6.805/STS085 Class for May 10

Massachusetts Institute of Technology
6.805/6.806/STS085 Ethics and Law on the Electronic Frontier
Spring Semester, 2001
May 10

Group presentation: User empowerment tools built on P3P

Draft paper from all teams due today

Each team today should turn in a draft paper, as described on the term paper and progress report schedule page.

Papers should be submitted to Hal by email. They are due before midnight. This is a hard deadline.

Topic for today

Privacy is becoming a key issue in the US and abroad. With increasing movement of offline world activities into the online world, consumers are becoming especially concerned. The possibility of data capture and synthesis online is much greater than offline. Thus, the possibility that personal data may be interpreted incorrectly or fall into the wrong hands has become magnified. Further, consumers are often not aware of online data collection practices, adding to their privacy frustration.

The Platform for Privacy Preferences (P3P) is a new specification from the World Wide Web Consortium. It is a protocol designed to standardize how web site privacy policies and user privacy preferences are compared. The intent is for web sites to express their data collection practices in a machine-readable format which user agents can interpret to help users make informed choices about the site's practices. Today we will talk about some current privacy issues, the P3P Specification, evaluation of available P3P tools, and recommendations for improving P3P tools.

Read the following for a background on P3P:

Browse W3C's P3P page. If you are interested you can take a look at the P3P Specification (P3P 1.0 Candidate Recommendation) and the list of P3P-enabled sites.
Read the Executive Summary of the FTC's report on Privacy Online FTC's report on Privacy Online. Skim sections 1 and 2 to get a feel for the public policy issues.
Arguments for and against P3P: Jason Catlett's criticism of P3P Jason Catlett's criticism of P3P and Ann Cavoukian's rebuttal.
Read about the ruling in FTC v. Toysmart.com. Toysmart's privacy policy stated that customer information would never be given to third parties. However, when they filed for bankruptcy, they wanted to sell their customer list, in violation of their policy. The outcome of this case was that Toysmart was allowed to sell its customer list to an Internet company with a similar market, and the buyer would have to abide by Toysmart's privacy policy or obtain customers' consent to a new policy.
Take a look at Privacy Information Management System's Policy Wizard. This will give you a feel for what kind of information a P3P policy contains and show you one type of policy generator.

You might also want to browse the project resource page for this topic.

Send comments about this site to 6805-webmaster@zurich.ai.mit.edu.
Last modified: May 5 2001, 1:22 PM

Hal Abelson (hal@mit.edu)
Mike Fischer (mfischer@mit.edu)
Danny Weitzner (djweitzner@w3.org)
Joe Pato (pato@hpl.hp.com)
Joanne Straggas (joanne@mit.edu)