Microsoft to Deliver on Privacy Tools in Internet Explorer

REDMOND, Wash., March 21, 2001 — Microsoft Corp. today announced the specifics for privacy tools it will deliver in the next version of its popular Web browser software, Microsoft® Internet Explorer 6. The privacy tools will help Internet surfers select their own level of privacy protection in dealing with Web sites, and in particular with the sites’ use of cookies. Internet Explorer 6, which will be available for free download (connect-time charges may apply) or as part of the Windows® XP operating system later this year, will be the first Internet browser software to include such robust privacy tools based on the industry-developed Platform for Privacy Preferences (P3P) specification.

“With these significant privacy features in Internet Explorer 6, Microsoft is helping to give people critical notice and consent information in their browser experience, to better know what information is collected about them via cookies,”
said Rick Belluzzo, president and chief operating officer at Microsoft.
“Privacy is a key part of Microsoft’s .NET efforts, and this work is a step toward enabling the .NET experiences of the future, where devices, applications and services work together on behalf of the users.”

P3P Implementation and Cookie Filtering

The privacy tools in Internet Explorer 6 will allow people to set their own level of privacy, protecting the flow of personal information over the Internet. Users can choose from five privacy level settings (or import settings from a trusted source), according to their privacy preferences. The settings help consumers understand a variety of unseen events that occur, largely from the placing of cookies, as a person surfs the Web. With the sliding scale of protection levels, the tool provides consumers with a clearer understanding of the types of cookies used, where they originate, whether personally identifiable information is collected, and whether secondary uses are proposed for information collection. Cookies are small pieces of information that can be placed onto the hard drive of a Web site visitor’s computer. Cookies are often used to capture data about online behavior for personalizing a site according to a consumer’s preferences.

The privacy tools will also provide consumers with quick, one-click access to a summary of a site’s privacy practices if the site has a P3P statement. This summary is made possible by a translation of a Web site’s machine-readable Extensible Markup Language (XML) P3P privacy policy.

Microsoft’s development of the new privacy settings was based heavily on its work with the World Wide Web Consortium’s (W3C’s) P3P working group and privacy advocacy organizations, as well as significant usability tests and feedback from consumers who used the cookie management features Microsoft developed for Internet Explorer 5.5.

The new settings in Internet Explorer 6 will incorporate the P3P specification by first looking for compact privacy policies from any site that utilizes third-party cookies. Technology based on P3P will provide a standard and automated way for consumers to compare their privacy preferences with the privacy practices of the Web sites they visit. Compact policies are a condensed way for a site or party to convey its privacy practices regarding cookies so that a consumer’s browser software can interact with that compact policy to see if his or her preferences match the policies of the site.

With Internet Explorer 6, cookie-related actions are based on the context in which the cookie was sent (first- vs. third-party) and on the content of the cookie compact privacy policy. Depending on the situation, Internet Explorer might deny, downgrade or accept a cookie. Internet Explorer might deny placement of a cookie based on the cookie’s being
“unsatisfactory,”
meaning that the cookie has a compact policy stating that the cookie relates to personally identifiable information used either for secondary purposes or outside the stated purpose, without any provision for user choice.

Following is a snapshot of some of the privacy-setting scenarios:

  • High setting. All cookies are rejected.

  • Medium-high setting. If a third party has no compact policy, third-party cookies will be rejected. If unsatisfactory third-party cookies provide opt-in for their data collection and use, they will be accepted. If unsatisfactory first party cookies provide opt-in or opt-out, they will be accepted. Otherwise, unsatisfactory cookies are rejected. Cookies with satisfactory compact policies are accepted.

  • Medium (default) setting. If a third party has no compact policy, third-party cookies will be rejected. First-party cookies with no compact policy will be accepted. If unsatisfactory cookies provide choice, first- and third-party cookies are allowed. Without that choice, unsatisfactory first-party cookies are downgraded and third-party cookies are blocked.

  • Medium-low setting. If a third party has no compact policy, third-party cookies will be downgraded. If unsatisfactory third-party cookies do not provide choice, they will be downgraded. All other cookies are accepted.

  • Low setting. All cookies are allowed. (This is the status quo on the Web today.)

Any first-party cookie that does not express a compact policy will be accepted in all levels except the highest setting.

“These new settings not only facilitate a better understanding of what takes place in the background when consumers visit sites on the Web, but actually provide the consumer with a better degree of control over information distribution,”
said Richard Purcell, director of corporate privacy at Microsoft.

“From a design perspective, it is very important for us to give consumers a privacy choice and control model, and also maintain the quick, productive and efficient browser software experience that people have come to expect,”
added Michael Wallent, product unit manager for Internet Explorer at Microsoft.
“With Internet Explorer 6, we think we’ve been able to strike that balance.”

By announcing the privacy features now, Microsoft is providing Web site developers and partners with the information necessary to begin developing sites that are P3P-compliant, thus encouraging broader adoption of the P3P specification. Microsoft also plans to broaden its Web-based privacy statement generator, the Privacy Wizard ( http://privacy.bcentral.com/ ), to allow Web sites to quickly and easily create a privacy statement and compact policy for posting in a P3P-compatible XML document. Further implementation information on the Internet Explorer 6 privacy features will be available at Microsoft Developer Network (MSDN® ) in the coming weeks and is also available at http://www.w3c.org/p3p/ .

Technology efforts such as P3P are part of a much broader approach to the privacy issue, which must incorporate input from consumers, Web publishers and advertisers, privacy advocates and the government, so that a comprehensive solution can be achieved.

Microsoft and Privacy

Microsoft has made online privacy a priority from both a technical and policy standpoint by working with privacy organizations and incorporating technology into many of its Internet products and services to enable the trusted exchange of private information online. In December, Microsoft launched Safe Internet ( http://www.microsoft.com/safeinternet/ ), a user-friendly Web site that provides helpful privacy and security tools and advice to consumers. In the same month, Microsoft hosted SafeNet 2000, an event that brought together leaders in industry, law enforcement, policy, academia and consumer protection to address some of the most pressing issues facing security and privacy.

From a technical perspective, Microsoft has been a leading participant in the W3C P3P effort, with an early commitment to build the P3P technology into its operating system. In addition, more than 25,000 Web sites have generated privacy statements based on the Fair Information Principles by using Microsoft Privacy Wizard.

Founded in 1975, Microsoft (Nasdaq
“MSFT”
) is the worldwide leader in software, services and Internet technologies for personal and business computing. The company offers a wide range of products and services designed to empower people through great software — any time, any place and on any device.

Microsoft, Windows and MSDN are either registered trademarks or trademarks of Microsoft Corp. in the United States and/or other countries.

The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Note to editors: If you are interested in viewing additional information on Microsoft, please visit the Microsoft Web page at http://www.microsoft.com/presspass/ on Microsoft’s corporate information pages.

Related Posts

For Microsoft, Privacy Is Priority

A new online quiz helps consumers make informed choices for computer privacy and security, and user-friendly tools in Windows XP make adjusting settings easy.