What's so hard about getting software to negotiate privacy agreements between Web sites and their human visitors? No offense, but it has a lot to do with the humans.
The engineers trying to stir such a gadget into their software are finding that technology that deals in privacy is being forced to go where no Web protocol has gone before. Sophisticated plug-ins that would work with browsers and any other Internet applications, such as chat clients, are among the programs that might distribute personal data.
P3P, shorthand for the Platform for Privacy Preferences, is under construction at the World Wide Web Consortium, and in very early stages of implementation in products by a handful of developers, including Microsoft (MSFT), Netscape (NSCP), Excite's MatchLogic (XCIT), and others.
If most Web sites and Web software companies do end up adding support for P3P, it could soon serve as a new kind of software agent. The protocol has an odd goal: to arrange communication that is not technical -- like two modems handshaking -- but human, like two people haggling.
"The act of designing a social technology is not an easy one," noted Joseph Reagle, P3P project manager at the Web Consortium.
To be sure, the issue being negotiated is extremely touchy: the electronic release of private data, names addresses, bank accounts, credit card numbers, and other, often intimate, details. Before a deal is struck and an online transaction is completed, the scheme must negotiate exactly what a business may and may not do once it sucks the data off a user's hard disk.
The tricky part for developers is getting P3P-enabled software to set up those terms in the first place. How do they get users to understand privacy technology, let alone supply software with the information needed to make P3P work?
"The challenge is going to be how to map [a] user's knowledge and user experience about privacy, to really empower them about using computers," said Microsoft's Max Metral. "While I'm engaging in a relationship with a site, I don't want to necessarily be invaded with lots of UI [user interface].... You [just] want to put the user in control."
Metral is the former chief technology officer of Firefly, the company that pioneered development of P3P and was purchased by Microsoft in April. He's now developing P3P under the umbrella of Microsoft's Web Essentials group.
Keeping a user informed and in control of P3P, without the scheme overwhelming their Web experience, will be tricky. When a user arrives at a Web site, a P3P-powered browser will receive a privacy "proposal" from that site, explaining what information it would like and how the data would be used.
The browser will check the proposal against a P3P "rule set." Based on those user-defined rules, the browser will accept or refuse the proposal. Data in the form of privacy "grammar" and "vocabulary," formatted with Extensible Markup Language (XML) will shuttle between client and server via the standard hypertext transfer protocol.
The XML-based data categories include contact information, payment information, and a user's "click-streams." In the reverse direction, the site expresses its plans for the data: simple user-customization of the Web site (to offer local weather forecasts, for example, or customized news), company product promotion, even sale of the information to other companies, such as direct marketers.
If terms can't be met after a comparison of user preference fields, a user's P3P client rejects the site's proposal. At that point, the rebuffed site might make another play for acceptance with a new proposal.
A user's "rule set" spells out the terms by which a name, ZIP Code, or surfing habits will or will not be released. However, if that rule set is to conduct an effective privacy negotiation, it must first be trained by the user.
It's hard enough for the technology to handle the negotiation process. It's even trickier for non-technical users to grasp the vocabulary involved, according to one P3P developer.
"Absolutely, that's the toughest thing," said Sean Gaddis, who is working on P3P implementation as Netscape's manager of marketing technology and the "rules processing" involved.
"Some of the things in the spec to begin with, in terms of vocabulary, are really techie issues. Like 'Hey, your IP address may be used,' or 'This data is going to be used for survey purposes.' [These are] things that people may not understand whatsoever," he said.
"I think that's the hard problem -- and one that Netscape and Microsoft are going to spend the most resources on," added Drummond Reed, co-founder of Intermind, which is also working on P3P-based software. Reed sits on P3P working groups at the Web Consortium.
Both are concerned that the need for understanding could result in too much explaining, with the potential end-result being, as Gaddis said, that "people won't use this tool."
For most developers, the predictable approach is: Keep it Simple Stupid.
"I find that users don't want to have to understand every detail of what's going on," said Hadi Partovi, group program manager for Microsoft's Internet Explorer team. "If you have a Ph.D, you can understand the spec. But for the average user, just seeing a dialog box can threaten and scare them."
"As a user, I need to communicate with my browser," said Lorrie Faith Cranor, a researcher at AT&T Labs, who is co-chair of the Web Consortium's P3P Interest Group. "[But] I should be able to do it quickly and easily and shouldn't have to have a degree in computer science. Coming up with a GUI that lets me do that is certainly a challenge."
Instead of supplying a fully trained rule set, Netscape's Gaddis said that simple questions provided at the time of an information request might be easier on users.
But if P3P is stripped down and not prepared for multiple proposals across multiple site scenarios, there is also a potential trust issue, as consumers might sense that their software is not in control -- yet another conundrum for developers.
As Gaddis notes, if implementations are too conservative in their interface, then people may not bother with P3P at all.
That's why for some, the answer is to ease P3P in over several generations. Keep first versions simple, and once users become more familiar with its powers, introduce more sophisticated negotiating abilities.
But still others, including AT&T's Cranor, envision prepackaged privacy preferences supplied by third parties the user inherently might trust, such as the Center for Democracy & Technology, or the Better Business Bureau Online.
Such organizations could offer a preference package in line with their political and philosophical beliefs. Such packages would then take care of the details for users. Click to download and install them, and the user feels secure that the organization, as represented by a set of preferences, is watching out for them.
"My ideal world is I get these prepackaged configurations then go into my browsers and change the nitty-gritty," Cranor said.
If and when all this is worked in this or future generations of P3P, there may be a lot more riding on the protocol than even the sensitive issue of privacy.
"P3P is sort of the lightning rod that's leading us into this communicating agent technology," Intermind's Reed said. Not the mobile agents once envisioned by companies like General Magic, rather a stationary, yet equally intelligent agent. "It's going to spur enormous growth in that market.... I always feel like this is going to be 'the next Web,'" he said.
The Web Consortium expects to issue a final set of P3P recommendations in October.
