Privacy Week 5 - February 13, 15 1

advertisement
Privacy
Week 5 - February 13, 15
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
1
Privacy laws
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
2
Terminology
 Data subject
• The person whose data is collected
 Data controller
• The entity responsible for collected data
 Primary use of personal information (primary
purpose)
• Using information for the purposes intended by the
data subjects when they provided the information
 Secondary use of personal information
(secondary purpose)
• Using information for purposes that go beyond the
primary purpose
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
3
OECD fair information principles
http://www.datenschutzberlin.de/gesetze/internat/ben.htm
 Collection limitation
 Data quality
 Purpose specification
 Use limitation
 Security safeguards
 Openness
 Individual participation
 Accountability
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
4
US FTC simplified principles
 Notice and disclosure
 Choice and consent
 Data security
 Data quality and access
 Recourse and remedies
US Federal Trade Commission, Privacy Online: A Report to
Congress (June 1998),
http://www.ftc.gov/reports/privacy3/
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
5
Laws and regulations
 Privacy laws and regulations vary widely throughout the
world
 US has mostly sector-specific laws, with relatively minimal
protections
• Federal Trade Commission has jurisdiction over fraud and
deceptive practices
• Federal Communications Commission regulates
telecommunications
 European Data Protection Directive requires all European
Union countries to adopt similar comprehensive privacy
laws
• Privacy commissions in each country (some countries have
national and state commissions)
• Many European companies non-compliant with privacy laws (2002
study found majority of UK web sites non-compliant)
• Safe Harbor allows US companies to self-certify compliance
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
6
US law basics
Constitutional law governs the rights of
individuals with respect to the government
Tort law governs disputes between private
individuals or other private entities
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
7
US Constitution
 No explicit privacy right, but a zone of privacy recognized in its
penumbras, including
•
•
•
•
•
1st amendment (right of association)
3rd amendment (prohibits quartering of soldiers in homes)
4th amendment (prohibits unreasonable search and seizure)
5th amendment (no self-incrimination)
9th amendment (all other rights retained by the people)
 Penumbra: “fringe at the edge of a
deep shadow create by an object
standing in the light”
(Smith 2000, p. 258, citing Justice William O. Douglas in Griswold v. Connecticut)
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
8
Federal statutes and state laws
 Federal statutes
• Tend to be narrowly focused
 State law
• State constitutions may recognize explicit right to
privacy (Georgia, Hawaii)
• State statutes and common (tort) law
• Local laws and regulations (for example: ordinances
on soliciting anonymously)
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
9
Four aspects of privacy tort
 You can sue for damages for the following torts
(Smith 2000, p. 232-233)
• Disclosure of truly intimate facts
 May be truthful
 Disclosure must be widespread, and offensive or objectionable to a
person of ordinary sensibilities
 Must not be newsworthy or legitimate public interest
• False light
 Personal information or picture published out of context
• Misappropriation (or right of publicity)
 Commercial use of name or face without permission
• Intrusion into a person’s solitude
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
10
Some US privacy laws
 Bank Secrecy Act, 1970
 Fair Credit Reporting Act, 1971
 Privacy Act, 1974
 Right to Financial Privacy Act, 1978
 Cable TV Privacy Act, 1984
 Video Privacy Protection Act, 1988
 Family Educational Right to Privacy Act, 1993
 Electronic Communications Privacy Act, 1994
 Freedom of Information Act, 1966, 1991, 1996
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
11
US law – recent additions
 HIPAA (Health Insurance Portability and
Accountability Act, 1996)
• When implemented, will protect medical records and
other individually identifiable health information
 COPPA (Children‘s Online Privacy Protection Act,
1998)
• Web sites that target children must obtain parental
consent before collecting personal information from
children under the age of 13
 GLB (Gramm-Leach-Bliley-Act, 1999)
• Requires privacy policy disclosure and opt-out
mechanisms from financial service institutions
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
12
Safe harbor
 Membership
• US companies self-certify adherence to requirements
• Dept. of Commerce maintains signatory list
http://www.export.gov/safeharbor/
• Signatories must provide
 notice of data collected, purposes, and recipients
 choice of opt-out of 3rd-party transfers, opt-in for sensitive
data
 access rights to delete or edit inaccurate information
 security for storage of collected data
 enforcement mechanisms for individual complaints
 Approved July 26, 2000 by EU
• reserves right to renegotiate if remedies for EU citizens
prove to be inadequate
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
13
Privacy policies
Policies let consumers know about site’s
privacy practices
Consumers can decide whether practices
are acceptable, when to opt-out
Presence increases consumer trust
Make companies subject to FTC privacyrelated enforcement
Rapid adoption 1998-2001*
* G.R. Milne and M.J. Culnan 2002. Using the Content of Online Privacy Notices to
Inform Public Policy: A Longitudinal Analysis of the 1998-2002 US Web Surveys.
