Before the United States Senate Committee on Commerce, Science, and Transportation

Testimony of Daniel J. Weitzner
Technology and Society Domain Leader
World Wide Web Consortium

25 May 2000

Introduction

Good Morning. My name is Daniel J. Weitzner. I thank the Committee for holding this hearing on online privacy and am honored to be able to contribute to your consideration of this critical issue. I am head of the World Wide Web Consortium's (W3C) Technology and Society activities, responsible for development of technology standards that enable the Web to address social, legal, and public policy concerns. W3C, an international organization made up of over 420 members from industry, academe, users organizations and public policy experts, is responsible for setting the core technical standards for the World Wide Web. W3C was founded in 1994 by Tim Berners-Lee, inventor of the Web, who serves as the Director of the Consortium. In addition to my work at W3C, I also hold a research appointment at MIT's Laboratory for Computer Science, teach Internet public policy at MIT, and am a member of the Internet Corporation for Assigned Names and Numbers (ICANN) Protocol Supporting Organization Protocol Council.

Today I will touch on three major points:

• The Online Privacy Environment: Increasing sophistication in Web technology enables the collection of large volumes of personal information, sometimes with the explicit knowledge of the user, and sometimes in the "background." While this information may often be collected for purposes considered positive by the user, most users are unable to exercise meaningful control over data collection and in many cases will have little control over subsequent use of personal information.
• The Platform for Privacy Preferences (P3P): W3C's P3P project will enable the marketplace to deliver software tools and services that enhance users knowledge of Web sites' information practices and give users more control over their personal information. A wide cross-section of the Web community has contributed to the development of P3P and is now beginning to test early implementations of the draft standard.
• Balancing Law, Technology, and Industry Practice: All three of these elements are required to give users the privacy protections they need in the online environment. Whatever the mix of law and self-regulation, we should assure that it creates an environment that encourages the development of innovative privacy-enhancing tools.

I. The Online Privacy Environment

The Internet and the World Wide Web have put extraordinary power over information in the hands of people and institutions around the world. With unprecedented ability to both publish and access information in the hands of hundreds of millions of people, centuries old barriers to knowledge and exchange of ideas have vanished. Yet this same interactivity, the bi-directional ability to exchange information from any point to any other point on the Net has brought about significant threats to individual privacy. For the same communications mechanisms that give individuals the power to publish and access information can also be used, sometimes without the users knowledge or agreement, to collect sensitive personal information about the user and his or her information usage behavior. At W3C, our goal is to use the power of the Web, and enhance it where necessary with new technology, to give users and site operators tools to enable better knowledge of privacy practices and control over personal information.

Urban legends of the Web's imagined surveillance capabilities abound. Nevertheless, Web technology has evolved quite sophisticated data collection techniques which have caused alarm and distrust among many users. State-of-the-art Web sites are able to collect personal information about users both directly, by presenting online forms to be filled out by users, and in the background, through use of various technologies such as access logs, cookies and, in some cases, the placement of small programs that run on users computers collecting information and delivering it back to the site. The background techniques are often used to offer more customized, personalized and easy-to-use services, many of which users appreciate. Yet, all but the most technologically sophisticated users have no practical ability to understand what sort of background data collection is taking place on their computers, much less limit such collect when they wish.

Powerful data collection techniques, users inability to know what is being collected or how to stop it, together with occasional highly publicized abusive privacy practices, all combine to generate a significant level of fear and distrust on the part of many Web users. Two of the most notable online privacy incidents in the last year illustrate how strongly users and the general public react when users discover that data collected about them may be used for a dramatically different purpose, or that personal information will be disseminated without their control.

• Intel Processor Serial Number: Just before it released its new Pentium III processor, Intel had to turn off access to the unique serial number inside each processor because users objected to the inability to block transmission of this serial number to web sites. Though Intel believed this ID would actual enhance security by providing better transaction verification, users felt that it would be used to track their browsing and buying habits without giving sufficient control to users.
• Doubleclick personally-identifiable web usage tracking: Widespread outcry arose earlier this year when Doubleclick announced plans to use user information previously collected to track surfing habits of users for the purpose of targeting banner ads. User objected to the fact that information previously collected was to be used for a different and more invasive purpose, and because it was not clear to many people how to opt-out of such tracking. Doubleclick has subsequently withdrawn the tracking plans and mounted an education campaign to inform users, among other things, how to control the information collected by Doubleclick.

