IRC log of dnt on 2012-09-12

Timestamps are in UTC.

15:34:31 [RRSAgent]
RRSAgent has joined #dnt
15:34:31 [RRSAgent]
logging to
15:35:01 [aleecia]
Zakim, this will be dnt
15:35:01 [Zakim]
ok, aleecia; I see T&S_Track(dnt)12:00PM scheduled to start in 25 minutes
15:35:10 [aleecia]
chair: aleecia
15:35:19 [aleecia]
rrsagent, make logs public
15:36:06 [aleecia]
15:36:22 [aleecia]
zakim, clear agenda
15:36:28 [Zakim]
agenda cleared
15:36:32 [aleecia]
agenda+ Selection of scribe
15:36:49 [aleecia]
agenda+ Review of overdue action items:
15:37:59 [aleecia]
agenda+ Quick check that callers are identified
15:38:16 [aleecia]
agenda+ Any questions on the following quick summary of where we are on issues we've been talking about
15:38:37 [aleecia]
agenda+ Status on editors' working draft
15:38:48 [aleecia]
agenda+ Summary from Nick on Permitted Uses (action-235)
15:39:00 [aleecia]
agenda+ Issue-25, Possible exemption for research purposes
15:39:17 [aleecia]
agenda+ Status on tri-part state
15:39:35 [aleecia]
agenda+ Discussion of the difference between "data append" and (action-229) other interactions already covered by third parties and service providers.
15:39:51 [aleecia]
agenda+ Specify "absolutely not tracking" (ISSUE-119)
15:40:06 [aleecia]
agenda+ David Singer's attempt to define tracking
15:40:19 [aleecia]
agenda+ Announce next meeting & adjourn
15:52:08 [npdoty]
npdoty has joined #dnt
15:52:39 [Zakim]
T&S_Track(dnt)12:00PM has now started
15:52:42 [adrianba]
adrianba has joined #dnt
15:52:46 [Zakim]
15:53:23 [Zakim]
15:53:25 [Zakim]
T&S_Track(dnt)12:00PM has ended
15:53:25 [Zakim]
Attendees were
15:54:39 [samsilberman]
samsilberman has joined #dnt
15:54:40 [Zakim]
T&S_Track(dnt)12:00PM has now started
15:54:48 [Zakim]
+ +44.186.573.aaaa
15:54:52 [Zakim]
15:55:25 [Zakim]
15:55:49 [mikeo]
+44.186.573 is mikeo
15:56:01 [dsriedel]
dsriedel has joined #dnt
15:56:03 [npdoty]
Zakim, aaaa is mikeo
15:56:03 [Zakim]
+mikeo; got it
15:56:27 [Zakim]
15:56:37 [Zakim]
15:56:44 [dsriedel]
zakim, mute me
15:56:44 [Zakim]
dsriedel should now be muted
15:57:24 [damiano]
damiano has joined #dnt
15:57:40 [Steve_Bellovin]
Steve_Bellovin has joined #dnt
15:57:41 [aleecia]
zakim, agenda?
15:57:41 [Zakim]
I see 12 items remaining on the agenda:
15:57:42 [Zakim]
1. Selection of scribe [from aleecia]
15:57:42 [Zakim]
2. Review of overdue action items: [from aleecia]
15:57:45 [Zakim]
3. Quick check that callers are identified [from aleecia]
15:57:47 [Zakim]
4. Any questions on the following quick summary of where we are on issues we've been talking about [from aleecia]
15:57:49 [Zakim]
5. Status on editors' working draft [from aleecia]
15:57:51 [Zakim]
6. Summary from Nick on Permitted Uses (action-235) [from aleecia]
15:57:53 [Zakim]
7. Issue-25, Possible exemption for research purposes [from aleecia]
15:57:55 [Zakim]
8. Status on tri-part state [from aleecia]
15:57:58 [Zakim]
9. Discussion of the difference between "data append" and (action-229) other interactions already covered by third parties and service providers. [from aleecia]
15:58:00 [Zakim]
10. Specify "absolutely not tracking" (ISSUE-119) [from aleecia]
15:58:02 [Zakim]
11. David Singer's attempt to define tracking [from aleecia]
15:58:05 [Zakim]
12. Announce next meeting & adjourn [from aleecia]
15:59:01 [suegl]
suegl has joined #dnt
15:59:04 [Zakim]
+ +1.919.388.aabb
15:59:16 [vincent]
vincent has joined #dnt
15:59:19 [AnnaLong]
AnnaLong has joined #dnt
15:59:31 [efelten]
efelten has joined #dnt
15:59:35 [Zakim]
+ +1.202.326.aacc
15:59:35 [dwainberg]
dwainberg has joined #dnt
15:59:37 [Zakim]
15:59:44 [dwainberg]
dwainberg has joined #dnt
15:59:54 [robsherman]
robsherman has joined #dnt
15:59:58 [Joanne]
Joanne has joined #DNT
16:00:01 [tl]
Thank you for remembering me again this week, Zakim.