The Information Society 18, 5, 245-359.
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
14
Privacy policy problems
BUT policies are often
•
•
•
•
difficult to understand
hard to find
take a long time to read
change without notice
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
15
Privacy policy components
 Identification of site, scope,
contact info
 Security assurances
 Types of information collected
 Children’s privacy
• Including information about
cookies
 How information is used
 Conditions under which
information might be shared
 Information about opt-in/opt-out
 Information about access
There is lots of information
to convey -- but policy
should be brief and
easy-to-read too!
 Information about data
retention policies
 Information about seal
programs
What is opt-in? What is opt-out?
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
16
How are online privacy concerns
different from offline privacy
concerns?
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
17
Web privacy concerns
 Data is often collected silently
• Web allows large quantities of data to be collected inexpensively
and unobtrusively
 Data from multiple sources may be merged
• Non-identifiable information can become identifiable when merged
 Data collected for business purposes may be used in civil
and criminal proceedings
 Users given no meaningful choice
• Few sites offer alternatives
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
18
Browser Chatter
 Browsers chatter
about
• IP address, domain
name, organization,
• Referring page
• Platform: O/S, browser
• What information is
requested
 URLs and search terms
• Cookies
 To anyone who might
be listening
• End servers
• System administrators
• Internet Service
Providers
• Other third parties
 Advertising networks
• Anyone who might
subpoena log files later
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
19
Typical HTTP request with cookie
GET /retail/searchresults.asp?qu=beer HTTP/1.0
Referer: http://www.us.buy.com/default.asp
User-Agent: Mozilla/4.75 [en] (X11; U; NetBSD 1.5_ALPHA
i386)
Host: www.us.buy.com
Accept: image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en
Cookie: buycountry=us; dcLocName=Basket;
dcCatID=6773; dcLocID=6773; dcAd=buybasket; loc=;
parentLocName=Basket; parentLoc=6773;
ShopperManager%2F=ShopperManager%2F=66FUQU
LL0QBT8MMTVSC5MMNKBJFWDVH7; Store=107;
Category=0
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
20
Referer log problems
GET methods result in values in URL
These URLs are sent in the referer
header to next host
Example:
http://www.merchant.com/cgi_bin/o
rder?name=Tom+Jones&address=here
+there&credit+card=234876923234&
PIN=1234&->index.html
Access log example
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
21
Cookies
What are cookies?
What are people concerned about cookies?
What useful purposes do cookies serve?
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
22
Cookies 101
Cookies can be useful
• Used like a staple to attach multiple parts of a
form together
• Used to identify you when you return to a web
site so you don’t have to remember a
password
• Used to help web sites understand how people
use them
Cookies can do unexpected things
• Used to profile users and track their activities,
especially across web sites
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
23
How cookies work – the basics
 A cookie stores a small string of characters
 A web site asks your browser to “set” a cookie
 Whenever you return to that site your browser sends the
cookie back automatically
Please store
cookie xyzzy
site
Here is cookie
xyzzy
browser
First visit to site
site
browser
Later visits
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
24
How cookies work – advanced
 Cookies are only sent back to
the “site” that set them – but
this may be any host in domain
• Sites setting cookies indicate
path, domain, and expiration
for cookies
Send
me with
any
request
to x.com
until
2008
Send me
with requests
for
index.html
on y.x.com
for this
session only
 Cookies can store user info or a
database key that is used to
look up user info – either way
the cookie enables info to be
linked to the current browsing
session
User=Joe
Email=
Joe@
x.com
Visits=13
Database
Users …
Email …
Visits …
User=4576
904309
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
25
Cookie terminology
 Cookie Replay – sending a cookie back to a site
 Session cookie – cookie replayed only during current
browsing session
 Persistent cookie – cookie replayed until expiration date
 First-party cookie – cookie associated with the site the
user requested
 Third-party cookie – cookie associated with an image, ad,
frame, or other content from a site with a different domain
name that is embedded in the site the user requested
• Browser interprets third-party cookie based on domain name,
even if both domains are owned by the same company
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
26
Web bugs
 Invisible “images” (1-by-1 pixels, transparent) embedded
in web pages and cause referer info and cookies to be
transferred
 Also called web beacons, clear gifs, tracker gifs,etc.
