Web Security, Privacy and Commerce, 2nd Edition
only for RuBoard - do not distribute or recompile |
24.3 P3P
The World Wide Web Consortium's Platform for Privacy Preferences Project (P3P) provides a standard way for web sites to communicate about their practices regarding the collection, use, and distribution of personal information. This section provides a brief introduction to P3P, and Figure 24-3 illustrates the P3P process; Appendix C contains more detailed technical information about the protocol.
Figure 24-3. How P3P works
24.3.1 P3P and PICS
P3P is an outgrowth of the W3C's earlier work on its web site rating and filtering technology, PICS (see Chapter 23). The idea behind PICS was that web sites would be rated regarding their content, web browsers would download these ratings, and parents could program their children's computers so that web pages that violated the parent's standards would not be displayed.
The P3P system supports many of these concepts. Instead of using the formalisms of PICS to rate their adult content, web sites and online services use the formalisms of P3P to describe their policies regarding data collection and use. These descriptions can be downloaded from the web site to the browser when the web pages are viewed. If the web site's policies do not agree with the policies identified by the user, the browser can either warn the user or disable certain functionality. For example, a web browser could be programmed to discard any cookies from a web site that claims to use cookies for profiling its visitors.
PICS and P3P are similar in many ways:
-
Like PICS, P3P doesn't define a specific set of policies or rating techniques. Instead, it describes a generalized vocabulary for describing web site privacy policies.
-
Although both the PICS and P3P standards are extensible, both were provided with an initial data schema. In the case of PICS, the schema was the RSACi system, originally developed for rating video games. In the case of P3P, the schema is the base vocabulary. In both cases, it is very unlikely that the base schema will ever be extended, although it is certainly possible.
-
Just as having a PICS rating does not imply that a site does or does not contain pornography, having a P3P rating does not imply that a site will or will not protect the privacy of its visitors. To make that determination, you (or your browser) must download the policy and read it.
P3P also differs from PICS in several important ways:
-
P3P uses XML instead of LISP S-expressions to define its policies.
-
P3P has no provisions for third-party rating services. All P3P policies are downloaded from the web site itself.
-
P3P statements are not about the content of a web site, but about its practices. Thus, it is not possible for a user or a third party to verify a P3P statement without conducting a physical audit of the web site's organization.
-
Because a web site's P3P statements may be intimately related to a web site's written privacy policy, an organization that treats personal information in a manner that is inconsistent with its P3P statements may be guilty of committing an "unfair trade practice" and may be opening itself up to an enforcement action by the Federal Trade Commision.
When this book went to press, P3P was still in its infancy. Internet Explorer 6.0 contains limited support for P3P (as described in the next section); Netscape Navigator 6.0 contains none.
For information on how to create a P3P policy for your web site, see Appendix C.
24.3.2 Support for P3P in Internet Explorer 6.0
Internet Explorer 6.0 contains limited support for P3P. This support is limited to support for P3P's so-called compact policies that describe how a site uses information collected through the use of cookies. IE6 uses this support to determine whether or not the user should accept a cookie from a given web site.
Internet Explorer's P3P implementation is controlled through the "Privacy" tab of the Internet Options control panel (see Figure 24-4). Using this panel, you can specify one of seven default policies to use for all web sites. You can also modify these policies to suit your individual desires. Finally, you can specify a list of web sites to be treated with specific rules.
Figure 24-4. Internet Explorer 6.0 has limited support for P3P in the Privacy tab of the Internet Options control panel
Internet Explorer 6.0's P3P implementation is solely concerned with the issue of cookies. The implementation distinguishes between first-party cookies and third-party cookies. The term first-party cookie is used to refer to a cookie that is transmitted to your browser in the header of the base HTML page that a browser is viewing. The term third-party cookie is used to refer to cookies that are transmitted in the header of included images or frames that come from web sites other than the web site of the base page. In both cases, the browser can be configured to accept or reject cookies depending on whether or not a site has a P3P policy, and on how the policy says the site will handle personally identifiable information (PII).
Several of Microsoft's default policies are concerned with the idea of using PII "without implicit consent." In general, this phrase is used to determine if a web site operator can use personal information that is collected without first asking permission or if permission must be explicitly requested and given.
Internet Explorer 6.0 can "leash" cookies, so that they are only returned to the sites from which they originated. Cookies can also be "downgraded," so that they are automatically deleted when Internet Explorer is exited. The browser also explicitly makes reference to "session cookies;" these are cookies that similarly are deleted at the end of sessions and are not stored on the computer's hard disk.
The default policies are described in Table 24-1.
Privacy level | First-party cookies | Third-party cookies |
---|---|---|
Accept All Cookies | Accepts | Accepts |
Low | Accepts | Blocks if no compact P3P policy. "Downgrades" cookies that use PII without implicit consent. |
Medium | Leashes cookies from sites without P3P policies. Downgrades cookies from sites that allow use of PII without implicit consent. | Blocks if no compact P3P policy, or if policy allows use of PII without implicit consent. |
Medium High | Blocks cookies from sites that use PII without implicit consent. | Blocks if no compact P3P policy, or if policy allows use of PII without explicit consent. |
High | Blocks if no compact P3P policy, or if policy allows use of PII without explicit consent. | Blocks if no compact P3P policy, or if policy allows use of PII without explicit consent. |
Block All Cookies | Blocks all cookies. Cannot read existing cookies. | Blocks all cookies. Cannot read existing cookies. |
only for RuBoard - do not distribute or recompile |