- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Mon, 12 Nov 2001 14:35:32 -0500
- To: "Ruchika Agrawal" <ruchika@Stanford.EDU>
- Cc: <p3p-comments@w3.org>, "Barbara Simons" <simons@acm.org>, <www-p3p-public-comments@w3.org>
Ruchika, Thank you for considering our comments. > First, I intend to keep the title, "P3P - An Objective Overview". Since I > am not expressing any of my personal opinions, I do consider it to be > objective. I have spent four months dissecting P3P issues, and I searched > for the strongest arguments from both proponents and opponents with > respect to these issues. I express no judgment on these arguments; I > simply present them. My goal has been to be as objective as possible > during this entire time. So, with all due respect, I intend to keep the > original title. You did make a decision as to what you considered to be the strongest arguments on each side. This is in and of itself expressing a judgement. There were some arguments that you decided were not worth including, while you selected other arguments that I suggested to you were not appropriate for one reason or another. But that said, your choice of title is between you and your advisor. If you are intersted in presenting the strongest arguments on both sides, I do suggest that you find an argument for both sides of each issue. There are a number of issues where you have ommitted arguments for one side or the other. For example, you don't have any pro-P3P implications. But a number of P3P proponents have written about positive implications of P3P -- for example http://www.cdt.org/privacy/pet/p3pprivacy.shtml > Finally, I have been wracking my brain out trying to figure out the > "right" way to address your other points. I have also been searching EPIC > and Junkbuster's websites to see if they agreed with any of your claims > about their statements and did not find anything. So, to be as accurate, > fair and objective as possible, I hope to post your reply on the website > (with your permission of course), but only if EPIC and Junkbusters are > given a fair chance to address the issues you have raised with their > statements, in which case I would post their reply as well. > > With your permission, I would like to forward your email to EPIC and > Junkbuster's (I will CC you as well) to give them a chance to address the > issues you have raised. If you are uncomfortable with me forwarding this > particular email, would you terribly mind sending me a version that I can > forward? You may post our reply on your web site and forward it to EPIC and Junkbusters for comment. And that if they do comment I hope you will give us the opportunity to continue the dialogue with them and post both sides of the debate. Lorrie > On Wed, 31 Oct 2001, Lorrie Cranor wrote: > > > Ruchika, > > > > Thank you for giving us an opportunity to review > > your web site at > > http://www.stanford.edu/~ruchika/P3P/. > > While we appreciate your efforts > > at presenting an objective overview by quoting > > others, the quotes you have selected are not > > necessarily representative (indeed, presenting > > an objective picture through any selection of > > opinionated quotes is probably an impossible task... > > you might consider choosing a word other than objective > > to describe what you are doing). In addition, some of > > the quotes go beyond the level of opinion and > > make statements that are factually incorrect. > > We have provided some specific examples of > > the inaccuracies we've found below, and > > are also attaching a list of false and misleading > > statements from the Junkbuster and > > EPIC et al paper that you cite. Good luck with > > your research project and do let us know if we > > can be of further assistance. > > > > Regards, > > > > Lorrie Cranor > > P3P Specification Working Group Chair > > > > > > > > On the proponents side of the What is P3P page, the > > excerpt from Roger Clarke is from a 1998 > > paper that is now out of date. In particular, > > P3P no longer involves the concept of negotiated > > agreement (this was removed in 1999). This is no > > longer an accurate statement of what P3P is. > > > > On the opponents side, there are a number > > of statements that are factually incorrect. > > We don't expect to agree with all of the opinions > > expressed on the opponents side, but we > > really don't think its a good idea for you to > > repeat false statements made by P3P > > opponents. > > > > On the Understanding Privacy Page, we don't > > think its fair to characterize the comments as > > those of proponents and opponents of P3P. > > Among both groups there are a wide variety > > of opinions on these issues. Those that you > > chose to include here are not necessarily > > representative of either group and indeed there > > are probably members of both groups who > > would agree with both sets of statements. > > > > The EPIC paper comments on the EU: > > "The European Union, which does have baseline, > > legally enforceable privacy rights in the form of the EU Data Directive, has > > explicitly rejected P3P as part of its privacy protection framework." are > > also false. Please read the > > rest of the document that is being cited here and decide for yourself > > whether you think it constitutes a complete rejection of P3P > > http://www.epic.org/privacy/internet/ec-p3p.html. Also, this document was > > from several years ago. Many of the concerns expressed in the document > > have since been addressed. > > > > In the critiques section, more false statements; "There is no user base and > > no user demand" > > > > "Concerned users will configure their P3P user agents to reflect high > > privacy protections. However, when these users attempt to access the > > majority of commercial web sites, endless pop-up windows warning them that a > > site wishes to go beyond their specified privacy preferences will result. " > > (This assumes that P3P user agents will use > > pop-up windows to inform users. This is not the case with most > > P3P user agents.) > > > > > > > >
Received on Monday, 12 November 2001 14:37:42 UTC