 Work just like banner ads from ad networks, but you can’t
see them unless you look at the code behind a web page
 Also embedded in HTML formatted email messages, MS
Word documents, etc.
 For software to detect web bugs see:
http://www.bugnosis.org
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
27
How data can be linked
 Every time the same cookie is replayed to a site,
the site may add information to the record
associated with that cookie
•
•
•
•
Number of times you visit a link, time, date
What page you visit
What page you visited last
Information you type into a web form
 If multiple cookies are replayed together, they are
usually logged together, effectively linking their
data
• Narrow scoped cookie might get logged with broad
scoped cookie
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
28
Ad networks
search for
medical
information
buy CD
set cookie
replay cookie
Ad
Ad
Search Service
Ad company
can get your
name and
address from
CD order and
link them to
your search
CD Store
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
29
What ad networks may know…
 Personal data:
• Email address
• Full name
• Mailing address (street,
city, state, and Zip
code)
• Phone number
 Transactional data:
• Details of plane trips
• Search phrases used
at search engines
• Health conditions
“It was not necessary for me to click on the banner ads
for information to be sent to DoubleClick servers.”
– Richard M. Smith
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
30
Online and offline merging
 In November 1999, DoubleClick
purchased Abacus Direct, a
company possessing detailed consumer profiles on more
than 90% of US households.
 In mid-February 2000 DoubleClick announced plans to
merge “anonymous” online data with personal information
obtained from offline databases
 By the first week in March 2000 the plans were put on
hold
• Stock dropped from $125 (12/99) to $80 (03/00)
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
31
Offline data goes online…
The
Cranor
family’s 25
most
frequent
grocery
purchases
(sorted by
nutritional
value)!
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
32
Subpoenas
Data on online activities is increasingly of
interest in civil and criminal cases
The only way to avoid subpoenas is to not
have data
In the US, your files on your computer in
your home have much greater legal
protection that your files stored on a server
on the network
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
33
P3P: Introduction
Original Idea behind P3P
 A framework for automated privacy
discussions
• Web sites disclose their privacy practices in
standard machine-readable formats
• Web browsers automatically retrieve P3P
privacy policies and compare them to users’
privacy preferences
• Sites and browsers can then negotiate about
privacy terms
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
34
P3P: Introduction
P3P history
 Idea discussed at November 1995 FTC meeting
 Ad Hoc “Internet Privacy Working Group” convened to
discuss the idea in Fall 1996
 W3C began working on P3P in Summer 1997
• Several working groups chartered with dozens of participants from
industry, non-profits, academia, government
• Numerous public working drafts issued, and feedback resulted in
many changes
• Early ideas about negotiation and agreement ultimately removed
• Automatic data transfer added and then removed
• Patent issue stalled progress, but ultimately became non-issue
 P3P issued as official W3C Recommendation on April 16,
2002
• http://www.w3.org/TR/P3P/
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
35
P3P: Introduction
P3P1.0 – A first step
Offers an easy way for web sites to
communicate about their privacy policies in
a standard machine-readable format
• Can be deployed using existing web servers
This will enable the development of tools
that:
• Provide snapshots of sites’ policies
• Compare policies with user preferences
• Alert and advise the user
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
36
P3P: Introduction
The basics
 P3P provides a standard XML format that web
sites use to encode their privacy policies
 Sites also provide XML “policy reference files” to
indicate which policy applies to which part of the
site
 Sites can optionally provide a “compact policy” by
configuring their servers to issue a special P3P
header when cookies are set
 No special server software required
 User software to read P3P policies called a “P3P
user agent”
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
37
P3P: Enabling your web site – overview and options
What’s in a P3P policy?