16:00:06 [Zakim]
+ +1.703.438.aadd
16:00:13 [Chapell]
Chapell has joined #DNT
16:00:16 [Zakim]
16:00:22 [npdoty]
Zakim, aacc is stevebellovin
16:00:23 [cblouch]
cblouch has joined #dnt
16:00:24 [hefferjr]
hefferjr has joined #dnt
16:00:32 [npdoty]
Zakim, aabb is AnnaLong
16:00:37 [jchester2]
jchester2 has joined #dnt
16:00:44 [Zakim]
+stevebellovin; got it
16:00:45 [npdoty]
Zakim, aadd is RichardWeaver
16:00:48 [Zakim]
16:00:50 [jmayer]
jmayer has joined #dnt
16:00:53 [Zakim]
+ +1.202.370.aaee
16:00:58 [justin_]
justin_ has joined #dnt
16:00:59 [Zakim]
+AnnaLong; got it
16:00:59 [robsherman]
zakim, aaee is robsherman
16:01:17 [bryan]
bryan has joined #dnt
16:01:20 [Zakim]
+ +1.813.366.aaff
16:01:23 [Zakim]
+RichardWeaver; got it
16:01:29 [Zakim]
16:01:37 [suegl]
zakim, [Microsoft] has suegl
16:01:38 [Zakim]
+robsherman; got it
16:01:40 [Zakim]
16:01:41 [hefferjr]
Zakim, aaff is hefferjr
16:01:42 [Zakim]
16:01:46 [Zakim]
16:01:47 [dsinger]
dsinger has joined #dnt
16:01:57 [Zakim]
16:02:00 [Zakim]
16:02:05 [Zakim]
16:02:12 [Zakim]
16:02:14 [Zakim]
+suegl; got it
16:02:24 [Zakim]
16:02:24 [bryan]
present+ Bryan_Sullivan
16:02:28 [Zakim]
+hefferjr; got it
16:02:29 [aleecia]
Any volunteers to scribe?
16:02:40 [Zakim]
16:02:52 [Zakim]
+ +1.646.827.aagg
16:03:09 [jmayer]
I'll volunteer - but have to drop at 55 past.
16:03:16 [Zakim]
+ +1.206.658.aahh
16:03:22 [Zakim]
16:03:23 [dsinger]
zakim, [apple] has dsinger
16:03:25 [susanisrael]
susanisrael has joined #dnt
16:03:29 [npdoty]
scribenick: jmayer
16:03:30 [Zakim]
+ +1.917.934.aaii
16:03:35 [eberkower]
eberkower has joined #dnt
16:03:38 [Zakim]
+ +1.646.654.aajj
16:03:40 [Zakim]
+dsinger; got it
16:03:43 [fielding]
fielding has joined #dnt
16:03:45 [AN-NYC]
AN-NYC has joined #dnt
16:03:45 [susanisrael]
aaii is susanisrael
16:03:56 [eberkower]
aajj = eberkower
16:03:56 [npdoty]
Zakim, aaii is susanisrael
16:04:01 [npdoty]
Zakim, aajj is eberkower
16:04:02 [Zakim]
16:04:10 [Zakim]
+susanisrael; got it
16:04:14 [Zakim]
+eberkower; got it
16:04:24 [aleecia]
16:04:32 [Zakim]
16:05:01 [jmayer]
aleecia: Reviewing overdue action items.
