Privacy On The Wireless Internet

By Marc Le Maitre

 

Nextel Communications

Wireless Carrier Vision

According to a recent survey conducted by UCLA, privacy is the number one issue in the minds of consumers using the Internet. It is also the number one agenda item on many state and national legislatures. The consumer’s demand for adequate privacy will especially affect wireless industry players who are proposing to use highly personal information such as location and state to power mCommerce services.

 

Whether the changes are made through legislation or self-regulation they will be effective in restricting the ability that businesses have today to collect, analyze, trend and mine customer’s data without obtaining their permission. Access to consumer data is critical to businesses in their customer profiling process. They will need to re-engineer their Customer Relationship Management (CRM) systems to address the new “trusted” relationships they must build with their customers.

 

The consumer will demand that adequate governance be implemented to ensure that their permission, once granted, is not abused.

 

This position paper examines how those trusted relationships might be built and includes requirements for constructing a privacy/trust framework that meets the following expectations;

• Places customer back in control of their own privacy and is
• Considered an asset rather than a liability to the businesses who deploy it as part of their profiling and marketing systems.

Wireless gets personal

As carriers and their partners seek to introduce new value added services to wireless customers and increase the utility of those already deployed it will be necessary to forge ever-tighter relationships with the customer base. This will require that they have access to increasingly intimate information about the user. This intimate information includes state (presence), location, activity, preferences and transaction history. Wireless carriers and their partners will feed this information into the next generation of preference platforms which will provide the user with a range of real-time, situation-sensitive services of incredible value.

 

Despite the considerable upsides in pursuing this strategy there are significant risks that must be mitigated. A tighter relationship with the customer will necessarily demand a greater degree of trust between both parties. The user must be able to trust that, as they provide sensitive information such as where they are, what they are doing and what they desire to merchants and service providers, the integrity of this information is not compromised. The consequences of inadequately protecting this information or allowing it to be shared, copied or distributed without control will certainly curtail customer take up of these value-added services. The potential problems of losing control of this sensitive information will eclipse today’s Internet privacy concerns.

What can today’s Privacy frameworks do?

Today, the Internet has many, incompatible mechanisms for allowing users to protect the privacy of data that they give to web sites. Most sites provide Privacy Statements to web users but these rely on the user to manually read a text-based policy. Historically, few users read them before providing sites with information (less than 0.05% according to recent estimates). The problem is that if the privacy policy is not read or if the full gravity is not adequately understood then the user cannot be said to have given his or her “informed consent” and this can lead to future dissatisfaction. Obtaining a user’s “informed consent” must be at the core of future privacy systems.

 

One solution, P3P (Platform for Privacy Preferences Project), simplifies the “informed consent” problem by providing a mechanism for better informing the user about the privacy policy of a web site. P3P answers two distinct problems:

 

• The business problem; How can a business express their privacy practices in such a way that users can quickly and easily make trust decisions about their website.
• The user problem; How can users quickly and easily determine if a web site abides by their privacy preferences.

 

By arming the user with a tool that can machine-read a web site’s privacy policy, P3P allows the user to match a site’s privacy policy with their pre-determined preference list. When areas of conflict arise between user preference and web site policy the user tool (browser plug-in) alerts the user who can then take appropriate actions, such as deciding not to provide data to the site. Although this places the user in a more informed position it does not truely place them in control.

 

Web Anonomizers provide an alternative method to privacy. Personal data is removed and replaced with proxy information by a service provider when users visit a web site. This category of privacy solution creates a new identity for the user but in doing so prevents the business running the web site from creating a relationship with the user. Without these relationships the business cannot effectively market to the user.

What will future privacy frameworks be required to do?

P3P provides the opportunity for the user to easily gather information about a site’s privacy policy and compare it with their preferences. However, its capabilities need to be extended in a number of ways in order to adequately address privacy on the Internet and particularly in the wireless arena.

 

Web Anonomizers provide the user with a “cloak” behind which they can hide but in doing so prevents the business from accessing real customer data and thus constrains their profiling and marketing activities.

 

 The following is a non-exhaustive list of requirements that need to be addressed in order to meet the needs of both the consumer and the business.

• Users must have ultimate rights to control the privacy of their own information. The user must be able to override all other entities in deciding what information is made available and under what terms and conditions information is transferred and used. This places the user in total control.
• All options regarding the dissemination and usage conditions for a user’s data must be on an “opt in” basis. That is; unless otherwise specified by the user there are no terms and conditions under which a user’s data would be shared.
• Users should be able to delegate some or all of the access control and conditions of use to a third party. If the user chooses this option they must have full control to rescind, extend or modify the instructions at any times. This allows third parties to develop trusted relationships with users and then act as brokers, providing information to businesses on behalf of the user.
• The user’s information must be secured so as to ensure that the user, unless delegated or as part of an agreed privacy contract, is the only one who has access to the information stored on their behalf.
• The user must be able to negotiate when privacy preferences differ from the policy of a site. The outcomes of this negotiation need to be richer than just the acceptance of the site’s policy or denial of the information to the site by the user. This ensures that both user and business have the opportunity to arrive at acceptable outcome.
• Web sites need to be able to proactively inquire about a user’s privacy preferences rather than only responding to a user’s request. Web sites must be able to do this without the request being regarded as intrusive by the user. As part of this process it must be possible for the user to specify a meta-permission policy detailing how requests from third parties are handled prior to releasing privacy preference information. Without this capability, unsolicited services driven by a web site would be limited. The concept of Service Providers and Merchants providing clients with unsolicited but desirable services is at the very core of today’s wireless services thinking.
• A user’s privacy preferences must be stored in such a way as to enable them to be available from other devices. The users should not be required to enter their privacy preferences into each device they use. This minimizes the data input and maximizes broad, cross-platform acceptance of services.
• There must be a mechanism to allow the user (and the Web site) to track which data they have given (or received) and under what privacy rules. Users must be able to obtain a “signed” copy of the privacy agreement negotiated at the time that they provide the information. Thus, if a site’s privacy rules change over time or is based on dynamic rules, it is possible for the user to refer back to the agreement that was in force at the time that the information was provided.
• It should be possible for users to request a “recall” of the data provided under a privacy agreement and have the service provider/merchant destroy all copies of the information provided. This allows the user to completely terminate a relationship.
• It must be possible for the user to specify that information provided to a service provider/merchant has a “time to live”. After termination of this TTL the business must destroy the information and confirm the fact to the user. In this way it will not be possible, for instance, for a business to build up a “digital trail” about a users who provides them with location or state information.
• The user must be able to provide businesses with persistent links to information they share such that if they give their permission a business can readily gain access to the latest update of the information. This will allow businesses to retain access to the information that is critical for the working of their customer relationship management systems but will place the user in control of the terms under which this information is available to the business.
• It would be desirable if the privacy framework allowed the user to “watermark” data given under the terms of a privacy agreement. This “watermark” would allow the user to uniquely identify the data given to the business such that the data could be traced back to the original sharing agreement.
• There must be adequate governance for the privacy framework to ensure that, in the event that a user claims that his/her privacy is breached all efforts will be taken to bring the responsible parties to justice. This last point is probably the most difficult to achieve but the most important if the users are to place their trust in the privacy framework.

 

These requirements give consideration to the specific needs of both the user and the business. Passing too little control to the user will result in low take up of the services because of privacy concerns. Passing too much control to the user without providing mechanisms to allow businesses to continue to profile and market to their customers will result in low acceptance from businesses.