Technology, Thoughts & Trinkets

Touring the digital through type

APIs, End-Users, and the Privacy Commons

Mozilla is throwing their hat into the ‘privacy commons‘ ring. Inspired by Aza Rankin’s ‘Making Privacy Policies Not Suck‘, Mozilla is trying to think through a series of icons intended to educate users about websites’ privacy policies. This is inspirational, insofar as a large corporation is actually taking up the challenge of the privacy commons, but at the same time we’ve heard that a uniform privacy analysis system is coming before….in 1998. A working draft for the Platform for Privacy Preferences (P3P) was released May 19, 1998 during the still heady-times of people thinking that Privacy Enhancing Technologies (PETs) could secure people’s online privacy or, at least, make them aware of privacy dangers. The P3P initiative failed.

Part of the reason behind P3P’s failure was the length of its documentation (it was over 150% the length of Alice in Wonderland) and the general challenge of ‘properly’ checking for privacy compliance. Perhaps most importantly, when the P3P working group disbanded in 2007 they noted that a key reason behind their failure was “insufficient support for curent Browser implementors”. Perhaps with Mozilla behind the project, privacy increasingly being seen as space of product competition and differentiation, and a fresh set of eyes that can learn from the successes of the creative commons and other privacy initiatives, something progressive will emerge from Mozilla’s effort.

As is noted by CNET, a core problem behind the P3P movement was the massive explosion of privacy categories: they grew from three to seventeen (!). One can imagine that, were the creative commons much more complicated than their current instantiation, we’d still be focusing almost exclusively on GPL and similar licensing regimes. (Note: this isn’t a elbow jab at non-creative commons models, but a gentle suggestion/reminder that creative commons has generally been more successful than other licensing models in getting the attention of non-technical end-users than other licenses. User interface and marketing matters!)

To be sure, it helps that Lessig marshalled interest in the creative commons, leading to the support for the project in the form of academic articles, public books, and major celebrity endorsements. The RIAA’s carpet-lawsuit campaigns presumably also had a major effect on spreading public awareness of the creative commons. I imagine that without the RIAA going to war with consumers that the creative commons would have been far less likely to have succeeded – there wouldn’t have been the same drive to learn about copyright, and copyright alternatives – and I don’t know that a similar visceral reaction towards the management of privacy currently driving a move towards a privacy commons.

Privacy commons models have been trialled in Canada, with the notable case where Canadian researchers launched a Firefox extension called ‘PIPWatch‘ to try to raise surfers’ awareness of how compliant websites were with Canadian privacy laws. The extension is described as,

the first privacy technology designed specifically for Canadian Internet users. Built as a toolbar extension for the Firefox web browser, PIPWatch gives real-time feedback on the privacy practices websites visited by Canadian users, in particular whether a site’s owners respect Canadian privacy laws.

Something that was unique about their approach was that when the extension’s users got to a site that was (1) described non-compliant with Canadian privacy law; (2) was not part of the PIPWatch database, the users could send a message to the identified privacy officer of the website. Unfortunately, this entailed some ‘heavy lifting’ by the first visitor of a website not in the database: first vistors had to track down the information needed to send that first message so that subsequent visitors could send their own messages with a click of button. This model was inefficient, terribly time-consuming (especially where it was unclear who was responsible for corporate/web privacy issues), and without a large number of users using the extension it failed to generate the adoption-rates required for it to truly be effective (effective in the sense that corporations and websites themselves would self-contribute to the database) on a wide-scale. It is notable that Facebook was proactive, years before their roundabout with the Office of the Privacy Commissioner of Canada, in working with PIPWatch so that it displayed the correct ‘privacy warning’ for visitors to that site.

