- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Sat, 24 Nov 2001 19:24:12 -0500
- To: "Ruchika Agrawal" <ruchika@Stanford.EDU>
- Cc: <p3p-comments@w3.org>, "Barbara Simons" <simons@acm.org>, <www-p3p-public-comments@w3.org>
> As to your first point, I will be happy to post your email (below) on the > website *with your permission* and readers can make their own judgments. If you would like to quote my statement: "You did make a decision as to what you considered to be the strongest arguments on each side. This is in and of itself expressing a judgement." you may. > Specifically regarding your point: > > > If you are intersted in presenting the strongest arguments on both > > sides, I do suggest that you find an argument for both sides of each > > issue. There are a number of issues where you have ommitted > > arguments for one side or the other. For example, you don't have > > any pro-P3P implications. But a number of P3P proponents have > > written about positive implications of P3P -- for example > > http://www.cdt.org/privacy/pet/p3pprivacy.shtml > > In fact, I have read CDT's "P3P and Privacy: An Update for the Privacy > Community", and I cite it in the Critiques section. I read it several > more times upon receiving this email. I presume that you are specifically > talking about the section "How P3P 1.0 Will Help Protect Privacy"? If so, > I fail to see how these are implications. The preceding qualifier (right > before the list numbered 1-4) states: ". . . P3P is just one stone in the > foundation. It needs to be used in concert with effective legislations, > strategic policy and other privacy enhancing tools. For example: . . . ". > Am I missing something? Or is there another section in CDT's paper that > you were referring to? Yes, I was referring to this section. This section spells out several implications of implementing P3P. For example "Countries with data protection and privacy laws and others seeking to police compliance with privacy standards could find the automated ability to assess a businesses' privacy statement useful in their broader oversight and compliance program." Why is this implication less worthy of quoting than the EPIC/Junkbuster assertion that "P3P will likely serve to delay other efforts to establish privacy standards"? These two quotes go very well together. One side says that P3P is complementary to data protection laws, while the other says that P3P will delay the enactment of data protection laws. And this is just one example. Each of the paragraphs in that section talks about another implication. > Whether proponents or opponent, I have only "omitted" arguments when I > could not find any. OK, so I have pointed out to you where you can find implications. I believe I already sent you comments on Fair Information Practices... or you might want to combine your pages on FIP and OECD -- then you can put pro and con side by side. For your quesiton "Does P3P Address Privacy Policies or Standards in General?" I'm not really sure what you are asking or how the quote on the con side actually addresses that question. But maybe the discussion section of http://lorrie.cranor.org/pubs/hk.pdf gets at what you are looking for. As for "better alternatives" I recommend quoting http://lorrie.cranor.org/pubs/hk.pdf .. for example "Unline anonymity tools, which seek to prevent any transfer of personally-identifying information, the P3P effort assumes that there are some situations where users desire to reveal personal information. Thus the P3P activity seeks to enable the development of tools for making informed decisions baout when personal information should be revealed." Lorrie
Received on Saturday, 24 November 2001 19:24:41 UTC