 Name and contact information for site
 The kind of access provided
 Mechanisms for resolving privacy disputes
 The kinds of data collected
 How collected data is used, and whether
individuals can opt-in or opt-out of any of these
uses
 Whether/when data may be shared and whether
there is opt-in or opt-out
 Data retention policy
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
38
P3P/XML encoding
Statement
P3P version
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
<POLICY discuri="http://p3pbook.com/privacy.html"
Location of
name="policy">
human-readable
P3P policy name
<ENTITY>
<DATA-GROUP>
privacy policy
<DATA
Site’s
ref="#business.contact-info.online.email">privacy@p3pbook.com
name
</DATA>
and
<DATA
ref="#business.contact-info.online.uri">http://p3pbook.com/
contact
</DATA>
info
<DATA ref="#business.name">Web Privacy With P3P</DATA>
</DATA-GROUP>
Access disclosure
</ENTITY>
Human-readable
<ACCESS><nonident/></ACCESS>
explanation
<STATEMENT>
<CONSEQUENCE>We keep standard web server logs.</CONSEQUENCE>
<PURPOSE><admin/><current/><develop/></PURPOSE>
How data may
<RECIPIENT><ours/></RECIPIENT>
be used
<RETENTION><indefinitely/></RETENTION>
<DATA-GROUP>
Data recipients
<DATA ref="#dynamic.clickstream"/>
<DATA ref="#dynamic.http"/>
Data retention policy
</DATA-GROUP>
</STATEMENT>
Types of data collected
</POLICY>
</POLICIES>
P3P: Introduction
P3P1.0 Spec Defines
 A standard vocabulary for describing set of uses,
recipients, data categories, and other privacy
disclosures
 A standard schema for data a Web site may wish
to collect (base data schema)
 An XML format for expressing a privacy policy in
a machine readable way
 A means of associating privacy policies with Web
pages or sites
 A protocol for transporting P3P policies over
HTTP
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
40
P3P: Introduction
A simple HTTP transaction
GET /index.html HTTP/1.1
Host: www.att.com
. . . Request web page
Web
Server
HTTP/1.1 200 OK
Content-Type: text/html
. . . Send web page
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
41
P3P: Introduction
… with P3P 1.0 added
GET /w3c/p3p.xml HTTP/1.1
Host: www.att.com
Request Policy Reference File
Web
Server
Send Policy Reference File
Request P3P Policy
Send P3P Policy
GET /index.html HTTP/1.1
Host: www.att.com
. . . Request web page
HTTP/1.1 200 OK
Content-Type: text/html
. . . Send web page
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
42
P3P: Introduction
Transparency
 P3P clients can check
a privacy policy each
time it changes
http://www.att.com/accessatt/
 P3P clients can check
privacy policies on all
objects in a web page,
including ads and
invisible images
http://adforce.imgis.com/?adlink|2|68523|1|146|ADFORCE
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
43
P3P: Introduction
P3P in IE6
Automatic processing of
compact policies only;
third-party cookies without
compact policies blocked by
default
Privacy icon on status bar
indicates that a cookie has
been blocked – pop-up appears
the first time the privacy icon
appears
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
44
P3P: Introduction
Users can click on
privacy icon for
list of cookies;
privacy summaries
are available at
sites that are
P3P-enabled
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
45
P3P: Introduction
Privacy summary
report is
generated
automatically
from full P3P policy
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
46
P3P: Introduction
P3P in Netscape 7
Preview version similar to IE6,
focusing, on cookies; cookies
without compact policies (both
first-party and third-party)
are “flagged” rather than
blocked by default
Indicates flagged cookie
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
47
P3P: Introduction
Users can view English
translation of (part of)
compact policy in Cookie
Manager
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
48
P3P: Introduction
A policy summary can be
generated automatically
from full P3P policy
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
49
Privacy Bird
 Free download of beta from
http://privacybird.com/
• Origninally developed at AT&T Labs
• Released as open source
 “Browser helper object” for IE6
 Reads P3P policies at all
P3P-enabled sites automatically
 Bird icon at top of browser window indicates whether site
matches user’s privacy preferences
 Clicking on bird icon gives more information
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
50
Chirping bird is privacy indicator
Red bird indicates mismatch
Check embedded content too
Privacy settings
Example:
Sending flowers
Privacy Finder
 Prototype developed at AT&T Labs, improved and
deployed by CUPS
 Uses Google or Yahoo! API to retrieve search
results
 Checks each result for P3P policy
 Evaluates P3P policy against user’s preferences
 Reorders search results
 Composes search result page with privacy
annotations next to each P3P-enabled result
 Users can retrieve “Privacy Report” similar to
Privacy Bird policy summary
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
58
Demo
Is Privacy Finder useful?
Do users care about web site privacy?
Have enough web sites adopted P3P that
typical search results contain sites with
P3P policies?
• Do users have meaningful choices among
privacy policies?
Do users understand information provided
by Privacy Finder?
Does Privacy Finder influence online
purchasing decisions?
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
60
Have enough sites adopted P3P?
We weren’t sure, so we did a study….
