IRC log of dnt on 2012-06-21

Timestamps are in UTC.

00:00:27 [npdoty]
jmayer: 1) how long do you get to keep passively collected data around for security/fraud -- up to 6 months instead of 2 weeks
00:01:28 [npdoty]
... 2) when you have a reason to believe; that is, not id cookies in every browser, add a cookie for IPs where you're getting a lot of requests
00:02:07 [npdoty]
... and if you have a specific reason to believe, then the 6 month limit is lifted as well
00:02:16 [tlr]
00:02:47 [npdoty]
ifette: cookies are active, so you can't keep set/retain cookies for fraud purposes?
00:03:49 [npdoty]
brooks: when you mean "fraud", you don't mean the legal case of "fraud", you just mean the financial reporting
00:04:07 [npdoty]
jmayer: click fraud, impression fraud, advertising fraud ... not getting into questions of criminal fraud
00:04:08 [npdoty]
00:04:23 [james]
while issue of security and fraud needs more thinking
00:04:30 [schunter]
00:04:46 [Marc]
Marc has joined #dnt
00:04:48 [tlr]
ack fielding
00:05:15 [Chapell]
00:05:17 [npdoty]
fielding: distinction between slides/draft -- is the language and the substance consistent?
00:05:26 [aleecia]
00:05:30 [npdoty]
ack dwainberg
00:05:38 [fielding]
00:05:39 [cspiezle]
cspiezle has joined #dnt
00:05:42 [npdoty]
jmayer: this presentation was attempted to be high-level
00:05:45 [fielding]
00:05:47 [cspiezle]
00:06:21 [npdoty]
dwainberg: step us through, what would a party do between first contact and when they reasonably know fraud may be undergoing?
00:06:47 [schunter]
00:06:49 [npdoty]
jmayer: protocol information for 6 months, plus active measures for 2 weeks [may have mis-scribed that]
00:07:16 [aleecia]
00:07:33 [npdoty]
jmayer: this was based on talking to people at companies about how they do this now, that the most commonly used input is protocol logs, not the only input but the primary input
00:07:51 [npdoty]
... also tried to verify how much better off would an attacker be?
00:08:04 [cspiezle]
we need to look at a broader view of fraud, beyond ad click fraud
00:08:07 [ifette]
00:08:12 [ifette]
ack robsherman
00:08:25 [npdoty]
... a number of companies confirmed that they wouldn't be better off because adversaries already employ clearing/modifying cookies
00:09:22 [npdoty]
robsherman: when I do have reason that fraud may be ongoing, how do I engineer my system to put a cookie on just the fraudster's browser?
00:09:35 [aleecia]
00:09:42 [schunter]
00:09:47 [npdoty]
jmayer: a variety of levels of concern about fraud; some companies were fine with just protocol information
00:10:02 [npdoty]
... some companies, including ad companies, were more sensitive and did engineering that was dedicated to fraud
00:10:28 [fielding]
00:10:35 [npdoty]
... a lot of online ad networks we talked to already had a two-tier system in place, with more techniques employed in those cases
00:10:39 [npdoty]
ack Chapell
00:10:46 [cspiezle]
my concern wearing the hat of commerce and banking sites is to be sure we do not lmit or imapct their ability to detect suhc behavior.
00:11:05 [schunter]
00:11:16 [schunter]
ack cspiezle
00:11:31 [npdoty]
Chapell: first parties pretty much have a free pass, except for not getting around third parties, right? -- yes. -- that seems to contradict tl's comments earlier, are we misunderstanding something?
00:11:45 [schunter]
00:12:04 [npdoty]
Chapell: use of offline or other data combined with a first party's data, the earlier discussion
00:12:12 [alex]
00:13:21 [npdoty]
jmayer: business practice is like a newspaper that gathers data about the user, and then append the data from an offline party to the first party's profile of the user
00:13:47 [WileyS]
00:13:48 [JC]
00:13:54 [schunter]
00:14:03 [npdoty]
Chapell: if Acxiom were here, they might argue that they're a service provider, so you might need to change that in the text
00:14:16 [npdoty]
ack ifette
00:14:17 [aleecia]
ack ifette
00:14:45 [npdoty]
ifette: protocol includes "top-level url", you mean the full URL, not just the hostname, right?
00:14:45 [aleecia]
Roy tells me Chris got ack'ed too early -- sorry, Chris!
00:14:46 [npdoty]
jmayer: yes.
00:14:47 [justin]
Chapell, If Acxiom were to commit to following the outsourcing/service provider rules, I suspect (?) that would solve this problem.
00:14:53 [dwainberg]
00:14:58 [npdoty]
q+ cspiezle
00:14:59 [aleecia]
That makes Chris next
00:15:31 [npdoty]
ifette: how many companies did you talk to that didn't use cookies for DoS of attacks?
00:15:50 [Chapell]
Justin, I'm not sure - you may be right. But I think the offline data brokers would argue that they are outside the scope of this spec
00:15:59 [npdoty]
jmayer: companies that already had cookies do use them now, but companies seem to think they'd be okay without them (not all companies)
00:16:06 [WileyS]
00:16:07 [johnsimpson]
00:16:10 [npdoty]
ack cspiezle
00:16:23 [fielding]
my bad
00:16:46 [npdoty]
cspiezle: on transactional fraud, don't want to impact their ability (like banks, etc.)
00:17:22 [npdoty]
jmayer: if you're trying to prevent fraud on your own (first party) site, this wouldn't have any impact, you can do the most intrusive tracking if you like
00:17:37 [npdoty]
... you can share threat intelligence, limits lifted if there is a reason to believe
00:18:17 [justin]
Chapell, That may well be the case --- it's just that you had suggested they would say their service providers. They might prefer to utilize/resell the information they receive as a result of an append. I do not know about their business models to know common practice on this.
00:18:33 [asoltani]
'innocent unless proven guilty' fraud detection approach
00:18:34 [npdoty]
... certain companies where all they do is follow financial transactions, look for users' whose machines have been hacked -- would want to talk to them more about that
00:18:43 [npdoty]
ack fielding
00:18:47 [schunter]
00:19:08 [npdoty]
fielding: typically those groups are acting on behalf of a first party, but they store behavioral trails from multiple sites
00:19:09 [cspiezle]
they are working on behalf of first parties
00:19:31 [schunter]
00:19:31 [npdoty]
jmayer: wanted to solve the 95% use case
00:19:41 [npdoty]
ack alex
00:19:41 [aleecia]
ack alex
00:20:25 [cspiezle]
perhaps small number of servce providers but they may provide services to 100,000 of commerce sites, banks, ISPs....
00:20:31 [npdoty]
alex: given a currently unknown threat vector, attacker only has to change their protocol information every 6 months. can't go back through 2 years of data.
00:20:58 [npdoty]
jmayer: yes, there would be that limit.
00:20:59 [schunter]
00:21:11 [aleecia]
So I'm going to click on something a lot, and then stop, and then wait six months and then do it again?
00:21:26 [aleecia]
And it won't get detected?
00:21:50 [dwainberg]
Sort of like that, aleecia
00:22:01 [npdoty]
jmayer: if you haven't caught someone trying to do click fraud within six months of doing it, then you won't have that data afterwards
00:22:38 [dwainberg]
couldn't you roll out hundreds/thousands of user agents on a large number of IP addresses, engage in low level click fraud and have it add up to a lot of money.
00:22:44 [npdoty]
... not generating this out of the blue, some companies thought they didn't need more, some companies wanted more, thought it was a compromise as many advocates were concerned about a browsing history for 6 months
00:23:01 [npdoty]
WileyS: was one of your design considerations ready availability, scale and mass adoption?
00:23:12 [schunter]
00:23:21 [schunter]
ack WileyS
00:23:48 [npdoty]
jmayer: the privacy-preserving technologies that we have in mind include many that advertisers have said are unworkable
00:23:54 [rigo]
and having a full clickstream of all of us for the past 10 years (at least) would be the dream of all spooks, wouldn't it? And we don't allow that for a government but allow the government to raid this private collection? I seriously question some of the asserted need for those extraordinary retention periods
00:24:05 [schunter]
00:24:24 [npdoty]
... technologies where I see a consensus among researchers do work, though they would have some implications
00:24:33 [WileyS]
Please note "implications on performance and revenue"
00:24:49 [npdoty]
... no doubt that there's a runway period / grace period
00:24:58 [amyc]
00:25:27 [mischat]
mischat has joined #dnt
00:25:34 [schunter]
00:25:43 [amyc]
00:25:48 [jchester2]
00:25:49 [WileyS]
00:26:02 [npdoty]
WileyS: given that there's a disagreement between researchers and implementers, did you take mass adoption (by companies/implementers) into consideration?
00:26:02 [aleecia]
ack JC
00:26:12 [npdoty]
jmayer: yes, talking to companies, aimed for balance, a guiding consideration
00:26:49 [schunter]
00:27:15 [npdoty]
JC: if we're talking about multi-site behavioral data, why does DNT have any effect on Acxiom account data?
00:27:42 [npdoty]
... that's not behavioral information, so DNT doesn't apply
00:27:55 [amyc]
00:28:12 [schunter]
00:28:40 [npdoty]
jmayer: flows like these identified as a concern in small groups at Washington; very discrete sharing of information
00:28:46 [npdoty]
JC: worried about scope creep
00:29:29 [schunter]
00:29:36 [npdoty]
jmayer: focused on things that are not as narrow
00:29:42 [npdoty]
ack dwainberg
00:30:01 [aleecia]
JC would like DNT to address OBA; people involved in DNT earlier on see DNT as applying to data more generally. (If this is not write, please correct)
00:30:05 [schunter]
00:30:15 [npdoty]
dwainberg: top-level domains and referers, many cases of 3rd-party ad-serving where top-level domain info isn't shared (because of iframes, etc.)
00:30:50 [npdoty]
... sometimes you'll receive a domain name that isn't the top-level domain but an intermediate iframe
00:30:58 [johnsimpson]
00:31:01 [JC]
aleecia: I don't limit DNT to OBA, but online collection of data
00:31:27 [aleecia]
ok, thanks for fixing that
00:31:50 [npdoty]
jmayer: if you don't get the Referer in the header but it get it somewhere else (passed along as a URL parameter, for example) -- that's passive collection in the same sense, some advocates thought this was a concession but it happens with some frequency
00:31:58 [schunter]
00:32:35 [npdoty]
dwainberg: can you share the list of companies you talked to?
00:32:49 [ifette]
q+ hwest
00:33:24 [Chapell]
00:33:27 [npdoty]
jmayer: commonly have permission to talk to companies without revealing who they are, companies can identify themselves but I'm not comfortable doing so
00:33:52 [npdoty]
... I thought it was a broad representation of both size and market sector, including more companies than I recall, including companies inside and outside of the WG
00:34:22 [JC]
What is punishment?
00:35:00 [aleecia]
00:35:12 [npdoty]
tl: some organizations talked about concerns sharing regarding trade associations
00:35:29 [aleecia]
ack jchester
00:35:38 [npdoty]
hwest: concern about misrepresentation
00:35:56 [tlr]
I don't think it's useful to think about this in terms of representation. This is Jonathan's take of where the industry is.
00:36:01 [Marc]
00:36:04 [tlr]
He may or may not be right.
00:36:22 [npdoty]
jmayer: tried to present it adequately, including qualifications in almost cases
00:36:24 [tlr]
Now we need to have things about the impact of these ideas on the table here.
00:36:53 [efelten]
00:37:03 [hwest]
00:37:09 [aleecia]
thank you, Heather
00:37:14 [Chapell]
00:37:35 [aleecia]
Thank you, Alan
00:37:51 [aleecia]
Let's get through the discussion if we can
00:37:56 [npdoty]
dwainberg: what do we do if there's a new fraud attack that requires changing these requirements?
00:38:01 [schunter]
00:38:12 [aleecia]
ack amyc
00:38:19 [johnsimpson]
00:38:20 [npdoty]
jmayer: have to evaluate the likelihood of such a new attack, have an implementation period, can revise specification
00:38:37 [schunter]
00:38:44 [schunter]
ack Marc
00:38:50 [BerinSzoka]
Well, if Jonathan's not concerned (about the unintended consequences of his rather grand proposal), that's good enough for me! </sarcasm>
00:38:56 [npdoty]
amyc: operational practices such as billing with "Active" -- I'd like to understand that better
00:39:41 [efelten]
Let's keep the tone civil, please.
00:39:47 [amyc]
specifically, want to understand whether Jonathan thinks it is OK to use LSO or fingerprint for operational uses
00:39:54 [Rob]
Rob has joined #dnt
00:40:02 [aleecia]
00:40:19 [npdoty]
jmayer: instead of having a billing exception, passive/actively collected used for a period of time for any use
00:40:21 [aleecia]
thanks, Marc
00:40:32 [npdoty]
jmayer: design motivations
00:40:36 [tlr]
aleecia, schunter ack'd Marc above
00:40:42 [tlr]
which I believe he did when he handed him a microphone
00:41:09 [npdoty]
... based on current advertising company practices, including opt-out practices
00:41:19 [aleecia]
00:41:30 [schunter]
00:41:31 [npdoty]
... make it possible for external verification of compliance
00:41:37 [aleecia]
Thank you. Marc was kind enough to be willing to wait
00:41:53 [alex]
00:42:03 [npdoty]
... concerns about updating the standard whenever there's a new business model or business purpose
00:42:32 [aleecia]
I'm going to let Jonathan finish, since we're very close to time. We'll go to the queue after
00:42:43 [npdoty]
... don't want any new company/model to have to get a standards body's permission to explore a new business model
00:43:12 [npdoty]
... give a protocol retention period given how many companies talked about how useful it was
00:43:27 [Chapell]
While I recognize the importance of maintaining confidentiality when speaking with companies, and I certainly don't question TL or JM's ethics -- its very difficult to vet the accuracy of the claim that industry was widely consulted about this proposal without a better sense of the nature of the companies you've spoken with
00:43:29 [npdoty]
jmayer: defaults
00:44:06 [npdoty]
... this proposal says DNT can't be on by default, a concession as I and some others believe it would be a better policy if they could
00:44:22 [johnsimpson]
johnsimpson has left #dnt
00:44:36 [npdoty]
... servers don't get to "second-guess" an expressed header
00:44:37 [Chapell]
"industry" is a broad term -- sort of like "human" ---- some similarities, but lots of differences... making generalizations and extrapolations difficult
00:44:40 [aleecia]
00:44:44 [npdoty]
q+ WileyS
00:44:45 [WileyS]
00:44:47 [aleecia]
ack alex
00:44:49 [justin]
00:45:00 [ChrisPedigoOPA]
00:45:04 [schunter]
00:45:07 [sean]
sean has joined #dnt
00:45:13 [sean]
00:45:31 [npdoty]
alex: external verification as a motivation: why would privacy advocates be against internal verification like audits?
