Privacy is the right of individuals to determine for themselves when, how, and to what extent information about them is communicated to others. This is an issue that becomes more and more important to web sites as awareness in the public is increasing. Web sites selling their addresses, telephone numbers or buying preferences to others often irritate the users. To support privacy of consumer data is especially important for portals, as they have to collect user data to provide personalization and targeted advertisements.
Companies that run web sites that gather user data need to define a privacy policy, publish this privacy policy, adhere to this privacy policy and notify consumers of any changes, and get their approval to policy changes.
Many web sites already have defined privacy policies and published them. Users can review these privacy policies and decide whether or not they want to provide data to a web site under its particular policy. As of today, this is mostly a manual process, where the consumer must read through a document that describes a web site’s privacy policy in natural language. The Platform for Privacy Preferences (P3P, see [1], [2]) will enable partial automation of the decision whether a privacy policy is acceptable to a user or not.
"The Platform for Privacy Preferences Project (P3P) enables web sites to express their privacy practices in a standardized format that can be retrieved and interpreted automatically by user agents. P3P user agents will be able to inform users of site practices and to automate decision-making based on these practices and the user’s privacy preferences. Thus, users will no longer need to read the entire privacy policies of web sites they visit. Instead, the user agent will by able to match site privacy practices and user privacy preferences and to notify the user if there is a mismatch, presenting the relevant part of the web site’s privacy practices. Only if a mismatch occurs, the user will need to read the part of the web site’s privacy practice that conflicts with his preferences and have to decide whether he wants to opt in or opt out." (From http://www.w3.org/TR/P3P/ ).
"The P3P1.0 specification defines the syntax and semantics of P3P privacy policies, and the mechanisms for associating policies with Web resources. P3P policies consist of statements made using the P3P vocabulary for expressing privacy practices. P3P policies also reference elements of the P3P base data schema -- a standard set of data elements that all P3P user agents should be aware of. The P3P specification includes a mechanism for defining new data elements and data sets, and a simple mechanism that allows for extensions to the P3P vocabulary." (From http://www.w3.org/TR/P3P/)
"The goal of P3P version 1.0 is twofold. First, it allows Web sites to present their data-collection practices in a standardized, machine-readable, easy-to-locate manner. Second, it enables Web users to understand what data will be collected by sites they visit, how that data will be used, and what data/uses they may "opt-out" of or "opt-in" to." (From http://www.w3.org/TR/P3P/)
IBM is supports P3P by contributing to the specification and conformant implementations. IBM supports its customers in applying privacy protection by offering consulting and tools.
Special Considerations with Mobile Computing
With the current web access through HTML browsers, the only information that is transferred from the user to the web site or service is data that the user entered plus a few data describing the user's computing environment (Browser name and version, operating system name and version, IP address, etc.).
In addition to the fine-grained control of what information the user chooses to reveal on what page, the user can set up the browser in a mode that informs about any data transfer flowing back to the server. This way the user can make sure that no data is passed back without consent.
With location information, two new qualities arise:
This might create additional concerns of the users, because they can not enforce or technically control the system in a way that definitely no information is passed back. And for reasons of law enforcement for example, together with special authorization, this information might be rightfully used independently of any user preferences.
Nevertheless, for the everyday commercial use the user will likely expect a configuration choice that
The fine-grained selection of what applications are allowed to access location and caller identification information can be done is several ways:
The simplest way of fine-grained selection is to prompt the user on the first request for location information from one application, if location information should be passed on ("The site www.com requests information about your current position. Do you agree that your position may be revealed to this application? [Yes/No]"). On subsequent requests from the same application and within the same session, the prompt is bypassed.
Question: Is it possible to find a filter or pattern matching to determine the "same application" as an application that has the same URL with respect to the high-level part? Is it possible to use the term "application" as something that can automatically be determined and compared, or should we use the term "destination"?
A better way of selection can offer following choices to the user:
Contact Author
Frank Seliger, Security
Architect Pervasive Computing Division, IBM
Seliger@de.ibm.com
Co-Authors
Tom Covalla, Martin Presler-Marshall, Joseph Rusnak, Thomas Schaeck and Mark Vandenwauver.
References
[1] The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, W3C, 2000
[2] General Overview of the P3P Architecture, W3C, 1997