"We really focused in this release on allowing people to control cookies," Wallent said
Because Microsoft is the lead browser provider, its decision to insert P3P into IE could vastly broaden the technology's reach, in part because marketers and other third-party companies will be forced to adopt it if they want IE users to visit their sites.
In adding P3P, Microsoft is responding to an increasingly tech-savvy base of consumers, who are wary of privacy fiascos ranging from plans by ad network DoubleClick to merge online habits with personally identifiable offline data to the recent apprehension of a man who allegedly stole the identities of countless high-profile business leaders.
But the company also is reacting to threats of federal privacy legislation, which could clamp down on Web sites. Dozens of privacy bills are lingering in Congress, but their chances for passage are slim this session because of a closely divided Congress and because the Bush administration is promoting industry self-regulation. Even so, the fact that legislators are jumping into the privacy debate is putting pressure on Microsoft and others to act swiftly.
Asking for feedback
The company has been in Washington, D.C., talking to legislators, federal agencies and privacy advocates in an attempt to prove that it's taking privacy concerns seriously.
Among the key features of the new technology is a tool for managing electronic markers, known as "cookies," that are frequently placed on PC hard drives when they visit a Web site. Cookies can enhance Web surfing but have come under fire for their potential to compile data on consumers. Allowing surfers to disable cookies could render some Web sites harder to use.
The other challenge Microsoft faces is making the settings easy enough for people to understand and tinker with. Several privacy experts worry that average consumers wouldn't go through the effort to ensure the settings match their needs.
"I think some percentage of people will go and change the settings, but I think it will be a low percentage," said Richard Smith, chief technology officer for the Denver-based Privacy Foundation.
Still, Smith said the inclusion of P3P indicates Microsoft is at least making privacy something of a priority. "There are definitely some good things about it," he said. "They're putting all the privacy controls in one place."
Smith also liked the feature that allows people to import privacy settings from outside groups or organizations. People who aren't sure how to set their preferences could simply visit a site that recommends certain IE settings based on their privacy ideals--say, the Catholic Church or the Privacy Foundation. Thus, Smith's group could create a list of strict protocols while a shopping site might recommend much less stringent ones. People could import settings that work with their Web surfing plans.
Rob Enderle, an analyst with Giga Information Group, wondered how long it will take for direct marketers to devise a way to get people's data despite the technology. "These are all good steps, but invariably a bunch of people who work very hard to make money off the collection of private information are going to try to get around those steps," he said.
And some privacy advocates are panning the plan outright.
Andrew Shen, a policy analyst at the Electronic Privacy Information Center, said he would like to see more than just cookie management in the new IE. He said people can already change cookie settings on a site-by-site bases with alternative browsers such as Opera. "I don't think Microsoft's IE 6.0 will add anything to how consumers protect themselves online," he said.
EPIC has been highly critical of P3P technology, saying that it requires people to trade their personal information if they want to visit a site. In a report issued last year, the company called P3P "a complex and confusing protocol that will make it more difficult for Internet users to protect their privacy." The group would like to see an end to most types of personal data collection.
But Microsoft's Wallent said the company wants to strike a compromise between privacy protection and companies doing business on the Web.
"If we came up with some extremist solution that companies wouldn't sign off on, then the Web wouldn't work," he said. "The compromise here is in the default settings, but consumers can go further if they want to."