Skip to main content

Computer-Readable Privacy Policies

Researcher: Lorrie Cranor

Cross Cutting Thrusts: Usable Privacy and Security


Computer-readable Privacy Policies

P3P is a standard XML format for encoding web site privacy policies. It has been implemented in IE6 and Netscape 7 and has been adopted by one-third of the top 100 web sites. However, the IE6 and Netscape implementations leave a lot to be desired. We developed a P3P user agent called the AT&T Privacy Bird that can be added to IE5 and IE6.  Privacy Bird fetches P3P policies automatically at every web site a user visits. Users can configure Privacy Bird with their personal privacy preferences, causing a bird icon in the corner of the browser window to change colors to indicate whether a web site’s privacy policy matches their preferences. User response to Privacy Bird has been very good; however, there have also been a lot of suggestions for improvements.  In addition, many interesting research questions remain about how to provide usable interfaces for privacy preference configuration and how to convey privacy-related information to users. These are difficult problems due to the fact that privacy policies are complex, user privacy preferences are often complex and nuanced, users tend to have little experience articulating their privacy preferences, users are generally unfamiliar with much of the terminology used by privacy experts, and users often do not understand the privacy-related consequences of their behavior.  Research in this area in the context of Privacy Bird will also inform the more general problem of developing usable privacy-related software. AT&T has released Privacy Bird under an open source license. I plan to use Privacy Bird as a starting point to build an improved P3P user agent and do a series of user studies with it.  I will also extend this work in new directions by developing a P3P user agent for use in a ubiquitous computing context. I expect this will tie in with other Cylab projects, for example the ubiquitous computing work being done by Peter Steenkiste, as well as work being done by Adrian Perrig.

The existence of computer-readable privacy policies also presents an opportunity to automate the collection of data about web site privacy practices. This is useful for answering many important questions related to the effectiveness of privacy regulation and self-regulation.  I plan to do a longitudinal study of web site privacy policies, using a scripted interface to Privacy Bird to gather P3P policy data on a monthly basis.