00:46:15 [npdoty]
... audits of internal operations, for example
00:46:57 [schunter]
00:47:04 [npdoty]
jmayer: I think external verification is important: strong role of encouraging compliance, researchers and advocates can work with regulators to discover issues, invite media or public pressure
00:47:08 [fwagner]
00:47:12 [npdoty]
... this would allow that mechanism to continue working
00:47:15 [aleecia]
If you passed before to wait, please add yourself now.
00:47:22 [npdoty]
... also gives consumer confidence
00:47:24 [aleecia]
And then we'll be closing the queue, since we're done at 6
00:47:51 [tlr]
zakim, close queue
00:47:51 [Zakim]
ok, tlr, the speaker queue is closed
00:48:08 [npdoty]
alex: but why don't you like internal audits? for example, when a party needs to collect some data
00:48:11 [schunter]
00:48:41 [npdoty]
jmayer: these were advantages I saw to external rather than internal
00:49:03 [npdoty]
alex: but can't you get all those advantages from internal audits? mathematically proven unlinkability can be audited for
00:49:33 [rigo]
00:49:43 [fielding]
00:50:02 [aleecia]
ack WileyS
00:50:05 [npdoty]
ack WileyS
00:50:15 [schunter]
00:51:01 [npdoty]
WileyS: said advocates were making a significant concession, but creating an exception that swallows the rule. because DNT:1 would still have to be followed.
00:51:23 [npdoty]
jmayer: gives an extra lever to say that browsers that set it by default are not in compliance with the W3C spec
00:51:38 [npdoty]
... possible legal measures, public pressure
00:52:09 [npdoty]
... couldn't claim to following the spec (which could otherwise be a deceptive practice)
00:52:17 [aleecia]
ack justin
00:52:33 [npdoty]
ack ChrisPedigoOPA
00:52:38 [aleecia]
ack ChrisPedigoOPA
00:52:44 [npdoty]
ack sean
00:53:07 [schunter]
00:53:11 [aleecia]
ack fwagner
00:53:13 [npdoty]
sean: thx for presentation. didn't address exceptions/out-of-band consent...?
00:53:22 [npdoty]
aleecia: not part of the original template folks were supposed to cover
00:53:56 [npdoty]
fwagner: do you expect a complete overview of all affiliates of Microsoft? would that list ever be complete?
00:54:07 [schunter]
00:54:10 [aleecia]
yes, yes it is
00:54:33 [cspiezle]
00:54:40 [npdoty]
jmayer: believe it's very similar to the proposal Shane presented; I would hope that it would be mostly complete although maybe there would be some edge cases (cover the 95% case)
00:54:49 [aleecia]
we end at 6
00:54:55 [erikn]
Aleecia wanted a few minutes to wrap up.
00:55:00 [erikn]
which I think is useful
00:55:26 [aleecia]
we could talk easily another hour
00:55:27 [schunter]
meetings should be 24*7 ;-)
00:55:30 [npdoty]
... I believe this could deviate from user expectations and an area where regulators have expressed concern, so I think it was a substantive concession
00:55:41 [aleecia]
on either proposal
00:55:51 [npdoty]
fwagner: can you make a clear difference between unlinkability and anonymity?
00:56:21 [npdoty]
jmayer: borrows some from DAA concept on deidentifiability
00:56:37 [npdoty]
... not asking for Arvind to proof your data
00:56:52 [npdoty]
... does ask for significant steps, beyond dropping an ID cookie, more like aggregation
00:57:01 [fielding]
I heard no justification for why outsourced service providers are listed as an exception instead of being part of the definition of same "party"
00:57:38 [npdoty]
fwagner: from a European perspective, collection of data while it's identifiable is still a problem with European regulations
00:57:42 [cspiezle]
we nned to accept business users may opt in by defualt for all of their devices and users. We need to be sure we respect this even though the user did not turn on DNT, but the owner of the device did. Second ISPs could offer a pre-configured browser for max privacy and security protections. If a user accepts the browser with DNT =1 then this option needs to be respected.
00:57:48 [rigo]
00:58:19 [npdoty]
schunter: jmayer talking about meeting his standard, not a guarantee of satisfying EU regulation
00:58:23 [npdoty]
Topic: wrap-up
00:58:37 [npdoty]
schunter: thanks for a productive discussion, civil ("no flying tomatoes ;)
00:58:52 [npdoty]
... always talk about the differences, sometimes we set aside how much agreement we have
00:58:56 [aleecia]
Ideally we have greater understanding walking out now
00:59:15 [npdoty]
... actually have a lot more agreement than we had, we're just not talking about those parts any more
00:59:20 [aleecia]
Address is in the agenda
00:59:45 [npdoty]
JC: caddy-corner for NE 8th & 110th, please bring your nameplates
00:59:57 [npdoty]
... if you get lost, call JC! :)
01:00:14 [schunter]
schunter has joined #dnt
01:00:32 [npdoty]
JC: doors open at 8 o'clock, food arrives at 8:30
01:00:58 [npdoty]
optional self-hosted dinner present here:
01:01:00 [npdoty]
01:01:07 [npdoty]
rrsagent, draft minutes
01:01:07 [RRSAgent]
I have made the request to generate npdoty
01:01:18 [npdoty]
Chair: aleecia, schunter
01:01:40 [npdoty]
Meeting: Tracking Protection Working Group Bellevue Face-to-Face
01:16:40 [KevinT]
KevinT has joined #dnt
01:19:12 [aleecia]
aleecia has joined #dnt
02:19:52 [tedleung]
tedleung has joined #dnt
03:10:33 [tedleung]
tedleung has joined #dnt
04:28:30 [Zakim]
Zakim has left #dnt
05:11:44 [tl]
tl has joined #dnt
05:18:09 [fielding]
fielding has joined #dnt
05:21:13 [schunter]
schunter has joined #dnt
05:23:16 [dwainberg]
dwainberg has joined #dnt
05:46:12 [dwainberg]
dwainberg has joined #dnt
06:16:26 [mischat]
mischat has joined #dnt
06:21:55 [fwagner]
fwagner has joined #dnt
06:43:53 [fielding_]
fielding_ has joined #dnt
06:49:59 [dwainberg]
dwainberg has joined #dnt
07:40:25 [fielding]
fielding has joined #dnt
09:06:14 [mischat]
mischat has joined #dnt
10:35:20 [mischat]
mischat has joined #dnt
10:35:50 [fwagner]
fwagner has joined #dnt
11:09:24 [mischat_]
mischat_ has joined #dnt
11:34:42 [mischat]
mischat has joined #dnt
12:05:19 [schunter]
schunter has joined #dnt
12:12:50 [djm]
djm has joined #dnt
12:13:59 [fwagner]
fwagner has joined #dnt
13:29:32 [djm]
djm has joined #dnt
13:56:08 [tedleung]
tedleung has joined #dnt
14:15:00 [djm]
djm has joined #dnt
14:19:16 [tl1]
tl1 has joined #dnt
14:19:17 [tedleung]
tedleung has joined #dnt
14:20:40 [fwagner]
fwagner has joined #dnt
14:42:03 [dwainberg]
dwainberg has joined #dnt
15:08:13 [ifette]
ifette has joined #dnt
15:09:38 [fielding]
fielding has joined #dnt
15:10:20 [schunter]
schunter has joined #dnt
15:16:59 [djm]
djm has joined #dnt
15:18:15 [tl]
tl has joined #dnt
15:21:24 [hwest]
hwest has joined #dnt
15:28:09 [tl]
tl has joined #dnt
15:36:56 [tedleung]
tedleung has joined #dnt
15:38:27 [hwest]
hwest has joined #dnt
15:40:03 [efelten]
efelten has joined #dnt
15:44:12 [efelten]
efelten has joined #dnt
15:46:03 [sidstamm]
sidstamm has joined #dnt
15:47:50 [mischat_]
mischat_ has joined #dnt
15:51:44 [KevinT]
KevinT has joined #dnt
15:53:24 [dwainberg]
dwainberg has joined #dnt
15:55:45 [erikn]
erikn has joined #dnt
15:56:07 [James]
James has joined #dnt
15:56:42 [ifette]
ifette has joined #dnt
15:58:41 [npdoty]
npdoty has joined #dnt
15:58:57 [npdoty]
rrsagent, make logs public
15:59:00 [npdoty]
rrsagent, pointer?
15:59:00 [RRSAgent]
15:59:20 [npdoty]
Meeting: Tracking Protection Working Group Bellevue F2F
15:59:24 [npdoty]
Chair: aleecia, schunter
15:59:48 [Joanne]
Joanne has joined #DNT
16:01:13 [npdoty]
scribenick: npdoty
16:01:29 [npdoty]
JC: welcome! breakfast kudos to hwest
16:01:41 [npdoty]
aleecia: welcome, reflections on yesterday
16:01:59 [npdoty]
... maybe not a particularly good use of our collective time, moving slowly
16:02:26 [npdoty]
... group has gotten a lot larger, so today we'll try more to use smaller groups
16:02:33 [aleecia]
aleecia has joined #dnt
16:03:00 [npdoty]
... not adding things new, but trying different approaches
16:03:03 [rvaneijk]
rvaneijk has joined #dnt
16:03:05 [npdoty]
... we need to publish something
16:03:27 [npdoty]
... we need to figure out what exactly we're building, better understanding of the two proposals
16:03:50 [robsherman]
robsherman has joined #dnt
16:04:06 [Ionel]
Ionel has joined #dnt
16:04:12 [npdoty]
... self-hosted dinner tonight
16:04:41 [npdoty]
efelten: want to say a few words for myself, I've been pretty quiet through these meetings but want to offer a perspective of where we are
16:04:45 [BrianH]
BrianH has joined #dnt
16:04:52 [Brooks]
Brooks has joined #dnt
16:04:55 [npdoty]
... frankly it hards to see how either of these proposals will get consensus as it is now
16:04:57 [jeffwilson]
jeffwilson has joined #dnt
16:05:26 [npdoty]
... I can't see how either group could "steam-roll" the other, and in any case it wouldn't be successful in getting legitimacy of all the stakeholders and users
16:05:27 [egrant]
egrant has joined #dnt
16:05:46 [npdoty]
... companies don't want a technology that's overly prescriptive about their practices
16:06:06 [npdoty]
... and consumers want a choice that makes a change in the data that's collected, retained and used
16:06:18 [npdoty]
... not all consumers want the same thing, that's why it's a user choice mechanism
16:06:21 [vinay]
vinay has joined #dnt
16:06:36 [npdoty]
... not all companies agree, if the MSFT IE discussion has taught us anything
16:06:56 [npdoty]
... natural in a competitive marketplace, different companies, even just the browser vendors, all have distinct positions
16:07:09 [npdoty]
... everyone is going to need to make concessions, concessions that impose some pain
16:07:20 [SimonKrauss]
SimonKrauss has joined #dnt
16:07:34 [npdoty]
... those of us who have been involved for a long time recognize what the available compromise would roughly look like
16:07:44 [npdoty]
... the biggest issue is the scope of permitted use exceptions
16:07:57 [fielding]
fielding has joined #dnt
16:08:00 [npdoty]
... if there is substantial agreement on that issue, the rest of it can be worked out, what the rest of an agreement would look like
16:08:22 [npdoty]
... this is an issue where FTC has spoken, Do Not Collect with limited permitted exceptions
16:08:34 [npdoty]
... we have an opportunity here to do something that's difficult to do in any other forum
16:08:55 [npdoty]
... we have very significant areas of agreement, which we might miss because we talk most about the areas where we disagree
16:09:30 [npdoty]
... not any magic to get to an answer on this, but the stakes are high, think about the alternative to a compromise (as we discussed yesterday)
16:09:56 [npdoty]
... and to the extent that I can be helpful, either by talking to folks or getting out of the way, please let me know
16:10:10 [robsherman]
ScribeNick: robsherman
16:10:15 [jmayer]
jmayer has joined #dnt
16:10:15 [justin_]
justin_ has joined #dnt
16:10:28 [cSpiezle]
cSpiezle has joined #dnt
16:10:28 [vincent]
vincent has joined #dnt
16:10:31 [PG]
PG has joined #dnt
16:10:31 [adrianba]
adrianba has joined #dnt
16:10:34 [schunter]
schunter has joined #dnt
16:10:35 [robsherman]
aleecia: Want to summarize what we hope DNT will help us avoid as compared to current proposals.
16:10:52 [robsherman]
… After that, break into small groups to discuss issues and then bring proposals back to the group.
16:10:57 [robsherman]
… We'll re-plan after lunch.
16:11:12 [robsherman]
jchester: Not sure that small groups make sense.
16:11:41 [robsherman]
aleecia: we're not giving enough time for individuals to get their points across effectively.
16:11:44 [rigo]
rigo has joined #dnt
16:12:18 [robsherman]
jchester: Industry colleagues should specify what their concerns are and articulate how it would affect their business. If we break into small groups, that would help us understand the playing field.
