Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

The idea of privacy software gained momentum during the summer of 1996, when the Federal Trade Commission held the first in series of hearings about online privacy. That winter, the CDT hosted a meeting of an ad hoc group it called the Internet Privacy Working Group. Invited guests included privacy activists as well as representatives from IBM, America Online and even the Direct Marketing Association. “They had a pretty diverse group,” says AT&T research scientist Lorrie Faith Cranor, who participated in several of the W3C working groups.

In the spring of 1997 this ad hoc group realized it “didn’t have enough expertise on the technical side,” says Cranor, so it asked W3C to take on the project. The W3C membership approved the idea in a nonbinding vote and Berners-Lee authorized the project. Roughly a year later, the group had created a draft recommendation called P3P, and companies such as Microsoft and Netscape were making formal commitments to implement the technology.

P3P, which stands for the Platform for Privacy Preferences Project, won’t by itself protect anybody’s privacy. That’s because the technology isn’t really designed to prevent Web sites from gathering information about a Web user, but rather to convey personal information explicitly from the Web user to the Web site-as long as the Web site promises to abide by certain privacy policies.

Here’s how P3P works. Each participating Web site publishes its privacy policy in machine-readable form. One Web site, for instance, might disclose that it records every page you look at, but uses the information only for research purposes. Another site might request your age and zip code so that it can present you with customized news reports. A third site may want to know your name, address and phone number, and sell this information to companies whose advertising subsidizes the site.

When your browser connects to a Web site, it looks at the privacy “proposal” the site provides, indicating which kind of personal information the site requests and what it intends to do with it. Your browser then looks at your preset privacy preferences. If there is a match-if you don’t mind your e-mail address being used for research purposes, for example-your browser can automatically provide the requested information. If in your view the site’s proposal constitutes a violation of privacy, however, the page won’t load and you’ll see a message on the screen explaining the mismatch.

So what happens, you ask, if a Web site lies about its privacy policy? Nothing. P3P lacks both auditing and enforcement measures. Its authors hope misrepresentations in privacy policies will be handled the same way fraudulent consumer advertising is dealt with: lawsuits and government enforcement. The system also has provisions for something like a “better business bureau” seal of approval; an organization’s privacy policy can be digitally signed by the secret key of another organization, and that signature can be digitally verified by consumers.

W3C director Berners-Lee acknowledges that this reliance on trust is a weakness in P3P: “I am concerned that we can make a beautiful protocol until we are blue in the face, but if it isn’t backed by legislation, there will be sites that simply don’t talk P3P. These sites may ask you for your mailing address and then may be abusing your privacy.”

Privacy advocates are split on the value of P3P. Some believe that while the technology isn’t perfect, it’s better than nothing. P3P can be used to create greater privacy than exists on the Web right now, says Ann Cavoukian, the privacy commissioner for Ontario who also participated in the P3P working group. “I support P3P and other technologies that will come along and empower the individual,” she adds.

Others, however, have sharply criticized P3P as being less a means to protect privacy and more a way for businesses to gather personal information from Web users. Marc Rotenberg, director of the Washington-based Electronic Privacy Information Center, says P3P in effect waives privacy rights that are unwaivable. Both U.S. and European privacy laws outlaw some kinds of privacy-violating transactions even if they are entered into voluntarily. For example, in the United States it is illegal for a video rental store to reveal the names of the movies that its customers rent. The video store may not say to its customers, “We will protect your privacy and charge you $5 per day, or you can give up your privacy and pay just $4 per day.” But that sort of deal could be both proposed and accepted using P3P.

“P3P reflects the Clinton administration’s enthusiasm with what are essentially notice-and consent’ techniques to resolve privacy issues,” says Rotenberg. Unfortunately, he says, this approach all too often becomes a take-it-or-leave-it dilemma for the consumer: accept that the business is going to violate your privacy, or go play somewhere else. “The emphasis in P3P is on negotiating the terms of privacy between a data subject and the data collector, but that really runs contrary to what privacy law and policy has always been about,” says Rotenberg. “P3P says that anything goes.”

If P3P is adopted, one critical question remains: What will be the default settings provided to users? Few computer users ever learn to change the preference settings on their software. Therefore, the way a Web browser equipped with P3P sets itself up by default is the way the majority of the Internet population will use it. “That’s where the public debate ought to be,” says Miller. “The marketing industry would want the defaults on the client to be set so that everything is preapproved; privacy advocates are going to say that the appropriate setting is that nothing is preapproved. My take is the W3C should not be involved in making that decision. That is a public policy debate.”

There might not be much of a debate, however. That’s because companies like Microsoft and Netscape, which both create Web browsers and run massive Web sites, are likely to establish their own settings-regardless of what the W3C recommends. This spring, for instance, Microsoft bought a company called Firefly, which had contributed heavily to the P3P standard. Since then, Firefly has become Microsoft’s “Privacy Czar,” says Thomas Reardon, Microsoft’s program manager for Internet architecture. Firefly is “the core of our entire [privacy] strategy,” Reardon says, guiding the software giant’s decisions about the commercial value of personal information collected from customers as well as “what is the right thing morally.” W3C’s influence is strong, but it only goes so far.

0 comments about this story. Start the discussion »

Tagged: Web

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me