W3C and its members became concerned about privacy on the Web because people won't use the Web to its full potential if they have to face such uncertainty. The majority of users are perfectly willing to share some information on the Web. At the same time, basic human dignity demands the we have meaningful control over which information we chose to expose to the public. Our goal is to include in the basic infrastructure of the Web the building blocks of tools that can provide each user this basic control.

II. P3P Enables Greater User Control

To help address growing concerns about online privacy, W3C launched the Platform for Privacy Preferences (P3P) project to enable the development of a variety of tools and services that give users greater control over personal information and enhance trust between Web services and individual users.

P3P-enable services will enhance user control by putting privacy policies where users can find them, present policies in a form that users can understand them, and, most importantly, enable users to act on what they see in policies more easily. For ecommerce services and other Web sites, P3P can be used to offer seamless browsing experience for customers without leaving them guessing about privacy. Moreover, P3P will help ecommerce services develop comprehensive privacy solutions in the increasingly complex value chain that makes the commercial Web such a success. On today's Web, when a consumer buys a product or service from one Web site, completing the transaction may well involve numerous individual services linked together, each of which has some role in the ultimate delivery to the user and each of which has some responsibility for honoring the privacy preferences expressed by the user at the beginning of the transaction.

Consider all of the steps involved in the increasingly common processing, printing, distributing, and archiving a digital photo. After the user takes a digital image with a common digital camera, one site may be the point to which the photo is first uploaded, from there the user follows a link to another site that performs special image processing, after which the next site created prints, which are then delivered by yet another service to family members. Finally, yet another site may offer archival services for the photos. At each step along the way, these sites are dealing with sensitive information (the names of the people in the photos, their location, etc.).

Setting the stage where such flexible combinations of services can be offered to users requires widespread agreement on standards, including the means of communicating from one service to another about how personal information should be handled. Standards have a vital role in the operation of the Web in general. The Web is not run by any single organization, but it does enable people to share information around the world because everyone who operates a piece of the Web agrees to follow shared technical standards. In the same way as the HTML standard ensures that everyone who looks at a Web page will see it as the author intended it to look, regardless of what computer or software is used, the P3P standard will enable every user and site operator on the Web to communicate in a common language about privacy.

Can users find P3P in their browsers today? Not yet, as the standard is only just being completed. P3P has been under development over the last two years at the World Wide Web Consortium in a design effort that has included software vendors, large commercial users, privacy advocates, and government data protection commissioners from around the world. Participants in the effort include

• America Online/Netscape
• American Express
• AT&T
• Center for Democracy and Technology
• Commission Nationale de l'Informatique et des Libertes
• Citibank
• Direct Marketing Association
• Electronic Frontier Foundation
• IBM
• Microsoft
• NCR
• NEC
• Nokia
• Information and Privacy Commission/Ontario, Canada
• PrivacyBank
• Privacy Commissioner of Schleswig-Holstein, Germany
• Phone.com
• Geotrust

With the standard definition nearly complete, we are now entering the testing and implementation phase. Our last step in finalizing the design of the standard is to host a series of interoperability testing events, one in June and one in September. We are encouraged that a number of large Web software developers as well as innovative smaller services have committed to implementing P3P in their products. Following this testing phase, we will issue a final standard for the Web community.

III. Conclusion: Role of Law, Technology Tools, and Industry Practice in Privacy Protection

This committee faces hard questions regarding what regulatory framework, if any, will best address the serious privacy issues on the Web today. Congress may choose to enact a general privacy baseline, or may consider targeted legislation focused on certain sensitive sectors, such as has already been done with respect to children's privacy. Or, those who seek more time for self-regulatory efforts may take hold. I am not here to support or oppose any particular approach, but rather to suggest that with or without legislation, Web users in the United States and around the world need more powerful technical tools to give users greater control over their online privacy relationships. Similarly, ecommerce service providers need tools to enable them to build innovative, flexible, customizable services that respect users' privacy rights and preferences.

Even with the most stringent privacy laws one might imagine, so much of practical privacy rights depends on users being able to make individualized choices about the privacy relationships that they want to have with the growing number of Web-based services with which the interact. Effective exercise of informed choice, whether under legislative mandate or enlightened self-regulation, can only be accomplished in the increasingly complex Web of personal information with the help of tools that users can use. So whatever the final outcome of this debate, we should all be committed to see that the innovative and entrepreneurial energy that abounds in the Internet is able to develop innovative tools to help users and vendors.