FTC: Consumer Privacy Comments Concerning The W3C World Wide Web Consortium--P954807
W3C WORLD WIDE WEB
Secretary, Federal Trade Commission, Room H-159,
Consumer Privacy 1997 -- Request to Participate, P954807
Dear Sir or Madam:
You will find 6 copies of the slides presented before the FTC on June 11, 1997 by Tim Berners-Lee, Director of the W3C. Also included are six copies of a "script" or narrative that describes the demonstration of the P3 prototype by Mr. Berners-Lee.
Joseph M. Reagle Jr.
Work: + 1.617.258.7621
MIT LCS 545 Technology Square, Cambridge, MA 02139 USA TEL: + 1.617.258.2613 Fax: + 1.617.258.5999 http://www.w3org/
Secretary, Federal Trade Commission, Room H-159,
P3 - Platform for Privacy Preferences
Architecture for a Global Medium
a global and neutral forum for Web technology development.
Special Assistance from AT&T, CDT, The DMA, IBM, Microsoft, and The Princeton Review.
Relation to IPWG
1. W3C defines technology for global use
2. IPWG develops vocabulary for privacy
3. IPWG builds community consensus on combined approach
4. W3C and IPWG marshal member resources for technical development
Based on existing Web architecture
1. Meta-data (PICS)
2. Negotiation (PEP)
3. Useable in many "media," including HTML, HTTP, cookies, push technology, etc.
P3 Prototype Presentation
[see the following Script of the Prototype Presentation]
An Architectural Approach
FTC Comment: Script of W3C P3 Prototype
0 Platform for Privacy Preferences
1 user is shown interface
GRAPHIC - The IPWG Draft Privacy Vocabulary
Here we see a prototype of what a user sees (a user interface) when configuring P3. It is actually generated from an underlying syntax and vocabulary from which the computer can automatically describe and read privacy policies. Having the computer be able to understand the privacy policies is crucial since the computer can then act on behalf of its user to seamlessly access sites which fall within the user's preferences, or notify the user if a sites practices do not meet their preferences.
Configuring all of these options may be time consuming to a beginning user. A number of steps can be taken to simplify the setting of preferences. Organizations can offer individuals "recommended" or "automated" settings that they feel represent advisable settings for a typical adult or child browsing the Web.
2 user is shown a Web page with recommended settings
GRAPHIC - IPWG Privacy Preference File Choices
To grab one of these settings, a user can go to a Web page that they feel is reputable and offers "recommended settings." Anyone, including organizations like browser developers, Internet service providers, trade organizations, governments, or privacy advocates can provide settings to users.
Users may also be able to download recommended settings for their children:
GRAPHIC - Privacy Preference Files for Children
Upon arriving at the site, the user browses for the most appropriate settings.
2.1 user examines the on line "recommended setting" descriptions
Seeing a description of interest, the user can click on the description and see a fuller explanation as well as the specific settings.
2.2 user examines the full descriptions
If the user finds a recommended setting they like, they download it to their computer for their own personal use.
2.3 user downloads the "ok to share with third parties" recommended setting to disk
3 user is shown profile editor interface, user selects IPWG and saves profile
Once the recommended setting is in place, the user can always change it or tune to it to his or her specific preferences as the become more experienced. Afterwards, the user is ready to browse the Web.
4 user sees a "P3 Demo Home" page with a link to the Princeton Review www.review.com
In this example, the user goes to a site that has privacy practices that fall within the scope of their preferences. For most of this page this may include the collection of clickstream data for system administration purposes.
4.1 user navigates two links on the site (top go to college banner).
Nothing out of the ordinary occurs! This is because there was a direct match between the user's preferences and the site's practices, hence we had a direct match and seamless interaction.
4.2 when the user hits the last go to college button, she is shown the redirect for consent page
In this case, the site is asking for more information than the user allows for. Hence we have a
"mediated interaction." The site can choose to not admit the user since it cannot comply with
her preferences, it may inform the user of its practices and ask the user to consent to them, or
it may be willing to be responsive to the user's specific preferences. The option to turn this capability to "over-ride" or "consent" may disable for child profiles.
4.3 clicks consent page, and we can see that information is solicited by a form.
5 return to user interface
This demonstration has been a very simple display of how the Platform for Privacy Preferences may be realized. It is important to note that users have a great deal of control and choice in which practices are accepted. And that sites can offer multiple practices depending on what service the user wants. For instance, a customized news service requires the collection of more information than a simple Web page. Also, client technologies (like browsers) are developing to allow family members to set up their own preferences and that parents could set password-protected preferences for their children.
In this demonstration we do not fully represent the benefits trusted third parties can play in the P3 scheme. They can offer recommended privacy settings, their own opinion of a site's practices, or auditing services and icon programs to increase the confidence users place in P3 assertions. Privacy assertions made using P3 are only a piece of the puzzle but an important one. P3 is a platform on which other technologies can interoperate and a bridge to social and market concerns about user privacy on the Web. P3 is a platform on which technical, market and social solutions for protecting privacy on the World Wide Web can be built.