16:05:04 [vinay]
vinay has joined #dnt
16:05:18 [WileyS]
WileyS has joined #dnt
16:05:21 [Zakim]
+ +1.646.666.aakk
16:05:28 [jmayer]
... ACTION-245 and ACTION-248 with schunter, not on
16:05:30 [Chapell]
zakim, aakk is chapell
16:05:32 [Chris_IAB]
Chris_IAB has joined #dnt
16:05:39 [Zakim]
16:05:57 [Chris_IAB]
just joined on a blocked number
16:06:00 [adrianba]
zakim, [Microsoft.a] is me
16:06:01 [Zakim]
16:06:07 [Zakim]
+chapell; got it
16:06:11 [Zakim]
16:06:18 [WileyS]
I'm on now
16:06:19 [KevinT]
KevinT has joined #dnt
16:06:24 [Zakim]
+adrianba; got it
16:06:24 [WileyS]
16:06:29 [adrianba]
zakim, mute me
16:06:30 [npdoty]
Zakim, ??P88 is probably Chris_IAB
16:06:32 [Zakim]
16:06:45 [WileyS]
Although I believe the text can be collapsed to "any party representing another party"
16:06:46 [Zakim]
16:06:48 [jmayer]
... ACTION-226, dsinger worked into draft form
16:06:49 [hwest]
hwest has joined #dnt
16:06:50 [Zakim]
adrianba should now be muted
16:06:50 [ifette]
ifette has joined #dnt
16:06:54 [Zakim]
+Chris_IAB?; got it
16:06:54 [jchester2]
zakim, mute me
16:07:02 [dsinger]
notes that the integrated text and question from my action are at
16:07:04 [jmayer]
... ACTION-161, wileys working on now
16:07:18 [Zakim]
jchester2 should now be muted
16:07:20 [Zakim]
16:07:53 [jmayer]
... comments on editors' draft - please send
16:07:57 [npdoty]
16:08:03 [ifette_]
ifette_ has joined #dnt
16:08:08 [jmayer]
... want stable version for Amsterdam
16:08:13 [Zakim]
+ +1.202.386.aall
16:08:22 [jmayer]
... many options remaining, be sure to note what you can't live with
16:08:27 [ifette_]
Zakim, aall is ifette
16:08:27 [Zakim]
+ifette; got it
16:09:12 [efelten]
efelten has left #dnt
16:09:17 [npdoty]
16:09:27 [efelten]
efelten has joined #dnt
16:09:28 [jmayer]
... asking npdoty to review ACTION-235 text
16:09:44 [jmayer]
npdoty: This was an attempt at a possible compromise or consensus position.
16:10:58 [damiano]
813 is tampa, but i'm calling from google voice and not sure what my number is
16:11:02 [jmayer]
... Basic principles: flexibility and implementability. Motivations: focus on third-party data retention about user browsing history.
16:11:11 [jmayer]
... Not new, just an attempt at compromise.
16:11:15 [jmayer]
... Allows short-term logging.
16:11:56 [jchester2]
I don't think we have consensus on personalization, so we should fully discuss
16:12:16 [jmayer]
... Tried to expand on frequency capping proposal in Seattle.
16:12:33 [jmayer]
... Broad "reasonably necessary" exceptions for financial reporting, security.
16:14:32 [jmayer]
... Potential change: language about particular tracking technologies.
16:14:55 [npdoty]
I've tried to talk to several people in the group about this, thanks for all of your feedback and if I got things wrong I'm sure it's my fault
16:15:23 [jmayer]
aleecia: Expect many will want other proposals to stay on the table.
16:15:45 [jmayer]
... We've discussed all this many times, not new territory.
16:16:13 [jmayer]
... Will move towards a decision process of comparing texts side-by-side.
16:16:37 [pedermagee]
pedermagee has joined #dnt
16:16:45 [ksmith]
ksmith has joined #DNT
16:16:55 [jmayer]
... Starting with discussion of short-term logging.
16:17:04 [BrendanIAB]
BrendanIAB has joined #dnt
16:17:10 [WileyS]
Aleecia - want to confirm that within this timeframe only permitted uses or preparation for permitted uses is permitted.
16:17:21 [Brooks]
Brooks has joined #dnt
16:17:33 [jmayer]
... Similar to discussion in Seattle.
16:17:42 [WileyS]
Finance/Audit Permitted Use would cover that
16:17:54 [jmayer]
Richard Weaver, Comscore: Need to retain data longer for auditing.
16:18:30 [npdoty]
Richard mentioned a specific organizational requirement but I missed the name, can someone fill that in?
16:18:37 [robsherman]
Media Ratings Council
16:18:42 [susanisrael]
MRC-Media ratings council
16:18:53 [Brooks]
is conference bridge at max capacity? Can't seem to get in on 3 different lines
16:19:04 [jmayer]
aleecia: You get six weeks to figure out what you've collected, then retain for permitted uses.
16:19:22 [justin_]
Right, but you wouldn't be able to extract value from it past 6 weeks (i.e., correlate user 1234 from eight weeks ago with what they user does today). For better or worse.
16:19:35 [Chris_IAB]
Brooks is trying to get on, and he may have relevant input to this issue
16:19:45 [Zakim]
16:19:49 [Brooks]
Brooks is in
16:20:21 [justin_]
At least that is my understanding on npdoty's proposal.
16:20:33 [WileyS]
Okay - permitted uses, preparation for permitted uses (data minimization), and unlinkability to move data out of scope.
16:21:03 [Brooks]
16:21:03 [jmayer]
npdoty: (As the scribe understood it) - Can use for permitted uses, prep for permitted uses, or prep unlinkable datasets.
