00:00:27 jmayer: 1) how long do you get to keep passively collected data around for security/fraud -- up to 6 months instead of 2 weeks 00:01:28 ... 2) when you have a reason to believe; that is, not id cookies in every browser, add a cookie for IPs where you're getting a lot of requests 00:02:07 ... and if you have a specific reason to believe, then the 6 month limit is lifted as well 00:02:16 q? 00:02:47 ifette: cookies are active, so you can't keep set/retain cookies for fraud purposes? 00:03:49 brooks: when you mean "fraud", you don't mean the legal case of "fraud", you just mean the financial reporting 00:04:07 jmayer: click fraud, impression fraud, advertising fraud ... not getting into questions of criminal fraud 00:04:08 q? 00:04:23 while issue of security and fraud needs more thinking 00:04:30 q? 00:04:46 Marc has joined #dnt 00:04:48 ack fielding 00:05:15 q+ 00:05:17 fielding: distinction between slides/draft -- is the language and the substance consistent? 00:05:26 q? 00:05:30 ack dwainberg 00:05:38 - 00:05:39 cspiezle has joined #dnt 00:05:42 jmayer: this presentation was attempted to be high-level 00:05:45 q- 00:05:47 q+ 00:06:21 dwainberg: step us through, what would a party do between first contact and when they reasonably know fraud may be undergoing? 00:06:47 q? 00:06:49 jmayer: protocol information for 6 months, plus active measures for 2 weeks [may have mis-scribed that] 00:07:16 q? 00:07:33 jmayer: this was based on talking to people at companies about how they do this now, that the most commonly used input is protocol logs, not the only input but the primary input 00:07:51 ... also tried to verify how much better off would an attacker be? 00:08:04 we need to look at a broader view of fraud, beyond ad click fraud 00:08:07 q+ 00:08:12 ack robsherman 00:08:25 ... a number of companies confirmed that they wouldn't be better off because adversaries already employ clearing/modifying cookies 00:09:22 robsherman: when I do have reason that fraud may be ongoing, how do I engineer my system to put a cookie on just the fraudster's browser? 00:09:35 q? 00:09:42 q? 00:09:47 jmayer: a variety of levels of concern about fraud; some companies were fine with just protocol information 00:10:02 ... some companies, including ad companies, were more sensitive and did engineering that was dedicated to fraud 00:10:28 q+ 00:10:35 ... a lot of online ad networks we talked to already had a two-tier system in place, with more techniques employed in those cases 00:10:39 ack Chapell 00:10:46 my concern wearing the hat of commerce and banking sites is to be sure we do not lmit or imapct their ability to detect suhc behavior. 00:11:05 q? 00:11:16 ack cspiezle 00:11:31 Chapell: first parties pretty much have a free pass, except for not getting around third parties, right? -- yes. -- that seems to contradict tl's comments earlier, are we misunderstanding something? 00:11:45 q? 00:12:04 Chapell: use of offline or other data combined with a first party's data, the earlier discussion 00:12:12 q+ 00:13:21 jmayer: business practice is like a newspaper that gathers data about the user, and then append the data from an offline party to the first party's profile of the user 00:13:47 +q 00:13:48 q+ 00:13:54 q? 00:14:03 Chapell: if Acxiom were here, they might argue that they're a service provider, so you might need to change that in the text 00:14:16 ack ifette 00:14:17 ack ifette 00:14:45 ifette: protocol includes "top-level url", you mean the full URL, not just the hostname, right? 00:14:45 Roy tells me Chris got ack'ed too early -- sorry, Chris! 00:14:46 jmayer: yes. 00:14:47 Chapell, If Acxiom were to commit to following the outsourcing/service provider rules, I suspect (?) that would solve this problem. 00:14:53 q+ 00:14:58 q+ cspiezle 00:14:59 That makes Chris next 00:15:31 ifette: how many companies did you talk to that didn't use cookies for DoS of attacks? 00:15:50 Justin, I'm not sure - you may be right. But I think the offline data brokers would argue that they are outside the scope of this spec 00:15:59 jmayer: companies that already had cookies do use them now, but companies seem to think they'd be okay without them (not all companies) 00:16:06 q 00:16:07 q? 00:16:10 ack cspiezle 00:16:23 my bad 00:16:46 cspiezle: on transactional fraud, don't want to impact their ability (like banks, etc.) 00:17:22 jmayer: if you're trying to prevent fraud on your own (first party) site, this wouldn't have any impact, you can do the most intrusive tracking if you like 00:17:37 ... you can share threat intelligence, limits lifted if there is a reason to believe 00:18:17 Chapell, That may well be the case --- it's just that you had suggested they would say their service providers. They might prefer to utilize/resell the information they receive as a result of an append. I do not know about their business models to know common practice on this. 00:18:33 'innocent unless proven guilty' fraud detection approach 00:18:34 ... certain companies where all they do is follow financial transactions, look for users' whose machines have been hacked -- would want to talk to them more about that 00:18:43 ack fielding 00:18:47 q? 00:19:08 fielding: typically those groups are acting on behalf of a first party, but they store behavioral trails from multiple sites 00:19:09 they are working on behalf of first parties 00:19:31 q? 00:19:31 jmayer: wanted to solve the 95% use case 00:19:41 ack alex 00:19:41 ack alex 00:20:25 perhaps small number of servce providers but they may provide services to 100,000 of commerce sites, banks, ISPs.... 00:20:31 alex: given a currently unknown threat vector, attacker only has to change their protocol information every 6 months. can't go back through 2 years of data. 00:20:58 jmayer: yes, there would be that limit. 00:20:59 q? 00:21:11 So I'm going to click on something a lot, and then stop, and then wait six months and then do it again? 00:21:26 And it won't get detected? 00:21:50 Sort of like that, aleecia 00:22:01 jmayer: if you haven't caught someone trying to do click fraud within six months of doing it, then you won't have that data afterwards 00:22:38 couldn't you roll out hundreds/thousands of user agents on a large number of IP addresses, engage in low level click fraud and have it add up to a lot of money. 00:22:44 ... not generating this out of the blue, some companies thought they didn't need more, some companies wanted more, thought it was a compromise as many advocates were concerned about a browsing history for 6 months 00:23:01 WileyS: was one of your design considerations ready availability, scale and mass adoption? 00:23:12 q? 00:23:21 ack WileyS 00:23:48 jmayer: the privacy-preserving technologies that we have in mind include many that advertisers have said are unworkable 00:23:54 and having a full clickstream of all of us for the past 10 years (at least) would be the dream of all spooks, wouldn't it? And we don't allow that for a government but allow the government to raid this private collection? I seriously question some of the asserted need for those extraordinary retention periods 00:24:05 q? 00:24:24 ... technologies where I see a consensus among researchers do work, though they would have some implications 00:24:33 Please note "implications on performance and revenue" 00:24:49 ... no doubt that there's a runway period / grace period 00:24:58 q+ 00:25:27 mischat has joined #dnt 00:25:34 q? 00:25:43 q- 00:25:48 +q 00:25:49 Fail 00:26:02 WileyS: given that there's a disagreement between researchers and implementers, did you take mass adoption (by companies/implementers) into consideration? 00:26:02 ack JC 00:26:12 jmayer: yes, talking to companies, aimed for balance, a guiding consideration 00:26:49 q? 00:27:15 JC: if we're talking about multi-site behavioral data, why does DNT have any effect on Acxiom account data? 00:27:42 ... that's not behavioral information, so DNT doesn't apply 00:27:55 q+ 00:28:12 q? 00:28:40 jmayer: flows like these identified as a concern in small groups at Washington; very discrete sharing of information 00:28:46 JC: worried about scope creep 00:29:29 q? 00:29:36 jmayer: focused on things that are not as narrow 00:29:42 ack dwainberg 00:30:01 JC would like DNT to address OBA; people involved in DNT earlier on see DNT as applying to data more generally. (If this is not write, please correct) 00:30:05 q? 00:30:15 dwainberg: top-level domains and referers, many cases of 3rd-party ad-serving where top-level domain info isn't shared (because of iframes, etc.) 00:30:50 ... sometimes you'll receive a domain name that isn't the top-level domain but an intermediate iframe 00:30:58 q? 00:31:01 aleecia: I don't limit DNT to OBA, but online collection of data 00:31:27 ok, thanks for fixing that 00:31:50 jmayer: if you don't get the Referer in the header but it get it somewhere else (passed along as a URL parameter, for example) -- that's passive collection in the same sense, some advocates thought this was a concession but it happens with some frequency 00:31:58 q? 00:32:35 dwainberg: can you share the list of companies you talked to? 00:32:49 q+ hwest 00:33:24 q+ 00:33:27 jmayer: commonly have permission to talk to companies without revealing who they are, companies can identify themselves but I'm not comfortable doing so 00:33:52 ... I thought it was a broad representation of both size and market sector, including more companies than I recall, including companies inside and outside of the WG 00:34:22 What is punishment? 00:35:00 q? 00:35:12 tl: some organizations talked about concerns sharing regarding trade associations 00:35:29 ack jchester 00:35:38 hwest: concern about misrepresentation 00:35:56 I don't think it's useful to think about this in terms of representation. This is Jonathan's take of where the industry is. 00:36:01 +q 00:36:04 He may or may not be right. 00:36:22 jmayer: tried to present it adequately, including qualifications in almost cases 00:36:24 Now we need to have things about the impact of these ideas on the table here. 00:36:53 q? 00:37:03 q- 00:37:09 thank you, Heather 00:37:14 q- 00:37:35 Thank you, Alan 00:37:51 Let's get through the discussion if we can 00:37:56 dwainberg: what do we do if there's a new fraud attack that requires changing these requirements? 00:38:01 q? 00:38:12 ack amyc 00:38:19 q? 00:38:20 jmayer: have to evaluate the likelihood of such a new attack, have an implementation period, can revise specification 00:38:37 q? 00:38:44 ack Marc 00:38:50 Well, if Jonathan's not concerned (about the unintended consequences of his rather grand proposal), that's good enough for me! 00:38:56 amyc: operational practices such as billing with "Active" -- I'd like to understand that better 00:39:41 Let's keep the tone civil, please. 