Internet Privacy: P3P

If you downloaded Internet Explorer 6 recently (or it came
pre-installed on your machine) you may have noticed something a
little different. Take a under the "Internet Options" selection
of the "Tools" menu. You will see a new tab titled "Privacy".
Click on the tab and you will be able to specify settings which
control the way cookies are handled.

There has been a lot of press about this new feature. It's been
all over the web - some positive comments, some negative (and,
of course, the usual "it's just a Microsoft plot" type postings
and articles.)

Personally, I like the new privacy tab as it eliminates the
need for third party cookie handling products (if you are using
Internet Explorer, of course). I found the controls very simple
and straightforward, and within a short time cookies have ceased
to be a concern.

This is part the first significant implementation of a new
internet standard called P3P (Platform for Privacy Preferences).
P3P is intended to give surfers more complete control of how
their privacy is handled whenever they surf. In theory, at
least, P3P should automate privacy, eliminating the need for
surfers to read complex privacy notices every time they visit a
site and want to enter some information.

The controls actually control much more than you might think.
There is quite a bit of technology behind those simple radio
buttons. You see, webmasters are being asked to supply a special
XML document which defines how their site handles cookies and
other privacy matters. Browsers which understand P3P (Internet
Explorer for one) read this document and compare it to the
settings you entered on the "privacy" tab. This allows the
browser to automatically handle your privacy needs for sites
which fulfill your privacy needs.

This became an issue because, quite frankly, many companies
(both on and off the web) horribly abuse the privacy of their
customers. It's very common for a company to record your name
and other personal data, then resell it dozens or even hundreds
of times. Information is very valuable, and the information
which is gathered from the internet is even more so.

You see, companies can use cookies to track your surfing habits,
then compile a profile to determine which types of products you
normally purchase. This can be further analyzed to extrapolate
which products you are likely to purchase in the future. And
this allows advertisements to be targeted at people who are
likely to purchase, which increases the value of the advertising
campaign.

Other uses, of course, include more, shall we say, slimy
practices. These run the gamut from selling your email
addresses (to other marketers and spammers as well) to outright
crimes such as fraud and identity theft.

Now don't get this wrong. There are valid uses for cookies,
web bugs, and all of the other things used to track customers.
These include shopping carts, personalization and the
memorization of entry fields. All of these uses are to make
things more convenient for the consumer, which thus makes it
more likely for people to return the site.

In fact, many people have no objection to the tracking of
their surfing habits and the maintenance of a profile. After
all, these are used to show highly targeted advertisements,
which means a customer will only, in theory, see ads in which
he has an interest.

Consumers want to know how their personal information will be
used, so companies started creating legal documents called
privacy policies. These explain exactly how any and all
information collected from a surfer or customer will be used.

Unfortunately, these privacy policies have become extremely
complex and virtually unintelligible. I have seen policies
which are over 100k in size (all text), which is ludicrously
large. Thus, P3P was born to make this a little easier for the
consumer, and thus make him more comfortable with surfing and
shopping on line.

P3P is, in my opinion, a good start. I really do like the
privacy feature in Internet Explorer. It does not, however, go
anywhere near far enough. The XML document that must be created
by webmasters is very complicated and extremely difficult to
create and maintain. The XML documents must (at least until
better tools are created) be maintained by webmasters with some
technical competence. This means it is difficult for legal types
to review and validate. In addition, since there must also be a
human-readable document, it is awkward to keep the two policies
saying the same things.

However, a start must be made and P3P is a decent attempt to
do something to manage privacy. It needs to be greatly expanded
to handle such things as web bugs, profile maintenance and so
on. These things may be added in the future. In the meantime,
those surfers who want to control cookies would be well advised
to make the appropriate settings. And webmasters would be well
advised to become knowledgeableS about P3P and implement it for
their sites.