Web site privacy with P3P

Web Site Privacy

with P3P®

Helena Lindskog

Stefan Lindskog

Web Site Privacy

with P3P®

Publisher: Robert Ipsen

Editor: Carol A. Long

Developmental Editor: Adaobi Obi Tulton

Editorial Manager: Kathryn Malm

Managing Editor: Pamela M. Hanley

Text Design & Composition: Wiley Composition Services

This book is printed on acid-free paper. ∞

Copyright  2003 by Helena Lindskog, Stefan Lindskog. All rights reserved.

Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any

form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise,

except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without

either the prior written permission of the Publisher, or authorization through payment of the

appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers,

MA 01923, (978) 750-8400, fax (978) 750-4470. Requests to the Publisher for permission should be

addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis,

IN 46256, (317) 572-3447, fax (317) 572-4447, E-mail: [email protected].

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best

efforts in preparing this book, they make no representations or warranties with respect to the

accuracy or completeness of the contents of this book and specifically disclaim any implied war￾ranties of merchantability or fitness for a particular purpose. No warranty may be created or

extended by sales representatives or written sales materials. The advice and strategies contained

herein may not be suitable for your situation. You should consult with a professional where

appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other

commercial damages, including but not limited to special, incidental, consequential, or other

damages.

For general information on our other products and services please contact our Customer Care

Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993

or fax (317) 572-4002.

Trademarks: Wiley, the Wiley Publishing logo and related trade dress are trademarks or regis￾tered trademarks of Wiley Publishing, Inc., in the United States and other countries, and may not

be used without written permission. P3P is a trademark or registered trademark of Massachu￾setts Institute of Technology. All other trademarks are the property of their respective owners.

Wiley Publishing, Inc., is not associated with any product or vendor mentioned in this book.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in

print may not be available in electronic books.

Library of Congress Cataloging-in-Publication Data:

Lindskog, Helena, 1966-

Web site privacy with P3P / Helena Lindskog, Stefan Lindskog.

p. cm.

ISBN 0-471-21677-1

1. Computer networks—Security measures. 2. World Wide Web—Security measures.

3. Web sites—Security measures. 4. Privacy, Right of. I.

Lindskog, Stefan, 1967- II. Title.

