8-533 / 8-733 / 19-608 / 95-818: Privacy Policy, Law, and Technology

Homework 4 - due October 14, 2010

Don't forget to properly cite all sources (including assigned readings) and include a bibliography with all homework assignments.

Reading assignment: October 5-14 readings

1. Write a short summary of each chapter in the reading assignment (3-7 sentences each). Graduate students should also read and write a summary of one optional reading paper. After each summary (in a separate paragraph) provide a "highlight" for that chapter. This can be something new you learned that you found particularly interesting, a point you would like to discuss further in class, a question the chapter did not fully answer, something you found confusing, a point you disagree with, or anything else you found noteworthy. [25 points]

2. [25 points] Pick a particular industry or type of web site and find two P3P-enabled sites of that type.

• a) For EACH of the two sites, use the W3C P3P validator (also available here) to answer these questions:
  • (i) Is the site fully P3P-enabled, partially P3P-enabled (has some but not all required P3P files, has errors in P3P files, has compact policy but not a full policy, etc. - if the site is partially P3P-enabled, explain), or not P3P-enabled at all?
  • (ii) Does the site have a compact P3P policy?
  • (iii) If the site is P3P-enabled, how many P3P policies does it have?
• b) Pick one of the P3P-enabled sites and compare the P3P policy with the site's human-readable policy. Then answer these questions:
  • (i) Do you think the company has accurately captured its privacy policy with its P3P policy? That is, are there any inconsistencies between the two policies? If you think there are inconsistencies, what are they?
  • (ii) What parts of the human-readable privacy policy, if any, are not captured at all by the P3P policy?
  • (iii) Are any of these elements you identified in part ii items that are supposed to be encoded in a P3P policy (that is, did the site make an error, or are they limited by the P3P syntax)?

3. [25 point] Try out an anonymity tool and read technical papers or other documentation that describes how it works.

• a) Describe the tool you used, its intended use, and how the technology works.
• b) Describe the level of anonymity the tool provides and the conditions under which anonymity might be broken.
• c) Discuss the usability and convenience of the tool and suggest ways it might be improved.

4. Do part 2 of the group privacy policy assignment. [25 points]