P3P Comments from Chris Klassen on 2000-09-24 (www-p3p-public-comments@w3.org from September 2000)

From: Chris Klassen <cklassen@KlassenEnterprises.com>
Date: Sun, 24 Sep 2000 11:22:14 -0700
To: <www-p3p-public-comments@w3.org>
Message-ID: <001401c02654$5d0e71f0$47eb0b18@c518500-a.stcla1.sfba.home.com>

Please accept the following comments on the P3P proposal.  These apply to
the May 2000 version:

- Throughout the document, requirements are frequently addressed to
“services”, the organizations supporting websites.  Most of these
organizations could not understand the P3P specification in its current
form.  The HTML specification relies on the user agent to protect the user
from HTML problems.  P3P would improve if a similar approach were used in
it.  If this is not possible, then a W3C recommendation addressed
specifically to “services”, in non-technical language is needed.

- Data typing in the schema is not only not needed but might in fact create
privacy issues.  A poorly built form designer might give up data to hidden
(invisible) forms, or forms that violate their own P3P profiles.

- P3P might benefit from a <CERTIFIERS> tag that allows organizations to
“vouch” for privacy profile conformance.  This should include a link to the
organization, a link to their personal “seal” graphic, a short statement on
what they are “vouching” and possibly a digital signature.  Watchdog
organizations like TRUSTe could use this mechanism when validating profile
compliance, and user agents could render this information if that is
important to the user.  The current <DISPUTES> tag does not address the
normal role of the watchdog group and implies a role not all such groups
will be willing to accept.

- Similarly, P3P appears to contain no syntax that allows a site to “vouch”
for the privacy practices of its agents.  This might be a useful concept,
with several “degrees” of vouching.  Certainly it would be useful to have
links to agents’ P3P profiles.  This would allow watchdog applications to
“crawl” the net, looking for contradictions.

- It is vital that P3P NOT include confirmations or “user acceptance”.  It
is extremely likely that P3P user agents will present users with information
overload and users will often respond by click-through and not read the
information.  Accepting and denying such challenges gives up certain privacy
information.  A group that profiles acceptances and denials over a large
number of sites can determine the “privacy sensitivity” of an individual and
even determine that the deciding factor is, for example, race, religious,
etc.  Also, the minimum information given to any site when accepting a
challenge may well allow that site to establish identity.  This opens the
door for auditing all of a user’s Internet usage which would harm privacy
tremendously.

Received on Sunday, 10 September 2000 13:58:56 UTC