16:21:08 [Zakim]
16:21:09 [WileyS]
Justin - agreed - there was some confusion that BT was allowed within that timeframe and wanted to remove that thought off the table
16:21:19 [BrendanIAB]
Zakim, ??P9 is probably BrendanIAB
16:21:19 [Zakim]
+BrendanIAB?; got it
16:21:38 [jmayer]
John Simpson: proposal is n weeks, have discussed 6 on the call, might want that to be shorter
16:21:47 [Zakim]
16:21:59 [jmayer]
aleecia: starting with n weeks
16:22:14 [Zakim]
+ +aamm
16:22:15 [fielding]
16:22:18 [aleecia]
Operators MAY retain data related to a communication in a third-party context for up to 6 weeks. During this time, operators may render data unlinkable (as described above) or perform processing of the data for any of the other permitted uses.
16:22:27 [justin_]
WileyS, my comment was not about BT (if you mean behavioral targeting), but aggregate reporting. You can't use log data for aggregate reporting outside the N-week period. That is how I read the proposal but perhaps I am wrong.
16:22:50 [Zakim]
16:23:01 [jmayer]
npdoty: have been discussing 6 as a commonly heard number
16:23:18 [Zakim]
16:23:28 [jmayer]
aleecia: Is there anyone who can't live with this proposal?
16:23:29 [dwainberg]
16:23:36 [WileyS]
Justin, agreed - the proposal requires that the unique identifier within records be "unlinked" from production values for retention beyond 6 weeks for aggregate reporting.
16:23:39 [jmayer]
Brooks: Want more time to look at it.
16:23:56 [Zakim]
16:24:02 [Brooks]
16:24:13 [aleecia]
ack fielding
16:24:26 [jmayer]
fielding: Also want more time.
16:24:30 [Zakim]
16:24:34 [jmayer]
... Didn't understand.
16:24:38 [ksmith1]
ksmith1 has joined #DNT
16:24:41 [dsinger]
zakim, who is making noise?
16:24:46 [jmayer]
... Would like to see a diff or actual text.
16:24:48 [Chris_IAB]
just re-joined the call from Skype
16:24:52 [justin_]
zakim, who is snorting?
16:24:52 [Zakim]
I don't understand your question, justin_.
16:24:53 [Zakim]
dsinger, listening for 10 seconds I heard sound from the following: +aamm (55%), aleecia (65%), dwainberg (58%)
16:25:08 [ksmith]
ksmith has joined #DNT
16:25:10 [Zakim]
16:25:29 [dsinger]
zakim, who is on the phone?
16:25:29 [Zakim]
On the phone I see mikeo, npdoty, samsilberman, aleecia, dsriedel (muted), AnnaLong, stevebellovin, tl, RichardWeaver, efelten, vincent, robsherman, hefferjr, [Microsoft],
16:25:32 [Zakim]
... jchester2 (muted), dwainberg, damiano, justin_, Lee, cblouch, jmayer, bryan, +1.646.827.aagg, +1.206.658.aahh, [Apple], susanisrael, eberkower, Joanne, fielding, chapell,
16:25:32 [Zakim]
... adrianba (muted), vinay, WileyS, KevinT, hwest, ifette, Brooks, BrendanIAB?, +aamm, ksmith, johnsimpson, ??P7, schunter
16:25:32 [Zakim]
[Apple] has dsinger
16:25:32 [Zakim]
[Microsoft] has suegl
16:25:53 [jmayer]
16:25:58 [aleecia]
ack dwainberg
16:26:06 [jmayer]
dwainberg: Also not enough time.
16:26:15 [npdoty]
I apologize if this formatting was unclear, I tried to provide the text and then provide a description of what the changes are
16:27:06 [fielding]
On the whole, I think the suggestions are an improvement, but I don't understand why we are talking about it before reviewing an change proposal
16:27:16 [dsinger]
q+ to suggest what we're looking for...
16:27:17 [ifette]
I didn't get a chance to really consider Nick's proposal yet
16:27:42 [mikeo]
zakim, mute mikeo
16:27:43 [Zakim]
mikeo should now be muted
16:27:52 [jmayer]
aleecia: This should be familiar from prior conversations.
16:28:01 [aleecia]
ack jmayer
16:28:08 [npdoty]
fielding, some people have complained about my sharing diff-format proposals, so I tried to present the differences in english text
16:28:49 [Zakim]
16:29:22 [npdoty]
jmayer: we've been discussing this stuff for a long time, expect many people have thoughts already, specifically discussed in the form of CDT proposals discussed earlier
16:29:29 [Zakim]
16:30:01 [fielding]
npdoty, understood -- I just did not find the format readable last night, and have no idea what I am being asked to live with
16:30:06 [suegl]
zakim, [Microsoft] is me
16:30:06 [Zakim]
+suegl; got it
16:30:08 [npdoty]
... question for nick, retain data for a short-term, use where reasonably necessary
16:30:11 [susanisrael]
16:30:24 [susanisrael]
sorry i meant +q
16:30:26 [npdoty]
... do you get to keep logs with unique ids if you think it's reasonably necessary for a permitted use?
