July 11, 2000 | P 3P, the new Internet privacy protocol unveiled last month by the World Wide Web Consortium (W3C), has been both lauded as the answer to everyone's privacy worries and castigated as a Trojan horse that will divert public attention from real problems. The truth is, it's neither. It's merely a potentially nifty tool that might help ensure privacy in cyberspace -- if the government gets its act together.

Among the boosters of Platform for Privacy Preferences Project, or P3P, we find the White House, major technology companies like Microsoft and America Online and organizations like the Center for Democracy and Technology. They position P3P as powerful technology that will help consumers to control the spread of their personal information over the Internet.

Microsoft, for instance, announced that support for P3P will be built into the next version of Internet Explorer, now the most popular Web browser on the planet. "Our commitment to protecting consumer privacy through technologies based on P3P and other efforts stems from Microsoft's long-standing focus on building technology that empowers the individual," said Microsoft's president and CEO Steve Ballmer.

Not to be outdone, Vice President Al Gore issued a statement hailing P3P as a powerful tool "for giving consumers greater control over their personal information." And to prove its point, the White House set up a P3P policy for the White House home page.

But P3P isn't technology, it's politics. The Clinton administration and companies such as Microsoft are all set to use P3P as the latest excuse to promote their campaign of "industry self-regulation" and delay meaningful legislation on Internet privacy. At least that's the claim being made by two of the most trusted names in Internet privacy, Electronic Privacy Information Center and Junkbusters, both of which have called P3P a Trojan horse.

The privacy organizations are right: P3P lacks the power to create a new privacy-rich Internet. That's because P3P is nothing more than an optional labeling standard. And as long as the protocol remains optional, organizations will have few incentives to create P3P labels that can help consumers.

Still, the privacy organizations needn't turn their backs on P3P. P3P could actually be a wonderful tool to help promote meaningful privacy protections on the Internet -- both technical protections and legislative ones.

P3P has its roots in the World Wide Web Consortium's (W3C) much-maligned Platform for Internet Content Selection (PICS), a protocol that was created to enable censorship. Conceived in 1996, during Congress' first attempt to regulate pornography on the Internet, PICS was designed to prevent the children of protective parents from being able to view pornography on the Web. The grand idea behind PICS was that every Web site on the Internet would have a pornography rating, and that Web browsers would consult those ratings before displaying the Web pages. If a Web site had pornography and the computer was configured not to show pornography, no inappropriate images would appear on young Jimmy's screen.

Privacy activists looked at the PICS technology and said to themselves, "You know, if technology can do this for pornography, perhaps we could build a similar system to protect privacy." The technology would be similar. If you clicked into a Web site whose policy for dealing with personal information didn't match your preferences, your browser would throw up a warning and prevent you from going further.