00:39:47 specifically, want to understand whether Jonathan thinks it is OK to use LSO or fingerprint for operational uses 00:39:54 Rob has joined #dnt 00:40:02 q? 00:40:19 jmayer: instead of having a billing exception, passive/actively collected used for a period of time for any use 00:40:21 thanks, Marc 00:40:32 jmayer: design motivations 00:40:36 aleecia, schunter ack'd Marc above 00:40:42 which I believe he did when he handed him a microphone 00:41:09 ... based on current advertising company practices, including opt-out practices 00:41:19 Yes 00:41:30 q? 00:41:31 ... make it possible for external verification of compliance 00:41:37 Thank you. Marc was kind enough to be willing to wait 00:41:53 q+ 00:42:03 ... concerns about updating the standard whenever there's a new business model or business purpose 00:42:32 I'm going to let Jonathan finish, since we're very close to time. We'll go to the queue after 00:42:43 ... don't want any new company/model to have to get a standards body's permission to explore a new business model 00:43:12 ... give a protocol retention period given how many companies talked about how useful it was 00:43:27 While I recognize the importance of maintaining confidentiality when speaking with companies, and I certainly don't question TL or JM's ethics -- its very difficult to vet the accuracy of the claim that industry was widely consulted about this proposal without a better sense of the nature of the companies you've spoken with 00:43:29 jmayer: defaults 00:44:06 ... this proposal says DNT can't be on by default, a concession as I and some others believe it would be a better policy if they could 00:44:22 johnsimpson has left #dnt 00:44:36 ... servers don't get to "second-guess" an expressed header 00:44:37 "industry" is a broad term -- sort of like "human" ---- some similarities, but lots of differences... making generalizations and extrapolations difficult 00:44:40 q? 00:44:44 q+ WileyS 00:44:45 +q 00:44:47 ack alex 00:44:49 +q 00:45:00 q+ 00:45:04 q? 00:45:07 sean has joined #dnt 00:45:13 q+ 00:45:31 alex: external verification as a motivation: why would privacy advocates be against internal verification like audits? 00:46:15 ... audits of internal operations, for example 00:46:57 q? 00:47:04 jmayer: I think external verification is important: strong role of encouraging compliance, researchers and advocates can work with regulators to discover issues, invite media or public pressure 00:47:08 q+ 00:47:12 ... this would allow that mechanism to continue working 00:47:15 If you passed before to wait, please add yourself now. 00:47:22 ... also gives consumer confidence 00:47:24 And then we'll be closing the queue, since we're done at 6 00:47:51 zakim, close queue 00:47:51 ok, tlr, the speaker queue is closed 00:48:08 alex: but why don't you like internal audits? for example, when a party needs to collect some data 00:48:11 q? 00:48:41 jmayer: these were advantages I saw to external rather than internal 00:49:03 alex: but can't you get all those advantages from internal audits? mathematically proven unlinkability can be audited for 00:49:33 q? 00:49:43 q+ 00:50:02 ack WileyS 00:50:05 ack WileyS 00:50:15 q? 00:51:01 WileyS: said advocates were making a significant concession, but creating an exception that swallows the rule. because DNT:1 would still have to be followed. 00:51:23 jmayer: gives an extra lever to say that browsers that set it by default are not in compliance with the W3C spec 00:51:38 ... possible legal measures, public pressure 00:52:09 ... couldn't claim to following the spec (which could otherwise be a deceptive practice) 00:52:17 ack justin 00:52:33 ack ChrisPedigoOPA 00:52:38 ack ChrisPedigoOPA 00:52:44 ack sean 00:53:07 q? 00:53:11 ack fwagner 00:53:13 sean: thx for presentation. didn't address exceptions/out-of-band consent...? 00:53:22 aleecia: not part of the original template folks were supposed to cover 00:53:56 fwagner: do you expect a complete overview of all affiliates of Microsoft? would that list ever be complete? 00:54:07 q? 00:54:10 yes, yes it is 00:54:33 q+ 00:54:40 jmayer: believe it's very similar to the proposal Shane presented; I would hope that it would be mostly complete although maybe there would be some edge cases (cover the 95% case) 00:54:49 we end at 6 00:54:55 Aleecia wanted a few minutes to wrap up. 00:55:00 which I think is useful 00:55:26 we could talk easily another hour 00:55:27 meetings should be 24*7 ;-) 00:55:30 ... I believe this could deviate from user expectations and an area where regulators have expressed concern, so I think it was a substantive concession 00:55:41 on either proposal 00:55:51 fwagner: can you make a clear difference between unlinkability and anonymity? 00:56:21 jmayer: borrows some from DAA concept on deidentifiability 00:56:37 ... not asking for Arvind to proof your data 00:56:52 ... does ask for significant steps, beyond dropping an ID cookie, more like aggregation 00:57:01 I heard no justification for why outsourced service providers are listed as an exception instead of being part of the definition of same "party" 00:57:38 fwagner: from a European perspective, collection of data while it's identifiable is still a problem with European regulations 00:57:42 we nned to accept business users may opt in by defualt for all of their devices and users. We need to be sure we respect this even though the user did not turn on DNT, but the owner of the device did. Second ISPs could offer a pre-configured browser for max privacy and security protections. If a user accepts the browser with DNT =1 then this option needs to be respected. 00:57:48 q? 00:58:19 schunter: jmayer talking about meeting his standard, not a guarantee of satisfying EU regulation 00:58:23 Topic: wrap-up 00:58:37 schunter: thanks for a productive discussion, civil ("no flying tomatoes ;) 00:58:52 ... always talk about the differences, sometimes we set aside how much agreement we have 00:58:56 Ideally we have greater understanding walking out now 00:59:15 ... actually have a lot more agreement than we had, we're just not talking about those parts any more 00:59:20 Address is in the agenda 00:59:45 JC: caddy-corner for NE 8th & 110th, please bring your nameplates 00:59:57 ... if you get lost, call JC! :) 01:00:14 schunter has joined #dnt 01:00:32 JC: doors open at 8 o'clock, food arrives at 8:30 01:00:58 optional self-hosted dinner present here: 01:01:00 http://www.w3.org/2011/tracking-protection/agenda-2012-06-20-bellevue.html 01:01:07 rrsagent, draft minutes 01:01:07 I have made the request to generate http://www.w3.org/2012/06/21-dnt-minutes.html npdoty 01:01:18 Chair: aleecia, schunter 01:01:40 Meeting: Tracking Protection Working Group Bellevue Face-to-Face 01:16:40 KevinT has joined #dnt 01:19:12 aleecia has joined #dnt 02:19:52 tedleung has joined #dnt 03:10:33 tedleung has joined #dnt 04:28:30 Zakim has left #dnt 05:11:44 tl has joined #dnt 05:18:09 fielding has joined #dnt 05:21:13 schunter has joined #dnt 05:23:16 dwainberg has joined #dnt 05:46:12 dwainberg has joined #dnt 06:16:26 mischat has joined #dnt 06:21:55 fwagner has joined #dnt 06:43:53 fielding_ has joined #dnt 06:49:59 dwainberg has joined #dnt 07:40:25 fielding has joined #dnt 09:06:14 mischat has joined #dnt 10:35:20 mischat has joined #dnt 10:35:50 fwagner has joined #dnt 11:09:24 mischat_ has joined #dnt 11:34:42 mischat has joined #dnt 12:05:19 schunter has joined #dnt 12:12:50 djm has joined #dnt 12:13:59 fwagner has joined #dnt 13:29:32 djm has joined #dnt 13:56:08 tedleung has joined #dnt 14:15:00 djm has joined #dnt 14:19:16 tl1 has joined #dnt 14:19:17 tedleung has joined #dnt 14:20:40 fwagner has joined #dnt 14:42:03 dwainberg has joined #dnt 15:08:13 ifette has joined #dnt 15:09:38 fielding has joined #dnt 15:10:20 schunter has joined #dnt 15:16:59 djm has joined #dnt 15:18:15 tl has joined #dnt 15:21:24 hwest has joined #dnt 15:28:09 tl has joined #dnt 15:36:56 tedleung has joined #dnt 15:38:27 hwest has joined #dnt 15:40:03 efelten has joined #dnt 15:44:12 efelten has joined #dnt 15:46:03 sidstamm has joined #dnt 15:47:50 mischat_ has joined #dnt 15:51:44 KevinT has joined #dnt 15:53:24 dwainberg has joined #dnt 15:55:45 erikn has joined #dnt 15:56:07 James has joined #dnt 15:56:42 ifette has joined #dnt 15:58:41 npdoty has joined #dnt 15:58:57 rrsagent, make logs public 15:59:00 rrsagent, pointer? 15:59:00 See http://www.w3.org/2012/06/21-dnt-irc#T15-59-00 15:59:20 Meeting: Tracking Protection Working Group Bellevue F2F 15:59:24 Chair: aleecia, schunter 15:59:48 Joanne has joined #DNT 16:01:13 scribenick: npdoty 16:01:29 JC: welcome! breakfast kudos to hwest 16:01:41 aleecia: welcome, reflections on yesterday 16:01:59 ... maybe not a particularly good use of our collective time, moving slowly 16:02:26 ... group has gotten a lot larger, so today we'll try more to use smaller groups 16:02:33 aleecia has joined #dnt 16:03:00 ... not adding things new, but trying different approaches 16:03:03 rvaneijk has joined #dnt 16:03:05 ... we need to publish something 16:03:27 ... we need to figure out what exactly we're building, better understanding of the two proposals 16:03:50 robsherman has joined #dnt 16:04:06 Ionel has joined #dnt 16:04:12 ... self-hosted dinner tonight 16:04:41 efelten: want to say a few words for myself, I've been pretty quiet through these meetings but want to offer a perspective of where we are 16:04:45 BrianH has joined #dnt 16:04:52 Brooks has joined #dnt 16:04:55 ... frankly it hards to see how either of these proposals will get consensus as it is now 16:04:57 jeffwilson has joined #dnt 16:05:26 ... I can't see how either group could "steam-roll" the other, and in any case it wouldn't be successful in getting legitimacy of all the stakeholders and users 16:05:27 egrant has joined #dnt 16:05:46 ... companies don't want a technology that's overly prescriptive about their practices 16:06:06 ... and consumers want a choice that makes a change in the data that's collected, retained and used 16:06:18 ... not all consumers want the same thing, that's why it's a user choice mechanism 16:06:21 vinay has joined #dnt 16:06:36 ... not all companies agree, if the MSFT IE discussion has taught us anything 16:06:56 ... natural in a competitive marketplace, different companies, even just the browser vendors, all have distinct positions 16:07:09 ... everyone is going to need to make concessions, concessions that impose some pain 16:07:20 SimonKrauss has joined #dnt 16:07:34 ... those of us who have been involved for a long time recognize what the available compromise would roughly look like 16:07:44 ... the biggest issue is the scope of permitted use exceptions 16:07:57 fielding has joined #dnt 16:08:00 ... if there is substantial agreement on that issue, the rest of it can be worked out, what the rest of an agreement would look like 16:08:22 ... this is an issue where FTC has spoken, Do Not Collect with limited permitted exceptions 16:08:34 ... we have an opportunity here to do something that's difficult to do in any other forum 16:08:55 ... we have very significant areas of agreement, which we might miss because we talk most about the areas where we disagree 16:09:30 ... not any magic to get to an answer on this, but the stakes are high, think about the alternative to a compromise (as we discussed yesterday) 16:09:56 ... and to the extent that I can be helpful, either by talking to folks or getting out of the way, please let me know 16:10:10 ScribeNick: robsherman 16:10:15 jmayer has joined #dnt 16:10:15 justin_ has joined #dnt 16:10:28 cSpiezle has joined #dnt 16:10:28 vincent has joined #dnt 16:10:31 PG has joined #dnt 16:10:31 adrianba has joined #dnt 16:10:34 schunter has joined #dnt 16:10:35 aleecia: Want to summarize what we hope DNT will help us avoid as compared to current proposals. 16:10:52 … After that, break into small groups to discuss issues and then bring proposals back to the group. 16:10:57 … We'll re-plan after lunch. 16:11:12 jchester: Not sure that small groups make sense. 16:11:41 aleecia: we're not giving enough time for individuals to get their points across effectively. 16:11:44 rigo has joined #dnt 16:12:18 jchester: Industry colleagues should specify what their concerns are and articulate how it would affect their business. If we break into small groups, that would help us understand the playing field. 