Microsoft, IBM back web privacy standard

An internet privacy standard backed by Microsoft and IBM, demonstrated in public for the first time this week, has raised concerns that it could create more problems than it solves.

The World Wide Web Consortium (W3C) hopes the standard, called Privacy Preferences Project (P3P), will become the basis for addressing online privacy issues. The consortium conducted the first public demonstration of the standard on Wednesday. Microsoft plans to use P3P technologies in the next major Windows upgrade.

P3P is a set of specifications that allows websites to express their privacy policy in XML, the language commonly used for ecommerce transactions. P3P-compliant browsers enable end users to decide what personal information they are willing to share with other websites and how that information can be used.

As users surf the internet, the browser would automatically compare their stated preferences to the sites' privacy policies, and alert them as to what those policies are.

Lorrie Cranor, chairwoman of the P3P specification group, said: "Right now consumers have to hunt for privacy documents, and that can sometimes be scary when they see all they have to read and sort through. Hopefully this will be a way they can see easily how a site matches their personal preferences."

At the event, companies with interests in security issues, including the Electronic Network Consortium, Engage Technologies, IDcide, Microsoft and YOUpowered, demonstrated P3P client implementations, while IBM and PrivacyBot showed off P3P policy generators that enable sites to translate their privacy policies into P3P.

However, the specification drew criticism from some observers. Roland Cuny, chief technology officer at Webwasher.com, a developer of privacy protection products, claimed that consumers' could end up revealing more than they wanted under P3P.

"Few internet users today voluntarily prompt every website they visit with a standardised form containing sensitive personal information," he said. "Under P3P your browser would actively aggregate this kind of information and distributes it in a nanosecond to any website that presents a compliant privacy statement."

A number of companies also announced that their websites are already P3P-compliant. They include America Online, AT&T, IBM, Microsoft and the White House.