16:12:38 [tlr]
tlr has joined #dnt
16:12:47 [Ionel]
thanks for using the mic
16:13:02 [robsherman]
aleecia: Let's go ahead and do small groups and then do that after lunch. We'll get more out of people having a discussion than we will with this many people.
16:13:17 [robsherman]
XX: No point in talking to a portion of the group - just repeat ourselves.
16:13:29 [efelten]
16:13:36 [robsherman]
thx efelten
16:13:47 [robsherman]
fielding: How do you envision setting up the groups?
16:14:07 [robsherman]
aleecia: Please do not go to groups of people you coauthored a proposal with. I'm not going to assign them, but they should be balanced.
16:14:18 [robsherman]
… Observers should not write parts of proposals because of IP concerns.
16:15:00 [chesterj2]
chesterj2 has joined #dnt
16:15:04 [robsherman]
schunter: Rob explained some principles under which exceptions are acceptable in the EU. We have to discuss each one-by-one but we need a working group to discuss this.
16:15:19 [robsherman]
rvaneijk: Good idea — we have work to do.
16:15:27 [suegl]
suegl has joined #dnt
16:15:45 [robsherman]
aleecia: Going to summarize status of proposals discussed yesterday, and also recalling CDT proposal.
16:16:15 [bryan]
bryan has joined #dnt
16:16:19 [robsherman]
WileyS: I think you've made some assertions that aren't correct.
16:16:31 [robsherman]
aleecia: Don't interrupt.
16:16:43 [bryan]
present+ Bryan_Sullivan
16:17:01 [bryan]
Does anyone have a link to the slide being presented?
16:17:10 [robsherman]
… EU enforcement risk if people adopt Jonathan proposal is less likely, more likely under Shane's. Unclear under CDT.
16:17:30 [robsherman]
… Few browsers would adopt new mechanisms for privacy under Jonathan proposal, more under Shane, unclear under CDT.
16:17:44 [robsherman]
… Arms race continues regardless of which proposal we adopt.
16:18:06 [robsherman]
… If I wanted to do this, could do Jonathan's approach with cookie management. Shane's with beefTACO. No real analog for CDT.
16:18:12 [robsherman]
s/do this/do this today
16:18:33 [robsherman]
… Jonathan's proposal protects privacy, Shane's doesn't, and CDT's somewhat.
16:18:51 [robsherman]
… Jonathan's proposal is unlikely to be adopted. Shane's will get widespread adoption. Unclear where CDT stands.
16:18:59 [npdoty]
16:19:03 [Zakim]
Zakim has joined #dnt
16:19:12 [npdoty]
q+ WileyS
16:19:25 [npdoty]
ack WileyS
16:19:31 [fielding]
what CDT proposal?
16:19:31 [robsherman]
WileyS: Please explain the CDT proposal and how you made those assertions because we didn't get a chance to summarize it yesterday. I think our proposal and CDT's were quite well aligned.
16:19:42 [robsherman]
aleecia: Not going back to CDT workshop but looking at the CDT proposal from DC.
16:20:01 [robsherman]
… We decided we weren't going to propose it but useful to look at for comparison.
16:20:03 [tlr]
justin_ - can you drop a link to that proposal into IRC, please?
16:20:08 [robsherman]
… Main difference is retention.
16:20:11 [justin_]
I would say permitted uses were the biggest difference.
16:20:16 [justin_]
I will link in one sec
16:20:18 [npdoty]
I believe this is the CDT text:
16:20:27 [robsherman]
… At a high level, proposals are very similar in structure, and that's a great thing.
16:20:30 [tlr]
thanks, Nik
16:20:33 [tlr]
16:20:59 [robsherman]
WileyS: If you feel retention is the demarcation point between likely/clear/unclear, I don't understand that thought process.
16:21:25 [justin_]
16:21:26 [robsherman]
… The two proposals are different in this regard. Flat, arbitrary 14-day vs. company-specific periods with transparency.
16:21:37 [robsherman]
… Justin, can you summarize?
16:21:49 [robsherman]
justin: Biggest difference is permitted uses.
16:22:01 [robsherman]
… Don't allow for product improvement — thought that could go on forever.
16:22:03 [Marc]
Marc has joined #dnt
16:22:17 [robsherman]
… We did create a 2-week window for product improvement.
16:22:25 [npdoty]
16:22:28 [robsherman]
… We didn't include a broader 2-week grace period but that could be a logical extension.
16:22:37 [robsherman]
aleecia: jmayer, want to weighin?
16:22:43 [robsherman]
s/weighin/weigh in
16:22:49 [robsherman]
jmayer: No.
16:22:51 [alex]
alex has joined #dnt
16:22:55 [npdoty]
16:23:03 [robsherman]
aleecia: Anyone else?
16:23:12 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
16:23:28 [robsherman]
dwainberg: I'm not clear where this gets us.
16:23:43 [robsherman]
aleecia: The point of this is to go back through what we discussed yesterday and to understand what we're trying to avoid with DNT.
16:24:02 [robsherman]
… I'm looking at whether these proposals address the issues we're trying to avoid. I don't think either proposal would actually work.
16:24:13 [meme]
meme has joined #dnt
16:24:17 [erikn]
q+ WileyS
16:24:18 [tlr]
16:24:21 [justin_]
I would agree with WileyS's statement that CDT's proposal is more closely aligned to the industry proposal as it does allow for unique identifiers. However, if I were to update this in light of recent events, I would be more explicit that third parties cannot guess user agents (though I still want to explore other ways to ensure UA compliance with the spec).
16:24:21 [ifette]
16:24:30 [sean]
sean has joined #dnt
16:24:32 [robsherman]
npdoty: WileyS, you're saying that your proposal is similar to CDT.
16:24:39 [justin_]
For those who have just logged on,
16:24:56 [sidstamm]
q+ rvaneijk
16:25:05 [rigo]
16:25:10 [jmayer]
s/No./Aleecia's summary seems reasonable to me./
16:25:12 [robsherman]
… Maybe if we just tried to elaborate on the existing proposal w/r/t collection and retention that would be a way forward.
16:25:37 [robsherman]
jchester: Don't support the CDT proposal, but Aleecia described it well. Yahoo's proposal is a non-starter with US/consumer groups/EU.
16:25:39 [erikn]
ack WileyS
16:25:42 [rigo]
16:25:50 [fwagner]
fwagner has joined #dnt
16:25:59 [robsherman]
WileyS: Want to go through each of these points. You made some broad claims, such as that our proposal "protects privacy barely," which I disagree with.
16:26:08 [fielding]
we are wasting our time
16:26:20 [robsherman]
… There's a lot in there. You should ask whether the proposal "allows Internet to remain free, etc." and play this either way.
16:26:34 [RobG]
RobG has joined #dnt
16:26:36 [erikn]
16:26:45 [robsherman]
… Our proposal has incredibly strong limits, limits data use to only things necessary to keep business alive. I don't think there will be regulation, and I agree that it will be broadly implemented.
16:26:49 [fielding]
16:27:00 [robsherman]
… On EU risk, I agree if done in isolation but also true for Jonathan's.
16:27:09 [robsherman]
… I think new measures for privacy will come up regardless of what we do in this group.
16:27:21 [robsherman]
… Privacy discussion didn't begin here and it won't end here.
16:27:53 [robsherman]
… Arms race: I think that will exist for a long time. Companies will try to monetize the services they're providing and that will happen regardless.
16:27:55 [rigo]
16:28:08 [robsherman]
… beefTACO — I think you're talking about opt-out cookie persistence and lots of tools do that today.
16:28:13 [robsherman]
… but our proposal goes farther.
16:28:13 [jmayer]
16:28:21 [susanisrael]
susanisrael has joined #dnt
16:28:32 [robsherman]
… We say that data is only used for necessary purposes — no further profiling.
16:28:36 [tlr]
16:29:03 [robsherman]
aleecia: Under any of these proposals, small OBA companies will go out of business.
16:29:22 [robsherman]
… Getting permission is difficult if you don't have a brand. So the only thing you care about is the percentage of people who have DNT on.
16:29:28 [fwagner_]
fwagner_ has joined #dnt
16:29:34 [Brooks]
16:29:40 [robsherman]
… Companies say 10-15% is breaking point. We're seeing 10-15% for FFX mobile, desktop >10%.
16:29:55 [robsherman]
… So for those companies who JUST do OBA, this is a bad day. It really is. But not necessarily for the Internet overall.
16:29:58 [tlr]
16:29:59 [robsherman]
ack ifette
16:29:59 [cSpiezle]
16:30:04 [tlr]
q+ Marc,
16:30:04 [justin_]
ack ifette
16:30:10 [npdoty]
to try to capture Shane's point, re: Do Not Target, we get that and the proposal goes beyond and addresses collection
16:30:28 [Chapell]
Chapell has joined #DNT
16:30:32 [robsherman]
ifette: Disagree with your assessment of the percentages. Setting it has no effect now because the user sees nothing. Not sure what will happen when it gets implemented.
16:30:45 [Marc]
16:30:58 [robsherman]
… Been talking with jchester and others to understand the main,bottom line concern is that a 3P has a collection of your browsing activities that can be subpoenaed by gov't, subject to breaches, etc.
16:31:05 [robsherman]
... I don't see either proposal changing that.
16:31:16 [robsherman]
… We all understand for legitimate uses like security/fraud, that risk is there.
16:31:38 [justin_]
s/.../. . .
16:31:42 [robsherman]
… Given that we all agree that this is a primary risk that people are most concerned about and given that neither addresses it, the fact that we get so bogged down seems a little strange to me.
16:31:53 [rigo]
16:31:56 [robsherman]
ack rvaneijk
16:32:11 [robsherman]
rvaneijk: Transparency and accountability are important.
16:32:44 [robsherman]
… Trying to build good controls. The outcome of this group should be building blocks leading to compliance.
16:33:16 [robsherman]
… Control: Control is tied to risk. Looking at legitimate business interests, This is the thing we need to focus on.
16:33:35 [rigo]
16:33:38 [robsherman]
… Increased control needs to be looked at from a business perspective, and that's one approach. But also need to consider from user perspective.
16:33:47 [robsherman]
… Control is the last piece of the puzzle that needs to be solved.
16:34:02 [npdoty]
ack erikn
16:34:18 [robsherman]
erikn: This is well-traveled ground. Let's be more efficient. Support small group proposal.
16:34:23 [npdoty]
ack fielding
16:34:42 [robsherman]
fielding: Let's stop discussing the overview and start discussing actual written proposals that nobody has addressed from the mailing list.
16:34:49 [susanisrael]
+1 to roy's discussion
16:34:54 [dwainberg]
16:34:59 [npdoty]
ack jmayer
16:35:12 [Chapell]
+1 to roy
16:35:13 [robsherman]
jmayer: Like the idea of small groups. Need to focus on specific permitted uses and how to balance business needs against privacy.
16:35:24 [npdoty]
ack Brooks
16:35:38 [robsherman]
Brooks: Danger in Aleecia's comment that this is limited to small OBA companies. I think we're underappreciating the issues here.
16:35:54 [robsherman]
… OBA is the least of my worries. If you take Internet advertising, there's much more value in reporting than in targeting.
16:36:14 [robsherman]
… What we're talking about here is undermining the ability of advertiser to demonstrate the value of advertising.
16:36:29 [Joanne]
we should Aleecia's combined proposal doc for the small group discussions
16:36:37 [tl]
16:36:40 [robsherman]
… We're talking about fundamentally undermining the whole ability for any advertiserto understand how effective it was to buy one property over another.
16:36:43 [npdoty]
maybe this is a good guiding goal: maintain (or improve) reporting, and put limits on collection
16:37:01 [robsherman]
… Google is successful in AdWords because it works perfectly. I know if I spent $1.25 on a click and made $1.26.
16:37:10 [robsherman]
… The more we undermine that the less valuable it will be.
16:37:27 [npdoty]
Joanne, +1, we can add the permitted uses we work out on to Aleecia's combo draft
16:37:32 [robsherman]
aleecia: We've talked about outsourced parties as a way to get that to work.
16:37:39 [robsherman]
… That helps with reporting, analysis, etc.
16:37:59 [robsherman]
Brooks: I've been doing this for a long time. Publishers and advertisers don't trust each other, and we need an independent way of counting and reporting.
16:38:15 [robsherman]
aleecia: That's exactly what the proposals do.
16:38:27 [robsherman]
… 7 more minutes of discussion.
16:38:30 [robsherman]
16:38:35 [robsherman]
ack cSpiezle
16:38:46 [robsherman]
cSpiezle: Business discussion is the core of the issue.
16:39:00 [robsherman]
… Last night I looked at IE. It's taken 14 months for it to get to current market share.
16:39:02 [tlr]
I think Brooks' point is really important -- do not design assuming advertisers and publishers are natural allies in the business environment.
16:39:22 [robsherman]
…. We're inflating the impact. But on the other hand, we've seen other sea changes forced due to security/privacy.
16:39:23 [tlr]
(in the sense of, being able to trust each other with invoicing or reporting)
16:39:44 [robsherman]
… Pop-up blocker debate from years ago. Many people said they would go out of business and some did. But most people evolved and innovated.
16:39:54 [robsherman]
… Same with privacy beacons in emails. And then clients addressed it.
16:40:11 [tl]
16:40:12 [npdoty]
others want to join small group with jmayer and Brooks on reporting?
16:40:15 [tl]
16:40:17 [robsherman]
… Need to step back and look at real business issues here. Smart businesses will innovate and evolve. Need to move forward.
16:40:27 [robsherman]
ack Marc
16:40:42 [robsherman]
Marc: Notion that this will impact only a small number of OBA companies is wrong.
16:40:52 [robsherman]
… Not helpful to this discussion. There's a huge impact on advertisers and publishers.