16:12:38 tlr has joined #dnt 16:12:47 thanks for using the mic 16:13:02 aleecia: Let's go ahead and do small groups and then do that after lunch. We'll get more out of people having a discussion than we will with this many people. 16:13:17 XX: No point in talking to a portion of the group - just repeat ourselves. 16:13:29 s/XX/fielding/ 16:13:36 thx efelten 16:13:47 fielding: How do you envision setting up the groups? 16:14:07 aleecia: Please do not go to groups of people you coauthored a proposal with. I'm not going to assign them, but they should be balanced. 16:14:18 … Observers should not write parts of proposals because of IP concerns. 16:15:00 chesterj2 has joined #dnt 16:15:04 schunter: Rob explained some principles under which exceptions are acceptable in the EU. We have to discuss each one-by-one but we need a working group to discuss this. 16:15:19 rvaneijk: Good idea — we have work to do. 16:15:27 suegl has joined #dnt 16:15:45 aleecia: Going to summarize status of proposals discussed yesterday, and also recalling CDT proposal. 16:16:15 bryan has joined #dnt 16:16:19 WileyS: I think you've made some assertions that aren't correct. 16:16:31 aleecia: Don't interrupt. 16:16:43 present+ Bryan_Sullivan 16:17:01 Does anyone have a link to the slide being presented? 16:17:10 … EU enforcement risk if people adopt Jonathan proposal is less likely, more likely under Shane's. Unclear under CDT. 16:17:30 … Few browsers would adopt new mechanisms for privacy under Jonathan proposal, more under Shane, unclear under CDT. 16:17:44 … Arms race continues regardless of which proposal we adopt. 16:18:06 … If I wanted to do this, could do Jonathan's approach with cookie management. Shane's with beefTACO. No real analog for CDT. 16:18:12 s/do this/do this today 16:18:33 … Jonathan's proposal protects privacy, Shane's doesn't, and CDT's somewhat. 16:18:51 … Jonathan's proposal is unlikely to be adopted. Shane's will get widespread adoption. Unclear where CDT stands. 16:18:59 q? 16:19:03 Zakim has joined #dnt 16:19:12 q+ WileyS 16:19:25 ack WileyS 16:19:31 what CDT proposal? 16:19:31 WileyS: Please explain the CDT proposal and how you made those assertions because we didn't get a chance to summarize it yesterday. I think our proposal and CDT's were quite well aligned. 16:19:42 aleecia: Not going back to CDT workshop but looking at the CDT proposal from DC. 16:20:01 … We decided we weren't going to propose it but useful to look at for comparison. 16:20:03 justin_ - can you drop a link to that proposal into IRC, please? 16:20:08 … Main difference is retention. 16:20:11 I would say permitted uses were the biggest difference. 16:20:16 I will link in one sec 16:20:18 I believe this is the CDT text: http://www.w3.org/mid/A10F51CA-396F-46FA-A1B5-9F082767D604@cdt.org 16:20:27 … At a high level, proposals are very similar in structure, and that's a great thing. 16:20:30 thanks, Nik 16:20:33 s/Nik/Nick/ 16:20:59 WileyS: If you feel retention is the demarcation point between likely/clear/unclear, I don't understand that thought process. 16:21:25 http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0078.html 16:21:26 … The two proposals are different in this regard. Flat, arbitrary 14-day vs. company-specific periods with transparency. 16:21:37 … Justin, can you summarize? 16:21:49 justin: Biggest difference is permitted uses. 16:22:01 … Don't allow for product improvement — thought that could go on forever. 16:22:03 Marc has joined #dnt 16:22:17 … We did create a 2-week window for product improvement. 16:22:25 q? 16:22:28 … We didn't include a broader 2-week grace period but that could be a logical extension. 16:22:37 aleecia: jmayer, want to weighin? 16:22:43 s/weighin/weigh in 16:22:49 jmayer: No. 16:22:51 alex has joined #dnt 16:22:55 q? 16:23:03 aleecia: Anyone else? 16:23:12 ChrisPedigoOPA has joined #dnt 16:23:28 dwainberg: I'm not clear where this gets us. 16:23:43 aleecia: The point of this is to go back through what we discussed yesterday and to understand what we're trying to avoid with DNT. 16:24:02 … I'm looking at whether these proposals address the issues we're trying to avoid. I don't think either proposal would actually work. 16:24:13 meme has joined #dnt 16:24:17 q+ WileyS 16:24:18 q? 16:24:21 I would agree with WileyS's statement that CDT's proposal is more closely aligned to the industry proposal as it does allow for unique identifiers. However, if I were to update this in light of recent events, I would be more explicit that third parties cannot guess user agents (though I still want to explore other ways to ensure UA compliance with the spec). 16:24:21 q+ 16:24:30 sean has joined #dnt 16:24:32 npdoty: WileyS, you're saying that your proposal is similar to CDT. 16:24:39 For those who have just logged on, http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0078.html 16:24:56 q+ rvaneijk 16:25:05 q? 16:25:10 s/No./Aleecia's summary seems reasonable to me./ 16:25:12 … Maybe if we just tried to elaborate on the existing proposal w/r/t collection and retention that would be a way forward. 16:25:37 jchester: Don't support the CDT proposal, but Aleecia described it well. Yahoo's proposal is a non-starter with US/consumer groups/EU. 16:25:39 ack WileyS 16:25:42 q? 16:25:50 fwagner has joined #dnt 16:25:59 WileyS: Want to go through each of these points. You made some broad claims, such as that our proposal "protects privacy barely," which I disagree with. 16:26:08 we are wasting our time 16:26:20 … There's a lot in there. You should ask whether the proposal "allows Internet to remain free, etc." and play this either way. 16:26:34 RobG has joined #dnt 16:26:36 q+ 16:26:45 … Our proposal has incredibly strong limits, limits data use to only things necessary to keep business alive. I don't think there will be regulation, and I agree that it will be broadly implemented. 16:26:49 q+ 16:27:00 … On EU risk, I agree if done in isolation but also true for Jonathan's. 16:27:09 … I think new measures for privacy will come up regardless of what we do in this group. 16:27:21 … Privacy discussion didn't begin here and it won't end here. 16:27:53 … Arms race: I think that will exist for a long time. Companies will try to monetize the services they're providing and that will happen regardless. 16:27:55 q? 16:28:08 … beefTACO — I think you're talking about opt-out cookie persistence and lots of tools do that today. 16:28:13 … but our proposal goes farther. 16:28:13 +q 16:28:21 susanisrael has joined #dnt 16:28:32 … We say that data is only used for necessary purposes — no further profiling. 16:28:36 q? 16:29:03 aleecia: Under any of these proposals, small OBA companies will go out of business. 16:29:22 … Getting permission is difficult if you don't have a brand. So the only thing you care about is the percentage of people who have DNT on. 16:29:28 fwagner_ has joined #dnt 16:29:34 q+ 16:29:40 … Companies say 10-15% is breaking point. We're seeing 10-15% for FFX mobile, desktop >10%. 16:29:55 … So for those companies who JUST do OBA, this is a bad day. It really is. But not necessarily for the Internet overall. 16:29:58 q? 16:29:59 ack ifette 16:29:59 q+ 16:30:04 q+ Marc, 16:30:04 ack ifette 16:30:10 to try to capture Shane's point, re: Do Not Target, we get that and the proposal goes beyond and addresses collection 16:30:28 Chapell has joined #DNT 16:30:32 ifette: Disagree with your assessment of the percentages. Setting it has no effect now because the user sees nothing. Not sure what will happen when it gets implemented. 16:30:45 +q 16:30:58 … Been talking with jchester and others to understand the main,bottom line concern is that a 3P has a collection of your browsing activities that can be subpoenaed by gov't, subject to breaches, etc. 16:31:05 ... I don't see either proposal changing that. 16:31:16 … We all understand for legitimate uses like security/fraud, that risk is there. 16:31:38 s/.../. . . 16:31:42 … Given that we all agree that this is a primary risk that people are most concerned about and given that neither addresses it, the fact that we get so bogged down seems a little strange to me. 16:31:53 q? 16:31:56 ack rvaneijk 16:32:11 rvaneijk: Transparency and accountability are important. 16:32:44 … Trying to build good controls. The outcome of this group should be building blocks leading to compliance. 16:33:16 … Control: Control is tied to risk. Looking at legitimate business interests, This is the thing we need to focus on. 16:33:35 q? 16:33:38 … Increased control needs to be looked at from a business perspective, and that's one approach. But also need to consider from user perspective. 16:33:47 … Control is the last piece of the puzzle that needs to be solved. 16:34:02 ack erikn 16:34:18 erikn: This is well-traveled ground. Let's be more efficient. Support small group proposal. 16:34:23 ack fielding 16:34:42 fielding: Let's stop discussing the overview and start discussing actual written proposals that nobody has addressed from the mailing list. 16:34:49 +1 to roy's discussion 16:34:54 +1 16:34:59 ack jmayer 16:35:12 +1 to roy 16:35:13 jmayer: Like the idea of small groups. Need to focus on specific permitted uses and how to balance business needs against privacy. 16:35:24 ack Brooks 16:35:38 Brooks: Danger in Aleecia's comment that this is limited to small OBA companies. I think we're underappreciating the issues here. 16:35:54 … OBA is the least of my worries. If you take Internet advertising, there's much more value in reporting than in targeting. 16:36:14 … What we're talking about here is undermining the ability of advertiser to demonstrate the value of advertising. 16:36:29 we should Aleecia's combined proposal doc for the small group discussions 16:36:37 +q 16:36:40 … We're talking about fundamentally undermining the whole ability for any advertiserto understand how effective it was to buy one property over another. 16:36:43 maybe this is a good guiding goal: maintain (or improve) reporting, and put limits on collection 16:37:01 … Google is successful in AdWords because it works perfectly. I know if I spent $1.25 on a click and made $1.26. 16:37:10 … The more we undermine that the less valuable it will be. 16:37:27 Joanne, +1, we can add the permitted uses we work out on to Aleecia's combo draft 16:37:32 aleecia: We've talked about outsourced parties as a way to get that to work. 16:37:39 … That helps with reporting, analysis, etc. 16:37:59 Brooks: I've been doing this for a long time. Publishers and advertisers don't trust each other, and we need an independent way of counting and reporting. 16:38:15 aleecia: That's exactly what the proposals do. 16:38:27 … 7 more minutes of discussion. 16:38:30 q? 16:38:35 ack cSpiezle 16:38:46 cSpiezle: Business discussion is the core of the issue. 16:39:00 … Last night I looked at IE. It's taken 14 months for it to get to current market share. 16:39:02 I think Brooks' point is really important -- do not design assuming advertisers and publishers are natural allies in the business environment. 16:39:22 …. We're inflating the impact. But on the other hand, we've seen other sea changes forced due to security/privacy. 16:39:23 (in the sense of, being able to trust each other with invoicing or reporting) 16:39:44 … Pop-up blocker debate from years ago. Many people said they would go out of business and some did. But most people evolved and innovated. 16:39:54 … Same with privacy beacons in emails. And then clients addressed it. 16:40:11 -q 16:40:12 others want to join small group with jmayer and Brooks on reporting? 