February 20, 2003 - Lorrie Cranor

User Interfaces for Privacy: Design and Evaluation of the AT&T Privacy Bird P3P User Agent

Location: Shaffer 3
Time: 10:30 am

Abstract

The Platform for Privacy Preferences (P3P), developed by the World Wide Web Consortium (W3C), provides a standard computer-readable (XML) format for privacy policies and a protocol that enables web browsers to read and process privacy policies automatically (http://www.w3.org/P3P/). P3P has been built into the Internet Explorer 6 and Netscape 7 web browsers and has been adopted by about a third of the top 100 web sites. We developed the AT&T Privacy Bird (http://privacybird.com) as an Internet Explorer add-on that can compare P3P policies against a user's privacy preferences and display a bird icon to indicate whether the user's preferences are met.

Developing interfaces for configuring P3P user agents with a user's privacy preferences is challenging due to the large number of potential choices to be made and the difficulties individuals have in describing privacy concerns in detail. As part of our Privacy Bird work, we developed a privacy preference specification interface. Our design was informed by privacy surveys and our previous experience with prototype P3P user agents. We conducted a user study to evaluate this interface and other aspects of Privacy Bird, and to gain a better understanding of how Privacy Bird is being used.

In this talk I will provide an overview of P3P, including some insights into the P3P development process. I will discuss the general problem of designing user interfaces for privacy and the specific design of the AT&T Privacy Bird. I will also present results from our Privacy Bird user study. Dr. Lorrie Faith Cranor is a principal technical staff member in the Secure Systems Research group at AT&T Labs-Research. She is chair of the P3P Specification Working Group at W3C and author of the book "Web Privacy with P3P" (O'Reilly 2002).