ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Companies demo products based on privacy standards

Network World Fusion

June 20, 2000
Web posted at: 8:38 a.m. EDT (1238 GMT)

(IDG) -- The World Wide Web Consortium this week is hosting a coming-out party for technology that will serve as the basic infrastructure for addressing privacy issues on the Web.

The Platform for Privacy Preferences Project (P3P) specifies a way for Web sites to communicate their privacy policies to end users and for end users to make informed choices about the personal information they reveal while surfing the Web.

Under development for two years, P3P will be demonstrated publicly for the first time at an event in New York on Wednesday. Among the companies expected to announce support for P3P at the event are IBM, AT&T, Microsoft and America Online.


The event will feature live tests of P3P and is one of the final hurdles before the specification earns the Web consortium's approval as an industry standard. Ten companies will demonstrate P3P-compliant offerings, including Web browser plug-ins, Web sites and privacy policy generators.

  10 awesome security utilities
  Three necessary principles behind privacy laws
  Should you encode your e-mail?
  Rewriting the Fourth Amendment
  Reviews & in-depth info at
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for network experts
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

"This interoperability event is a critical part of the development of this standard," says Daniel Weitzner, head of the World Wide Web Consortium's (W3C) Technology and Society group, which oversees P3P development. "We've done the bulk of the design work. Now we're looking for feedback from real developers about how it works."

If tests are successful, P3P advocates hope the specification will be standardized by the fall so it can be deployed before the holiday shopping season.

"We hope this event moves P3P along," says Ari Schwartz, a policy analyst with the Center for Democracy and Technology. "P3P is gaining a lot of momentum because people are seeing that it answers a lot of the [concerns about Web site visitor notification]. . . . P3P is the only answer available now, and it's something that makes sense."

P3P is a specification that lets Web sites express their privacy policies in XML - a simple, standardized machine-readable format that can be downloaded automatically and read by compatible Web browsers. An end user would configure a P3P-compliant browser to understand what personal information he is willing to disclose to a Web site and how that information can be used. As the end user surfs the Web, his browser would automatically compare his privacy preferences to a Web site's policy and tell him whether or not the site meets his criteria.

However, P3P doesn't ensure that a Web site follows the practices outlined in its privacy policy, nor does it replace privacy legislation or self-regulation, although it can work with either. "P3P is the first consumer privacy standard that gives individuals more choices. That's what we really think is promising about it," Schwartz says. "For Web publishers, P3P offers the ability to instill trust in their users."

Web sites without XML expertise on staff can use one of several automated tools to generate P3P-encoded versions of their existing English language privacy policies - a process that takes only a few hours. Once the policy is converted, making changes or translating it into another language is simple. Web sites also can use P3P to establish different privacy policies for various parts of their Web sites.

Among the companies that have rewritten their Web privacy policies in P3P for the interoperability event are Microsoft, AT&T, IBM and Proctor & Gamble.

"P3P is fairly easy for sites to deploy," says Lorrie Cranor, a senior technical staff member with AT&T Labs Research. "Sites can go ahead and deploy P3P right now based on the May 10 revisions [to the specification], and hopefully there will not be many changes."

P3P has a chicken-and-egg problem, advocates admit. The specification is only useful when it is widely deployed by Web sites and Web surfers. That's why this week's product demonstration is so important, they say.

Companies showing P3P-compliant products at the event include: Microsoft, which will demonstrate a plug-in for its Internet Explorer browser and a privacy policy generator. Both will be available as free downloads from The browser plug-in will likely be out in the fall, Microsoft says, and the generator later this summer.

IBM, which is showing automated tools already available as alpha code on its Web site that other Web sites can use to create P3P policies. Engage, which will show a browser plug-in developed for Netscape's Mozilla browser., which will unveil a Web-based privacy seal-of-approval service that lets companies generate P3Pcompliant privacy policies and carry a privacy trust mark on their Web site for $50 per year.

"These serious companies putting out P3P products definitely says to me that [P3P] is real," AT&T's Cranor says.

The P3P event comes when the Federal Trade Commission and Congress are debating a growing number of issues related to privacy on the Web. At a recent hearing, Sen. John McCain (R-Ariz.) singled out Yahoo as having a privacy policy that is difficult for users to understand. Proponents say P3P solves this type of problem by making privacy policies more accessible to users.

"Policy makers are rethinking the role of government in regulating privacy on the Web and asking how technology tools can help," says W3C's Weitzner. "In that sense, the P3P timing has been very good."

Michigan charges Web sites with privacy violations
June 19, 2000
Three necessary principles behind privacy laws
June 7, 2000
Online records becoming too public, Clinton official suggests
June 5, 2000
How to fight privacy looters
May 31, 2000
Senate Democrats to introduce bill mandating Web privacy standards
May 24, 2000
Privacy fears prompt study, delay
May 22, 2000
Net privacy law costs a bundle
May 16, 2000
Rewriting the fourth amendment
May 12, 2000
More cops on the Net beat? Privacy groups say not so fast
April 10, 2000
Internet crime report irks privacy groups
March 13, 2000

Should you encode your e-mail?
(The Industry Standard)
A low-cost utility that hides your tracks
(PC World)
Three necessary principles behind privacy laws
(Network World Fusion)
Know your company's monitoring policy
(Network World Fusion)
Privacy advocates alarmed over radio 'sniffers'
10 awesome security utilities
(PC World)
Rewriting the Fourth Amendment
(The Industry Standard)
The future of online-privacy organizations

Project P3P Interopability Event Information Page
Online Privacy Alliance
Electronic Privacy Information Center

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.