16:40:15 +1 16:40:17 … Need to step back and look at real business issues here. Smart businesses will innovate and evolve. Need to move forward. 16:40:27 ack Marc 16:40:42 Marc: Notion that this will impact only a small number of OBA companies is wrong. 16:40:52 … Not helpful to this discussion. There's a huge impact on advertisers and publishers. 16:41:06 … Looking forward to having an opportunity to present those facts in a productive discussion. 16:41:22 … But if the decision is we'll throw some companies on the bus, some of us can go and the conversation will conitnue. 16:41:27 erikn, WileyS, want to work on retention/collection elaboration, based on the industry proposal, in a small group? 16:41:41 … I also don't think this does so much for privacy. You'll have more data collection, that's more invasive, and that will involve PII. 16:41:48 … What will change is who is colelcting. 16:41:56 … We'll see consent wars and pop-up wars, and people need to consider that. 16:42:18 q? 16:42:18 … I hope we can have that discussion in a thoughtful and productive way. 16:42:30 aleecia: Marc, I agree with you that there's far more going on than OBA. 16:42:34 I think we're all agreed that we'd prefer a Do Not Track outcome to the alternatives that Marc is referring to. 16:42:51 … Let's split into 5 groups. All groups will need a scribe and observers will have to just observe. 16:43:04 … I'd like groups to look at text and copy and paste where possible. 16:43:11 q+ ifette 16:43:26 I'm unsure where this line of concern from. I didn't hear Aleecia argue that small-company OBA would be the only impact, just one significant impact. 16:43:34 … responsibilities of 1P, 3P, and outsourced parties. That's where we're having biggest disagreements. 16:43:42 … Some of the things we've talked about: 16:43:45 … no data collection at all 16:43:49 … aggregating at time of collection 16:43:53 … unidentifiable after collection 16:43:57 … siloing to specific party 16:43:59 … retention limits 16:44:13 … use limitations: security, billing/$, freq capping, debugging 16:44:15 … transparency 16:44:24 aleecia: Anything else missing from this list? 16:44:47 +q 16:45:14 aleecia: Not suggesting that we should use these things in specific places, but they seem to be what we've discussed. 16:45:27 internal/operational limits? 16:45:33 susanisrael: Why are use limitations on the tools list? 16:45:39 aleecia: I really mean approaches. 16:45:50 schunter: Fraud prevention. If you collect for that purpose, you must not use it later. 16:45:55 johnsimpson has joined #dnt 16:46:18 susanisrael: Discussion yesterday about the idea of research. Is this meant to be restrictive and that internal product/improvement research wouldn't be legitimate? 16:46:28 aleecia: This was meant to follow Shane's proposal. 16:46:37 q? 16:46:37 q? 16:46:53 I don't see any reason to continue with either proposal 16:46:59 ack ifette 16:47:17 q+ 16:47:20 ifette: Logistical question: Should we do an email to the mailing list for small group scribing? 16:47:22 we could have breakout groups working from Combo-draft, the CDT proposal, the industry proposal, the existing WD, 16:47:23 aleecia: Yes. 16:47:33 ack jmayer 16:47:46 q? 16:48:12 maybe also a breakout group trying to merge/diff the proposals presented by Shane and Jonathan 16:48:18 jmayer: Within the bucket of things that might be aggregated at point of collection: Some companies have a cookie that doesn't tell you anything, but then there's real information that is unlinkable (like an opt-out value). 16:48:37 +1 on internal controls (legal or technical) 16:48:50 … There's also been discussion of business/legal controls. Also internal technical controls. Example: if you're going to have protocol logs for 6 months for security, those would be encrypted and have access controls. 16:49:14 I've checked in our updates from yesterday's drafting session to the "combo-draft.html" that we can work from 16:49:15 http://www.w3.org/mid/E1ShkOO-00027j-Hg@lionel-hutz.w3.org 16:49:18 aleecia: I had intended to capture something like en_US. But I'm adding to this list internal business/legal and technical controls. Also adding auditing. 16:49:31 … Anything else that people might want to discuss? 16:49:33 ack sean 16:49:34 q+ rigo 16:49:57 sean: Disallowing specific technological means for collecting information 16:50:09 JC has joined #DNT 16:50:14 schunter: One example would be jmayer's distinction between active and passive collection. 16:50:26 … Could say that in some cases only allow passive collection. 16:50:43 sean: Another example would be client-side cookies that are uniquely identified but never returned to server. Unique hashes. 16:51:07 s/sean/fielding 16:51:24 mischat has joined #dnt 16:51:30 tl: Normally a cookie is provided by one domain with a distinct identifier for one domain. 16:51:55 … A double-keyed cookie means the identifier is determined not just by who they are, but who they are + where they are. 16:52:03 … advertising.com gets a different ID on each 1P site. 16:52:13 … unique identifier for 1P+3P combination. 16:52:22 schunter: Way to implement siloing for cookies? 16:52:25 fielding: Yes. 16:52:53 … Other approach is server-side agreement to hash cookie that is cross-fed and not stored. 16:53:00 q+ 16:53:08 aleecia: Questions? 16:53:20 ack alex 16:53:20 +q 16:53:27 Alex: I understand the mechanism but don't understand how it works in double-iframe scenario. 16:53:34 fielding: Just one solution; won't work everywhere. 16:53:42 Alex: That may break down because of existing tech implementations. 16:53:51 tl: You're saying that some things you're currently able to do? 16:53:54 q? 16:53:56 q 16:54:13 ted, did you want to queue? 16:54:22 q+ tedleung 16:54:30 q- 16:54:33 Alex: I'm trying to say that if I want to implement this, the intention of the proposal is that cookies be siloed based on 1P. Because of double-iframe problem, the first domain that I get is one iframe up, which may be same for mult domains. So I get the same hash. 16:54:38 thx tlr - a fat finger on my part 16:54:43 ah, ok :) 16:54:52 fielding: On browser side, can always obtain top-level domain of current page. 16:55:06 … 3P would set cookie, but browser controls what to send back. 16:55:11 q+ Brooks 16:55:26 tl: Might have 100 advertising.com cookies. One cookie per 1P. 16:55:39 Alex: Implementation is browser-specific? 16:55:58 updated combo-draft is here: http://www.w3.org/2011/tracking-protection/drafts/combo-draft.html 16:56:07 tl: Let's take this offline. 16:56:12 -q 16:56:12 ack rigo 16:56:13 ack rigo 16:56:36 rigo: We've done a lot of research on server-side data minimization. So many solutions. The question is how far can we go without overburdening the industry. 16:57:03 … One of my major problems is we okay frequency capping and you store the cookie ID w/ URI, then you can still see what I read. 16:57:22 … I don't mind you knowing I was on NYTimes.com but do mind you knowing what I read there. 16:57:32 … We should discuss this in a breakout. 16:57:43 aleecia: Any additional new approaches to add to this list? 16:58:05 … The goal here is to have approaches that people can match these and switch them around for various cases. 16:58:14 … What are responsibilities for various parties using these approaches? 16:58:24 … Let's not go into defaults and UAs now. 16:58:36 … Focus on the core of what we're doing and where there are disagreements. 16:58:55 … Also consider impact on privacy, implementation ease (for large and small 1Ps and 3Ps), likely to satisfy regulators. 16:59:02 … Important to understand impact on business. 16:59:14 … We should be able to estimate difficulty of implementation. 16:59:40 … As you split into groups, be sure you're not standing with people you normally work with. 17:00:08 … Observers, please spread yourselves out and observe. 17:00:26 susanisrael: Would it be better to summarize rather than scribe so that scribe can participate? 17:00:32 aleecia: If you have an observer, use the observer as a scribe. 17:00:42 … At the end, we'll come back in large group. 17:05:37 Approaches we just discussed: 17:06:20 No data collection 17:06:21 Aggregate at the time of collection (OPT-OUT) 17:06:22 Unidentifiable information after collection 17:06:24 Siloing of data to a specific party 17:06:25 Retention limits 17:06:27 Use limitations 17:06:28 Security 17:06:30 Billing / financial 17:06:31 Frequency capping 17:06:33 Debugging 17:06:33 egrant has joined #dnt 17:06:34 Transparency 17:06:35 Internal legal / business controls 17:06:37 Internal technical controls 17:06:39 Auditing 17:06:47 Disallowing specific (hard-coded) technologies (e.g. LSOs) 17:06:52 Active v. passive collection 17:06:55 vincent has joined #dnt 17:07:04 Double-keyed cookies on the browser side 17:07:12 Double-keyed cookies on the server side 17:07:15 notes for center group: https://docs.google.com/document/d/1CHYowgPvQr-EDqflEsiD3cypi2XXcgiaGT5YpHJTTU4/edit 17:08:15 johnsimpson has left #dnt 17:09:32 meme has joined #dnt 17:09:44 https://docs.google.com/document/d/1CHYowgPvQr-EDqflEsiD3cypi2XXcgiaGT5YpHJTTU4/edit 17:13:17 Chapell has joined #DNT 17:20:42 fielding has joined #dnt 17:20:48 Point of clarification - as this was raised in our small group 17:21:02 ? 17:21:55 Timing: break from 11:00 - 11:30, recap in full group for 15 minutes to talk through where you landed for first parties, third parties, and outsourced parties. 17:22:02 fwagner_ has joined #dnt 17:22:08 15 minutes each 17:22:38 Lunch at 13:00 17:23:12 I believe Aleecia said.... (paraphrasing) that the ultimate output of the TPG would be a bad day for third parties who conduct OBA because many would be out of business - but that is a good day for privacy. Do I have that correct? 17:24:04 No. 17:24:17 Ok - you may want to come into our group as that seems to be the conensus here 17:24:21 My concern is that it does little for privacy but harms business substantially 17:24:27 That is a bad outcome 17:24:34 And what DNT was designed *not* to be 17:24:48 I would encourage you to make that clear to the larger group - as that was the impression that many of us were left with 17:24:49 …a year plus ago. 17:25:01 Thanks for that as feedback. 17:25:08 and while I'm not going to represent the views of others - but its not simply industry 17:25:49 Having privacy at the expense of business is the entire problem I hope DNT will avoid. That was the point, to me, of bothering to spend a year of my life on this. 17:25:58 so when i see the powerpoint from this morning coupled with that statement (as interpreted by many in the room) -- I'm sort of wondering if the end goal here is a productive discussion 17:27:06 We've been stuck. It's time to get unstuck. And yes, my frustration at my lack of ability to move things forward right now is coming through. 17:27:12 I am worried for business with this. 17:27:21 I don't want an adblock world. 17:29:30 BerinSzoka has joined #DNT 17:29:41 This group is heading down a direction where large, first party companies are going to continue to collect data -- more data, more sensitive data --- and this will ultimately be at the expense of both privacy and innovation 17:33:09 Chapell: I don't necessarily agree with your conclusion as 'large first party' companies would still be under the same restrictions when operating in a 3rd party context. 17:35:06 However the net pro-privacy effect will be that consumers will have some ability to be informed about and control the typically non-visible 3rd party tracking that occurs as they browse the web 17:38:05 Asoltani: First parties will figure out ways to override DNT -- so we're into an opt-in world 17:39:08 schunter has joined #dnt 17:47:36 rrsagent, pointer? 