CYBERPUNK: Suspicious Minds

Online privacy is becoming a hot issue these days, with people worrying about what information their computers betray about them. So when a heavyweight standards organization develops a way for Web surfers to monitor the information sliding out of their machines, this can only be regarded as a good thing, right? That depends on whom you ask.

The World Wide Web Consortium was founded in 1994 by Tim Berners-Lee, inventor of the Web, to develop common protocols for the use of his brainchild. Although W3C, as it's known, has no regulatory authority, it generally produces the last word on Web standards. Mostly, the consortium deals with dry specifications on how to code pages. But when it decided to create a framework to help Internet users protect their privacy, it stumbled into a heap of controversy.

For the past three years, W3C has been devising a uniform way for Web sites to detail their privacy practices, allowing browsers to compare sites' policies with their own preferences. The Platform for Privacy Preferences Project, or P3P , is being tested now. If the spec version jumps through all the recommendation reviews, P3P could be built into future browsers. (Microsoft has already committed to implementing it.)

P3P should come as a relief to those who wonder what their PCs surreptitiously relay to the outside world. Say you surf to a particular e-commerce page. A P3P-powered browser would automatically fetch that page's privacy policy, which details what information it will draw from your computer. Does it want your e-mail address? Information on your visits to other Web sites? Will your phone number be given to third parties (i.e. telemarketers)? Your browser checks the site's policy against preferences you've already set. If the data the e-commerce site wants is data you've already told your browser you don't mind disclosing, nothing happens. But if the site wants more, a pop-up box informs you. "Then, it's up to you to override it or back out," says W3C spokesperson Janet Daly. P3P also monitors the resulting data exchange to assure that the site sticks to its privacy promises.

This is quite an improvement on the data collection that occurs now, mainly through "cookies," small messages deposited into your computer when you visit a Web site. Cookies, largely a Netscape invention, are used responsibly by most big sites--to, say, identify visitors who have been to the site before or track them as they wander from page to page within a gigantic site. But they can be used more aggressively--to track individuals as they jump from site to site, building a profile of them through the pages they visit, the better to target them with banner ads. ("Like nymph porn? Click here!") All this invisible tracking riles privacy advocates to no end. And with dot-com companies desperate to make money, you can bet commercial sites will continue to gather as much of this information as possible, to compile user profiles and use them to lure advertisers.

So one would figure P3P, which gives the end user a measure of control over this situation, to be a step forward. But on June 21, two of the most prominent online-privacy advocates, the Electronic Privacy Information Center (EPIC) and Junkbusters, jointly issued a stinging critique of P3P ("Pretty Poor Privacy: An Assessment of P3P and Internet Privacy").

I caught up with head Junkbuster Jason Catlett as he was traveling through Colorado by car. Catlett has been following P3P since 1997--"the early days, when it still largely was vapor," he tells me via cell phone. "Though even then, it was being touted as a silver bullet that would solve all online privacy woes."

Catlett says that back then he "gave [P3P] the benefit of the doubt." As it was developed into a working model, however, he grew disenchanted. "It's not a privacy policy at all," he says. "All it does is specify a language that companies use to put their policies into. Replacing an obscurely written privacy statement on a Web page somewhere with an obscurely written privacy statement that appears on the user's screen automatically doesn't solve anything."

Many of the P3P researchers fully understand the limitations of their work, Catlett says. But he contends that companies such as W3C member Microsoft tout P3P less out of a concern for user privacy than as a way to stave off congressional legislation that might hinder their ability to collect information about Web surfers.

The EPIC/Junkbusters report cites other shortcomings: Companies whose business is collecting data have no incentive to adhere to P3P. Users who set high privacy-protection standards will be bombarded with the pop-up windows, creating a kind of reverse incentive to set more liberal preferences, thus "maintaining industry's present privacy-invasive status quo." There's no enforcement mechanism to deal with sites that say one thing and do another. "The real choice offered [by P3P]," the privacy groups state, "is not how to protect privacy, but how much privacy to give up."

"P3P is one component of the privacy on the Web. It was not meant to solve everything," W3C's Daly counters. "No one suggests that it is the only privacy implementation needed." Daly sees W3C as a good first step, and a big improvement over what is in place now, which is to say secret use of cookies and obscurely worded privacy statements that most surfers don't even bother to seek out.

Joab Jackson can be reached at

Enjoy this piece?

… then let us make a small request. AlterNet’s journalists work tirelessly to counter the traditional corporate media narrative. We’re here seven days a week, 365 days a year. And we’re proud to say that we’ve been bringing you the real, unfiltered news for 20 years—longer than any other progressive news site on the Internet.

It’s through the generosity of our supporters that we’re able to share with you all the underreported news you need to know. Independent journalism is increasingly imperiled; ads alone can’t pay our bills. AlterNet counts on readers like you to support our coverage. Did you enjoy content from David Cay Johnston, Common Dreams, Raw Story and Robert Reich? Opinion from Salon and Jim Hightower? Analysis by The Conversation? Then join the hundreds of readers who have supported AlterNet this year.

Every reader contribution, whatever the amount, makes a tremendous difference. Help ensure AlterNet remains independent long into the future. Support progressive journalism with a one-time contribution to AlterNet, or click here to become a subscriber. Thank you. Click here to donate by check.