摘要
电子商务作为一种崭新的商务模式,在为人们提供便利的同时,也使得原有作为隐私权屏障的时间和空间因素失去了作用。个人在线隐私安全成为了电子商务面临的最大挑战之一。
P3P(Platform for Privacy Preference)协议是由W3C(World Wide Web Consortium)组织建立的目前最为业界所接受的个人在线隐私保护策略,但其目前主要针对一般网站来构建隐私策略,在电子商务网站中的研究尚嫌不足。电子商务网站不同于一般的网站,有它自身的特殊性,包含了其所特有的一些数据元素,本文对基于P3P协议的电子商务系统做了进一步的研究,使用了P3P协议来构建隐私策略,并结合电子商务的自身特点,更加合理地对P3P协议相关隐私因素方面进行了定义和构建,以更好的保护在线用户的个人隐私,为电子商务的发展创造有利条件。主要研究内容如下:
1.P3P策略是使用标准P3P隐私词汇表的Web站点隐私策略的可机读的表示法。分析了如何选择P3P策略及描述策略语法,并针对电子商务网站创建了P3P策略。
2.分析了在电子商务网站中用户特有的一些隐私因素,使得在用P3P协议创建隐私策略时可以对这些数据元素进行具体的定义,从而更好的保护在线用户的隐私。
3.论述了P3P协议的基础数据模式和数据集,详细分析了13种基础信息的结构,对数据集中的每项元素进行了细致的阐述,并结合现有电子商务网站卓越亚马逊的隐私声明,创建了P3P策略文件和隐私数据结构。运用P3P协议把隐私声明转化为可人读的隐私策略,使得用户可以自己定义个人隐私偏好,从而网站可以提供更加符合用户习惯的个性化服务,用户的隐私信息也可以得到一定的保护。
本文针对电子商务的特点,构建了数据、策略、策略文件以及数据结构,并针对电子商务环境下的隐私问题研究了其P3P协议体系。最后结合电子商务网站卓越亚马逊的隐私声明,实现了基于P3P协议的电子商务系统中策略及其数据模式的构建。
As a completely new commerce mode, electronic commerce (e-commerce) not only has provided great convenience for people, but has also broken the bounds of time and space, which would lose its natural function as the shield of privacy.
The P3P protocol which established by W3C is now the most widely accepted personal online privacy protection strategy. However its main focus is ordinary website, little research has been done for its application in e-commerce websites. E-commerce websites differentiate themselves from those common ones in having some specialties and characteristic data units. The main work of this thesis is to make a fundamentally and detailed study of how the P3P tech can be used in e-commerce. And the P3P protocol is adopted to establish the privacy strategy. Combined with the characteristics of e-commerce websites, some privacy factors of the P3P protocl are redefined and re-established more reasonably to privide greater privacy protection for on-line users. The main contents are listed as below:
1. P3P is a machine readable representation of the web site privacy strategy using the standard P3P privacy vocabulary. The issue of how to choose P3P strategy and how to describe strategy gramma is analyzed. And the P3P strategy is established for the e-commerce website.
2. By analyzing the characteristic privacy elements at e-commerce websites and providing accesses to the concrete definitions of these data units for the users, the established privacy strategy can provide more protection for the on-line user's privacy.
3. The base data schema and data set of P3P protocol is presented. Detailed analysis and representation have been taken for the structure of the base information and the every element of the data set. Combined with the privacy announcement of the joyo amazon web, the P3P strategy files and privacy data structure are established. The P3P protocol is used to convert the privacy announcement into man readable privacy strategies to provide access for the users to define their privacy likes. As a result, the website can provide more personal services to cater to user's likes, and privacy information of the user can be protected to some extent.
Referring to the characteristics of e-commerce, the data, strategy, strategy files and data structure are established. And the P3P proctol system is analyzed for the privacy problems under the e-commerce environment. At the end, combined with the privacy statement of the the joyo amazon web, the establishment of strategy and the corresponding data schema of the e-commerce system basing on the P3P protocol is achieved.
引文
[1]周乃丽.网络隐私权的保护问题研究[D].大连:大连理工大学,2008.
[2]李德成.网络隐私权保护制度初论[M].北京:中国方正出版社,2001:30.
[3]汤啸天.网络空间的个人数据与隐私权保护[J].中国政法大学学报,2000,(1):10-14.
[4]李守峰.浅谈互联网发展与隐私保护[J].信息技术与信息化,2007,(5):51-57.
[5]焦伟晨.电子商务与市场营销[J].光盘技术,2006,(6):46-47.
[6]刘晓峰.企业开展电子商务的成本与效益分析[J].哈尔滨商业大学学报(社会科学版),2005,(4):3-6.
[7]臧红雨.企业开展电子商务的成本与效益分析[J].学习与探索,2005,(3):208-209.
[8]CBS News, Poll[OL]. http://www.cbsnews.com/stories/2005/09/30/opinion/polls/main 894733.shtml
[9]佴澎,朱丽萍.电子商务中消费者隐私权保护研究[J].云南大学学报法学版,2008,(3):116-120.
[10]马荣贵.论电子商务中消费者隐私权的保护[J].图书情报知识,2002,(4):58-60.
[11]佟贺丰.网络中用户电子隐私权的保护[J].现代情报,2001,(4):73-76.
[12]张燕,惠佳颖.网络隐私保护策略分析[J].情报理论与实践,2001,(4):251-253.
[13]刘颖.论个性化信息服务中的隐私保护[J].情报科学,2007,25(12):1795.
[14]管文革,秦珂.网络隐私权的法律保护[J].情报理论与实践,2002,(1):26-28.
[15]王全弟,赵丽梅.论网络隐私权的法律保护[J].复旦学报(社会科学版),2002,(1):107-112,137.