17:47:36 See http://www.w3.org/2012/06/21-dnt-irc#T17-47-36 17:47:55 rrsagent, pointer? 17:47:55 See http://www.w3.org/2012/06/21-dnt-irc#T17-47-55 18:08:08 fwagner_ has joined #dnt 18:08:36 randomwalker has joined #dnt 18:18:38 KevinT has joined #dnt 18:25:58 dwainberg has joined #dnt 18:33:48 efelten has joined #dnt 18:34:12 efelten has joined #dnt 18:38:06 npdoty has joined #dnt 18:39:07 scribenick: JC 18:39:13 meme has joined #dnt 18:39:16 Topic: Reports on breakouts 18:39:20 rrsagent, pointer? 18:39:20 See http://www.w3.org/2012/06/21-dnt-irc#T18-39-20 18:40:02 some of the early notes from this group: https://docs.google.com/document/d/1CHYowgPvQr-EDqflEsiD3cypi2XXcgiaGT5YpHJTTU4/edit?pli=1 18:40:36 Meme: We decided that a flowchart was an effective way to present our work 18:40:57 aleecia has joined #dnt 18:41:20 ... Ed helped us formalize our thoughts 18:41:39 Ed: Limit on targetting and collection with limited exceptions 18:42:01 Ian: There is likely going to be data collection to cover permitted uses 18:42:04 James has joined #dnt 18:42:15 ... the boxes show limits on collection 18:42:20 amyc has joined #dnt 18:42:29 Meme: The boxes help us frame the issues 18:42:50 Ian: First box indicates what not to do 18:43:29 ... The user's experience may be altered for security or fraud purposes 18:43:40 ... unique identifier may be used 18:43:49 robsherman has joined #dnt 18:44:30 ... retention period must be what is minimally necessary for the purpose (permitted use) 18:44:50 ... use is limited for purpose for which the data was retained. 18:45:13 sidstamm has joined #dnt 18:45:15 Aleecia: Can you indicate how limits are made? 18:45:26 Ian: Auditability of access to data 18:45:38 Justin: Tell me more about auditing 18:45:50 ... explain why you are retaining data. 18:46:04 Meme: Will defer to those that know more 18:46:34 Ian: We retain what is necessary, cookie data etc., to satisfy an audit for a specific purpose 18:47:04 susanisrael has joined #dnt 18:47:07 alex has joined #dnt 18:47:35 Shane: In financial transaction due to legal or contractual obligations retention may be needed 18:47:42 q? 18:47:46 +q 18:47:47 ... for example to cover frequency capping commitment 18:48:20 RobGratchner has joined #dnt 18:48:30 vincent has joined #dnt 18:48:35 ... financial transactions must be recorded to cover legal obligations 18:48:58 ... there are legal and contractual obligations that need to be audited 18:49:29 egrant has joined #dnt 18:49:41 ... some things are federally mandated and others contractual 18:50:44 Justin: So there are legal reasons to keep cookie and other data? 18:50:48 Shane: Yes 18:50:48 ack Brooks 18:50:49 ack Brooks 18:50:53 dwainberg has joined #dnt 18:51:18 dwainberg has joined #dnt 18:51:23 Brook: All ad data belongs t othe advertiser 18:51:43 q? 18:51:46 ack jmayer 18:51:53 ... placing obligations due to the standard adds huge complexity 18:52:15 Jonathan: Contracts can inform what is needed and what can be accomplished 18:52:24 q? 18:52:32 Chapell has joined #DNT 18:52:58 suegl has joined #dnt 18:53:00 Meme: We all have contracts that we have to comply with 18:53:08 +q susanisrael 18:53:14 ... we don't want to have contracts that create a loophole 18:53:30 q? 18:53:36 ... the reality is there are millions of contracts in place today that we cannot ignore 18:53:51 randomwalker has joined #dnt 18:53:54 Nick: Trying to describe what is necessary for use can change over time 18:54:05 justin_ has joined #dnt 18:54:09 ... trying to describe it is difficult 18:54:27 Ian: The ad network may be the processor, but not the owner 18:54:27 ack susanisrael 18:54:46 Matthais: Let's limit discussion to clarifying questions 18:55:15 Susan: I second Meme about contractual obligations 18:55:19 jeffwilson has joined #dnt 18:55:33 Meme: Contracts may reflect our work over time 18:56:51 In the hum test the Meme/Ian proposal was found acceptable 18:57:04 Simon: We focused on exceptions 18:57:12 that is, there didn't seem to be anyone who couldn't live with something in the Meme/Ian direction 18:57:19 My point earlier: There are two levels to the proposed exceptions discussion: 1) which uses are allowed and 2) which information practices are necessary for those uses? Contracts shouldn't dictate either, we should think primarily about substance. 18:57:23 ... we looked at Shane/Jonathan's drafts to see what we could use 18:57:56 I'm not sure if everyone followed what that hum was about. The proposal was a high-level framework for approaching problems, not any particular specifics. 18:58:02 Jonathan, what sort of language that meets MeMe's requirements do you think would work? 18:58:06 ... freq capping, impressions, clicks. Can advertiser keep this information. 18:58:17 ... is there way to get this data without a cookie? 18:58:28 ... we tabled that for later. 18:58:49 ... Agreed that we need things for auding security and fraud. 18:58:55 aleecia, I think a phase-in period for old contracts would be reasonable. Going forward, I think the standard should determine what companies do and agree to, not the other way around. 18:59:07 ... Need to collect data before the fraud to determine if fraud occurred. 18:59:11 What would that look like? 18:59:23 ... looked at storing a unique cookie for debugging purposes. 19:00:11 q? 19:00:18 ... could not agree on whether it was possible to proactively place a cookie in anticipation of security or fraud. 19:00:20 q+ WileyS 19:00:22 marc has joined #dnt 19:00:27 ack WileyS 19:00:44 Shane: What was the thought process for knowing what you don't know? 19:01:17 Simon: I pointed out the issue, but can't say we had an answer. 19:01:47 Jonathan: There is ambiguity, but companies need to state what they need for debugging. 19:02:04 ... that can lead to alternative solutions. Low entropy cookies etc. 19:02:40 CraigSpi has joined #dnt 19:02:47 ... Unlike security and fraud, forensics going back for debugging you can collect additional information. 19:03:21 q? 19:03:22 ... some companies already do remove cookies if the user opts out. They somehow debug witout cookies. 19:03:49 Aleecia: How to tailor debugging and fraud, did you cover other areas. 19:04:03 Simon: We did look at reporting, but focused on those two areas. 19:04:17 Jonathan: We tried to find middle ground on those two areas. 19:06:20 Ian: I don't agree that we can wait until we see a problem and then add a cookie. 19:06:23 ditto 19:06:33 Aleecia: Is that just for security or other purposes? 19:06:51 Ian: Cookies are necessary for security purposes. I wouldn't want to get rid of them. 19:07:27 ... I don't necessarily believe the same for debugging, but I don't have enough data to respond. 19:07:42 scribenick: jmayer 19:07:44 Jonathan: I feel Sean feels differently. 19:08:01 http://lists.w3.org/Archives/Public/public-tracking/2012Jun/0623.html 19:08:25 In our group, Sean (another Googler) suggested he could tentatively be OK with graduated response on debugging. 19:08:30 Shunter: We looked at Shane's proposal and looked at how to improve it to reach common ground. 19:08:45 ... The proposal should spell out a limited retention period. 19:08:54 schunter: focused on Shane's proposal, looked to improvements to reach common ground 19:09:08 ... Don't know if there should be a maximum retention period. 19:09:11 djm has joined #dnt 19:09:20 ... requirement of fixed retention policy, must be public 19:09:29 ... might be different depending on business purpose 19:09:31 ... If possible one can specify different periods for different purposes. 19:09:53 scribenick: jmayer 19:10:09 ... discussed proportionality as a requirement 19:10:21 ... discussed requirement of publishing which exceptions a company uses 19:10:31 ... Rob pointed out the precautionary principle 19:10:51 ... discussed fixed retention time, incentive to improve as they get better at minimization 19:11:18 ... Rob's precautionary principle is like quality control: document where business is, state of the art, encourage getting better at retention 19:11:23 As I understand it, this is a good description of the precautionary principle http://en.wikipedia.org/wiki/Precautionary_principle 19:11:48 see also: http://europa.eu/legislation_summaries/consumers/consumer_safety/l32042_en.htm 19:11:54 though I'm not sure that directly captures what rob/schunter are discussing, since it means not taking an action (in this case collection/retention) without a scientific consensus 19:12:00 how (practical details) would you encourage companies to get better and better on retention? 19:12:14 ... study may be needed of how long data is retained and for what purposes 19:12:35 chesterj2: small groups were a good idea 19:12:48 ... unclear what retention requirements are 19:13:11 ... especially for different types of data and different uses 19:13:24 ... will ask policymakers to report on what data is used and needed 19:13:53 erikn: i want to make the scribe work hard (jerk.) 19:14:06 interesting suggestion on FTC, Congressional Research Service, EU to work together on reports of what practices are necessary 19:14:16 WileyS has joined #DNT 19:14:20 ... side debate over value of aspirational statements in the recommendation that companies should get better 19:14:42 ... agreement there's some value, but substance and transparency do more 19:14:58 +meme 19:15:04 q+ meme 19:15:07 q+meme 19:15:15 q+ 19:15:17 q- 19:15:19 q? 19:15:41 rvaneijk: when thinking about risk, carefully reason about worst-case outcome 19:15:55 make sure there's an incentive to improve business practices 19:16:08 There's a concept of "progressive realization" in other areas 19:16:28 ... make sure businesses are given incentives to improve 19:16:36 ack meme 19:17:03 meme: the FTC will look at retention periods, if companies cannot justify them, it will enforce 19:17:24 +1 meme 19:17:40 ... as an attorney at a large company, I carefully watch what the FTC does, it matters 19:17:47 q+ 19:17:55 flowchart precautionairy principle: https://en.wikipedia.org/wiki/File:Precautionary_principle.png 19:18:09 efelten: FTC involvement depends on how the standard is drafted. Depends on what compliance means. Can't investigate any question. 19:18:17 s/any/just any/ 19:18:26 q? 19:18:31 ack rigo 19:18:43 q+ 19:19:21 rigo: should include promises in the specification, they'll be binding in many jurisdictions 19:19:50 q? 19:19:50 +q 19:19:56 aleecia: the concept of "progressive realization" might be helpful, no backsliding 19:20:28 ack npdoty 19:20:29 q? 19:20:33 ack WileyS 19:20:39 ack WileyS 19:20:44 q+ 19:20:50 npdoty: some value in pointing to best practices in a specification, just because something is an industry practice doesn't mean it's good 19:21:39 sounds like a should not a must if it's useful 19:21:52 wouldn't want to scare people from trying things 19:22:00 the point I was after is that transparency alone shouldn't be sufficient (wouldn't be sufficient for enforcement, necessarily) of moving towards a best practice, and if you're transparently not in the practice, that could be a condition for non-compliance 19:22:02 WileyS: Yahoo experimented with industry-leading search retention. Broke lots of stuff. Spoke to a lot of internal stakeholders in advance. There can be times where privacy has to be walked back. But there are other market forcing functions that can make privacy better. 19:22:06 ack erikn 19:22:08 q? 19:22:25 erikn: If there were a no-backsliding principle, should test internally before rolling out and updating policy. 