16:41:06 [robsherman]
… Looking forward to having an opportunity to present those facts in a productive discussion.
16:41:22 [robsherman]
… But if the decision is we'll throw some companies on the bus, some of us can go and the conversation will conitnue.
16:41:27 [npdoty]
erikn, WileyS, want to work on retention/collection elaboration, based on the industry proposal, in a small group?
16:41:41 [robsherman]
… I also don't think this does so much for privacy. You'll have more data collection, that's more invasive, and that will involve PII.
16:41:48 [robsherman]
… What will change is who is colelcting.
16:41:56 [robsherman]
… We'll see consent wars and pop-up wars, and people need to consider that.
16:42:18 [tlr]
16:42:18 [robsherman]
… I hope we can have that discussion in a thoughtful and productive way.
16:42:30 [robsherman]
aleecia: Marc, I agree with you that there's far more going on than OBA.
16:42:34 [npdoty]
I think we're all agreed that we'd prefer a Do Not Track outcome to the alternatives that Marc is referring to.
16:42:51 [robsherman]
… Let's split into 5 groups. All groups will need a scribe and observers will have to just observe.
16:43:04 [robsherman]
… I'd like groups to look at text and copy and paste where possible.
16:43:11 [robsherman]
q+ ifette
16:43:26 [jmayer]
I'm unsure where this line of concern from. I didn't hear Aleecia argue that small-company OBA would be the only impact, just one significant impact.
16:43:34 [robsherman]
… responsibilities of 1P, 3P, and outsourced parties. That's where we're having biggest disagreements.
16:43:42 [robsherman]
… Some of the things we've talked about:
16:43:45 [robsherman]
… no data collection at all
16:43:49 [robsherman]
… aggregating at time of collection
16:43:53 [robsherman]
… unidentifiable after collection
16:43:57 [robsherman]
… siloing to specific party
16:43:59 [robsherman]
… retention limits
16:44:13 [robsherman]
… use limitations: security, billing/$, freq capping, debugging
16:44:15 [robsherman]
… transparency
16:44:24 [robsherman]
aleecia: Anything else missing from this list?
16:44:47 [jmayer]
16:45:14 [robsherman]
aleecia: Not suggesting that we should use these things in specific places, but they seem to be what we've discussed.
16:45:27 [npdoty]
internal/operational limits?
16:45:33 [robsherman]
susanisrael: Why are use limitations on the tools list?
16:45:39 [robsherman]
aleecia: I really mean approaches.
16:45:50 [robsherman]
schunter: Fraud prevention. If you collect for that purpose, you must not use it later.
16:45:55 [johnsimpson]
johnsimpson has joined #dnt
16:46:18 [robsherman]
susanisrael: Discussion yesterday about the idea of research. Is this meant to be restrictive and that internal product/improvement research wouldn't be legitimate?
16:46:28 [robsherman]
aleecia: This was meant to follow Shane's proposal.
16:46:37 [robsherman]
16:46:37 [ifette]
16:46:53 [fielding]
I don't see any reason to continue with either proposal
16:46:59 [robsherman]
ack ifette
16:47:17 [sean]
16:47:20 [robsherman]
ifette: Logistical question: Should we do an email to the mailing list for small group scribing?
16:47:22 [npdoty]
we could have breakout groups working from Combo-draft, the CDT proposal, the industry proposal, the existing WD,
16:47:23 [robsherman]
aleecia: Yes.
16:47:33 [robsherman]
ack jmayer
16:47:46 [rigo]
16:48:12 [npdoty]
maybe also a breakout group trying to merge/diff the proposals presented by Shane and Jonathan
16:48:18 [robsherman]
jmayer: Within the bucket of things that might be aggregated at point of collection: Some companies have a cookie that doesn't tell you anything, but then there's real information that is unlinkable (like an opt-out value).
16:48:37 [npdoty]
+1 on internal controls (legal or technical)
16:48:50 [robsherman]
… There's also been discussion of business/legal controls. Also internal technical controls. Example: if you're going to have protocol logs for 6 months for security, those would be encrypted and have access controls.
16:49:14 [npdoty]
I've checked in our updates from yesterday's drafting session to the "combo-draft.html" that we can work from
16:49:15 [npdoty]
16:49:18 [robsherman]
aleecia: I had intended to capture something like en_US. But I'm adding to this list internal business/legal and technical controls. Also adding auditing.
16:49:31 [robsherman]
… Anything else that people might want to discuss?
16:49:33 [robsherman]
ack sean
16:49:34 [tlr]
q+ rigo
16:49:57 [robsherman]
sean: Disallowing specific technological means for collecting information
16:50:09 [JC]
JC has joined #DNT
16:50:14 [robsherman]
schunter: One example would be jmayer's distinction between active and passive collection.
16:50:26 [robsherman]
… Could say that in some cases only allow passive collection.
16:50:43 [robsherman]
sean: Another example would be client-side cookies that are uniquely identified but never returned to server. Unique hashes.
16:51:07 [robsherman]
16:51:24 [mischat]
mischat has joined #dnt
16:51:30 [robsherman]
tl: Normally a cookie is provided by one domain with a distinct identifier for one domain.
16:51:55 [robsherman]
… A double-keyed cookie means the identifier is determined not just by who they are, but who they are + where they are.
16:52:03 [robsherman]
… gets a different ID on each 1P site.
16:52:13 [robsherman]
… unique identifier for 1P+3P combination.
16:52:22 [robsherman]
schunter: Way to implement siloing for cookies?
16:52:25 [robsherman]
fielding: Yes.
16:52:53 [robsherman]
… Other approach is server-side agreement to hash cookie that is cross-fed and not stored.
16:53:00 [alex]
16:53:08 [robsherman]
aleecia: Questions?
16:53:20 [npdoty]
ack alex
16:53:20 [jmayer]
16:53:27 [robsherman]
Alex: I understand the mechanism but don't understand how it works in double-iframe scenario.
16:53:34 [robsherman]
fielding: Just one solution; won't work everywhere.
16:53:42 [robsherman]
Alex: That may break down because of existing tech implementations.
16:53:51 [robsherman]
tl: You're saying that some things you're currently able to do?
16:53:54 [tlr]
16:53:56 [tedleung]
16:54:13 [tlr]
ted, did you want to queue?
16:54:22 [tlr]
q+ tedleung
16:54:30 [tedleung]
16:54:33 [robsherman]
Alex: I'm trying to say that if I want to implement this, the intention of the proposal is that cookies be siloed based on 1P. Because of double-iframe problem, the first domain that I get is one iframe up, which may be same for mult domains. So I get the same hash.
16:54:38 [tedleung]
thx tlr - a fat finger on my part
16:54:43 [tlr]
ah, ok :)
16:54:52 [robsherman]
fielding: On browser side, can always obtain top-level domain of current page.
16:55:06 [robsherman]
… 3P would set cookie, but browser controls what to send back.
16:55:11 [npdoty]
q+ Brooks
16:55:26 [robsherman]
tl: Might have 100 cookies. One cookie per 1P.
16:55:39 [robsherman]
Alex: Implementation is browser-specific?
16:55:58 [npdoty]
updated combo-draft is here:
16:56:07 [robsherman]
tl: Let's take this offline.
16:56:12 [jmayer]
16:56:12 [npdoty]
ack rigo
16:56:13 [robsherman]
ack rigo
16:56:36 [robsherman]
rigo: We've done a lot of research on server-side data minimization. So many solutions. The question is how far can we go without overburdening the industry.
16:57:03 [robsherman]
… One of my major problems is we okay frequency capping and you store the cookie ID w/ URI, then you can still see what I read.
16:57:22 [robsherman]
… I don't mind you knowing I was on but do mind you knowing what I read there.
16:57:32 [robsherman]
… We should discuss this in a breakout.
16:57:43 [robsherman]
aleecia: Any additional new approaches to add to this list?
16:58:05 [robsherman]
… The goal here is to have approaches that people can match these and switch them around for various cases.
16:58:14 [robsherman]
… What are responsibilities for various parties using these approaches?
16:58:24 [robsherman]
… Let's not go into defaults and UAs now.
16:58:36 [robsherman]
… Focus on the core of what we're doing and where there are disagreements.
16:58:55 [robsherman]
… Also consider impact on privacy, implementation ease (for large and small 1Ps and 3Ps), likely to satisfy regulators.
16:59:02 [robsherman]
… Important to understand impact on business.
16:59:14 [robsherman]
… We should be able to estimate difficulty of implementation.
16:59:40 [robsherman]
… As you split into groups, be sure you're not standing with people you normally work with.
17:00:08 [robsherman]
… Observers, please spread yourselves out and observe.
17:00:26 [robsherman]
susanisrael: Would it be better to summarize rather than scribe so that scribe can participate?
17:00:32 [robsherman]
aleecia: If you have an observer, use the observer as a scribe.
17:00:42 [robsherman]
… At the end, we'll come back in large group.
17:05:37 [aleecia]
Approaches we just discussed:
17:06:20 [aleecia]
No data collection
17:06:21 [aleecia]
Aggregate at the time of collection (OPT-OUT)
17:06:22 [aleecia]
Unidentifiable information after collection
17:06:24 [aleecia]
Siloing of data to a specific party
17:06:25 [aleecia]
Retention limits
17:06:27 [aleecia]
Use limitations
17:06:28 [aleecia]
17:06:30 [aleecia]
Billing / financial
17:06:31 [aleecia]
Frequency capping
17:06:33 [aleecia]
17:06:33 [egrant]
egrant has joined #dnt
17:06:34 [aleecia]
17:06:35 [aleecia]
Internal legal / business controls
17:06:37 [aleecia]
Internal technical controls
17:06:39 [aleecia]
17:06:47 [aleecia]
Disallowing specific (hard-coded) technologies (e.g. LSOs)
17:06:52 [aleecia]
Active v. passive collection
17:06:55 [vincent]
vincent has joined #dnt
17:07:04 [aleecia]
Double-keyed cookies on the browser side
17:07:12 [aleecia]
Double-keyed cookies on the server side
17:07:15 [ifette]
notes for center group:
17:08:15 [johnsimpson]
johnsimpson has left #dnt
17:09:32 [meme]
meme has joined #dnt
17:09:44 [ifette]
17:13:17 [Chapell]
Chapell has joined #DNT
17:20:42 [fielding]
fielding has joined #dnt
17:20:48 [Chapell]
Point of clarification - as this was raised in our small group
17:21:02 [aleecia]
17:21:55 [aleecia]
Timing: break from 11:00 - 11:30, recap in full group for 15 minutes to talk through where you landed for first parties, third parties, and outsourced parties.
17:22:02 [fwagner_]
fwagner_ has joined #dnt
17:22:08 [aleecia]
15 minutes each
17:22:38 [aleecia]
Lunch at 13:00
17:23:12 [Chapell]
I believe Aleecia said.... (paraphrasing) that the ultimate output of the TPG would be a bad day for third parties who conduct OBA because many would be out of business - but that is a good day for privacy. Do I have that correct?
17:24:04 [aleecia]
17:24:17 [Chapell]
Ok - you may want to come into our group as that seems to be the conensus here
17:24:21 [aleecia]
My concern is that it does little for privacy but harms business substantially
17:24:27 [aleecia]
That is a bad outcome
17:24:34 [aleecia]
And what DNT was designed *not* to be
17:24:48 [Chapell]
I would encourage you to make that clear to the larger group - as that was the impression that many of us were left with
17:24:49 [aleecia]
…a year plus ago.
17:25:01 [aleecia]
Thanks for that as feedback.
17:25:08 [Chapell]
and while I'm not going to represent the views of others - but its not simply industry
17:25:49 [aleecia]
Having privacy at the expense of business is the entire problem I hope DNT will avoid. That was the point, to me, of bothering to spend a year of my life on this.
17:25:58 [Chapell]
so when i see the powerpoint from this morning coupled with that statement (as interpreted by many in the room) -- I'm sort of wondering if the end goal here is a productive discussion
17:27:06 [aleecia]
We've been stuck. It's time to get unstuck. And yes, my frustration at my lack of ability to move things forward right now is coming through.
17:27:12 [aleecia]
I am worried for business with this.
17:27:21 [aleecia]
I don't want an adblock world.
17:29:30 [BerinSzoka]
BerinSzoka has joined #DNT
17:29:41 [Chapell]
This group is heading down a direction where large, first party companies are going to continue to collect data -- more data, more sensitive data --- and this will ultimately be at the expense of both privacy and innovation
17:33:09 [asoltani]
Chapell: I don't necessarily agree with your conclusion as 'large first party' companies would still be under the same restrictions when operating in a 3rd party context.
17:35:06 [asoltani]
However the net pro-privacy effect will be that consumers will have some ability to be informed about and control the typically non-visible 3rd party tracking that occurs as they browse the web
17:38:05 [Chapell]
Asoltani: First parties will figure out ways to override DNT -- so we're into an opt-in world
17:39:08 [schunter]
schunter has joined #dnt
17:47:36 [npdoty]
rrsagent, pointer?
17:47:36 [RRSAgent]
17:47:55 [npdoty]
rrsagent, pointer?
17:47:55 [RRSAgent]
18:08:08 [fwagner_]
fwagner_ has joined #dnt
18:08:36 [randomwalker]
randomwalker has joined #dnt
18:18:38 [KevinT]
KevinT has joined #dnt
18:25:58 [dwainberg]
dwainberg has joined #dnt
18:33:48 [efelten]
efelten has joined #dnt
18:34:12 [efelten]
efelten has joined #dnt
18:38:06 [npdoty]
npdoty has joined #dnt
18:39:07 [npdoty]
scribenick: JC
18:39:13 [meme]
meme has joined #dnt
18:39:16 [npdoty]
Topic: Reports on breakouts
18:39:20 [npdoty]
rrsagent, pointer?
