I want my P3P?

Microsoft's new way of packaging privacy leaves some Net observers skeptical.

I want my P3P?

MICROSOFT WANTS to take care of you—they want to let you know that they are out there protecting your privacy. They’d like us all to start thinking of them like, well . . . a big brother.

Bill Gates has seen the future and decided that it is in selling software as a service. To make that work, Microsoft needs people to feel OK about keeping almost all of their files and personal information “in the cloud,” stored on Microsoft’s centralized servers—a leap of faith people may not be ready to make. As a first step, Microsoft is adding automatic controls for dealing with cookies deposited by Web sites in the upcoming version of Internet Explorer, proof of just how much our privacy really means to them.

Cookies (in case you’d forgotten) are the trail of electronic breadcrumbs that Web sites leave behind on your hard drive. They allow the sites to remember you like a friendly store clerk. Then there are others, often hidden in banner ads, that allow third parties such as the infamous Double Click to track your movements from one site to another, collecting detailed information on what you look at and for how long. Cookies have been the bane of privacy advocates for years, since they allow companies to extract sizable amounts of personal information without anyone noticing. And, while most browsers can be reset to reject cookies, most people using them either don’t know how or discover that the resulting parade of permission notices at virtually every stop along the Web convinces them to just give up the data and be done with it.

Deborah Pierce, a staff attorney with the Electronic Frontier Foundation, says the practical effect is that consumers are forced to give away their personal information as the cost of accessing the Web. “Sites that want to track you are making you choose between not giving up your personal information [and not getting onto their sites]. They’re saying ‘It’s our stuff, it’s our contract. If you don’t give us this personal information, we’re not going to let you on our site,'” she says. “I think that’s not a fair trade.”

Microsoft’s new system relies on a software language for building Web sites called XML (for eXtensible Markup Language). Webmasters use standard codes, called the Platform for Privacy Preferences (P3P for short) to describe their privacy policies. If the policies don’t match preset levels for what is acceptable, the browser automatically rejects the cookies for you.

“The advantages of adopting P3P in the browser,” says Richard Purcell, Microsoft’s director of corporate privacy, “are fundamentally that it enables a machine-level talk between the Web site and the person surfing the Web in order to provide better notice of what data’s being collected [and] how that data is intended to be used by that Web site.”

Up to now, browsers have let people “turn off cookies,” prompting you to choose to accept them one by one as they came along, an approach to Internet privacy that Purcell called “a kind of blunt instrument” compared to P3P’s range of privacy options.

“Keep in mind that privacy is about strangers getting your information,” Purcell says. “It’s not necessarily about people that you’re dealing with directly. It’s logical and obvious that we have to set defaults. . . . Part of what we’re trying to do here is to raise consumer awareness. We are encouraging all consumers—through the interface, through our news releases, through public presentations, through Web site postings—to begin to take advantage of the [privacy preference settings in IE 6] that enable them to control their personal information.”

The problem, according to most privacy advocates, is not with the concept in itself, but with the way it is being implemented. Since the majority of people never even look at the preference settings in their Web browsers, Microsoft is left setting the basic standards for how much private information flows out through the Web.

INTERNET PRIVACY ADVOCATES like Marc Rotenberg, director of the Electronic Privacy Information Center, don’t have a problem with XML in particular, but he says he does see Microsoft’s use of P3P as “biased against the interests of consumers.” Like many other critics of the software and e-commerce industry’s voluntary standards, he sees legislation as the best way to keep a lid on data collection. “From the consumer viewpoint, [P3P] is a very complicated technique. We don’t see it promoting the type of uniformity that would boost consumer confidence in Net activities. In the political world, it seems [like] an effort to hold off legislation. I think it’s a detour.”

Given that people who are intimidated by their VCRs are unlikely to start experimenting with the preference settings on their Internet software, EFF’s Pierce thinks the preset standards give away far too much. “I’ve always wanted to know why they set up the defaults the way that they did. The settings are set very low, so most things are going to come through. When you combine that with the fact that most of the businesses are doing ‘opt-out’ rather than ‘opt-in,’ I just don’t see that that’s going to protect people’s privacy.”

Ultimately, the real issue is trust. For Microsoft’s grand dot-Net strategy to succeed, they need to have people trust them, and all the other companies that will be collecting and trading data on the Net, to an unprecedented degree. At the same time, Purcell says, Microsoft sees “very little agreement on the definitions of privacy, of personal information” and is “being very cautious around legislation . . . that sets a privacy threshold for individuals.”

For their part, privacy advocates say the only way to ensure that companies actually live up to the privacy policies they advertise—and don’t change them without giving users a way to back out first—is to have regulations with real teeth in them.

“This is where people who favor self-regulation and those of us who are privacy advocates part ways,” says Pierce. “We believe we need strong enforcement, which generally means something based in law. P3P doesn’t do anything with regard to that.”


Talk to us

Please share your story tips by emailing editor@seattleweekly.com.

More in News & Comment

Dr. Faisal Khan. Courtesy of King County.
Dr. Faisal Khan appointed as next King County health director

Dennis Worsham will continue to serve as interim director until September 6.

Renton spa manager accused of trying to coerce woman into prostitution, posing nude

Quyen T. Nguyen, 39, has been accused of attempted promotion of prostitution… Continue reading

King County experts discuss extreme heat mitigation plan

The plan includes improving infrastructure and communications to prevent future disasters.

King County Prosecuting Attorney Dan Satterburg (File Photo)
King County Prosecuting Attorney vows to protect reproductive freedom

Dan Satterberg joins over 80 prosecutors from around the country in their pledge.

King County approves emergency grant after U.S. Supreme Court overturns Roe v. Wade

Washington is expecting an influx of people seeking abortions from out of state.

Fedor Osipov, 15, flips into Steel Lake in Federal Way during last year's heatwave on June 28, 2021. Olivia Sullivan/Sound Publishing
Heatwave expected to hit King County

Temperatures will likely reach 90 degrees Fahrenheit on Sunday, June 26, and Monday, June 27.

Judged by XII: A King County Local Dive podcast. The hands shown here belong to Auburn Police Officer Jeffrey Nelson, who has been charged with homicide in the 2019 death of Jesse Sarey.
JUDGED BY XII: Examining Auburn police officer’s grim tattoos

Episode 5 in special podcast series that explores Jeffrey Nelson’s role in the death of Jesse Sarey.

Des Moines Police arrest murder suspect in Kent | Update

Medical examiner identifies body found June 20 in Duwamish River

Photo courtesy of King County.
Officials urge caution when swimming this summer

Cold spring temperatures and larger than normal snowpack have created dangerous conditions

Most Read