Monograph opposing P3P

Benjamin Wright, an attorney specializing in e-commerce issues, submitted
a message to RISKS Digest 21.82, ftp://ftp.sri.com/risks/risks-21.82,
reading in part:

> Privacy filters in Microsoft's new Internet Explorer 6 pose for Web
> administrators an unexpected legal predicament.
>
> The filters force administrators to post new privacy policies for their Web
> sites, coded in a technical language called P3P.   The filters punish
> administrators who fail to publish properly coded P3P privacy policies by
> blocking or impeding their cookies.
>
> The P3P coding language raises, for any corporation, government agency or
> other institution that uses it, a lawsuit danger.  A privacy policy written
> in it exposes the organization to liability, with little or no escape.
>
> A privacy policy, even one written in computer codes, can be legally
> enforceable like a contract.  In lawsuits filed in 1999, plaintiffs forced
> US Bancorp to pay $7.5 million for misstatements in a privacy policy posted
> on its Web site.

He directs readers to his web site, http://www.disavowp3p.com, which
advises site administrators to include a dummy P3P code which disavows all
privacy protections promised by other codes.  The site includes a link to
a page where you can buy his $49.95 monograph on the topic.

Is this a legitimate concern, or is he just trying to make money by
scaring people?  What would be the impact on P3P if disavowal codes come
into common use?  Thanks for your attention -

Hal Finney
hal@finney.org

Received on Thursday, 20 December 2001 14:25:28 UTC