18:39:20 [RRSAgent]
18:40:02 [npdoty]
some of the early notes from this group:
18:40:36 [JC]
Meme: We decided that a flowchart was an effective way to present our work
18:40:57 [aleecia]
aleecia has joined #dnt
18:41:20 [JC]
... Ed helped us formalize our thoughts
18:41:39 [JC]
Ed: Limit on targetting and collection with limited exceptions
18:42:01 [JC]
Ian: There is likely going to be data collection to cover permitted uses
18:42:04 [James]
James has joined #dnt
18:42:15 [JC]
... the boxes show limits on collection
18:42:20 [amyc]
amyc has joined #dnt
18:42:29 [JC]
Meme: The boxes help us frame the issues
18:42:50 [JC]
Ian: First box indicates what not to do
18:43:29 [JC]
... The user's experience may be altered for security or fraud purposes
18:43:40 [JC]
... unique identifier may be used
18:43:49 [robsherman]
robsherman has joined #dnt
18:44:30 [JC]
... retention period must be what is minimally necessary for the purpose (permitted use)
18:44:50 [JC]
... use is limited for purpose for which the data was retained.
18:45:13 [sidstamm]
sidstamm has joined #dnt
18:45:15 [JC]
Aleecia: Can you indicate how limits are made?
18:45:26 [JC]
Ian: Auditability of access to data
18:45:38 [JC]
Justin: Tell me more about auditing
18:45:50 [JC]
... explain why you are retaining data.
18:46:04 [JC]
Meme: Will defer to those that know more
18:46:34 [JC]
Ian: We retain what is necessary, cookie data etc., to satisfy an audit for a specific purpose
18:47:04 [susanisrael]
susanisrael has joined #dnt
18:47:07 [alex]
alex has joined #dnt
18:47:35 [JC]
Shane: In financial transaction due to legal or contractual obligations retention may be needed
18:47:42 [aleecia]
18:47:46 [jmayer]
18:47:47 [JC]
... for example to cover frequency capping commitment
18:48:20 [RobGratchner]
RobGratchner has joined #dnt
18:48:30 [vincent]
vincent has joined #dnt
18:48:35 [JC]
... financial transactions must be recorded to cover legal obligations
18:48:58 [JC]
... there are legal and contractual obligations that need to be audited
18:49:29 [egrant]
egrant has joined #dnt
18:49:41 [JC]
... some things are federally mandated and others contractual
18:50:44 [JC]
Justin: So there are legal reasons to keep cookie and other data?
18:50:48 [JC]
Shane: Yes
18:50:48 [aleecia]
ack Brooks
18:50:49 [npdoty]
ack Brooks
18:50:53 [dwainberg]
dwainberg has joined #dnt
18:51:18 [dwainberg]
dwainberg has joined #dnt
18:51:23 [JC]
Brook: All ad data belongs t othe advertiser
18:51:43 [aleecia]
18:51:46 [aleecia]
ack jmayer
18:51:53 [JC]
... placing obligations due to the standard adds huge complexity
18:52:15 [JC]
Jonathan: Contracts can inform what is needed and what can be accomplished
18:52:24 [aleecia]
18:52:32 [Chapell]
Chapell has joined #DNT
18:52:58 [suegl]
suegl has joined #dnt
18:53:00 [JC]
Meme: We all have contracts that we have to comply with
18:53:08 [susanisrael]
+q susanisrael
18:53:14 [JC]
... we don't want to have contracts that create a loophole
18:53:30 [aleecia]
18:53:36 [JC]
... the reality is there are millions of contracts in place today that we cannot ignore
18:53:51 [randomwalker]
randomwalker has joined #dnt
18:53:54 [JC]
Nick: Trying to describe what is necessary for use can change over time
18:54:05 [justin_]
justin_ has joined #dnt
18:54:09 [JC]
... trying to describe it is difficult
18:54:27 [JC]
Ian: The ad network may be the processor, but not the owner
18:54:27 [aleecia]
ack susanisrael
18:54:46 [JC]
Matthais: Let's limit discussion to clarifying questions
18:55:15 [JC]
Susan: I second Meme about contractual obligations
18:55:19 [jeffwilson]
jeffwilson has joined #dnt
18:55:33 [JC]
Meme: Contracts may reflect our work over time
18:56:51 [JC]
In the hum test the Meme/Ian proposal was found acceptable
18:57:04 [JC]
Simon: We focused on exceptions
18:57:12 [npdoty]
that is, there didn't seem to be anyone who couldn't live with something in the Meme/Ian direction
18:57:19 [jmayer]
My point earlier: There are two levels to the proposed exceptions discussion: 1) which uses are allowed and 2) which information practices are necessary for those uses? Contracts shouldn't dictate either, we should think primarily about substance.
18:57:23 [JC]
... we looked at Shane/Jonathan's drafts to see what we could use
18:57:56 [jmayer]
I'm not sure if everyone followed what that hum was about. The proposal was a high-level framework for approaching problems, not any particular specifics.
18:58:02 [aleecia]
Jonathan, what sort of language that meets MeMe's requirements do you think would work?
18:58:06 [JC]
... freq capping, impressions, clicks. Can advertiser keep this information.
18:58:17 [JC]
... is there way to get this data without a cookie?
18:58:28 [JC]
... we tabled that for later.
18:58:49 [JC]
... Agreed that we need things for auding security and fraud.
18:58:55 [jmayer]
aleecia, I think a phase-in period for old contracts would be reasonable. Going forward, I think the standard should determine what companies do and agree to, not the other way around.
18:59:07 [JC]
... Need to collect data before the fraud to determine if fraud occurred.
18:59:11 [aleecia]
What would that look like?
18:59:23 [JC]
... looked at storing a unique cookie for debugging purposes.
19:00:11 [npdoty]
19:00:18 [JC]
... could not agree on whether it was possible to proactively place a cookie in anticipation of security or fraud.
19:00:20 [npdoty]
q+ WileyS
19:00:22 [marc]
marc has joined #dnt
19:00:27 [npdoty]
ack WileyS
19:00:44 [JC]
Shane: What was the thought process for knowing what you don't know?
19:01:17 [JC]
Simon: I pointed out the issue, but can't say we had an answer.
19:01:47 [JC]
Jonathan: There is ambiguity, but companies need to state what they need for debugging.
19:02:04 [JC]
... that can lead to alternative solutions. Low entropy cookies etc.
19:02:40 [CraigSpi]
CraigSpi has joined #dnt
19:02:47 [JC]
... Unlike security and fraud, forensics going back for debugging you can collect additional information.
19:03:21 [rigo]
19:03:22 [JC]
... some companies already do remove cookies if the user opts out. They somehow debug witout cookies.
19:03:49 [JC]
Aleecia: How to tailor debugging and fraud, did you cover other areas.
19:04:03 [JC]
Simon: We did look at reporting, but focused on those two areas.
19:04:17 [JC]
Jonathan: We tried to find middle ground on those two areas.
19:06:20 [JC]
Ian: I don't agree that we can wait until we see a problem and then add a cookie.
19:06:23 [fielding]
19:06:33 [JC]
Aleecia: Is that just for security or other purposes?
19:06:51 [JC]
Ian: Cookies are necessary for security purposes. I wouldn't want to get rid of them.
19:07:27 [JC]
... I don't necessarily believe the same for debugging, but I don't have enough data to respond.
19:07:42 [npdoty]
scribenick: jmayer
19:07:44 [JC]
Jonathan: I feel Sean feels differently.
19:08:01 [rvaneijk]
19:08:25 [jmayer]
In our group, Sean (another Googler) suggested he could tentatively be OK with graduated response on debugging.
19:08:30 [JC]
Shunter: We looked at Shane's proposal and looked at how to improve it to reach common ground.
19:08:45 [JC]
... The proposal should spell out a limited retention period.
19:08:54 [jmayer]
schunter: focused on Shane's proposal, looked to improvements to reach common ground
19:09:08 [JC]
... Don't know if there should be a maximum retention period.
19:09:11 [djm]
djm has joined #dnt
19:09:20 [jmayer]
... requirement of fixed retention policy, must be public
19:09:29 [jmayer]
... might be different depending on business purpose
19:09:31 [JC]
... If possible one can specify different periods for different purposes.
19:09:53 [aleecia]
scribenick: jmayer
19:10:09 [jmayer]
... discussed proportionality as a requirement
19:10:21 [jmayer]
... discussed requirement of publishing which exceptions a company uses
19:10:31 [jmayer]
... Rob pointed out the precautionary principle
19:10:51 [jmayer]
... discussed fixed retention time, incentive to improve as they get better at minimization
19:11:18 [jmayer]
... Rob's precautionary principle is like quality control: document where business is, state of the art, encourage getting better at retention
19:11:23 [npdoty]
As I understand it, this is a good description of the precautionary principle
19:11:48 [rvaneijk]
see also:
19:11:54 [npdoty]
though I'm not sure that directly captures what rob/schunter are discussing, since it means not taking an action (in this case collection/retention) without a scientific consensus
19:12:00 [aleecia]
how (practical details) would you encourage companies to get better and better on retention?
19:12:14 [jmayer]
... study may be needed of how long data is retained and for what purposes
19:12:35 [jmayer]
chesterj2: small groups were a good idea
19:12:48 [jmayer]
... unclear what retention requirements are
19:13:11 [jmayer]
... especially for different types of data and different uses
19:13:24 [jmayer]
... will ask policymakers to report on what data is used and needed
19:13:53 [jmayer]
erikn: i want to make the scribe work hard (jerk.)
19:14:06 [npdoty]
interesting suggestion on FTC, Congressional Research Service, EU to work together on reports of what practices are necessary
19:14:16 [WileyS]
WileyS has joined #DNT
19:14:20 [jmayer]
... side debate over value of aspirational statements in the recommendation that companies should get better
19:14:42 [jmayer]
... agreement there's some value, but substance and transparency do more
19:14:58 [meme]
19:15:04 [tlr]
q+ meme
19:15:07 [meme]
19:15:15 [tlr]
19:15:17 [tlr]
19:15:19 [aleecia]
19:15:41 [jmayer]
rvaneijk: when thinking about risk, carefully reason about worst-case outcome
19:15:55 [npdoty]
make sure there's an incentive to improve business practices
19:16:08 [aleecia]
There's a concept of "progressive realization" in other areas
19:16:28 [jmayer]
... make sure businesses are given incentives to improve
19:16:36 [aleecia]
ack meme
19:17:03 [jmayer]
meme: the FTC will look at retention periods, if companies cannot justify them, it will enforce
19:17:24 [susanisrael]
+1 meme
19:17:40 [jmayer]
... as an attorney at a large company, I carefully watch what the FTC does, it matters
19:17:47 [rigo]
19:17:55 [rvaneijk]
flowchart precautionairy principle:
19:18:09 [jmayer]
efelten: FTC involvement depends on how the standard is drafted. Depends on what compliance means. Can't investigate any question.
19:18:17 [jmayer]
s/any/just any/
19:18:26 [aleecia]
19:18:31 [aleecia]
ack rigo
19:18:43 [npdoty]
19:19:21 [jmayer]
rigo: should include promises in the specification, they'll be binding in many jurisdictions
19:19:50 [hober]
19:19:50 [WileyS]
19:19:56 [jmayer]
aleecia: the concept of "progressive realization" might be helpful, no backsliding
19:20:28 [aleecia]
ack npdoty
19:20:29 [schunter]
19:20:33 [aleecia]
ack WileyS
19:20:39 [schunter]
ack WileyS
19:20:44 [erikn]
19:20:50 [jmayer]
npdoty: some value in pointing to best practices in a specification, just because something is an industry practice doesn't mean it's good
19:21:39 [aleecia]
sounds like a should not a must if it's useful
19:21:52 [aleecia]
wouldn't want to scare people from trying things
19:22:00 [npdoty]
the point I was after is that transparency alone shouldn't be sufficient (wouldn't be sufficient for enforcement, necessarily) of moving towards a best practice, and if you're transparently not in the practice, that could be a condition for non-compliance
19:22:02 [jmayer]
WileyS: Yahoo experimented with industry-leading search retention. Broke lots of stuff. Spoke to a lot of internal stakeholders in advance. There can be times where privacy has to be walked back. But there are other market forcing functions that can make privacy better.
19:22:06 [hober]
ack erikn
19:22:08 [aleecia]
19:22:25 [jmayer]
erikn: If there were a no-backsliding principle, should test internally before rolling out and updating policy.
19:22:27 [aleecia]
(that's quite reasonable)
19:22:59 [jmayer]
... we could put progressive realization on paper without interfering with experimentation
19:23:09 [Chapell]
No-backslide principle encourages companies to err on the side of a longer retention period
19:23:26 [npdoty],_Social_and_Cultural_Rights#Principle_of_progressive_realisation
19:23:41 [jmayer]
hum: can you live with (some), can you not live with (none)
19:23:52 [jmayer]
Again, unsure if it was clear what those hums were about.
19:24:10 [jmayer]
hwest: Our group had a lot of discussion about phrasing.
19:24:20 [jmayer]
... Lots of discussion about first parties sharing information.
19:24:24 [aleecia]
19:24:29 [npdoty]
"we at least feel that that's totally solid" :)
19:24:36 [jmayer]
... Came out where the spec is - no sharing what third parties can't collect themselves.
19:24:52 [jmayer]
... Some agreement around certain permitted uses.
19:25:03 [jmayer]
... E.g. product fulfillment like giving UPS shipping info.
19:25:14 [aleecia]
Isn't product fulfillment outsource party?
19:25:16 [npdoty]
product fulfillment -- do we have something in the spec about accomplishing the user's intended outcome?
19:25:17 [jmayer]
... Different sorts of sharing, e.g. social vs. data provider.
19:25:27 [aleecia]
No, that's EU law :-)
19:25:47 [jmayer]
... Looked at FTC report text on commonly accepted uses.
19:26:31 [aleecia]
But it might be a good thing to add, in terms of user's intended outcome. Devilishly hard to write, but possible.