19:22:27 (that's quite reasonable) 19:22:59 ... we could put progressive realization on paper without interfering with experimentation 19:23:09 No-backslide principle encourages companies to err on the side of a longer retention period 19:23:26 http://en.wikipedia.org/wiki/International_Covenant_on_Economic,_Social_and_Cultural_Rights#Principle_of_progressive_realisation 19:23:41 hum: can you live with (some), can you not live with (none) 19:23:52 Again, unsure if it was clear what those hums were about. 19:24:10 hwest: Our group had a lot of discussion about phrasing. 19:24:20 ... Lots of discussion about first parties sharing information. 19:24:24 :-) 19:24:29 "we at least feel that that's totally solid" :) 19:24:36 ... Came out where the spec is - no sharing what third parties can't collect themselves. 19:24:52 ... Some agreement around certain permitted uses. 19:25:03 ... E.g. product fulfillment like giving UPS shipping info. 19:25:14 Isn't product fulfillment outsource party? 19:25:16 product fulfillment -- do we have something in the spec about accomplishing the user's intended outcome? 19:25:17 ... Different sorts of sharing, e.g. social vs. data provider. 19:25:27 No, that's EU law :-) 19:25:47 ... Looked at FTC report text on commonly accepted uses. 19:26:31 But it might be a good thing to add, in terms of user's intended outcome. Devilishly hard to write, but possible. 19:26:37 ... Thought about market research, product improvement, debugging, some analytics, contextual decisionmaking (e.g. PETA ad not next to Oscar Mayer ad), transactions, security, fraud. 19:26:43 do we need to describe contextual processing in the spec? seems like that would be agreed that it was out of scope 19:27:05 q? 19:27:11 ... On outsourcing, no combining data across first parties, but permitted uses OK as they relate to the outsourcing service. 19:27:33 Marc has joined #dnt 19:27:45 aleecia: How were these terms defined? 19:28:03 hwest: Product improvement related to making something you do better. Not much precision on scope of each. 19:28:04 fwagner has joined #dnt 19:28:09 q? 19:28:25 ... Agreement that these were a good direction for permitted uses. 19:28:36 aleecia: Discussion was about adding to permitted uses. 19:28:53 hum of who's ok with this: some 19:28:56 efelten has joined #dnt 19:28:58 who's not ok: few 19:29:12 justin_: ran late, no scribe (class act guys.) 19:29:19 ... good discussion 19:29:37 ... general agreement around outsourcing, though not about permitted uses 19:30:03 ... talked about appending, general agreement that appending is in scope, appending services somewhat like outsourcing 19:30:24 hwest: didn't have agreement on this, somewhat like outsourcing 19:30:44 justin_: ok with ID cookies, tried to focus on permitted uses 19:30:56 allow cookies, but tie to proportionality, narrower list of uses 19:30:56 ... ad reporting seemed reasonable 19:31:01 To be clear, we didn't have agreement on the very specific of all directions, but if they're an outsourced party acting as a first party, then they need to be acting on behalf of that first party 19:31:07 ... same for frequency capping 19:31:15 ... but maybe not forever 19:31:15 ... 19:31:32 ... metrics ok, market improvement and product improvement not ok 19:32:04 ... no clear agreement on line drawing, roughly if about ad performance, ok, otherwise not ok 19:32:18 ... if information isn't for one of these narrow purposes, aggregate within two weeks 19:32:33 ... alex proposed a different approach to aggregation 19:33:11 alex: problem with fixed aggregation period - might need to later re-run analysis 19:33:27 ... instead of a fixed time period 19:33:31 ... some alternatives 19:34:05 ... 1) segregate data 19:34:18 ... 2) standard-based limit + internal audits 19:34:43 Zakim, who is talking? 19:34:43 sorry, jmayer, I don't know what conference this is 19:34:43 Zakim, who is on the phone. 19:34:44 I don't understand 'who is on the phone', tl 19:35:00 JC for benevolent dictator! 19:35:05 +1 :) 19:35:17 ... Leave it to companies to choose among the three approaches. 19:35:19 ? 19:35:24 q? 19:35:32 19:35:45 aleecia: good overview, hard to keep details straight 19:35:59 vinay has joined #dnt 19:36:29 aleecia: no hum since not enough agreement in group 19:36:37 ... some observations before lunch 19:36:43 ... 1) there is a zone of compromise in the room 19:36:57 ... hard part: getting there 19:37:14 ... 2) almost all proposals followed structure of shane's proposal 19:37:21 ... will focus on that after lunch 19:37:52 +q 19:37:55 +q 19:38:10 +1 on working from the industry proposal onto the current spec text 19:38:58 efelten: maybe start with current drafts 19:39:03 hwest: not in great shape 19:39:03 +q 19:39:26 aleecia: shane's proposal isn't in standards language, jonathan is, may borrow from the latter 19:39:32 roy: there are terms that aren't well defined here 19:39:40 Can we define collect instead of track? 19:39:41 aleecia: we can nail down some of the terms 19:39:47 collect and share 19:39:52 brooks: let's define share too 19:39:58 aleecia: sure, we'll define anything we use 19:40:06 ack erikn 19:40:19 erikn: live editing with a large group is slow 19:40:26 ... maybe small groups with more structure? 19:40:41 susanisrael 19:40:43 q+ 19:40:50 aleecia: maybe, will think on this over lunch 19:40:57 ... look for logical break points 19:41:00 just to be clear, we have had definitions of terms (like "share") in most of our drafts, if you have suggestions, please add them 19:41:09 erikn: example, the section on retention needs some focus 19:41:12 q+ susanisrael 19:41:13 q? 19:41:14 q+ chesterj2 19:41:17 ack susanisrael 19:41:32 ack chesterj2 19:41:32 susanisrael: did some of this work in small groups, should try in large group 19:41:54 q? 19:42:11 ack jmayer 19:42:24 q+ jmayer 19:42:24 chesterj2: would be helpful to hear from IAB members after break about retention periods for specific uses 19:42:25 scribenick: npdoty 19:42:31 ack heather 19:42:39 ack hwest 19:42:41 hwest: makes a lot of sense to bring the industry proposal into spec format 19:42:44 hwest: makes sense to try to bring shane's draft into consensus format 19:42:54 ... current compliance draft is out-of-date options, right? 19:43:03 ... text in the specs now are options no longer in use 19:43:22 justin_: the spec language is better, we should use it 19:43:58 tlr: start with substance of shane's text, but it isn't pretty - we should turn it into standards language over lunch 19:44:26 ? 19:44:29 q? 19:44:44 jmayer: totally comfortable starting with Shane's format, a fine shape to it; wanted to get some clarity of the sense of the room 19:45:14 ... some presentations follow the shapes of Shane's proposal, a lot of people who could live with that general direction and not a lot of people who couldn't 19:45:29 ... the idea that there are some exceptions that give more latitude is common to all proposals 19:45:49 ... not objecting because agreement on bucketing for security/fraud and other exceptions 19:46:06 ... not sure how much is substance vs. structure of agreement 19:46:15 ack rigo 19:46:15 aleecia: necessarily we get a high-level gloss in these presentations 19:46:18 Chris_IAB has joined #dnt 19:46:19 q- jmayer 19:46:24 ack jmayer 19:46:35 rigo: willing to work with Roy on the definitions, clean them up and present them back to the group 19:46:43 scribenick: jmayer 19:47:06 rigo: yep, this was a focus on structure, need to get technical expertise on substance 19:47:18 ... don't want to throw away current drafts 19:47:22 ... lots of work went into them 19:47:29 q? 19:47:30 ... especially the TPE document 19:47:34 q+ fielding 19:47:54 q? 19:48:24 aleecia: started with places we agree, then places where we agree on substance and massage into spec, now finally places we disagree 19:48:36 fielding: small group on definitions works for me 19:48:48 ack fielding 19:49:19 zakim, who is on the phone? 19:49:19 sorry, tlr, I don't know what conference this is 19:49:24 fielding: my views of the compliance document turn on whether an outsourcing provider is a first party or gets an exception 19:49:26 mischat has joined #dnt 19:49:26 zakim, this will be track 19:49:26 I do not see a conference matching that name scheduled within the next hour, tlr 19:49:27 Ceiling voice --- put it in IRC 19:49:29 zakim, this will be TRACK 19:49:29 I do not see a conference matching that name scheduled within the next hour, tlr 19:49:42 aleecia: i've been treating outsourcing as a separating type of party 19:50:01 s/separating/separate/ 19:51:30 roy: preference for putting outsourcing into parties 19:51:31 goal is to have outsourcing into the party definition 19:51:52 aleecia: game of telephone this morning, some thought my view was bad for business = good for privacy, that's not at all what i said or meant 19:52:05 ... want solutions that are good for business and good for privacy 19:52:13 ... here to facilitate something that works for the group 19:52:26 20:15:16 hwest has joined #dnt 20:16:09 aleecia has joined #dnt 20:34:26 randomwalker has joined #dnt 20:44:23 alex has joined #dnt 20:45:57 RRSAgent, pointer? 20:45:57 See http://www.w3.org/2012/06/21-dnt-irc#T20-45-57 20:50:55 CraigSpi has joined #dnt 20:52:00 fielding has joined #dnt 20:52:56 efelten has joined #dnt 20:55:55 justin has joined #dnt 21:02:45 Mc Cormick & Schmick's 700 Bellevue Way Northeast, Bellevue, WA (888) 226-6212 21:07:16 alex has joined #dnt 21:07:56 efelten has joined #dnt 21:08:29 definers, when you come up with a definition, feel free to drop them in here so we can use it in editing :) 21:08:30 amyc has joined #dnt 21:09:23 fielding has joined #dnt 21:09:57 call is closed? 21:10:00 scribenick: efelten 21:10:20 randomwalker has joined #dnt 21:10:26 Ionel, they're checking now 21:10:26 susanisrael has joined #dnt 21:10:30 k, thanks 21:10:32 ChrisPedigoOPA has joined #dnt 21:10:46 tlr has joined #dnt 21:11:02 yes 21:11:06 seems like you cant 21:11:10 but I hear you 21:11:46 Topic: Live Editing, Industry Proposal and Standards Language 21:12:01 aleecia: Folks took Shane's proposal, transposed it into spec. 21:12:08 ... will do live editing on the resulting text 21:12:37 nick, is there any way to get the latest version of the specification 21:12:40 Okay - you hear us but we don't hear you - they're looking into it now 21:13:05 WyleyS - barely hearing, actually 21:13:52 21:14:00 aleecia has joined #dnt 21:14:25 hwest: How we did the reorganization: took Shane draft, reorg into standard spec 21:14:31 scribenick: efelten 21:14:36 ... moved non-normative text to an appendix 21:15:00 ... put it in a Google doc, will go back into spec when done 21:15:31 21:16:00 PDF to go to dlist 21:16:36 Defns went to another subgroup 21:16:52 ... Start at Sec 4, Compliance with an Expressed etc 21:17:16 ... 21:17:18 q+ 21:17:19 q? 21:17:19 adrianba has joined #dnt 21:17:19 q+ 21:17:26 +q 21:17:28 +q 21:17:33 q+ 21:17:38 +q 21:17:40 ack dwainberg 21:17:40 ack dwainberg 21:17:53 We have an issue around append 21:18:10 if we raised it yesterday, is it necessary to ask about it again? 21:18:14 dwainberg: How does a 1P know whether the 3P has an OOB consent? 21:18:24 We barely touched this yesterday 21:18:26 q? 21:18:28 tl: If you don't know there is a consent, don't share data. 21:18:48 +q 21:19:02 BrianH has joined #dnt 21:19:08 A first party and a third party can communicate to understand whether the third party has an exception. 21:19:20 Definitions group rejoined the main group, don't want to miss this discussion. 21:19:22 q? 21:19:28 We've spent an awful lot of time on this very topic in the TPE discussions. 