16:30:43 [aleecia]
16:30:43 [justin_]
Ugh, enough meta-discussion on "we need more time." Let's just talk. But jmayer is right that npdoty's proposal closely tracks the CDT proposal: (with the addition of the short-term usage period, which we support).
16:30:57 [Chris_IAB]
re Jonathan's first statement, call for decorum please (input should not be called "total nonsense" just because you disagree with someone's position or request)
16:31:07 [laurengelman]
laurengelman has joined #dnt
16:31:15 [susanisrael]
16:31:16 [Zakim]
16:31:58 [Chris_IAB]
Jonathan, David's point is that there is new language, and we all need time to review that language and analysis (with a very BIG industry of stakeholders)
16:32:00 [aleecia]
ack dsinger
16:32:00 [Zakim]
dsinger, you wanted to suggest what we're looking for...
16:32:00 [susanisrael]
even though people may know high level positions, sometimes people like to have time to look at language nuance. MRC auditing is not purely financial
16:32:04 [justin_]
We will not come to consensus on how appropriate wanting more time is on this call. Let's just stipulate and move on to substance.
16:32:17 [laurengelman]
i just joined the call
16:32:31 [npdoty]
npdoty: yes, I think there will be some cases where unique identifiers are retained beyond the short term period, and the reasonably necessary debate can be with your regulator or self-regulatory group
16:32:53 [npdoty]
Zakim, ??P21 is probably laurengelman
16:32:53 [Zakim]
+laurengelman?; got it
16:32:56 [dsinger]
16:33:15 [dwainberg]
@justin_ Fair enough that many/most of these are not new concepts. However, given that we received this last night, and that a detailed discussion was not on the agenda, I did not come prepared to discuss these.
16:33:31 [jmayer]
dsinger: Can maybe look at whether people can live with where this comes down on particular issues?
16:33:41 [BrendanIAB]
16:33:41 [aleecia]
16:33:50 [aleecia]
ack BrendanIAB
16:33:54 [dwainberg]
Also, I think there's some fear about issues getting closed quickly, and missing something.
16:34:14 [jmayer]
aleecia: Yes, review what people can live with.
16:34:32 [justin_]
I wish we'd gotten earlier dwainberg, but we can at least talk about ideas. But I can see why "can you not live with this" would set off alarm bells!
16:34:56 [jmayer]
BrendanIAB: 6 weeks is somewhat reasonable. Would we standardize that particular timeframe?
16:35:14 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
16:35:14 [npdoty]
as I recall, Ian had suggested 6 weeks (more than a month logging), CDT had proposed 2 weeks, I've heard 5 weeks in other suggestions
16:35:30 [jmayer]
aleecia: Date came from industry suggestions, roughly one month + some added tolerance time.
16:35:46 [dwainberg]
That was my point. If it's let us have an informal discussion and see what issues come up, that's one thing. But the "can you live with this language" has become a pavolian signal that we're trying to close issues.
16:35:47 [Zakim]
+ +1.202.507.aann
16:35:52 [Chris_IAB]
I don't remember that companies had agreed to 6-weeks
16:36:19 [dwainberg]
16:36:20 [ChrisPedigoOPA]
zakim, aann is ChrisPedigoOPA
16:36:20 [Zakim]
+ChrisPedigoOPA; got it
16:36:26 [tl]
16:36:32 [justin_]
Industry did not agree 6 weeks, ifette just mooted it as an idea (as npdoty said)
16:36:44 [Chris_IAB]
how about a poll? is that your point Brendan?
16:36:53 [npdoty]
for the various permitted uses, to be clear, you would retain data for stated retention periods that would be business-specific
16:37:12 [jmayer]
BrendanIAB: What about you must publish a retention period, but not a fixed six weeks?
16:37:23 [aleecia]
ack tl
16:37:40 [BrendanIAB]
Jmayer - that's exactly what I was suggesting
16:37:46 [Chris_IAB]
I believe industry gave feedback that more research was required... 6-weeks was pulled out by someone, but I don't believe it had been validated
16:38:01 [BrendanIAB]
it allows competition on the retention period.
16:38:13 [npdoty]
BrendanIAB, WileyS's industry proposal focuses on transparency (and potential competition) for retention periods that are based on implementer-specific decisions for each permitted use
16:38:27 [jmayer]
tl: Should have a maximum retention period.
16:38:41 [efelten]
Even with (e.g.) a 6-week limit, companies could still compete on retention period, by adopting a shorter one.
16:39:03 [npdoty]
or competition on the retention periods for their particular permitted uses?
