24.3 P3P

24.3 P3P

The World Wide Web Consortium's Platform for Privacy Preferences Project (P3P) provides a standard way for web sites to communicate about their practices regarding the collection, use, and distribution of personal information. This section provides a brief introduction to P3P, and Figure 24-3 illustrates the P3P process; Appendix C contains more detailed technical information about the protocol.

Figure 24-3. How P3P works

24.3.1 P3P and PICS

P3P is an outgrowth of the W3C's earlier work on its web site rating and filtering technology, PICS (see Chapter 23). The idea behind PICS was that web sites would be rated regarding their content, web browsers would download these ratings, and parents could program their children's computers so that web pages that violated the parent's standards would not be displayed.

The P3P system supports many of these concepts. Instead of using the formalisms of PICS to rate their adult content, web sites and online services use the formalisms of P3P to describe their policies regarding data collection and use. These descriptions can be downloaded from the web site to the browser when the web pages are viewed. If the web site's policies do not agree with the policies identified by the user, the browser can either warn the user or disable certain functionality. For example, a web browser could be programmed to discard any cookies from a web site that claims to use cookies for profiling its visitors.

PICS and P3P are similar in many ways:

• Like PICS, P3P doesn't define a specific set of policies or rating techniques. Instead, it describes a generalized vocabulary for describing web site privacy policies.

• Although both the PICS and P3P standards are extensible, both were provided with an initial data schema. In the case of PICS, the schema was the RSACi system, originally developed for rating video games. In the case of P3P, the schema is the base vocabulary. In both cases, it is very unlikely that the base schema will ever be extended, although it is certainly possible.

• Just as having a PICS rating does not imply that a site does or does not contain pornography, having a P3P rating does not imply that a site will or will not protect the privacy of its visitors. To make that determination, you (or your browser) must download the policy and read it.

P3P also differs from PICS in several important ways:

• P3P uses XML instead of LISP S-expressions to define its policies.

• P3P has no provisions for third-party rating services. All P3P policies are downloaded from the web site itself.

• P3P statements are not about the content of a web site, but about its practices. Thus, it is not possible for a user or a third party to verify a P3P statement without conducting a physical audit of the web site's organization.

• Because a web site's P3P statements may be intimately related to a web site's written privacy policy, an organization that treats personal information in a manner that is inconsistent with its P3P statements may be guilty of committing an "unfair trade practice" and may be opening itself up to an enforcement action by the Federal Trade Commision.

When this book went to press, P3P was still in its infancy. Internet Explorer 6.0 contains limited support for P3P (as described in the next section); Netscape Navigator 6.0 contains none.

For information on how to create a P3P policy for your web site, see Appendix C.

24.3.2 Support for P3P in Internet Explorer 6.0

Internet Explorer 6.0 contains limited support for P3P. This support is limited to support for P3P's so-called compact policies that describe how a site uses information collected through the use of cookies. IE6 uses this support to determine whether or not the user should accept a cookie from a given web site.

Internet Explorer's P3P implementation is controlled through the "Privacy" tab of the Internet Options control panel (see Figure 24-4). Using this panel, you can specify one of seven default policies to use for all web sites. You can also modify these policies to suit your individual desires. Finally, you can specify a list of web sites to be treated with specific rules.

Figure 24-4. Internet Explorer 6.0 has limited support for P3P in the Privacy tab of the Internet Options control panel

Internet Explorer 6.0's P3P implementation is solely concerned with the issue of cookies. The implementation distinguishes between first-party cookies and third-party cookies. The term first-party cookie is used to refer to a cookie that is transmitted to your browser in the header of the base HTML page that a browser is viewing. The term third-party cookie is used to refer to cookies that are transmitted in the header of included images or frames that come from web sites other than the web site of the base page. In both cases, the browser can be configured to accept or reject cookies depending on whether or not a site has a P3P policy, and on how the policy says the site will handle personally identifiable information (PII).

Several of Microsoft's default policies are concerned with the idea of using PII "without implicit consent." In general, this phrase is used to determine if a web site operator can use personal information that is collected without first asking permission or if permission must be explicitly requested and given.

Internet Explorer 6.0 can "leash" cookies, so that they are only returned to the sites from which they originated. Cookies can also be "downgraded," so that they are automatically deleted when Internet Explorer is exited. The browser also explicitly makes reference to "session cookies;" these are cookies that similarly are deleted at the end of sessions and are not stored on the computer's hard disk.

The default policies are described in Table 24-1.