TK5105.59 .L56 2003

005.8—dc21

2002155538

Printed in the United States of America

10 9 8 7 6 5 4 3 2 1

To our wonderful children Caroline, Sofia, David and Johanna

CONTENTS

vii

Acknowledgments xiii

Chapter 1 Introduction to Privacy 1

Privacy Awareness 1

The Right to Be Left Alone 4

Means for Privacy 5

Anonymization 6

Pseudonymity 7

Unlinkability 8

Unobservability 9

The Origin Server Perspective 10

When the Origin Server Meets the Privacy-Aware User 11

Platform for Privacy Preferences 13

Trust 14

What’s Ahead 14

Chapter 2 Internet Security 17

Terminology and Definitions 17

Vulnerabilities and Threats 18

Vulnerabilities 18

Threats 20

Security Policy 21

Protection Mechanisms 21

Authentication Systems 22

Access Control 22

Cryptographic Systems 23

Usage of Cryptographic Systems 23

Auditing 26

Firewalls 26

Intrusion Detection Systems 27

Anti-Malware Software 27

Vulnerability Scanners 28

Summary 28

Additional Reading 28

Chapter 3 The World Wide Web 31

An Introduction to the Internet and the Web 31

An Historic Introduction to the Internet 32

An Introduction to the Web 33

The Traditional Web Architecture 34

Proxies and Such 36

Auditing 38

The Mobile Internet 39

Summary 40

Chapter 4 Privacy and the Internet 41

Risks for the Users 41

Log Files and Customer Databases 41

Cookies 43

Web Bugs 44

Spam 45

Information Distribution 45

Tracking 46

The User Strikes Back 48

Lawsuits 48

Data Alteration 48

Cookie Filtering 50

Anonymization 51

Trusted Parties 52

Identities 52

Privacy in Mobile Internet 53

Summary 54

Chapter 5 Platform for Privacy Preferences Project 55

P3P and Legislation 55

P3P Scenario 57

Retrieve the P3P Policy File 57

Retrieve the Preferences 59

Default Settings 59

Administration Tools 59

“Remember This Decision” 60

Perform the Agreement 61

The P3P Agreement 62

Summary 67

Chapter 6 Enhance Your Web Site’s Privacy 69

Lawfulness and Processing 69

Fair and Lawful 70

Purpose Specification 70

Necessity Principle 71

viii Contents

Right to Correction 72

Retention 73

Right to Information 74

Security 74

Checklist 75

Summary 76

Chapter 7 Five Steps to Creating a Privacy Policy 77

Step 1—Create a Written Privacy Policy for the Site 77

Step 2—Decide Which Policies Apply to Which Pages 78

Step 3—Create P3P Policies 79

Step 4—Create a P3P Policy Reference File 82

Step 5—Validate the Policies 83

Summary 84

Additional Reading 84

Chapter 8 Privacy Policy in English 85

Information in an Online Privacy Policy 85

What Type of Personal Data Is Collected? 86

Why Is Personal Data Collected? 87

How Is the Collected Personal Data Used? 88

Is the Collected Personal Data Redistributed or Shared

with Other Organizations? 88

How Is Collected Personal Data Protected? 89

How Can I Access My Own Personal Data? 90

Whom Do I Contact with Questions about the Privacy Policy? 90

Summary 90

Chapter 9 Privacy Policy Using P3P 91

Create a Reference File 91

Create the Policy File 94

Create the Surrounding Tags 94

Entity Information 95

Access Information 95

Disputes 97

Statements 99

The DATA-GROUP 100

The CONSEQUENCE Tag 109

The NONIDENTIFIABLE Tag 109

The PURPOSE Tag 110

The RECIPIENT Tag 114

The RETENTION Tag 116

P3P and Multiple-Language Support 117

The Legal Perspective on Policies 119

Summary 120

Additional Reading 120

Contents ix

Chapter 10 Cookies and P3P 121

Cookies Revisited 121

P3P and Cookies 123

Cookie Filtering 123

Full Policies 124

Create a Reference File 124

Create the Policy File 126

Compact Policies 126

Example of a Third-party Cookie That Uses a

Compact Policy 128

The Implications of the Three-Letter Combinations 129

Legislation 138

Cookie Alternatives 139

Session Cookies 140

Ad hoc sessions 140

Login sessions 140

Persistent Cookies 141

Cookie Policy Receipts—A Suggestion 142

Summary 145

Additional Reading 145

Chapter 11 User-Agents and Other P3P Tools 147

Policies 147

Client Side 149

Viewers 149

User-Agents 150

Intermediary Servers 151

P3P for Data Conveyance 152

Existing P3P Tools 154

Validators 154

User-Agents and Viewers 154

The JRC User-Agent 155

Summary 157

Additional Reading 157

Chapter 12 P3P and the Mobile Internet 159

Mobile Internet—The Vision 159

Mobile Internet Architecture 160

The User Device 161

The Proxy/Gateway 162

The Service Provider 163

x Contents

P3P-enabling a WAP Site 163

A WAP User-Agent Profile 163

Creating a P3P Policy for WAP Applications 167

Creating a Reference File 167

Creating a Policy File 169

Profile Data Conveyance and Cookie-Policy Receipts 179

Additional Reading 181

Appendix A An XML Tutorial 183

Background 183

General XML Concepts 184

Tags and Attributes 184

Document Type Definition (DTD) 186

Prolog 187

Processing Instructions 188

Namespaces 188

Other Related Recommendations 189

Additional Reading 190

Appendix B Taking Charge of Profile Information Conveyance 191

Introduction 191

Privacy 192

Mobile Internet Architecture and Services 194

WAP 1.2.1 Architecture 194

WAP 2.0 194

Personal Trusted Devices 195

User-Agent Profiles 196

Location-Based Services 197

Context-Aware Services 197

Privacy Risks 198

Risks Factors 198

Exposed Data 199

Spam 200

Privacy-Enhancing Technologies 201

Basic Concepts 201

Platform for Privacy Preference Project (P3P) 201

P3P Agreement 201

A P3P User Agent 202

The PiMI Prototype 202

Minimal Profile Conveyance 202

Overview 203

Results and Suggestions 205

Use Case 205

Contents xi

Enhancement of P3P’s Operation Environment 207

Conclusion 208

References 208

Appendix C A P3P Use Case 211

The Driving Force behind the P3P Implementation 211

What Happened? 212

About the Web Site 213

The Human-Readable Policy 214

The P3P Files of the Comhem Domain 218

www.comhem.se/w3c/p3p.xml 218

www.comhem.se/w3c/policy.xml 218

The P3P Files of the Login Domain 219

https://zone.tewss.telia.se/w3c/p3p.xml 220

https://zone.tewss.telia.se/w3c/policy.xml 220

The Compact Policy 222

The Corresponding Compact Policy 222

Acknowledgment 222

Appendix D Positional Privacy Using P3P and LIF Formats 223

Location-Based Services 223

The GEOPRIV Working Group 225

Setting Up Policies around Location 226

User-Agent Response 227

About the Method 228

Additional Reading 228

Index 229

xii Contents

ACKNOWLEDGMENTS

xiii

For very valuable advising and proofreading, we would like to thank:

Andreas Ljunggren, Mikael Nilsson, Giles Hogben, Jörgen Sigvardsson,

Johan Hjelm, Magnus Johnard, and Fredric Palmgren.

Stephen Kenny