16:39:15 [jmayer]
aleecia: Expect we'd narrow in on options - fixed period, flexible period.
16:39:20 [Chris_IAB]
What is "6-weeks" based on? A best guess by people on this working group? Is there another basis for this seemly arbitrary number of 6-weeks?
16:39:38 [justin_]
Chris_IAB, aleecia just explained the provenance of the 6 week period.
16:39:52 [jmayer]
Lee Tien: The six weeks is a maximum, right? Could compete with shorter periods?
16:40:13 [jmayer]
justin_, shhh, Chris_IAB is busy hitting his talking points today. Decorum!
16:40:34 [amyc]
amyc has joined #dnt
16:40:40 [fielding]
q+ to ask what is required at the 6 week boundary
16:40:52 [aleecia]
ack fielding
16:40:52 [Zakim]
fielding, you wanted to ask what is required at the 6 week boundary
16:40:56 [Chris_IAB]
justin_, looking for more than "it seems that people might be able to live with it based on a past conversation" (such conversation I was apart of, and don't recall in the same manner)
16:41:35 [WileyS]
Logged-in would be 1st party
16:42:00 [WileyS]
Made unlinkable I believe is the goal - so removal of unique identifiers would be "enough"
16:42:04 [Brooks]
Logged in does not have to be 1st party - think facebook
16:42:05 [aleecia]
todo: explain what happens when data is not retained, and perhaps just link to where it is elsewhere
16:42:08 [Chris_IAB]
jmayer, do you have something substantive to add on this subject? The rest of us are trying to get to the point...
16:42:09 [jmayer]
fielding: Need clarity on what constitutes unlinkable data.
16:42:10 [fielding]
WileyS, not in practice
16:42:43 [susanisrael]
+1 to reducing sniping
16:42:43 [jmayer]
aleecia: Stop sniping on IRC.
16:43:02 [susanisrael]
chris, jmayer is just scribing i think
16:43:30 [fielding]
I have no means to programmatically determine what is "linkable". I would need a list of fields to remove from the logs.
16:43:33 [npdoty]
current definitions on unlinkable are here:
16:43:41 [WileyS]
Brooks and Roy - I took your statement to say "authentication logs" - are you suggesting Facebook authenticates users in a 3rd party context in a manner that would have them operating as 3rd party (vs 1st party)?
16:43:54 [jmayer]
npdoty: <some attempted explanation of unlinkability>
16:44:23 [justin_]
I think fielding's point is that we need certainty around the definition of delinking in order to meaningfully know how to meet the N-week period. Do you want more prescriptive language on unlinkability?
16:44:33 [jmayer]
fielding: Want to know about specific fields, e.g. must drop IP, must drop query parameters, ...? Don't need clarification immediately, but want it for drafting stage.
16:45:18 [jmayer]
npdoty: The group has discussed linkability a number of times. Data where you don't know about linkability is a separate issue.
16:45:24 [Brooks]
My understanding is that Facebook keeps the u= cookie so long as a user is in a logged in state. Don't know how they maintain logged in state (ie is it REMOTE_USER) don't know
16:46:00 [ifette]
16:46:04 [ifette]
16:46:08 [npdoty]
fielding's concern is related to the possibility that query parameters might include, unbeknownst to you, personally-identifiable information (like Web searching for my name)
16:46:10 [ifette]
16:46:14 [npdoty]
16:46:18 [jmayer]
I think we're very close on unlinkability. The DAA definition is roughly can't be linked to a particular user/device/...
16:46:23 [WileyS]
Justin, see the proposal for unlinkablity I submitted in Seattle
16:46:28 [ifette]
q+ to answer aleecia's question
16:46:37 [aleecia]
ack ifette
16:46:37 [Zakim]
ifette, you wanted to answer aleecia's question
16:46:56 [aleecia]
specifically: raw log files
16:47:14 [justin_]
WileyS, I think jmayer is right that we're close conceptually, but it sounds like fielding wants more certainty about which fields to strip. (?)
16:47:21 [WileyS]
Jonathan - our goal is to break the tie between production and retention state identifiers - such that aggregate reporting still operates correctly but the data can't be used to modify a user's experience in anyway
16:47:39 [dsinger]
I think it's 'tracking data' (not well defined) that is *outside* a claimed permitted use that we need to discuss
16:47:44 [npdoty]
justin, I agree, maybe the motivation is that we want an implementers' guide, 'just drop these fields'
16:47:51 [jmayer]
ifette: Thought we'd allow keeping a single copy of log files, access based on permitted uses.
16:48:14 [WileyS]
Justin - that's fair. My thought was unique identifiers (ID/IP) would need to be "cleansed" to meet unlinkability.