21:19:34 aleecia: We started discussing this issue yesterday. 21:19:49 can you clarify "outsourced releationship" contractural relationship with a first party, where as the data is used exclusively to support the first party 21:20:05 ack ChrisPedigoOPA 21:20:14 ChrisPedigoOPA: Don't like "collect" in second sentence, not sure what it means here 21:20:49 fwagner has joined #dnt 21:20:55 ... 1P doesn't know how data was collected; could fix by using "share" here 21:20:59 JamesB has joined #dnt 21:21:00 ack robsherman 21:21:10 ack robsherman 21:21:24 robsherman: Basic concern is that DNT applies to a specific network interaction, so second sentence should apply to data from 21:21:30 ... a specific network interaction. 21:21:35 Chapell has joined #dnt 21:21:50 q? 21:22:00 ... Suggest adding a clause limiting second sentence to data from a specific DNT:1 network interaction. 21:22:08 that sounds fine with me 21:22:13 aleecia: Roy, what do you think? 21:22:25 "share identifiable information about the user's transaction to any party...." 21:22:54 fielding: Agree that this should refer to data from a specific interaction. 21:23:15 STarting text went out to deist. 21:23:17 aleecia - thanks 21:23:20 s/deist/dlist/ 21:23:43 fielding has joined #dnt 21:23:58 jmayer: Two suggestions. outsource -> outsourcing (grammar). 21:23:58 q? 21:24:04 ack jmayer 21:24:18 Brooks has joined #dnt 21:24:27 q+ 21:24:46 ... Re robsherman's point on per-transaction data, per-transaction makes sense in some settings, 21:25:00 -q 21:25:06 Jonathan could you please paste relevant text here that you think would help? 21:25:19 http://en.wikipedia.org/wiki/Noun_adjunct 21:25:27 ... When a company receives data under DNT:1, will have some obligations later wrt that data. 21:25:39 hwest: Looks like a misunderstanding. 21:25:55 ... robsherman was talking about when gathered, not when used. 21:26:05 do we have uncertainty about "about a user's network interaction"? 21:26:13 How about giving us a concrete *edit*! 21:26:34 jmayer: 21:27:17 Meme trying to set up screen sharing via a fine Adobe product. 21:27:22 q? 21:27:39 s/fine/competitive/ 21:27:41 jmayer: if a user with DNT on adds data to their own profile, and then the first party wants to sell that profile information, is that information covered by this? 21:27:54 ack CraigSpl 21:28:14 Example: Website wants to sell account information to a third party, the user arrives with DNT: 1. Can the website sell the information? 21:28:52 Two relevant snippets from the EFF/Mozilla/Stanford proposal. 21:29:03 ack susanisrael 21:29:06 susanisrael: Talked about these issues in our small group 21:29:15 1) "A first party must not share information with a third party that the third party is prohibited from receiving itself." 21:29:27 2) "A third party must not receive, retain, use, or share any information related to communication with a user or user agent." 21:29:34 ack CraigSpi 21:29:34 JC has joined #DNT 21:29:39 ... we have language on this, gist is that 1P may not share with 3P in way that bypasses 3P restrictions 21:29:53 ... 21:30:26 nickdoty: Does that require intent/knowledge by the 1P? 21:30:35 q? 21:30:59 susanisrael: Might tweak to take out intent. Suggest stating the purpose of this. 21:31:09 nickdoty: Best to put that point in non-normative. 21:31:17 susanisrael: Agrees with Nick. 21:31:30 I'll try to come up with non-normative text to explain the intent. 21:31:37 aleecia: Susan and Paul to produce text for non-normative. 21:31:52 ack susanisrael 21:31:57 vinay has joined #dnt 21:31:57 ack Brooks 21:32:12 rigo: From definition space, concerned about service provider. Need safeguards in defn to make this work. 21:32:12 can we come back and define service provider later? 21:32:34 kimon: Let's see what the Europeans have done with data processor / controller distinction. 21:32:48 ... See if that works for us in defining service provider. 21:32:56 q+ 21:32:58 ... 21:33:11 ... that's short and crisp 21:33:33 ack rvaneijk 21:33:40 aleecia: robvaneijk: Rigo and I already drafted language for that. Let's re-introduce it. 21:33:50 q? 21:33:55 aleecia: Let's move ahead--still on these second sentence. 21:34:18 kimon has joined #dnt 21:34:28 hwest: 21:34:37 ... "It's kind of a Franken-text now" 21:34:42 ... needs fixup 21:35:12 For service provider I suggest: 'processor' shall mean a natural or legal person [,public authority, agency or any other body] which processes data on behalf of the first party; 21:35:17 aleecia: Does anyone think they can do better? 21:35:36 tl: This is not a good way to produce readable and coherent text. 21:35:45 q+ 21:35:49 aleecia: Hear your frustration. How can we move forward. 21:36:37 for the minutes: if we are going to use EU language I prefer to go back to the text that is in the current public draft: http://www.w3.org/TR/tracking-compliance/#EUterms 21:36:43 I suggest to change "operator of a first party" to simply "first party". "Operator" does not add anything here. 21:36:44 I thought Aleecia handled that very graciously. She'd make a good therapist--or daytime talkshow host! 21:36:44 q+ 21:36:45 davidwainberg: Can we talk about our general goal? 21:36:49 +1 thomas's idea 21:37:15 tlr: We're trying to get the general shape right. Editors will turn it into smooth, coherent text. 21:37:22 ... Let's keep the discussion civil, please. 21:37:32 I think that I can volunteer myself and Justin and Sean to go ahead and smooth out the franken-text 21:37:47 So let's get it to a point of reasonable substance 21:37:56 i am happy to help smooth out the text if useful 21:38:08 +1 hwest 21:38:08 the "in which DNT:1 was sent to any party" doesn't seem to reflect the nature of HTTP... 21:38:09 url to see Heather's screen on your computer: my.adobe.acrobat.com/meme enter in as guest 21:38:25 kimon: Might need to have a precise version, plus non-normative text to help explain. 21:38:27 q+ 21:38:41 ack kimon 21:38:43 ack rigo 21:39:08 Brooks, are you still in the queue on purpose? 21:39:11 Nick had suggested the same thing 21:39:25 yes 21:39:39 rigo: Simpler to say that 1P must not share info with any other party, except for service providers. 21:40:16 q+ 21:40:18 Suggestion: A first-party MUST NOT share information received in a DNT:1 request with any other party (*) unless the information shared is not linkable to a specific user, user agent, or device. (*) assumes that service parties are the same party. 21:40:25 +q 21:40:42 roy, that should be out of scope anyway 21:40:50 q+ 21:40:50 q? 21:40:52 +q 21:40:55 brooks: Don't know what it means to "share" information. 21:40:57 ack Brooks 21:41:24 and I also said "MUST NOT share personally identifiable information" 21:41:28 q+ 21:41:39 We have to write some text first. 21:41:42 +q 21:42:31 q? 21:42:36 propose "pass along instead of share" 21:42:40 I think "A first party must not share identifiable information about a user's interaction in which DNT:1 was sent to any party it does not have a service provider relationship with." would make more sense as "A first party must not share with any party it does not have a service provider relationship identifiable information about a user's interaction in which DNT:1 was sent." 21:42:41 q- jmayer 21:43:04 hober's version sounds about right to me 21:43:14 jmayer: Definition here builds in dependence on mental state of 1P? 21:43:20 (modulo share / pass along / ...) 21:43:20 ... should be more explicit about that 21:43:26 kimon has joined #dnt 21:43:37 q? 21:43:43 aleecia: Rigo's edit was trying to deal with that issue. 21:44:09 ack vinay 21:44:33 Vinay: What kind of information are we talking about? PII? 21:44:35 "The Service Provider does determine the purposes, conditions and means of the data processing, but processes data on behalf of the First party." 21:44:46 what about "share information that the first party has collected", which may help to clarify that there is active role in passing on info 21:45:05 If I understand correctly, Rigo and Aleecia are suggesting a punt on mental state (e.g. purpose, knowledge, recklessness, negligence, strict liability). I'm opposed to selecting language where we know it includes ambiguity. 21:45:13 q+ 21:45:21 Rigo: Service provider is needed here to limit the role that a 3P data recipient can play. 21:45:22 ack robsherman 21:45:36 aleecia: Not worried about having some redundancy here. 21:46:06 q- 21:46:07 robsherman: First sentence should also deal with network-interaction issue that I raised before. 21:46:07 q+ 21:46:24 Heather: could we unhighligt that text? it would make it a lot easier to read 21:46:37 ack ifette 21:46:44 q+ 21:46:51 q+ 21:46:55 ifette: Talked earlier about exceptions for fulfillment. What about electronic fulfillment? 21:46:57 vinay, not sure we have an entry in a Definitions section yet, but the language we seem to be using in drafts is "non-identifiable === with high probability could not be used to identify a user, user agent or device" 21:47:25 ... e.g. online email service, type message and hit send, mail provider sends message for you. 21:47:41 Rigo: Should be covered by general exception for doing the stuff that the user asked you to do. 21:47:55 +1 to Rigo's suggestion. 21:47:59 +1 too 21:48:07 Suggestion 2: A first-party MUST NOT share (transmit or provide access to) information received in a DNT:1 request with any other party (*) unless the information is unlinkable or the shared purpose is specifically limited to security or fraud control. (*) assumes that service providers are the same party. 21:48:08 would it be more effective for us to try to get agreement on issues rather than trying to draft langauge? 21:48:11 q? 21:48:26 zakim, close queue 21:48:26 ok, aleecia, the speaker queue is closed 21:48:35 IAB_Chris has joined #dnt 21:48:41 Nick - that's fine. I was just suggesting that we specify the kind of information we're talking about here. I'm not arguing against 'identifiable information'. 21:48:57 q- tl 21:48:59 aleecia: Calm down. 21:49:08 q- 21:49:30 sean has joined #dnt 21:49:32 I thought it was worth trying to edit as a large group but maybe we SHOULD split up to do it. I might have been wrong. Maybe identifying language that needs to be fixed/issues is best use of large group. 21:49:32 ChrisPedigoOPA: Need a tight definition of share/disclose/whatever. 21:49:43 ... shouldn't require 1P to know what a 3P is collecting. 21:50:18 what are the rules around horrific conduct during a w3c meeting? 21:50:25 ack dwainberg 21:50:26 is anythign allowed? 21:50:27 dwainberg: ok with the goal of preventing circumvention of 3P limitations. 21:50:33 ... worry that this is doing more than that. 21:50:39 ack ChrisPedigoOPA 21:50:43 tl: What do you think it will do that it shouldn't? 21:50:55 rigo: reiterates service provider exception 21:51:05 ack justin 21:51:21 dwainberg: Not sure what side effects there might be. 21:51:28 aleecia: Stop. 21:52:06 I provided two specific text suggestions before the queue closed. 21:52:16 +1 justin 21:52:35 Back and forth between justin and rico about what this means. 21:52:40 s/rico/rigo/ 21:53:06 +1 Justin - responsibility is on the third party 21:53:10 At least that was my understanding 21:53:17 +1 hwest/justin 21:53:27 aleecia: Have worked on two sentences, for an hour. 21:54:02 asoltani has joined #dnt 21:54:16 ... let's take a break. Editors send text to mailing list. Break into groups and wrestle with text. 21:55:27 tlr: Let's look at text, get issues and suggestions on the table, then move on. 21:56:01 tedleung has joined #dnt 21:56:36 aleecia: Half-hour break now. Editors transform this into form we can work on. 21:56:47 Todo for the first party compliance first sentence: 21:56:47 ... will break into groups. 