19:26:37 [jmayer]
... Thought about market research, product improvement, debugging, some analytics, contextual decisionmaking (e.g. PETA ad not next to Oscar Mayer ad), transactions, security, fraud.
19:26:43 [npdoty]
do we need to describe contextual processing in the spec? seems like that would be agreed that it was out of scope
19:27:05 [aleecia]
19:27:11 [jmayer]
... On outsourcing, no combining data across first parties, but permitted uses OK as they relate to the outsourcing service.
19:27:33 [Marc]
Marc has joined #dnt
19:27:45 [jmayer]
aleecia: How were these terms defined?
19:28:03 [jmayer]
hwest: Product improvement related to making something you do better. Not much precision on scope of each.
19:28:04 [fwagner]
fwagner has joined #dnt
19:28:09 [aleecia]
19:28:25 [jmayer]
... Agreement that these were a good direction for permitted uses.
19:28:36 [jmayer]
aleecia: Discussion was about adding to permitted uses.
19:28:53 [jmayer]
hum of who's ok with this: some
19:28:56 [efelten]
efelten has joined #dnt
19:28:58 [jmayer]
who's not ok: few
19:29:12 [jmayer]
justin_: ran late, no scribe (class act guys.)
19:29:19 [jmayer]
... good discussion
19:29:37 [jmayer]
... general agreement around outsourcing, though not about permitted uses
19:30:03 [jmayer]
... talked about appending, general agreement that appending is in scope, appending services somewhat like outsourcing
19:30:24 [jmayer]
hwest: didn't have agreement on this, somewhat like outsourcing
19:30:44 [jmayer]
justin_: ok with ID cookies, tried to focus on permitted uses
19:30:56 [npdoty]
allow cookies, but tie to proportionality, narrower list of uses
19:30:56 [jmayer]
... ad reporting seemed reasonable
19:31:01 [hwest]
To be clear, we didn't have agreement on the very specific of all directions, but if they're an outsourced party acting as a first party, then they need to be acting on behalf of that first party
19:31:07 [jmayer]
... same for frequency capping
19:31:15 [jmayer]
... but maybe not forever
19:31:15 [jmayer]
19:31:32 [jmayer]
... metrics ok, market improvement and product improvement not ok
19:32:04 [jmayer]
... no clear agreement on line drawing, roughly if about ad performance, ok, otherwise not ok
19:32:18 [jmayer]
... if information isn't for one of these narrow purposes, aggregate within two weeks
19:32:33 [jmayer]
... alex proposed a different approach to aggregation
19:33:11 [jmayer]
alex: problem with fixed aggregation period - might need to later re-run analysis
19:33:27 [jmayer]
... instead of a fixed time period
19:33:31 [jmayer]
... some alternatives
19:34:05 [jmayer]
... 1) segregate data
19:34:18 [jmayer]
... 2) standard-based limit + internal audits
19:34:43 [jmayer]
Zakim, who is talking?
19:34:43 [Zakim]
sorry, jmayer, I don't know what conference this is
19:34:43 [tl]
Zakim, who is on the phone.
19:34:44 [Zakim]
I don't understand 'who is on the phone', tl
19:35:00 [aleecia]
JC for benevolent dictator!
19:35:05 [robsherman]
+1 :)
19:35:17 [jmayer]
... Leave it to companies to choose among the three approaches.
19:35:19 [aleecia]
19:35:24 [aleecia]
19:35:32 [jmayer]
<sorting out mic and phone quirks>
19:35:45 [jmayer]
aleecia: good overview, hard to keep details straight
19:35:59 [vinay]
vinay has joined #dnt
19:36:29 [jmayer]
aleecia: no hum since not enough agreement in group
19:36:37 [jmayer]
... some observations before lunch
19:36:43 [jmayer]
... 1) there is a zone of compromise in the room
19:36:57 [jmayer]
... hard part: getting there
19:37:14 [jmayer]
... 2) almost all proposals followed structure of shane's proposal
19:37:21 [jmayer]
... will focus on that after lunch
19:37:52 [erikn]
19:37:55 [jmayer]
19:38:10 [npdoty]
+1 on working from the industry proposal onto the current spec text
19:38:58 [jmayer]
efelten: maybe start with current drafts
19:39:03 [jmayer]
hwest: not in great shape
19:39:03 [hwest]
19:39:26 [jmayer]
aleecia: shane's proposal isn't in standards language, jonathan is, may borrow from the latter
19:39:32 [jmayer]
roy: there are terms that aren't well defined here
19:39:40 [justin_]
Can we define collect instead of track?
19:39:41 [jmayer]
aleecia: we can nail down some of the terms
19:39:47 [amyc]
collect and share
19:39:52 [jmayer]
brooks: let's define share too
19:39:58 [jmayer]
aleecia: sure, we'll define anything we use
19:40:06 [npdoty]
ack erikn
19:40:19 [jmayer]
erikn: live editing with a large group is slow
19:40:26 [jmayer]
... maybe small groups with more structure?
19:40:41 [susanisrael]
19:40:43 [rigo]
19:40:50 [jmayer]
aleecia: maybe, will think on this over lunch
19:40:57 [jmayer]
... look for logical break points
19:41:00 [npdoty]
just to be clear, we have had definitions of terms (like "share") in most of our drafts, if you have suggestions, please add them
19:41:09 [jmayer]
erikn: example, the section on retention needs some focus
19:41:12 [npdoty]
q+ susanisrael
19:41:13 [erikn]
19:41:14 [npdoty]
q+ chesterj2
19:41:17 [npdoty]
ack susanisrael
19:41:32 [npdoty]
ack chesterj2
19:41:32 [jmayer]
susanisrael: did some of this work in small groups, should try in large group
19:41:54 [aleecia]
19:42:11 [aleecia]
ack jmayer
19:42:24 [erikn]
q+ jmayer
19:42:24 [jmayer]
chesterj2: would be helpful to hear from IAB members after break about retention periods for specific uses
19:42:25 [npdoty]
scribenick: npdoty
19:42:31 [aleecia]
ack heather
19:42:39 [aleecia]
ack hwest
19:42:41 [npdoty]
hwest: makes a lot of sense to bring the industry proposal into spec format
19:42:44 [jmayer]
hwest: makes sense to try to bring shane's draft into consensus format
19:42:54 [jmayer]
... current compliance draft is out-of-date options, right?
19:43:03 [npdoty]
... text in the specs now are options no longer in use
19:43:22 [jmayer]
justin_: the spec language is better, we should use it
19:43:58 [jmayer]
tlr: start with substance of shane's text, but it isn't pretty - we should turn it into standards language over lunch
19:44:26 [aleecia]
19:44:29 [aleecia]
19:44:44 [npdoty]
jmayer: totally comfortable starting with Shane's format, a fine shape to it; wanted to get some clarity of the sense of the room
19:45:14 [npdoty]
... some presentations follow the shapes of Shane's proposal, a lot of people who could live with that general direction and not a lot of people who couldn't
19:45:29 [npdoty]
... the idea that there are some exceptions that give more latitude is common to all proposals
19:45:49 [npdoty]
... not objecting because agreement on bucketing for security/fraud and other exceptions
19:46:06 [npdoty]
... not sure how much is substance vs. structure of agreement
19:46:15 [aleecia]
ack rigo
19:46:15 [npdoty]
aleecia: necessarily we get a high-level gloss in these presentations
19:46:18 [Chris_IAB]
Chris_IAB has joined #dnt
19:46:19 [npdoty]
q- jmayer
19:46:24 [aleecia]
ack jmayer
19:46:35 [npdoty]
rigo: willing to work with Roy on the definitions, clean them up and present them back to the group
19:46:43 [npdoty]
scribenick: jmayer
19:47:06 [jmayer]
rigo: yep, this was a focus on structure, need to get technical expertise on substance
19:47:18 [jmayer]
... don't want to throw away current drafts
19:47:22 [jmayer]
... lots of work went into them
19:47:29 [aleecia]
19:47:30 [jmayer]
... especially the TPE document
19:47:34 [npdoty]
q+ fielding
19:47:54 [tlr]
19:48:24 [jmayer]
aleecia: started with places we agree, then places where we agree on substance and massage into spec, now finally places we disagree
19:48:36 [npdoty]
fielding: small group on definitions works for me
19:48:48 [npdoty]
ack fielding
19:49:19 [tlr]
zakim, who is on the phone?
19:49:19 [Zakim]
sorry, tlr, I don't know what conference this is
19:49:24 [jmayer]
fielding: my views of the compliance document turn on whether an outsourcing provider is a first party or gets an exception
19:49:26 [mischat]
mischat has joined #dnt
19:49:26 [tlr]
zakim, this will be track
19:49:26 [Zakim]
I do not see a conference matching that name scheduled within the next hour, tlr
19:49:27 [justin_]
Ceiling voice --- put it in IRC
19:49:29 [tlr]
zakim, this will be TRACK
19:49:29 [Zakim]
I do not see a conference matching that name scheduled within the next hour, tlr
19:49:42 [jmayer]
aleecia: i've been treating outsourcing as a separating type of party
19:50:01 [jmayer]
19:51:30 [jmayer]
roy: preference for putting outsourcing into parties
19:51:31 [rigo]
goal is to have outsourcing into the party definition
19:51:52 [jmayer]
aleecia: game of telephone this morning, some thought my view was bad for business = good for privacy, that's not at all what i said or meant
19:52:05 [jmayer]
... want solutions that are good for business and good for privacy
19:52:13 [jmayer]
... here to facilitate something that works for the group
19:52:26 [jmayer]
<lunch break>
20:15:16 [hwest]
hwest has joined #dnt
20:16:09 [aleecia]
aleecia has joined #dnt
20:34:26 [randomwalker]
randomwalker has joined #dnt
20:44:23 [alex]
alex has joined #dnt
20:45:57 [npdoty]
RRSAgent, pointer?
20:45:57 [RRSAgent]
20:50:55 [CraigSpi]
CraigSpi has joined #dnt
20:52:00 [fielding]
fielding has joined #dnt
20:52:56 [efelten]
efelten has joined #dnt
20:55:55 [justin]
justin has joined #dnt
21:02:45 [bryan]
Mc Cormick & Schmick's 700 Bellevue Way Northeast, Bellevue, WA (888) 226-6212
21:07:16 [alex]
alex has joined #dnt
21:07:56 [efelten]
efelten has joined #dnt
21:08:29 [npdoty]
definers, when you come up with a definition, feel free to drop them in here so we can use it in editing :)
21:08:30 [amyc]
amyc has joined #dnt
21:09:23 [fielding]
fielding has joined #dnt
21:09:57 [Ionel]
call is closed?
21:10:00 [npdoty]
scribenick: efelten
21:10:20 [randomwalker]
randomwalker has joined #dnt
21:10:26 [WileyS]
Ionel, they're checking now
21:10:26 [susanisrael]
susanisrael has joined #dnt
21:10:30 [Ionel]
k, thanks
21:10:32 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
21:10:46 [tlr]
tlr has joined #dnt
21:11:02 [Ionel]
21:11:06 [Ionel]
seems like you cant
21:11:10 [Ionel]
but I hear you
21:11:46 [npdoty]
Topic: Live Editing, Industry Proposal and Standards Language
21:12:01 [efelten]
aleecia: Folks took Shane's proposal, transposed it into spec.
21:12:08 [efelten]
... will do live editing on the resulting text
21:12:37 [rigo]
nick, is there any way to get the latest version of the specification
21:12:40 [WileyS]
Okay - you hear us but we don't hear you - they're looking into it now
21:13:05 [Ionel]
WyleyS - barely hearing, actually
21:13:52 [efelten]
<confusion about phone hookups>
21:14:00 [aleecia]
aleecia has joined #dnt
21:14:25 [efelten]
hwest: How we did the reorganization: took Shane draft, reorg into standard spec
21:14:31 [aleecia]
scribenick: efelten
21:14:36 [efelten]
... moved non-normative text to an appendix
21:15:00 [efelten]
... put it in a Google doc, will go back into spec when done
21:15:31 [efelten]
<confusion about formats>
21:16:00 [aleecia]
PDF to go to dlist
21:16:36 [aleecia]
Defns went to another subgroup
21:16:52 [efelten]
... Start at Sec 4, Compliance with an Expressed etc
21:17:16 [efelten]
... <reads first paragraph re outsourcing by 1P>
21:17:18 [dwainberg]
21:17:19 [aleecia]
21:17:19 [adrianba]
adrianba has joined #dnt
21:17:19 [ChrisPedigoOPA]
21:17:26 [robsherman]
21:17:28 [jmayer]
21:17:33 [CraigSpi]
21:17:38 [tl]
21:17:40 [npdoty]
ack dwainberg
21:17:40 [aleecia]
ack dwainberg
21:17:53 [aleecia]
We have an issue around append
21:18:10 [npdoty]
if we raised it yesterday, is it necessary to ask about it again?
21:18:14 [efelten]
dwainberg: How does a 1P know whether the 3P has an OOB consent?
21:18:24 [aleecia]
We barely touched this yesterday
21:18:26 [aleecia]
21:18:28 [efelten]
tl: If you don't know there is a consent, don't share data.
21:18:48 [susanisrael]
21:19:02 [BrianH]
BrianH has joined #dnt
21:19:08 [jmayer]
A first party and a third party can communicate to understand whether the third party has an exception.
21:19:20 [efelten]
Definitions group rejoined the main group, don't want to miss this discussion.
21:19:22 [aleecia]
21:19:28 [jmayer]
We've spent an awful lot of time on this very topic in the TPE discussions.
21:19:34 [efelten]
aleecia: We started discussing this issue yesterday.