16:48:35 [npdoty]
I think aleecia and ifette agree, in that if you don't have a permitted use to keep the log files you would have to get rid of them, but if you do, then you can keep the data in whatever form is appropriate
16:48:38 [BrendanIAB]
Clarification: when we're talking about "log files", we're talking specifically about the records in the log files that have the DNT signal, correct?
16:48:49 [jmayer]
aleecia: Nick's proposal wouldn't require multiple copies.
16:48:50 [justin_]
16:49:04 [justin_]
Yes, BrendanIAB.
16:49:07 [npdoty]
BrendanIAB, yes, I don't think anyone has suggested changing retention for non-DNT users
16:49:10 [aleecia]
16:49:15 [efelten]
Yes, Brendan, this is just for records from DNT:1 interactions.
16:49:47 [BrendanIAB]
Right, let's make sure that the language doesn't imply the former, since we do mean the latter.
16:49:59 [aleecia]
Retaining and using data for frequency capping of online advertisements is allowed if the tracking identifier is only retained in a form that is unique to each super-campaign (e.g., one-way hashed with a campaign id) and does not include retention of the user's browsing history or activity trail (page URIs on which the ads were delivered). Implementers SHOULD NOT create detailed profiles of user browsing activity or user behavior based on their ad frequency
16:50:00 [aleecia]
history, for example, by retaining identifiers unique to ad impressions served on individual pages.
16:50:07 [jmayer]
aleecia: Moving to frequency capping.
16:50:37 [WileyS]
16:50:57 [aleecia]
ack WileyS
16:51:39 [Zakim]
16:51:43 [Zakim]
- +1.206.658.aahh
16:51:59 [Brooks]
Is "super campaign" something that is clearly defined?
16:52:24 [eberkower]
Not that I'm aware of
16:52:28 [dwainberg]
that was going to be my question. I'm not sure I'm clear on what that is.
16:52:38 [justin_]
WileyS, is that still tied to user? Don't show user 1234 the ad on Yahoo! cars x times/week? Or don't show over 50000 ads on Yahoo! cars?
16:52:39 [dwainberg]
Actually, I'm sure that I'm not clear. :)
16:53:04 [fielding]
brooks, no -- it was just made up to include "campaigns or a union of multiple campaigns"
16:53:09 [Brooks]
I can tell you that I bet you could go to a WPP business, ask 10 people and get 10 different defintions of a "campaign"
16:53:17 [WileyS]
Just wanted to make sure I was capturing your intent Nick
16:53:41 [jmayer]
wileys: Can retain list of URLs user has visited for frequency capping?
16:53:59 [aleecia]
(Can hash against URL, rather than campaign ID)
16:54:38 [jmayer]
(Apologies for not accurately transcribing Shane's comment - Chris Mejia was trying to lecture me about professionalism in DMs. Most entertaining.)
16:54:53 [WileyS]
UserID*SiteURL + Campaign ID vs. User ID + Campaign ID (Super Campaign)
16:54:55 [susanisrael]
16:55:03 [npdoty]
scribenick: susanisrael
16:55:11 [aleecia]
16:55:27 [susanisrael]
aleecia: need a little work to clarify how freq capping works re: need to limit frequency on pages or areas
16:55:33 [Zakim]
16:55:39 [Brooks]
shane, again I am not sure "campaign" is even well defined
16:55:45 [amyc]
16:55:46 [aleecia]
defn super-campaign
16:55:51 [aleecia]
ack amyc
16:55:52 [susanisrael]
....may be productive conversation to happen with shane. also need definition of campaign/supercampaign
16:55:56 [npdoty]
my thinking was that WileyS may be suggesting another technique that would also achieve the goal (not retaining URL histories), and that might also get the support of the group
16:56:31 [Zakim]
16:56:31 [susanisrael]
amy: we would be happy to participate in conversation but would also like to define purpose of frequency capping to avoid needing definitions of things like supercampaign
16:56:40 [susanisrael]
aleecia: can just explain concept?
16:56:50 [susanisrael]
amy: yes then standard can be more flexible
16:56:52 [justin_]
Agree strongly with amyc that we don't need to add defs.
16:57:06 [Zakim]
16:57:15 [susanisrael]
johnsimpson: curious why this is a should not rather than must not re: creating detailed profiles of users
16:57:31 [susanisrael]
aleecia: don't remember why we agreed on that but it reflects where group landed
16:57:39 [fielding]
ditto, it doesn't make sense as a SHOULD NOT
16:57:42 [susanisrael]
npdoty: think that was my addition
16:57:46 [aleecia]
Implementers SHOULD NOT create detailed profiles of user browsing activity or user behavior based on their ad frequency history...
16:58:01 [vincent]
my understanding is that we would have two tables one with <hash(campagnID,userID,URL), adID > and one with <hash(campagnID,userID), adID >, is that correct WileyS ?
