NEW YORK -- A new technology that enables privacy protection on the Web gained several IT industry backers Wednesday, with Microsoft, IBM, AT&T, Hewlett-Packard and AOL pledging their support for the emerging standard.
Even the White House jumped on the privacy bandwagon, announcing that its Web site would comply with the Platform for Privacy Preferences Project (P3P) technology being developed by the World Wide Web Consortium.
The two major holdouts on P3P appear to be Oracle and Sun, neither of which has been involved to date.
Privacy advocates are split on the P3P technology. The Center for Democracy and Technology hailed P3P as an important first step in making the Web more privacy conscious, while the Electronic Privacy Information Center and other groups assert that P3P fails to provide enough protection for consumers.
P3P provides a universal way for Web sites to communicate their privacy policies to end users and for end users to make informed choices about the personal information they reveal while surfing the Web. Under development for four years, P3P was demonstrated for the first time on Wednesday at an event held in New York.
In the most significant endorsement of the day, Microsoft announced it will support P3P in the next major version of Windows, code-named Whistler, which is due out next year.
Microsoft demonstrated a P3P-compliant plug-in to the current version of its Internet Explorer browser, as well as an automated tool for Web site operators to convert their English-language privacy policies into P3P-compliant code. The Privacy Statement Generator will be available as a free download later this summer.
"Microsoft has gotten religion around security, and we're quickly coming up to speed on the privacy side," says Greg Hampson, Microsoft's leader of P3P development.
Although he declined to specify additional P3P product plans, Hampson says it is "reasonable" to assume Microsoft will support P3P in its server-side Web offerings, including Internet Information Server, Site Server and Commerce Server.
AOL was less forthcoming about its plans to support P3P in the Netscape browser. Tatiana Gau, AOL's integrity assurance officer, says P3P will not ship in the next version of the Netscape browser, code-named Mozilla, which is due out later this year. She declined to comment on when a P3P-compliant version of Mozilla will be available.
In the meantime, Gau says AOL will cooperate with open-source and third-party efforts to create P3P-compliant browser plug-ins for Netscape. A beta version of one such plug-in was demonstrated by IDcide, a Saratoga, Calif., start-up offering the Privacy Companion, free software that notifies end users when a Web site is gathering personal information about them.
AOL did announce, however, that its Web site - AOL.com - now complies with P3P.
"We are strongly behind P3P," Gau says, adding that AOL will be working to get other Web sites to support the technology. "P3P is feasible. Web sites can gain from P3P."
"P3P is important because it is the next phase in how we provide privacy in an open and transparent way," says Harriet Pearson, an IBM liaison to the W3C. "Now we need to drive this [specification] out into the market."
Pearson says it will be at least six months before commercial-grade versions of IBM's server products support P3P. For example, IBM subsidiary Tivoli will ship a new privacy manager in the third quarter of this year to help Web site operators enforce their privacy policies, but the initial version will not support P3P.
The interoperability demonstrations went off without a hitch. However, even P3P advocates were quick to point out that the technology is just one component of providing Web privacy, which must also include consumer education, regulation and enforcement.
P3P also faces technical challenges, such as ensuring it doesn't slow down the end user's Web browsing experience and that products implement it in a user-friendly manner. "Expressing privacy in the user interface is very difficult," admits Microsoft's Hampson.
P3P critics seized on these concerns, issuing a report Wednesday that referred to the technology as "Pretty Poor Privacy" and criticizing it for not going far enough to support fair information practices. The report was authored by privacy advocates from EPIC, Computer Professionals for Social Responsibility and Junkbusters.
P3P "is a complex and confusing protocol that will make it more difficult for Internet users to protect their privacy," the report says. "P3P also fails to address many of the privacy problems specifically associated with the Internet."
P3P is a specification that allows Web sites to express their privacy policies in a standardized, machine-readable format -- the Extensible Markup Language (XML) -- which can be downloaded automatically and read by compatible Web browsers.
An end user would configure a P3P-compliant browser to understand what personal information the user is willing to disclose to a Web site and how that information can be used. As the end user surfs the Web, the browser would automatically compare the privacy preferences to a Web site's policy and tell the user whether or not the site meets the criteria.