21:19:49 [CraigSpi]
can you clarify "outsourced releationship" contractural relationship with a first party, where as the data is used exclusively to support the first party
21:20:05 [aleecia]
ack ChrisPedigoOPA
21:20:14 [efelten]
ChrisPedigoOPA: Don't like "collect" in second sentence, not sure what it means here
21:20:49 [fwagner]
fwagner has joined #dnt
21:20:55 [efelten]
... 1P doesn't know how data was collected; could fix by using "share" here
21:20:59 [JamesB]
JamesB has joined #dnt
21:21:00 [npdoty]
ack robsherman
21:21:10 [aleecia]
ack robsherman
21:21:24 [efelten]
robsherman: Basic concern is that DNT applies to a specific network interaction, so second sentence should apply to data from
21:21:30 [efelten]
... a specific network interaction.
21:21:35 [Chapell]
Chapell has joined #dnt
21:21:50 [tlr]
21:22:00 [efelten]
... Suggest adding a clause limiting second sentence to data from a specific DNT:1 network interaction.
21:22:08 [npdoty]
that sounds fine with me
21:22:13 [efelten]
aleecia: Roy, what do you think?
21:22:25 [npdoty]
"share identifiable information about the user's transaction to any party...."
21:22:54 [efelten]
fielding: Agree that this should refer to data from a specific interaction.
21:23:15 [efelten]
STarting text went out to deist.
21:23:17 [Ionel]
aleecia - thanks
21:23:20 [efelten]
21:23:43 [fielding]
fielding has joined #dnt
21:23:58 [efelten]
jmayer: Two suggestions. outsource -> outsourcing (grammar).
21:23:58 [aleecia]
21:24:04 [aleecia]
ack jmayer
21:24:18 [Brooks]
Brooks has joined #dnt
21:24:27 [Brooks]
21:24:46 [efelten]
... Re robsherman's point on per-transaction data, per-transaction makes sense in some settings,
21:25:00 [tl]
21:25:06 [aleecia]
Jonathan could you please paste relevant text here that you think would help?
21:25:19 [npdoty]
21:25:27 [efelten]
... When a company receives data under DNT:1, will have some obligations later wrt that data.
21:25:39 [efelten]
hwest: Looks like a misunderstanding.
21:25:55 [efelten]
... robsherman was talking about when gathered, not when used.
21:26:05 [npdoty]
do we have uncertainty about "about a user's network interaction"?
21:26:13 [justin]
How about giving us a concrete *edit*!
21:26:34 [efelten]
jmayer: <Gives example, scribe missed it>
21:27:17 [efelten]
Meme trying to set up screen sharing via a fine Adobe product.
21:27:22 [aleecia]
21:27:39 [efelten]
21:27:41 [npdoty]
jmayer: if a user with DNT on adds data to their own profile, and then the first party wants to sell that profile information, is that information covered by this?
21:27:54 [aleecia]
ack CraigSpl
21:28:14 [jmayer]
Example: Website wants to sell account information to a third party, the user arrives with DNT: 1. Can the website sell the information?
21:28:52 [jmayer]
Two relevant snippets from the EFF/Mozilla/Stanford proposal.
21:29:03 [aleecia]
ack susanisrael
21:29:06 [efelten]
susanisrael: Talked about these issues in our small group
21:29:15 [jmayer]
1) "A first party must not share information with a third party that the third party is prohibited from receiving itself."
21:29:27 [jmayer]
2) "A third party must not receive, retain, use, or share any information related to communication with a user or user agent."
21:29:34 [aleecia]
ack CraigSpi
21:29:34 [JC]
JC has joined #DNT
21:29:39 [efelten]
... we have language on this, gist is that 1P may not share with 3P in way that bypasses 3P restrictions
21:29:53 [efelten]
... <language is read>
21:30:26 [efelten]
nickdoty: Does that require intent/knowledge by the 1P?
21:30:35 [aleecia]
21:30:59 [efelten]
susanisrael: Might tweak to take out intent. Suggest stating the purpose of this.
21:31:09 [efelten]
nickdoty: Best to put that point in non-normative.
21:31:17 [efelten]
susanisrael: Agrees with Nick.
21:31:30 [npdoty]
I'll try to come up with non-normative text to explain the intent.
21:31:37 [efelten]
aleecia: Susan and Paul to produce text for non-normative.
21:31:52 [aleecia]
ack susanisrael
21:31:57 [vinay]
vinay has joined #dnt
21:31:57 [aleecia]
ack Brooks
21:32:12 [efelten]
rigo: From definition space, concerned about service provider. Need safeguards in defn to make this work.
21:32:12 [susanisrael]
can we come back and define service provider later?
21:32:34 [efelten]
kimon: Let's see what the Europeans have done with data processor / controller distinction.
21:32:48 [efelten]
... See if that works for us in defining service provider.
21:32:56 [rvaneijk]
21:32:58 [efelten]
... <reads Euro defn>
21:33:11 [efelten]
... that's short and crisp
21:33:33 [npdoty]
ack rvaneijk
21:33:40 [efelten]
aleecia: robvaneijk: Rigo and I already drafted language for that. Let's re-introduce it.
21:33:50 [aleecia]
21:33:55 [efelten]
aleecia: Let's move ahead--still on these second sentence.
21:34:18 [kimon]
kimon has joined #dnt
21:34:28 [efelten]
hwest: <Reads text>
21:34:37 [efelten]
... "It's kind of a Franken-text now"
21:34:42 [efelten]
... needs fixup
21:35:12 [kimon]
For service provider I suggest: 'processor' shall mean a natural or legal person [,public authority, agency or any other body] which processes data on behalf of the first party;
21:35:17 [efelten]
aleecia: Does anyone think they can do better?
21:35:36 [efelten]
tl: This is not a good way to produce readable and coherent text.
21:35:45 [kimon]
21:35:49 [efelten]
aleecia: Hear your frustration. How can we move forward.
21:36:37 [rvaneijk]
for the minutes: if we are going to use EU language I prefer to go back to the text that is in the current public draft:
21:36:43 [bryan]
I suggest to change "operator of a first party" to simply "first party". "Operator" does not add anything here.
21:36:44 [BerinSzoka]
I thought Aleecia handled that very graciously. She'd make a good therapist--or daytime talkshow host!
21:36:44 [rigo]
21:36:45 [efelten]
davidwainberg: Can we talk about our general goal?
21:36:49 [susanisrael]
+1 thomas's idea
21:37:15 [efelten]
tlr: We're trying to get the general shape right. Editors will turn it into smooth, coherent text.
21:37:22 [efelten]
... Let's keep the discussion civil, please.
21:37:32 [hwest]
I think that I can volunteer myself and Justin and Sean to go ahead and smooth out the franken-text
21:37:47 [hwest]
So let's get it to a point of reasonable substance
21:37:56 [susanisrael]
i am happy to help smooth out the text if useful
21:38:08 [amyc]
+1 hwest
21:38:08 [hober]
the "in which DNT:1 was sent to any party" doesn't seem to reflect the nature of HTTP...
21:38:09 [meme]
url to see Heather's screen on your computer: enter in as guest
21:38:25 [efelten]
kimon: Might need to have a precise version, plus non-normative text to help explain.
21:38:27 [Brooks]
21:38:41 [npdoty]
ack kimon
21:38:43 [npdoty]
ack rigo
21:39:08 [aleecia]
Brooks, are you still in the queue on purpose?
21:39:11 [susanisrael]
Nick had suggested the same thing
21:39:25 [Brooks]
21:39:39 [efelten]
rigo: Simpler to say that 1P must not share info with any other party, except for service providers.
21:40:16 [vinay]
21:40:18 [fielding]
Suggestion: A first-party MUST NOT share information received in a DNT:1 request with any other party (*) unless the information shared is not linkable to a specific user, user agent, or device. (*) assumes that service parties are the same party.
21:40:25 [robsherman]
21:40:42 [rigo]
roy, that should be out of scope anyway
21:40:50 [ifette]
21:40:50 [aleecia]
21:40:52 [tl]
21:40:55 [efelten]
brooks: Don't know what it means to "share" information.
21:40:57 [aleecia]
ack Brooks
21:41:24 [rigo]
and I also said "MUST NOT share personally identifiable information"
21:41:28 [ChrisPedigoOPA]
21:41:39 [efelten]
We have to write some text first.
21:41:42 [jmayer]
21:42:31 [rigo]
21:42:36 [susanisrael]
propose "pass along instead of share"
21:42:40 [hober]
I think "A first party must not share identifiable information about a user's interaction in which DNT:1 was sent to any party it does not have a service provider relationship with." would make more sense as "A first party must not share with any party it does not have a service provider relationship identifiable information about a user's interaction in which DNT:1 was sent."
21:42:41 [ifette]
q- jmayer
21:43:04 [tlr]
hober's version sounds about right to me
21:43:14 [efelten]
jmayer: Definition here builds in dependence on mental state of 1P?
21:43:20 [tlr]
(modulo share / pass along / ...)
21:43:20 [efelten]
... should be more explicit about that
21:43:26 [kimon]
kimon has joined #dnt
21:43:37 [justin]
21:43:43 [efelten]
aleecia: Rigo's edit was trying to deal with that issue.
21:44:09 [aleecia]
ack vinay
21:44:33 [efelten]
Vinay: What kind of information are we talking about? PII?
21:44:35 [rvaneijk]
"The Service Provider does determine the purposes, conditions and means of the data processing, but processes data on behalf of the First party."
21:44:46 [amyc]
what about "share information that the first party has collected", which may help to clarify that there is active role in passing on info
21:45:05 [jmayer]
If I understand correctly, Rigo and Aleecia are suggesting a punt on mental state (e.g. purpose, knowledge, recklessness, negligence, strict liability). I'm opposed to selecting language where we know it includes ambiguity.
21:45:13 [rvaneijk]
21:45:21 [efelten]
Rigo: Service provider is needed here to limit the role that a 3P data recipient can play.
21:45:22 [aleecia]
ack robsherman
21:45:36 [efelten]
aleecia: Not worried about having some redundancy here.
21:46:06 [rvaneijk]
21:46:07 [efelten]
robsherman: First sentence should also deal with network-interaction issue that I raised before.
21:46:07 [dwainberg]
21:46:24 [BerinSzoka]
Heather: could we unhighligt that text? it would make it a lot easier to read
21:46:37 [aleecia]
ack ifette
21:46:44 [hober]
21:46:51 [justin]
21:46:55 [efelten]
ifette: Talked earlier about exceptions for fulfillment. What about electronic fulfillment?
21:46:57 [npdoty]
vinay, not sure we have an entry in a Definitions section yet, but the language we seem to be using in drafts is "non-identifiable === with high probability could not be used to identify a user, user agent or device"
21:47:25 [efelten]
... e.g. online email service, type message and hit send, mail provider sends message for you.
21:47:41 [efelten]
Rigo: Should be covered by general exception for doing the stuff that the user asked you to do.
21:47:55 [robsherman]
+1 to Rigo's suggestion.
21:47:59 [tlr]
+1 too
21:48:07 [fielding]
Suggestion 2: A first-party MUST NOT share (transmit or provide access to) information received in a DNT:1 request with any other party (*) unless the information is unlinkable or the shared purpose is specifically limited to security or fraud control. (*) assumes that service providers are the same party.
21:48:08 [meme]
would it be more effective for us to try to get agreement on issues rather than trying to draft langauge?
21:48:11 [aleecia]
21:48:26 [aleecia]
zakim, close queue
21:48:26 [Zakim]
ok, aleecia, the speaker queue is closed
21:48:35 [IAB_Chris]
IAB_Chris has joined #dnt
21:48:41 [vinay]
Nick - that's fine. I was just suggesting that we specify the kind of information we're talking about here. I'm not arguing against 'identifiable information'.
21:48:57 [npdoty]
q- tl
21:48:59 [efelten]
aleecia: Calm down.
21:49:08 [hober]
21:49:30 [sean]
sean has joined #dnt
21:49:32 [susanisrael]
I thought it was worth trying to edit as a large group but maybe we SHOULD split up to do it. I might have been wrong. Maybe identifying language that needs to be fixed/issues is best use of large group.
21:49:32 [efelten]
ChrisPedigoOPA: Need a tight definition of share/disclose/whatever.
21:49:43 [efelten]
... shouldn't require 1P to know what a 3P is collecting.
21:50:18 [sean]
what are the rules around horrific conduct during a w3c meeting?
21:50:25 [aleecia]
ack dwainberg
21:50:26 [sean]
is anythign allowed?
21:50:27 [efelten]
dwainberg: ok with the goal of preventing circumvention of 3P limitations.
21:50:33 [efelten]
... worry that this is doing more than that.
21:50:39 [aleecia]
ack ChrisPedigoOPA
21:50:43 [efelten]
tl: What do you think it will do that it shouldn't?
21:50:55 [efelten]
rigo: reiterates service provider exception
21:51:05 [aleecia]
ack justin
21:51:21 [efelten]
dwainberg: Not sure what side effects there might be.
21:51:28 [efelten]
aleecia: Stop.
21:52:06 [fielding]
I provided two specific text suggestions before the queue closed.
21:52:16 [amyc]
+1 justin
21:52:35 [efelten]
Back and forth between justin and rico about what this means.
21:52:40 [efelten]
21:53:06 [hwest]
+1 Justin - responsibility is on the third party
21:53:10 [hwest]
At least that was my understanding
21:53:17 [robsherman]
+1 hwest/justin
21:53:27 [efelten]
aleecia: Have worked on two sentences, for an hour.
21:54:02 [asoltani]
asoltani has joined #dnt
21:54:16 [efelten]
... let's take a break. Editors send text to mailing list. Break into groups and wrestle with text.
21:55:27 [efelten]
tlr: Let's look at text, get issues and suggestions on the table, then move on.
21:56:01 [tedleung]
tedleung has joined #dnt
21:56:36 [efelten]
aleecia: Half-hour break now. Editors transform this into form we can work on.
21:56:47 [hwest]
Todo for the first party compliance first sentence:
21:56:47 [efelten]
... will break into groups.
