W3C home > Mailing lists > Public > www-p3p-public-comments@w3.org > November 2001

Re: Citing your work on P3P

From: Lorrie Cranor <lorrie@research.att.com>
Date: Sat, 24 Nov 2001 19:24:12 -0500
Message-ID: <00c901c17547$82de0240$3e06cf87@research.att.com>
To: "Ruchika Agrawal" <ruchika@Stanford.EDU>
Cc: <p3p-comments@w3.org>, "Barbara Simons" <simons@acm.org>, <www-p3p-public-comments@w3.org>
> As to your first point, I will be happy to post your email (below) on the
> website *with your permission* and readers can make their own judgments.

If you would like to quote my statement: "You did make a decision
as to what you considered to be the strongest arguments on each
side. This is in and of itself expressing a judgement." you may.

> Specifically regarding your point:
> > If you are intersted in presenting the strongest arguments on both
> > sides, I do suggest that you find an argument for both sides of each
> > issue. There are a number of issues where you have ommitted
> > arguments for one side or the other. For example, you don't have
> > any pro-P3P implications. But a number of P3P proponents have
> > written about positive implications of P3P -- for example
> > http://www.cdt.org/privacy/pet/p3pprivacy.shtml
> In fact, I have read CDT's "P3P and Privacy:  An Update for the Privacy
> Community", and I cite it in the Critiques section.  I read it several
> more times upon receiving this email.  I presume that you are specifically
> talking about the section "How P3P 1.0 Will Help Protect Privacy"?  If so,
> I fail to see how these are implications.  The preceding qualifier (right
> before the list numbered 1-4) states: ". . . P3P is just one stone in the
> foundation.  It needs to be used in concert with effective legislations,
> strategic policy and other privacy enhancing tools.  For example: . . . ".
> Am I missing something?  Or is there another section in CDT's paper that
> you were referring to?

Yes, I was referring to this section. This section spells out several
of implementing P3P. For example "Countries with data protection and privacy
laws and others seeking to police compliance with privacy standards could
find the automated ability to assess a businesses' privacy statement useful
in their broader oversight and compliance program." Why is this implication
less worthy of quoting than the EPIC/Junkbuster
assertion that "P3P will likely serve to delay other efforts to establish
privacy standards"?
These two quotes go very well together. One side says that P3P is
to data protection laws, while the other says that P3P will delay the
of data protection laws. And this is just one example. Each of the
paragraphs in
that section talks about another implication.

> Whether proponents or opponent, I have only "omitted" arguments when I
> could not find any.

OK, so I have pointed out to you where you can find implications.
I believe I already sent you comments on Fair Information Practices... or
you might want to combine your pages on FIP and OECD -- then
you can put pro and con side by side.

For your quesiton "Does P3P Address Privacy Policies or Standards in
I'm not really sure what you are asking or how the quote on the con side
actually addresses that question. But maybe the discussion section
of http://lorrie.cranor.org/pubs/hk.pdf gets at what you are looking

As for "better alternatives" I recommend quoting
http://lorrie.cranor.org/pubs/hk.pdf .. for example "Unline anonymity tools,
seek to prevent any transfer of personally-identifying information, the
P3P effort assumes that there are some situations where
users desire to reveal personal information. Thus
the P3P activity seeks to enable the development of tools for
making informed decisions baout when personal information
should be revealed."

Received on Saturday, 24 November 2001 19:24:41 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:43:00 UTC