- From: Lorrie Cranor <lorrie@research.att.com>
- Date: Wed, 31 Oct 2001 12:22:28 -0500
- To: "Ruchika Agrawal" <ruchika@Stanford.EDU>, <p3p-comments@w3.org>
- Cc: "Barbara Simons" <simons@acm.org>, <www-p3p-public-comments@w3.org>
- Message-ID: <01a201c16230$a669fa40$3e06cf87@research.att.com>
Ruchika, Thank you for giving us an opportunity to review your web site at http://www.stanford.edu/~ruchika/P3P/. While we appreciate your efforts at presenting an objective overview by quoting others, the quotes you have selected are not necessarily representative (indeed, presenting an objective picture through any selection of opinionated quotes is probably an impossible task... you might consider choosing a word other than objective to describe what you are doing). In addition, some of the quotes go beyond the level of opinion and make statements that are factually incorrect. We have provided some specific examples of the inaccuracies we've found below, and are also attaching a list of false and misleading statements from the Junkbuster and EPIC et al paper that you cite. Good luck with your research project and do let us know if we can be of further assistance. Regards, Lorrie Cranor P3P Specification Working Group Chair On the proponents side of the What is P3P page, the excerpt from Roger Clarke is from a 1998 paper that is now out of date. In particular, P3P no longer involves the concept of negotiated agreement (this was removed in 1999). This is no longer an accurate statement of what P3P is. On the opponents side, there are a number of statements that are factually incorrect. We don't expect to agree with all of the opinions expressed on the opponents side, but we really don't think its a good idea for you to repeat false statements made by P3P opponents. On the Understanding Privacy Page, we don't think its fair to characterize the comments as those of proponents and opponents of P3P. Among both groups there are a wide variety of opinions on these issues. Those that you chose to include here are not necessarily representative of either group and indeed there are probably members of both groups who would agree with both sets of statements. The EPIC paper comments on the EU: "The European Union, which does have baseline, legally enforceable privacy rights in the form of the EU Data Directive, has explicitly rejected P3P as part of its privacy protection framework." are also false. Please read the rest of the document that is being cited here and decide for yourself whether you think it constitutes a complete rejection of P3P http://www.epic.org/privacy/internet/ec-p3p.html. Also, this document was from several years ago. Many of the concerns expressed in the document have since been addressed. In the critiques section, more false statements; "There is no user base and no user demand" "Concerned users will configure their P3P user agents to reflect high privacy protections. However, when these users attempt to access the majority of commercial web sites, endless pop-up windows warning them that a site wishes to go beyond their specified privacy preferences will result. " (This assumes that P3P user agents will use pop-up windows to inform users. This is not the case with most P3P user agents.)
Attachments
- text/html attachment: facts.htm
Received on Wednesday, 31 October 2001 12:23:02 UTC