21:56:48 reference to "service provider" definition (kimon --- adopt processor language?) 21:56:49 Exact wording of share/send/collect will depend on definitions. Need to check that it all works together. 21:56:50 susanisrael coming up with text proposal on the first party intent and passing third parties information [potentially done] 21:57:39 JC: Issue with the men's restroom. Need to take elevator to the second floor. 21:57:58 ... metaphor for something? 22:11:46 dsinger has joined #dnt 22:32:12 wheeler has joined #dnt 22:35:23 hwest has joined #dnt 22:37:42 randomwalker has joined #dnt 22:38:09 efelten has joined #dnt 22:41:10 scribenick: npdoty 22:41:14 aleecia: new breakout groups 22:41:24 ... twenty minutes to come up with bullet points on each of the 5 permitted uses 22:41:31 ... need to avoid looping on issues 22:41:53 ... editors will create a complete single strawman draft based on these 22:42:09 ... goal is a good strawman draft close enough to not debate eternally 22:42:15 ... choose your favorite 22:42:19 fielding has joined #dnt 22:42:41 efelten: can assume an unlinkable data exception? -- yes. 22:43:33 robsherman has joined #dnt 22:53:34 tl has joined #dnt 23:05:29 aleecia: call to order. 23:05:35 rrsagent, pointer? 23:05:35 See http://www.w3.org/2012/06/21-dnt-irc#T23-05-35 23:06:09 Topic: Post-Breakouts 23:06:45 scribenick: rigo 23:06:53 fwagner has joined #dnt 23:07:01 dwainberg has joined #dnt 23:07:29 Aleecia(AM): Looking for bullet points from the groups, go through quickly 23:07:40 .... end summary no later than 4:15 23:07:47 Security 23:07:58 jmayer has joined #dnt 23:08:15 meme has joined #dnt 23:08:17 hwest: reading out concrete text they found -> please paste below 23:08:56 Strawman text: Data MAY be collected, maintained and used for the express purpose of detecting security risks and fraudulent activity, defending from attacks and fraud, and maintaining integrity of the service. This includes data reasonably necessary for enabling authentication/verification, detecting hostile transactions and attacks, providing fraud prevention, and maintaining system integrity. 23:08:56 erikn has joined #dnt 23:09:01 rrsagent, pointer? 23:09:01 See http://www.w3.org/2012/06/21-dnt-irc#T23-09-01 23:09:03 alex has joined #dnt 23:09:04 tlr has joined #dnt 23:09:12 James has joined #dnt 23:09:14 npdoty: what is reasonable? 23:09:39 vincent has joined #dnt 23:09:51 hwest: talked about that a bit: no explicit consent. Some wiggle room for companies, rather good faith, due diligence 23:10:05 (my summary) companies to decide on their own, but with a good faith concept 23:10:25 Chapell has joined #DNT 23:10:34 jmayer: greater point of disagreement, is it reasonable for an ad network to put a uniqueID into every browser for security? 23:10:42 hwest: yes, speaking for Google 23:10:53 Topic: Financial 23:10:55 Clarification: potentially yes 23:11:06 hwest, was that "reasonable measures" or "reasonably necessary" and does that make a difference? 23:11:36 Brooks: data that is need to enable each event of sale, and the points that could be affected by DNT:1 23:11:58 ... > reading whiteboard - > scribe makes a photo 23:12:23 Our text was 'reasonably necessary' but I think either could work. 23:12:52 fielding has joined #dnt 23:14:05 npdoty: should be dropped or will be impacted 23:14:44 Brooks: are impacted, there is no tremendous disagreement, just have to write it up 23:14:46 randomwalker has joined #dnt 23:15:19 tlr: geolocation can mean anything, what is this? 23:15:23 action: rigo to send Nick photos from whiteboard to include in minutes 23:15:23 Created ACTION-215 - Send Nick photos from whiteboard to include in minutes [on Rigo Wenning - due 2012-06-28]. 23:15:37 q+ 23:15:38 Brooks: this is a cross over 23:15:44 Zakim, open the queue 23:15:44 ok, npdoty, the speaker queue is open 23:15:47 q+ alex 23:16:06 AM: there is text already, we have already created an issue 23:16:11 ack alex 23:16:21 s/AM:/aleecia:/ 23:16:43 justin has joined #dnt 23:17:17 action: brooks to draft tentative agreement on financial reporting breakout discussion 23:17:17 Created ACTION-216 - Draft tentative agreement on financial reporting breakout discussion [on Brooks Dobbs - due 2012-06-28]. 23:17:44 Brooks: if all affected we have trouble in reporting 23:17:53 hwest: we touched on that in Security 23:18:01 frequency capping ==== 23:18:22 "so long as you're not storing the URL trail" 23:18:31 Alan: you can do so if you don't store URIs 23:18:51 BerinSzoka has joined #DNT 23:18:56 .. core concern, fair amount of discussion 23:19:28 CraigSpiezle has joined #dnt 23:20:01 fielding: application tracking, would allow that to do, if ID is only retained in a hashed way per campaign and there is no trail where that ad was seen together with the site information 23:20:16 jmayer: care to present technical approach 23:20:33 s/care to/could you please clarify the/ 23:21:13 adrianba has joined #dnt 23:21:33 amyc has joined #dnt 23:21:52 fielding: for service site frequence capping would use a campaign identifier and the counter for that ad, but not the trail of URIs that have been seen 23:22:04 s/service site/server-side/ 23:22:40 ??: sequencing? 23:23:09 fielding: this would not be allowed under DNT:1 23:23:44 Sean: no limit on campaign, that does not mean you do not get aggregate information on the campaign, 23:24:09 q? 23:24:21 AM: ?? you said that first parties would be able to do this, and not third parties? 23:24:24 ??: yes 23:24:48 meme has joined #dnt 23:25:18 WileyS: this would be covered under financial. Frequency capping is very special 23:26:15 ... showing ads in sequence is a form of OBA, for a first party would be able to do that on that first party but be obliged to silo the data 23:27:00 s/??/Eric Wheeler/ 23:27:01 A note - we need to make sure that the contextual delivery is well allowed 23:27:15 It's not clear in the text thus far, I think 23:27:17 fielding: contextual based advertisement would be allowed is not tracking 23:27:24 It's in the spec :) 23:27:27 ===========Debugging=========== 23:27:41 WileyS: report is already in the email list 23:28:34 ... not a replacement for QA, to address real time issue, short retention. Due to unknowns, we are all unclear about the "what to collect" as we try to do minimization. 23:29:10 ... selective progression was discussed: if issue becomes bigger, you only increase retention time for this issue 23:29:45 ... looked at proportional measures. Guiding principle: If you don't need it, don't collect it. 23:29:48 it sounds like "selective progression" would be a promising direction for much of our work 23:30:16 ... don't believe in distinction between ad, analytics or content, debugging counts for all of them 23:30:17 http://www.w3.org/mid/CC08F807.40499%25jfurtsch@truste.com 23:30:37 debugging bullits: 23:30:43 Not QA 23:30:44 Typically retained for a shorter timeframe intended to address realtime issues 23:30:46 Due to the nature of the issue, more variables are needed 23:30:48 Reactive/unforeseen (issue usually raised through a user, site, advertiser, scanner, report) 23:30:50 Selective progression (retention variable) 23:30:50 Craigspi has joined #dnt 23:30:52 No substitute 23:30:53 Protocol is not enough – need more (I.e. Cookie) guiding principle – if you don't need , don't collect 23:30:54 npdoty: selective progression idea, what about default values? 23:30:55 Needed by all third parties (ad, analytics, content providers) 23:31:42 WileyS: we didn't, resisted to put arbitrary periods, started from 30/90 day period, but up to every company to argue that 23:33:32 WileyS: for all retention there should be transparency and declared that somewhere publicly. They should give more information on why this data use occurs 23:33:41 =============aggregate reporting============= 23:34:05 robsherman: balanced privacy against business needs in aggregation 23:34:47 .. started with CDT for a fixed period of 2 weeks. Feeling that we do not have enough information for what a time limit could look like 23:35:26 ... if it is retained for other uses, it would be moved into unlinkable state after that period 23:35:40 .... was discussion about bias in favor of ad companies 23:38:52 we should be clear, this was an expressed concern (expansion of purpose) within the group as well, this was just a proposal 23:39:16 Aleecia: You can keep raw data for aggregating. But if you keep it for other uses (financial), you can still aggregate from that data 23:39:41 ifette: I have n copies of data per use, or one copy of data and n uses 23:39:58 rigo: concern about purpose creep 23:40:07 ... if data already exist for other purposes, we can aggregate 23:40:13 q? 23:40:17 rvaneijk: undermines the basic concept of siloing, for security purposes, for example 23:41:04 q+ 23:41:38 q+ 23:41:46 It will be hard to justify security data for seven years. 23:42:39 q+ 23:43:43 meme: if aggregate reporting is permitted and storing the data for security purposes is allowed, what's the problem? 23:43:53 potential text on frequency capping: Third-party tracking for the sake of server-side frequency capping is allowed if the tracking identifier is only retained in a form that is unique to each super-campaign (e.g., one-way hashed with a campaign id) and does not include retention of the user's activity trail (page URIs on which the ads were delivered) aside from what is allowed for other permitted uses. 23:44:01 rvaneijk: but the data is stored for a specific purpose 23:45:07 q+ tlr 23:45:09 q+ rvaneijk 23:45:25 q- 23:45:26 discussion about re-use of security data to create aggregate data for any purpose 23:45:32 sean has joined #dnt 23:45:43 felten has joined #dnt 23:47:15 ack tlr 23:47:17 felten has left #dnt 23:47:19 Aleecia: what about siloing, security data, and ACL. So companies say they have one set of data, but different ACL. Push back mainly because silos are breaking. Idea of dual use of data is a cultural issue in Europe 23:48:08 ack ifette 23:48:09 tlr: discussion about collection, duration of collection and duration of retention. Surprise that some people thought there is a purpose limitation 23:48:34 q+ 23:48:34 ifette: limitation of time on aggregation is 30 days or the time period of other uses 23:49:10 30ish days 23:49:53 vinay has joined #dnt 23:50:28 q+ fielding 23:50:39 ack fielding 23:51:00 q+ later 23:51:05 efelten has joined #dnt 23:51:14 q+ WileyS 23:51:50 q- 23:51:53 ifette: aggregation from security data would itself be unlinkable 23:52:36 ack npdoty 23:52:51 Aleecia: wouldn't this pressure companies into keep that data for other purposes 23:53:20 npdoty: companies would have advantages over other companies as they could collect data of security 23:53:32 ack robsherman 23:53:37 ack robsherman 23:53:42 q- WileyS 23:54:26 robsherman: don't believe in the pressure argument, will have conformance pressure from regulators that is stronger 23:54:34 aleecia has joined #dnt 23:54:39 a+ 23:54:42 q+ 23:54:43 WileyS: market research is an explicit case of third-parties that do aggregate reporting, we should consider those businesses 23:54:43 q? 23:54:52 ack rigo 23:55:45 q? 23:55:54 alex has joined #dnt 23:56:26 q+ 23:56:36 q? 23:57:32 q+ 23:57:39 efelten has left #dnt 23:58:41 robsherman: purpose of aggregate is not identifying. The aggregate result won't identify an individual 23:58:58 efelten has joined #dnt 23:59:43 q- 23:59:54 ack aleecia 23:59:56 ack alex