21:56:48 [hwest]
reference to "service provider" definition (kimon --- adopt processor language?)
21:56:49 [hwest]
Exact wording of share/send/collect will depend on definitions. Need to check that it all works together.
21:56:50 [hwest]
susanisrael coming up with text proposal on the first party intent and passing third parties information [potentially done]
21:57:39 [efelten]
JC: Issue with the men's restroom. <TMI> Need to take elevator to the second floor.
21:57:58 [efelten]
... metaphor for something?
22:11:46 [dsinger]
dsinger has joined #dnt
22:32:12 [wheeler]
wheeler has joined #dnt
22:35:23 [hwest]
hwest has joined #dnt
22:37:42 [randomwalker]
randomwalker has joined #dnt
22:38:09 [efelten]
efelten has joined #dnt
22:41:10 [npdoty]
scribenick: npdoty
22:41:14 [npdoty]
aleecia: new breakout groups
22:41:24 [npdoty]
... twenty minutes to come up with bullet points on each of the 5 permitted uses
22:41:31 [npdoty]
... need to avoid looping on issues
22:41:53 [npdoty]
... editors will create a complete single strawman draft based on these
22:42:09 [npdoty]
... goal is a good strawman draft close enough to not debate eternally
22:42:15 [npdoty]
... choose your favorite
22:42:19 [fielding]
fielding has joined #dnt
22:42:41 [npdoty]
efelten: can assume an unlinkable data exception? -- yes.
22:43:33 [robsherman]
robsherman has joined #dnt
22:53:34 [tl]
tl has joined #dnt
23:05:29 [npdoty]
aleecia: call to order.
23:05:35 [npdoty]
rrsagent, pointer?
23:05:35 [RRSAgent]
23:06:09 [npdoty]
Topic: Post-Breakouts
23:06:45 [npdoty]
scribenick: rigo
23:06:53 [fwagner]
fwagner has joined #dnt
23:07:01 [dwainberg]
dwainberg has joined #dnt
23:07:29 [rigo]
Aleecia(AM): Looking for bullet points from the groups, go through quickly
23:07:40 [rigo]
.... end summary no later than 4:15
23:07:47 [npdoty]
23:07:58 [jmayer]
jmayer has joined #dnt
23:08:15 [meme]
meme has joined #dnt
23:08:17 [rigo]
hwest: reading out concrete text they found -> please paste below
23:08:56 [hwest]
Strawman text: Data MAY be collected, maintained and used for the express purpose of detecting security risks and fraudulent activity, defending from attacks and fraud, and maintaining integrity of the service. This includes data reasonably necessary for enabling authentication/verification, detecting hostile transactions and attacks, providing fraud prevention, and maintaining system integrity.
23:08:56 [erikn]
erikn has joined #dnt
23:09:01 [rigo]
rrsagent, pointer?
23:09:01 [RRSAgent]
23:09:03 [alex]
alex has joined #dnt
23:09:04 [tlr]
tlr has joined #dnt
23:09:12 [James]
James has joined #dnt
23:09:14 [rigo]
npdoty: what is reasonable?
23:09:39 [vincent]
vincent has joined #dnt
23:09:51 [rigo]
hwest: talked about that a bit: no explicit consent. Some wiggle room for companies, rather good faith, due diligence
23:10:05 [npdoty]
(my summary) companies to decide on their own, but with a good faith concept
23:10:25 [Chapell]
Chapell has joined #DNT
23:10:34 [rigo]
jmayer: greater point of disagreement, is it reasonable for an ad network to put a uniqueID into every browser for security?
23:10:42 [rigo]
hwest: yes, speaking for Google
23:10:53 [rigo]
Topic: Financial
23:10:55 [hwest]
Clarification: potentially yes
23:11:06 [npdoty]
hwest, was that "reasonable measures" or "reasonably necessary" and does that make a difference?
23:11:36 [rigo]
Brooks: data that is need to enable each event of sale, and the points that could be affected by DNT:1
23:11:58 [rigo]
... > reading whiteboard - > scribe makes a photo
23:12:23 [hwest]
Our text was 'reasonably necessary' but I think either could work.
23:12:52 [fielding]
fielding has joined #dnt
23:14:05 [rigo]
npdoty: should be dropped or will be impacted
23:14:44 [rigo]
Brooks: are impacted, there is no tremendous disagreement, just have to write it up
23:14:46 [randomwalker]
randomwalker has joined #dnt
23:15:19 [rigo]
tlr: geolocation can mean anything, what is this?
23:15:23 [npdoty]
action: rigo to send Nick photos from whiteboard to include in minutes
23:15:23 [trackbot]
Created ACTION-215 - Send Nick photos from whiteboard to include in minutes [on Rigo Wenning - due 2012-06-28].
23:15:37 [alex]
23:15:38 [rigo]
Brooks: this is a cross over
23:15:44 [npdoty]
Zakim, open the queue
23:15:44 [Zakim]
ok, npdoty, the speaker queue is open
23:15:47 [npdoty]
q+ alex
23:16:06 [rigo]
AM: there is text already, we have already created an issue
23:16:11 [npdoty]
ack alex
23:16:21 [npdoty]
23:16:43 [justin]
justin has joined #dnt
23:17:17 [npdoty]
action: brooks to draft tentative agreement on financial reporting breakout discussion
23:17:17 [trackbot]
Created ACTION-216 - Draft tentative agreement on financial reporting breakout discussion [on Brooks Dobbs - due 2012-06-28].
23:17:44 [rigo]
Brooks: if all affected we have trouble in reporting
23:17:53 [rigo]
hwest: we touched on that in Security
23:18:01 [rigo]
frequency capping ====
23:18:22 [npdoty]
"so long as you're not storing the URL trail"
23:18:31 [rigo]
Alan: you can do so if you don't store URIs
23:18:51 [BerinSzoka]
BerinSzoka has joined #DNT
23:18:56 [rigo]
.. core concern, fair amount of discussion
23:19:28 [CraigSpiezle]
CraigSpiezle has joined #dnt
23:20:01 [rigo]
fielding: application tracking, would allow that to do, if ID is only retained in a hashed way per campaign and there is no trail where that ad was seen together with the site information
23:20:16 [rigo]
jmayer: care to present technical approach
23:20:33 [jmayer]
s/care to/could you please clarify the/
23:21:13 [adrianba]
adrianba has joined #dnt
23:21:33 [amyc]
amyc has joined #dnt
23:21:52 [rigo]
fielding: for service site frequence capping would use a campaign identifier and the counter for that ad, but not the trail of URIs that have been seen
23:22:04 [npdoty]
s/service site/server-side/
23:22:40 [rigo]
??: sequencing?
23:23:09 [rigo]
fielding: this would not be allowed under DNT:1
23:23:44 [rigo]
Sean: no limit on campaign, that does not mean you do not get aggregate information on the campaign,
23:24:09 [npdoty]
23:24:21 [rigo]
AM: ?? you said that first parties would be able to do this, and not third parties?
23:24:24 [rigo]
??: yes
23:24:48 [meme]
meme has joined #dnt
23:25:18 [rigo]
WileyS: this would be covered under financial. Frequency capping is very special
23:26:15 [rigo]
... showing ads in sequence is a form of OBA, for a first party would be able to do that on that first party but be obliged to silo the data
23:27:00 [npdoty]
s/??/Eric Wheeler/
23:27:01 [hwest]
A note - we need to make sure that the contextual delivery is well allowed
23:27:15 [hwest]
It's not clear in the text thus far, I think
23:27:17 [rigo]
fielding: contextual based advertisement would be allowed is not tracking
23:27:24 [justin]
It's in the spec :)
23:27:27 [rigo]
23:27:41 [rigo]
WileyS: report is already in the email list
23:28:34 [rigo]
... not a replacement for QA, to address real time issue, short retention. Due to unknowns, we are all unclear about the "what to collect" as we try to do minimization.
23:29:10 [rigo]
... selective progression was discussed: if issue becomes bigger, you only increase retention time for this issue
23:29:45 [rigo]
... looked at proportional measures. Guiding principle: If you don't need it, don't collect it.
23:29:48 [npdoty]
it sounds like "selective progression" would be a promising direction for much of our work
23:30:16 [rigo]
... don't believe in distinction between ad, analytics or content, debugging counts for all of them
23:30:17 [npdoty]
23:30:37 [rvaneijk]
debugging bullits:
23:30:43 [rvaneijk]
Not QA
23:30:44 [rvaneijk]
Typically retained for a shorter timeframe intended to address realtime issues
23:30:46 [rvaneijk]
Due to the nature of the issue, more variables are needed
23:30:48 [rvaneijk]
Reactive/unforeseen (issue usually raised through a user, site, advertiser, scanner, report)
23:30:50 [rvaneijk]
Selective progression (retention variable)
23:30:50 [Craigspi]
Craigspi has joined #dnt
23:30:52 [rvaneijk]
No substitute
23:30:53 [rvaneijk]
Protocol is not enough – need more (I.e. Cookie) guiding principle – if you don't need , don't collect
23:30:54 [rigo]
npdoty: selective progression idea, what about default values?
23:30:55 [rvaneijk]
Needed by all third parties (ad, analytics, content providers)
23:31:42 [rigo]
WileyS: we didn't, resisted to put arbitrary periods, started from 30/90 day period, but up to every company to argue that
23:33:32 [rigo]
WileyS: for all retention there should be transparency and declared that somewhere publicly. They should give more information on why this data use occurs
23:33:41 [rigo]
=============aggregate reporting=============
23:34:05 [rigo]
robsherman: balanced privacy against business needs in aggregation
23:34:47 [rigo]
.. started with CDT for a fixed period of 2 weeks. Feeling that we do not have enough information for what a time limit could look like
23:35:26 [rigo]
... if it is retained for other uses, it would be moved into unlinkable state after that period
23:35:40 [rigo]
.... was discussion about bias in favor of ad companies
23:38:52 [npdoty]
we should be clear, this was an expressed concern (expansion of purpose) within the group as well, this was just a proposal
23:39:16 [rigo]
Aleecia: You can keep raw data for aggregating. But if you keep it for other uses (financial), you can still aggregate from that data
23:39:41 [rigo]
ifette: I have n copies of data per use, or one copy of data and n uses
23:39:58 [npdoty]
rigo: concern about purpose creep
23:40:07 [rigo]
... if data already exist for other purposes, we can aggregate
23:40:13 [justin]
23:40:17 [npdoty]
rvaneijk: undermines the basic concept of siloing, for security purposes, for example
23:41:04 [ifette]
23:41:38 [robsherman]
23:41:46 [justin]
It will be hard to justify security data for seven years.
23:42:39 [npdoty]
23:43:43 [npdoty]
meme: if aggregate reporting is permitted and storing the data for security purposes is allowed, what's the problem?
23:43:53 [fielding]
potential text on frequency capping: Third-party tracking for the sake of server-side frequency capping is allowed if the tracking identifier is only retained in a form that is unique to each super-campaign (e.g., one-way hashed with a campaign id) and does not include retention of the user's activity trail (page URIs on which the ads were delivered) aside from what is allowed for other permitted uses.
23:44:01 [npdoty]
rvaneijk: but the data is stored for a specific purpose
23:45:07 [npdoty]
q+ tlr
23:45:09 [npdoty]
q+ rvaneijk
23:45:25 [npdoty]
23:45:26 [rigo]
discussion about re-use of security data to create aggregate data for any purpose
23:45:32 [sean]
sean has joined #dnt
23:45:43 [felten]
felten has joined #dnt
23:47:15 [npdoty]
ack tlr
23:47:17 [felten]
felten has left #dnt
23:47:19 [rigo]
Aleecia: what about siloing, security data, and ACL. So companies say they have one set of data, but different ACL. Push back mainly because silos are breaking. Idea of dual use of data is a cultural issue in Europe
23:48:08 [justin]
ack ifette
23:48:09 [rigo]
tlr: discussion about collection, duration of collection and duration of retention. Surprise that some people thought there is a purpose limitation
23:48:34 [npdoty]
23:48:34 [rigo]
ifette: limitation of time on aggregation is 30 days or the time period of other uses
23:49:10 [justin]
30ish days
23:49:53 [vinay]
vinay has joined #dnt
23:50:28 [npdoty]
q+ fielding
23:50:39 [justin]
ack fielding
23:51:00 [robsherman]
q+ later
23:51:05 [efelten]
efelten has joined #dnt
23:51:14 [npdoty]
q+ WileyS
23:51:50 [rvaneijk]
23:51:53 [rigo]
ifette: aggregation from security data would itself be unlinkable
23:52:36 [justin]
ack npdoty
23:52:51 [rigo]
Aleecia: wouldn't this pressure companies into keep that data for other purposes
23:53:20 [rigo]
npdoty: companies would have advantages over other companies as they could collect data of security
23:53:32 [rigo]
ack robsherman
23:53:37 [rigo]
ack robsherman
23:53:42 [npdoty]
q- WileyS
23:54:26 [rigo]
robsherman: don't believe in the pressure argument, will have conformance pressure from regulators that is stronger
23:54:34 [aleecia]
aleecia has joined #dnt
23:54:39 [rigo]
23:54:42 [rigo]
23:54:43 [npdoty]
WileyS: market research is an explicit case of third-parties that do aggregate reporting, we should consider those businesses
23:54:43 [aleecia]
23:54:52 [aleecia]
ack rigo
23:55:45 [aleecia]
23:55:54 [alex]
alex has joined #dnt
23:56:26 [alex]
23:56:36 [alex]
23:57:32 [Chapell]
23:57:39 [efelten]
efelten has left #dnt
23:58:41 [rigo]
robsherman: purpose of aggregate is not identifying. The aggregate result won't identify an individual
23:58:58 [efelten]
efelten has joined #dnt
23:59:43 [Chapell]
23:59:54 [npdoty]
ack aleecia
23:59:56 [npdoty]
ack alex