you ever thought of IE6's behavior not being the end result of P3P but
only the beginning of a process towards more rights for users? P3P is not
only about cookies as in IE. Other user agents might not even disclose their
names.
And compare IE6's behavior to that of a) the first Internet browsers
(text-based, no cookies at all) and of b) almost every browser on the
market: There is no guarantee that cookies are sent. Cookies are not Part of
the HTML Specification. All Internet browsers I have used gave me the
opportunity of either blocking all cookies or letting me decide whether to
accept the cookie or not. So from this point of view IE6's behavior is not
that revolutionary at all, again not forcing you into any *additional* legal
liability. As a webmaster one always has to keep in mind that some user
agents won't understand Cookie-related HTTP extensions or simply won't do
what one would expect them to do - in this case saving the Cookie and
sending it the next time. Therefore, anyone who does rely in any way on a
particular non-standard feature of a networking protocol is a fool. I am
sure that HTTP experts would agree with me on this.


Andreas

Received on Thursday, 20 September 2001 12:19:45 UTC