[16]Personalization and privacy survey[OL]. http//www. personalization.org/survey press. html.
[17]新浪网隐私保护声明[OL]. http://corp.sina.com.cn/chn/sina_priv.html.
[18]J·H·Lipschultz. Free Expression in the Age of the lntemet[M]. Colorado:Westview Press,2001.
[19]Joel Reidenberg. Rules of the Road for Global Electronic Highways:Merging the Trade and Technical Paradigms[J]. Harvard Journal of Law & Technology,1993, (6):287-305.
[20]Ross E.Mitchell, Judith Wagner Decew. Dynamic Negotiation in the Privacy Wars [J]. Technology Review,1994, (8):70-71.
[21]Lorrie Faith Cranor. Web Privacy with P3P[M]. Cambridge:O'Reilly,2002.1-138.
[22]Privacy Bird[OL]. http://www.privacybird.org/tour/1_3_beta/tour.html.
[23]The Platform for Privacy Preferences 1.1[OL]. http://www.w3.org/TR/P3P11/
[24]I.K. Reay, P. Beatty, S. Dick, J. Miller. A survey and analysis of the P3P protocol's agents [J]. IEEE Transactions on Dependable and Secure Computing,2006,4(2):104-107
[25]H. Hochheiser. The platform for privacy preference as a social protocol:An examination within the U.S. policy context [J]. ACM Transactions on Internet Technology,2002,2(4): 276-306.
[26]Lorrie Faith Cranor, Serge Egelman, Steve Sheng, Aleecia M. McDonald, Abdur Chowdhury. P3P deployment on websites [J]. Electronic Commerce Research and Applications,2008, (7):274-293.
[27]袁志斌.基于P3P的网络隐私保护[J].电脑与电信,2008,(6):15-16.
[28]Byers, Simon, Lorrie Faith Cranor, Kormann, DavidAutomated. Analysis of P3P-Enabled Web Sites [J]. Proceedings of the ACM Conference on Electronic Commerce,2003, (5):326-338.
[29]Lorrie Faith Cranor. Bias and Responsibility in 'Neutral'Social Protocols [J]. Computers and Society,1998, (9):17-19.
[30]陈娟.P3P的隐私政策变更风险及其对策研究[D].大连:东北财经大学,2005.
[31]Liu, Alex X. A secure cookie protocol [J]. Proceedings-International Conference on Computer Communications and Networks,2005, (25):333-338.
[32]Cookie[OL]. http://baike.baidu.com/view/835.htm.
[33]Tappenden, Andrew F. A survey of cookie technology adoption amongst nations [J]. Journal of Web Engineering,2009,8(3):211-244.
[34]Takuji Narumi, Takashi Kajinami, Tomohiro Tanikawa, Michitaka Hirose. Meta cookie [J]. ACM SIGGRAPH 2010 Posters,2010, (10):333-338.
[35]Zhou Li, Liu Bingwu. The research of e-commerce credit trade mode based on third-party payment [J]. Proceedings-2010 International Forum on Information Technology and Applications,2010, (3):454-457.
[36]Jalisi, Q.W.Z., Cheddad, H. Third party transportation:A case study [J]. International Journal of Industrial Engineering:Theory Applications and Practice,2000,7(4):348-351.
[37]Sarkar, Amitrajit. E-Commerce adoption and implementation in automobile industry:A case study [J]. Proceedings of World Academy of Science, Engineering and Technology, 2009, (58):587-594.
[38]张维.浅谈网络隐私权问题[J].法制与社会,2010,(7):166-167.
[39]王晓红,薛晓霞,李立威.电子商务环境下的网络隐私权保护策略分析[J].生产力研究,2009,(19):106-107.
[40]隐私权被侵犯搜人引擎三无[OL]. http://www.worldbydata.com/News/zxnewview-7723.htm
[41]张文政,任松芹.浅议电子商务中消费者的隐私权保护[J].山东工商学院学报,2005,(19):108-109.
[42]名片网收集个人信息[OL]. http://www.dahe.cn/xwzx/it/t20060704_564471.htm
[43]张峻玮.移动电子商务发展研究综述[J].经济研究导刊,2011,(1):189-190.
[44]吕欣.移动商务的安全和隐私问题[J].计算机安全,2005,(8):36-38.
[45]闵大洪.数字传媒概要[M].上海:复旦大学出版社,2003.175.
[46]赵晗睿.移动增值服务中隐私权保护研究[D].济南:山东大学,2008.
[47]张新宝.隐私权的法律保护[M].北京:群众出版社,2004.299.
[48]人民网[OL]. http://www.people.com.cn/GB/shehui/44/20020909/817913.html
[49]高雨春.手机定位[J].北京电子,2006,(3):42-43.
[50]JUNGLAS I A, WATSON R T. The U-constructs:Four Information Drives [J]. Communications of the AIS,2006,17(4):569-592.
[51]JUNGLAS I A, WATSON R T. Location-based Services [J].Communications of the ACM,2008,51(3):65-69.
[52]SHENG H, NAH F F-H, SIAU K. An Experimental Study on Ubiquitous Commerce Adoption:Impact of Personalization and Privacy Concerns [J] Journal of the AIS,2008, 9(6):344-376.
[53]UC浏览器私自扫描通讯录被指侵犯隐私[OL]. http://www.enet.com.cn/article/2010/ 1021/A20101021757593.shtml
[54]搜狐IT消息[OL]. http://it.sohu.com/20110405/n280139343.shtml
[55]卓越亚马逊网隐私声明[OL].http://www.amazon.cn/gp/help/customer/display.html/ ref=footer_privacy?ie=UTF8&nodeId=200347130.
[56]A P3P Preference Exchange Language [OL]. http://www.w3.org/TR/P3P-preferences/