A Semantics-Based Approach to Privacy Languages

Get BibTex-formatted data

Author

Ninghui Li, Ting Yu, Annie I. Anton

Tech report number

CERIAS TR 2003-28

Entry type

techreport

Abstract

The Platform for Privacy Preferences (P3P), developed by the W3C, is a major effort to improve online privacy. It provides a language for websites to encode their data-collection and data-use practices in a machine-readable form. The W3C also designed a P3P preference language, APPEL, to allow users to specify their privacy preferences. Although P3P has received broad attention, adoption has been slow. A key reason for this slow adoption is the lack of a formal semantics. Without a formal semantics, a P3P policy may be semantically inconsistent and may be interpreted and represented differently by different user agents. Additionally, APPEL is both complex and error-prone. In this paper, we redress these problems by adopting a semantics-based approach. We propose a relational formal semantics for P3P policies, which precisely model the relationships between different components of P3P statements (i.e., purposes, recipients and retentions) during online information collection. Based on this semantics, we present SemPref, a simple, efficient and expressive semantics-based preference language. Unlike previously proposed preference languages, SemPref queries the meaning of a privacy policy rather than its syntactical representation. The proposed formal semantics and preference language are an important step towards improving P3P and making it more comprehensible to enterprises and individual users, and ultimately accelerating the large-scale adoption of P3P across the Internet.

Institution

CERIAS

Key alpha

LiYuAn03

Affiliation

Purdue University and North Carolina State University

Publication Date

1900-01-01

Subject

Electronic privacy

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Techreport{ LiYuAn03,
	title = "A Semantics-Based Approach to Privacy Languages",
	author = "Ninghui Li, Ting Yu, Annie I. Anton",
	institution = "CERIAS",
	abstract = "The Platform for Privacy Preferences (P3P), developed by the W3C, is a
major effort to improve online privacy.  It provides a language for
websites to encode their data-collection and data-use practices in a
machine-readable form.  The W3C also designed a P3P preference language,
APPEL, to allow users to specify their privacy preferences. Although P3P
has received broad attention, adoption has been slow.  A key reason for
this slow adoption is the lack of a formal semantics. Without a formal
semantics, a P3P policy may be semantically inconsistent and may be
interpreted and represented differently by different user agents.
Additionally, APPEL is both complex and error-prone.

In this paper, we redress these problems by adopting a semantics-based
approach. We propose a relational formal semantics for P3P policies,
which precisely model the relationships between different components of
P3P statements (i.e., purposes, recipients and retentions) during online
information collection. Based on this semantics, we present SemPref, a
simple, efficient and expressive semantics-based preference language.
Unlike previously proposed preference languages, SemPref queries the
meaning of a privacy policy rather than its syntactical representation.
The proposed formal semantics and preference language are an important
step towards improving P3P and making it more comprehensible to
enterprises and individual users, and ultimately accelerating the
large-scale adoption of P3P across the Internet.
",
	affiliation = "Purdue University and North Carolina State University",
	subject = "Electronic privacy",
}