• Draft paper at
http://lorrie.cranor.org/pubs/www06.pdf
Previous studies examined lists of “most
popular” web sites for P3P adoption, but
this gives incomplete picture
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
61
Methodology
 Compiled two lists of search terms:
• Typical: 20,000 terms randomly sampled from one week of AOL user
search queries
• Ecommerce: 940 terms screen scraped from Froogle front page
 Submitted search terms to Google, Yahoo!, and AOL search engines
and collected top 20 results for each term
 Checked each result for P3P policy and evaluated policies against 5
“rulesets” and P3P validator
 Saved 1,232,955 annotated search results in database
 Separately checked for P3P policies on 30,000 domains most clicked
on by AOL search engine users
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
62
 10% of results from typical
search terms have P3P
 21% of results from
ecommerce search terms
have P3P
 More popular sites are
more likely to have P3P
• 5% of sites in our cache
have P3P
• 9% of 30K most clicked on
domains have P3P
• 17% of clicks to 30K most
clicked on domains have
P3P
% of domains with P3P policies
Results: P3P deployment
Most clicked on domains
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
63
Results: Most popular P3P policies
Typical Terms

Ecommerce Terms
 http://privacy.yahoo.com/
 
http://privacy.yahoo.com/
 http://about.com/
 http://about.com/
 http://privacy.msn.com/
 http://www.bizrate.com/
 http://disney.go.com/
 http://www0.shopping.com/
 http://images.rootsweb.com/
 http://www.shopping.com/
 http://adserver.ign.com/
 http://www.pricegrabber.com/
 http://www.nlm.nih.gov/
 http://www.cpsc.gov/
 http://www.bizrate.com/
 http://www.overstock.com/
 http://www.superpages.com/
 http://www.cooking.com/
 http://www.shopping.com/
 http://www.altrec.com/
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
64
Results: Frequency of P3P-enabled hits
 83% of searches had at least one P3P-enabled site in top
20 results
 68% of searches had at least one P3P-enabled site in top
10 results
 For top 20 search results returned by AOL search engine
for typical search terms:
• 29% return at least 1 P3P-enabled hit that matches medium
privacy preferences
• 34% return at least 1 P3P-enabled hit in that does not share data
• 31% return at least 1 P3P-enabled hit that does not market
without opt-in
• Thus, ~ 1/3 of the time AOL users will find site with “good” privacy
policy in first 2 pages of results
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
65
Does Privacy Finder influence purchases?
Studies begun and more planned….
• Pay users to make online purchases with their
own credit cards
• Some use Privacy Finder and some use
generic search engine
• Experiment with more and less privacysensitive purchases
• Experiment with price-sensitivity
Our studies have found that Privacy Finder
does influence purchases for some people
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
66
P3P: Introduction
Why web sites adopt P3P
 Demonstrate corporate leadership on privacy
issues
• Show customers they respect their privacy
• Demonstrate to regulators that industry is taking
voluntary steps to address consumer privacy concerns
 Distinguish brand as privacy friendly
 Prevent IE6 from blocking their cookies
 Anticipation that consumers will soon come to
expect P3P on all web sites
 Individuals who run sites value personal privacy
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
67
P3P: Introduction
P3P early adopters
 News and information sites – CNET, About.com,
BusinessWeek
 Search engines – Yahoo, Lycos
 Ad networks – DoubleClick, Avenue A
 Telecom companies – AT&T
 Financial institutions – Fidelity
 Computer hardware and software vendors – IBM, Dell,
Microsoft, McAfee
 Retail stores – Fortunoff, Ritz Camera
 Government agencies – FTC, Dept. of Commerce,
Ontario Information and Privacy Commissioner
 Non-profits - CDT
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
68
P3P: The future
Impacts
Some companies that P3P-enable think
about privacy in new ways and change
their practices
• Systematic assessment of privacy practices
• Concrete disclosures – less wiggle room
• Disclosures about areas previously not
discussed in privacy policy
Hopefully we will see greater transparency,
more informed consumers, and ultimately
better privacy policies
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
69
Research and Communication Skills
Evaluating information sources
 Don’t believe everything you read!
 News sources are usually a reporter's interpretation of
what someone else did
 Conference and journal papers are first hand reports of
research studies that have been peer reviewed
• but journals usually have more review than conferences
 Technical reports are usually first hand reports of research
studies that have not been peer reviewed (yet)
• Look for subsequent conference or journal publications
 Web sites and books are anything goes, but books at
least have an editor (usually)
 When possible, cite research results and technical
information from peer reviewed sources
Computers and Society • Carnegie Mellon University • Spring 2007 • Cranor/Tongia • http://cups.cs.cmu.edu/courses/compsoc-sp07/
70
Download