Testimony of Daniel J. Weitzner
Technology and Society Domain Leader
World Wide Web Consortium
25 May 2000
Today I will touch on three major points:
The Internet and the World Wide Web have put extraordinary power over information in the hands of people and institutions around the world. With unprecedented ability to both publish and access information in the hands of hundreds of millions of people, centuries old barriers to knowledge and exchange of ideas have vanished. Yet this same interactivity, the bi-directional ability to exchange information from any point to any other point on the Net has brought about significant threats to individual privacy. For the same communications mechanisms that give individuals the power to publish and access information can also be used, sometimes without the users knowledge or agreement, to collect sensitive personal information about the user and his or her information usage behavior. At W3C, our goal is to use the power of the Web, and enhance it where necessary with new technology, to give users and site operators tools to enable better knowledge of privacy practices and control over personal information.
Urban legends of the Web's imagined surveillance capabilities abound. Nevertheless, Web technology has evolved quite sophisticated data collection techniques which have caused alarm and distrust among many users. State-of-the-art Web sites are able to collect personal information about users both directly, by presenting online forms to be filled out by users, and in the background, through use of various technologies such as access logs, cookies and, in some cases, the placement of small programs that run on users computers collecting information and delivering it back to the site. The background techniques are often used to offer more customized, personalized and easy-to-use services, many of which users appreciate. Yet, all but the most technologically sophisticated users have no practical ability to understand what sort of background data collection is taking place on their computers, much less limit such collect when they wish.
Powerful data collection techniques, users inability to know what is being collected or how to stop it, together with occasional highly publicized abusive privacy practices, all combine to generate a significant level of fear and distrust on the part of many Web users. Two of the most notable online privacy incidents in the last year illustrate how strongly users and the general public react when users discover that data collected about them may be used for a dramatically different purpose, or that personal information will be disseminated without their control.
W3C and its members became concerned about privacy on the Web because people won't use the Web to its full potential if they have to face such uncertainty. The majority of users are perfectly willing to share some information on the Web. At the same time, basic human dignity demands the we have meaningful control over which information we chose to expose to the public. Our goal is to include in the basic infrastructure of the Web the building blocks of tools that can provide each user this basic control.
To help address growing concerns about online privacy, W3C launched the Platform for Privacy Preferences (P3P) project to enable the development of a variety of tools and services that give users greater control over personal information and enhance trust between Web services and individual users.
P3P-enable services will enhance user control by putting privacy policies where users can find them, present policies in a form that users can understand them, and, most importantly, enable users to act on what they see in policies more easily. For ecommerce services and other Web sites, P3P can be used to offer seamless browsing experience for customers without leaving them guessing about privacy. Moreover, P3P will help ecommerce services develop comprehensive privacy solutions in the increasingly complex value chain that makes the commercial Web such a success. On today's Web, when a consumer buys a product or service from one Web site, completing the transaction may well involve numerous individual services linked together, each of which has some role in the ultimate delivery to the user and each of which has some responsibility for honoring the privacy preferences expressed by the user at the beginning of the transaction.
Consider all of the steps involved in the increasingly common processing, printing, distributing, and archiving a digital photo. After the user takes a digital image with a common digital camera, one site may be the point to which the photo is first uploaded, from there the user follows a link to another site that performs special image processing, after which the next site created prints, which are then delivered by yet another service to family members. Finally, yet another site may offer archival services for the photos. At each step along the way, these sites are dealing with sensitive information (the names of the people in the photos, their location, etc.).
Setting the stage where such flexible combinations of services can be offered to users requires widespread agreement on standards, including the means of communicating from one service to another about how personal information should be handled. Standards have a vital role in the operation of the Web in general. The Web is not run by any single organization, but it does enable people to share information around the world because everyone who operates a piece of the Web agrees to follow shared technical standards. In the same way as the HTML standard ensures that everyone who looks at a Web page will see it as the author intended it to look, regardless of what computer or software is used, the P3P standard will enable every user and site operator on the Web to communicate in a common language about privacy.
Can users find P3P in their browsers today? Not yet, as the standard is only just being completed. P3P has been under development over the last two years at the World Wide Web Consortium in a design effort that has included software vendors, large commercial users, privacy advocates, and government data protection commissioners from around the world. Participants in the effort include
With the standard definition nearly complete, we are now entering the testing and implementation phase. Our last step in finalizing the design of the standard is to host a series of interoperability testing events, one in June and one in September. We are encouraged that a number of large Web software developers as well as innovative smaller services have committed to implementing P3P in their products. Following this testing phase, we will issue a final standard for the Web community.
III. Conclusion: Role of Law, Technology Tools, and Industry Practice in Privacy Protection
This committee faces hard questions regarding what regulatory framework, if any, will best address the serious privacy issues on the Web today. Congress may choose to enact a general privacy baseline, or may consider targeted legislation focused on certain sensitive sectors, such as has already been done with respect to children's privacy. Or, those who seek more time for self-regulatory efforts may take hold. I am not here to support or oppose any particular approach, but rather to suggest that with or without legislation, Web users in the United States and around the world need more powerful technical tools to give users greater control over their online privacy relationships. Similarly, ecommerce service providers need tools to enable them to build innovative, flexible, customizable services that respect users' privacy rights and preferences.
Even with the most stringent privacy laws one might imagine, so much of practical privacy rights depends on users being able to make individualized choices about the privacy relationships that they want to have with the growing number of Web-based services with which the interact. Effective exercise of informed choice, whether under legislative mandate or enlightened self-regulation, can only be accomplished in the increasingly complex Web of personal information with the help of tools that users can use. So whatever the final outcome of this debate, we should all be committed to see that the innovative and entrepreneurial energy that abounds in the Internet is able to develop innovative tools to help users and vendors.