22.5. Beyond the BrowserPrivacy Bird, in its current form, is useful mostly as a tool to raise user awareness about web site privacy practices. By integrating it with a cookie manageras Microsoft and Netscape have done with their P3P user agentswe could help facilitate more meaningful automated cookie management. If enough sites adopt P3P, and P3P user agents become widely used, the increased transparency about web site privacy practices may lead to the adoption of more privacy-friendly policiesas a result of either market forces or new regulations.[31] However, the real potential for use of an automated privacy policy framework may lie in applications that go beyond the web browser.
Today it is quite difficult for individuals to take privacy into consideration while comparison shopping. Web sites exist that compare similar products based on user reviews. Other sites compare price and shipping charges across vendors that offer the same product. But consumers who wish to purchase a product from the site that has the best privacy practices must tediously compare lengthy human-readable privacy policies across many sites. If all of the sites under consideration were P3P enabled, a consumer could visit these sites with a P3P user agent and determine which ones best meet their privacy preferences. However, the comparison process would be eased by a tool that could perform the comparison directly. I can imagine the addition of a privacy comparison feature to any of the price comparison services currently available. To facilitate privacy comparisons more generally, it would be useful to have such a feature built into a general-purpose search engine. Simon Byers, David Kormann, Patrick McDaniel, and I have developed a prototype P3P-enabled search engine using the Google API.[32] Our prototype returns a Google-style search result page with Privacy Bird icons annotating each result to indicate whether it matches the privacy preference level configured by the user. We have demonstrated the feasibility of such a service and have experimented with ways to reduce the associated performance overhead. Further work is needed on the best approach to configuring preferences and displaying results. For example, we would like to investigate how to reorder search results so that sites with better privacy policies appear toward the top while ensuring that top search results are good matches to users' queries.
To realize the vision I introduced at the beginning of this chapter in which computer-readable privacy policies were associated with all automated data collection, tools are needed that can detect the presence of data collection devices, read their privacy policies, and take appropriate actions. In some cases, these tools might be able to signal back to the data collection device that the user does not want his data collected, and the device might respond by turning off data collection until the user is no longer in proximity. Devices might also be able to take steps to anonymize data upon requestfor example, substitute an image of an "anonymous face" on a video recording.[33] When data collection cannot be suppressed, privacy tools might alert their users and suggest routes that will avoid these devices.
Besides helping users avoid data collection, privacy tools may also facilitate controlled sharing of data. For example, in ubiquitous computing environments, users may wish to advertise their location or presence to friends or co-workers, or to devices that might perform useful services, while preventing other people and devices from gaining access to this information. In this case, privacy rules might take into account not only privacy policies, but also information about the user's relationship with other individuals and the types of services offered by devices. Semantic knowledge captured using semantic web tools could facilitate the creation of and reasoning about such rules.[34]
There is clearly a lot of work to be done before it will be prudent to entrust to an automated agent the many nuanced privacy-related decisions we make on a daily basis.[35] Work on the problems of capturing privacy preferences and displaying privacy-related information is bringing us closer to this vision.
|