Second Priority Ideas Blog

Attack on Privacy Policy Matching

I just attended the SACMAT 2010 conference and learnt about the concept of privacy policy matching as proposed by Bertino et al. in PET 2004's "Privacy-Preserving Trust Negotiation". The basic idea is to match a P3P privacy policy against a set of preferences resulting in a score. Let me start by saying that I think the idea is cool and there probably is a real demand for such a thing. Nevertheless I think making this work in practice will be a challenge and here is why. There are tools (web sites) for price comparison for years. Now comparing prices (essentially a number) is trivial compared to comparing privacy policies. Nevertheless vendors have found numerous ways of subverting these sites tricking them into displaying a better rank than the actual costs imply, e.g. by hidden costs, special offers, etc. This is not surprising, since it is in the best interest of the vendor to charge as much as possible as well as being ranked as high as possible. Why should this be any different with privacy policies? It is in the best interest of service providers to diminish privacy as much as possible as well as it is to be ranked as high as possible by the policy matching tool. So what type of attacks are there to subvert privacy policy matching? I guess similar ones, like violations outside of P3P, complex general terms and conditions, etc. And even more interesting: what are possible countermeasures to secure the matching algorithm? This could be a nice paper and I look forward to seeing it. Unfortunately I do not have the time to work on it myself.