PIPWatch, admittedly, didn’t have the support of a large and (comparatively) well-resourced group like Mozilla. The researchers behind the project adopted a ‘community-centric’ model to privacy policies, in variance with P3P. I’ve previously suggested a set of icon-categories for the privacy commons and noted the difficulties in building them out. Specifically, in relation to this latter point I wrote that:

… the benefits of a machine-readable privacy commons are high….but only if substantial market penetration can be achieved. Ideas of a commons aren’t new – they’ve been swimming through academic literature in various iterations for the past decade and a half or so – and whenever there has been an effort to impose a machine-readable privacy system uptake is the key issue. Copyright doesn’t face the same issue, insofar as most people would (probably) be happy with a ‘regular’ copyright. Further, copyright has been around long enough that most people at last can imagine what their permissions might include where they don’t see a creative commons licensing icon. Privacy, however, isn’t as well defined in legal statutes, has deep variations around the world, and (perhaps most importantly) lacks an international advocacy group that is composed of businesses who see advancing privacy as essential to their business interests. Google fought to add the very term ‘privacy’ on their homepage, and they’re a web-savvy company. Facebook suffered through an extended investigation to have their privacy policy changed. How reasonable is it to expect large fortune 500 companies to adopt any kind of privacy commons position?

Thinking about implementation, perhaps what is required is a middle-ground between PIPWatch and P3P. Such a model could support an API so that companies and individuals can leave generic information about how data is/isn’t collected and used, but also enable visitors of websites to either contact Mozilla when a website not participating in the privacy commons is discovered (so that Mozilla can notify the site owner about the privacy commons) or offer a direct ‘click here to send a generic message to site owner’ option.

Whereas the creative commons has the “advantage” of copyright being a high-profile issue in light of punishing lawsuits in the US, I think that any Privacy Commons effort needs to assist individuals in contacting companies about the individuals’ concerns about privacy, as well as building out an API for classifying sites’ policies. Ideally, messages to site owners would include not just a question about joining the privacy commons but also basic information about how to integrate the API into the web environment, as well as a resource to contact at Mozilla for more information. As we’ve seen to date, relying exclusively on either an API or notification has been unsuccessful; let’s start investigating the value of ‘hybrid’ approaches, backed with institutional resources and end-user feedback, and see if a privacy commons movement can genuinely be started and sustained.


  1. Great post Chris, really useful for laying out the land on this. Makes me wonder, though, about the general wisdom of taking a machine-readable/API/automated style approach to this, given the real concerns about diversity and sustainability, and whether another approach might be simply a browser plugin that polled from a community site that held submissions on privacy concerns from anyone (both “vetted” experts and regular users, with some ‘voting’ mechanism like is common on other sites so that strong posts/concerns rise to the top). That would strike me as a *real* Privacy Commons, one that not only was common in extending across sites, but reflected not only the legal concerns but the public’s concerns as well (e.g. it is entirely possible for a site to follow the letter of the law and yet be built in such a way that people commit privacy *errors*, say like how very few can actually figure out the subtleties of Facebook’s nefarious privacy settings). Just a thought, in any case something is hopefully going to turn out to be better than the nothing we currently have.

  2. @Scott Leslie

    Interesting – I hadn’t thought of the ‘vote’ system. Ideally, what I’m imagining would perhaps be:

    (1) visual, on-site, representation of the privacy position, denoted by icons;
    (2) coded instructions that ‘tell’ the browser about the site’s privacy position – this would be used by browsers and plugins to mashup data/display it in different formats/enable ‘privacy settings’, where an individual might not go to sites with particular privacy positions or at least be warned;
    (3) where a site lacks information, have the option of somehow notifying the site about the commons, and invite them to join

    Adding (4) a way of reflecting public concerns is interesting, but I get a little worried about it because it could project the perceptions of privacy on top of companies who may actually have decent privacy provisions or vice versa. Example: Nokia-Siemens is falsely accused to selling DPI equipment to Iran for censorship, and so in reaction hosts of people ‘vote down’ N-S’ privacy position on the basis of that false information. Alternately, people ‘vote up’ Google’s privacy position, even though they’re well known to have poor protections in place (e.g. masking the last octet of search results).

    Would you say that your critique of the commons would also extend to the creative commons?

  3. Several years ago, I spoke with Lawrence Lessig about a Privacy Commons framework to be built using the Creative Commons framework. He thought it was doable, but they needed $$ for developing and running it.

    The advantage in using the CC infrastructure, is that it is globally recognised and all the processes / committees are established to implement in each country.

Leave a Reply

Your email address will not be published.