Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Where's my gigabit Internet, anyway?
Americans cool with lab-grown organs, but not designer babies
IE6: Retired but not dead yet
Enterprise who? Google says little about Apps, business cloud services in Q1 report
DDoS Attackers Change Techniques To Wallop Sites
Can we talk? Internet of Things vendors face a communications 'mess'
AMD's profitability streak ends at two quarters
Michaels says breach at its stores affected nearly 3M payment cards
Exclusive: Google's Project Loon tests move to LTE band in Nevada
H-1B loophole may help California utility offshore IT jobs
How a cyber cop patrols the underworld of e-commerce
For Red Hat, it's RHEL and then…?
Will the Internet of Things Become the Internet of Broken Things?
Kill switches coming to iPhone, Android, Windows devices in 2015
Israeli start-up, working with GE, out to detect Stuxnet-like attacks
Galaxy S5 deep-dive review: Long on hype, short on delivery
Google revenue jumps 19 percent but still disappoints
Windows XP's retirement turns into major security project for Chinese firm
Teen arrested in Heartbleed attack against Canadian tax site
Still deploying 11n Wi-Fi?  You might want to think again
Collaboration 2.0: Old meets new
9 Things You Need to Know Before You Store Data in the Cloud
Can Heartbleed be used in DDoS attacks?
Secure browsers offer alternatives to Chrome, IE and Firefox
Linksys WRT1900AC Wi-Fi router: Faster than anything we've tested
/

Companies to demo products based on emerging privacy standard

Today's breaking news
Send to a friendFeedback


The World Wide Web Consortium this week is hosting a coming-out party for technology that will serve as the basic infrastructure for addressing privacy issues on the Web.

The Platform for Privacy Preferences Project (P3P) specifies a way for Web sites to communicate their privacy policies to end users and for end users to make informed choices about the personal information they reveal while surfing the Web.

Under development for two years, P3P will be demonstrated publicly for the first time at an event in New York on Wednesday. Among the companies expected to announce support for P3P at the event are IBM, AT&T, Microsoft and America Online.

The event will feature live tests of P3P and is one of the final hurdles before the specification earns the Web consortium's approval as an industry standard. Ten companies will demonstrate P3P-compliant offerings, including Web browser plug-ins, Web sites and privacy policy generators.

"This interoperability event is a critical part of the development of this standard," says Daniel Weitzner, head of the World Wide Web Consortium's (W3C) Technology and Society group, which oversees P3P development. "We've done the bulk of the design work. Now we're looking for feedback from real developers about how it works."

If tests are successful, P3P advocates hope the specification will be standardized by the fall so it can be deployed before the holiday shopping season.

"We hope this event moves P3P along," says Ari Schwartz, a policy analyst with the Center for Democracy and Technology. "P3P is gaining a lot of momentum because people are seeing that it answers a lot of the [concerns about Web site visitor notification]. . . . P3P is the only answer available now, and it's something that makes sense."

P3P is a specification that lets Web sites express their privacy policies in XML - a simple, standardized machine-readable format that can be downloaded automatically and read by compatible Web browsers.

An end user would configure a P3P-compliant browser to understand what personal information he is willing to disclose to a Web site and how that information can be used. As the end user surfs the Web, his browser would automatically compare his privacy preferences to a Web site's policy and tell him whether or not the site meets his criteria (see graphic).

However, P3P doesn't ensure that a Web site follows the practices outlined in its privacy policy, nor does it replace privacy legislation or self-regulation, although it can work with either.

"P3P is the first consumer privacy standard that gives individuals more choices. That's what we really think is promising about it," Schwartz says. "For Web publishers, P3P offers the ability to instill trust in their users."

Web sites without XML expertise on staff can use one of several automated tools to generate P3P-encoded versions of their existing English language privacy policies - a process that takes only a few hours. Once the policy is converted, making changes or translating it into another language is simple. Web sites also can use P3P to establish different privacy policies for various parts of their Web sites.

Among the companies that have rewritten their Web privacy policies in P3P for the interoperability event are Microsoft, AT&T, IBM and Proctor & Gamble.

"P3P is fairly easy for sites to deploy," says Lorrie Cranor, a senior technical staff member with AT&T Labs Research. "Sites can go ahead and deploy P3P right now based on the May 10 revisions [to the specification], and hopefully there will not be many changes."

P3P has a chicken-and-egg problem, advocates admit. The specification is only useful when it is widely deployed by Web sites and Web surfers. That's why this week's product demonstration is so important, they say.

Companies showing P3P-compliant products at the event include:

Microsoft, which will demonstrate a plug-in for its Internet Explorer browser and a privacy policy generator. Both will be available as free downloads from Microsoft.com. The browser plug-in will likely be out in the fall, Microsoft says, and the generator later this summer.

IBM, which is showing automated tools already available as alpha code on its Web site that other Web sites can use to create P3P policies.

Engage, which will show a browser plug-in developed for Netscape's Mozilla browser.

PrivacyBot.com, which will unveil a Web-based privacy seal-of-approval service that lets companies generate P3Pcompliant privacy policies and carry a privacy trust mark on their Web site for $50 per year.

"These serious companies putting out P3P products definitely says to me that [P3P] is real," AT&T's Cranor says.

The P3P event comes when the Federal Trade Commission and Congress are debating a growing number of issues related to privacy on the Web. At a recent hearing, Sen. John McCain (R-Ariz.) singled out Yahoo as having a privacy policy that is difficult for users to understand. Proponents say P3P solves this type of problem by making privacy policies more accessible to users.

"Policy makers are rethinking the role of government in regulating privacy on the Web and asking how technology tools can help," says W3C's Weitzner. "In that sense, the P3P timing has been very good."

RELATED LINKS


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.