16:58:04 [susanisrael]
npdoty: thought it was hard to precisely define, if people are fine with must not, great
16:58:10 [amyc]
16:58:14 [aleecia]
ack amyc
16:58:17 [susanisrael]
aleecia: any pushback on changing form should to must?
16:58:30 [npdoty]
if people prefer MUST NOT, that's fine
16:58:30 [susanisrael]
amy: maybe that sentence not necessary
16:58:48 [susanisrael]
amy: permitted uses may cover this already in shane's draft
16:58:53 [fielding]
agree, it is redundant
16:59:03 [aleecia]
16:59:10 [susanisrael]
aleecia: may make sense to add in non normative language here if people read only a section at a time
16:59:15 [bryan]
"should not" is typically allowed if there are reasonable limitations due to technical feasibility. given this is a new technology with substantial impacts, this latitude should be given
16:59:28 [WileyS]
vincent, correct - the result would be neither record for the same user would be matchable
16:59:32 [npdoty]
I was trying to distinguish between use and retention, i.e., you shouldn't retain the data if it reveals a sensitive profile
17:00:04 [vincent]
17:00:04 [susanisrael]
aleecia: no one says they can't live with fc, some suggestions on implementation from shane, may be better todescribe than define supercampaign, and sentence "implementers should not" should be moved to nonnormative language was another suggestion
17:00:19 [susanisrael]
npdoty: ok, is amy volunteering?
17:00:34 [aleecia]
1. move from super-campaign to description, 2. discussion with Shane around methods, 3. non-normative text for not profiling
17:00:42 [susanisrael]
amy: can help out but not sure of action item, would just like to understand frequency capping suggestions a bit more
17:00:53 [fielding]
17:01:00 [aleecia]
ack fielding
17:01:03 [susanisrael]
aleecia: nonnormative text re not creating profiles would help
17:01:09 [aleecia]
sorry Roy - one moment
17:01:10 [susanisrael]
amy: ok, can do that
17:01:19 [justin_]
johnsimpson, that concept is addressed elsewhere in the text
17:01:23 [susanisrael]
john simpson: confused about suggestion
17:01:27 [justin_]
We're all agreed that's not appropriate.
17:01:58 [susanisrael]
aleecia: was just saying don't need to repeat something that is said elsewhere in normative text, so can add normative text here in case someone needs a reminder of what applies
17:02:02 [npdoty]
action: amy to draft text on freq. capping that would avoid new definitions and/or remove redundant normative requirement (with nick and shane?)
17:02:02 [trackbot]
Created ACTION-254 - Draft text on freq. capping that would avoid new definitions and/or remove redundant normative requirement (with nick and shane?) [on Amy Colando - due 2012-09-19].
17:02:36 [susanisrael]
roy: was going to note that there is a tendency to move things to nonnormative sections but they shouldn't contain things like that, should be a must not
17:02:49 [susanisrael]
aleecia: why can't non normative refer to other place in document?
17:03:02 [amyc]
hey Nick, I'm volunteering to help out with (3), but the frequency cap definition I was hoping that Shane could take lead on. happy to help out though
17:03:02 [susanisrael]
roy: it can but can't create a requriement
17:03:20 [susanisrael]
aleecia: just trying to reference normative section that creates requirement
17:03:26 [susanisrael]
roy: i don't see a need for that
17:03:29 [WileyS]
Happy to take this on - but I'm on vacation for the next week and will miss next week's meeting so I'll need more time.
17:03:31 [npdoty]
I think aleecia is suggesting non-normative text that would only refer the reader to an existing normative section with requirements
17:03:34 [aleecia]
double-check that there is a global norm req
17:03:41 [susanisrael]
aleecia: should double check that it's normative language elsewhere
17:03:48 [aleecia]
17:03:59 [amyc]
just want to make sure that someone more tehchnical involved in frequency cap specifics
17:04:03 [susanisrael]
aleecia: we're getting to something that's pretty close on this, will move to financial reporting and auditing
17:04:05 [aleecia]
To the extent required by law, third parties may engage in tracking as is reasonably necessary for financial reporting and auditing. Data necessary for recording unique ad impressions, positions and interactions may be retained for this permitted use.
17:04:20 [susanisrael]
pasting in normative seciton re: financial reporting permitted use
17:04:51 [susanisrael]
aleecia: reads fin reporting/auditing language permitted use language from nick's proposal. no comments
17:04:58 [npdoty]
17:05:02 [aleecia]
ack npdoty
17:05:04 [susanisrael]
aleecia: if no comments we may be able to agree on this quickly
17:05:30 [dwainberg]
17:05:34 [jchester2]
I think this needs to be discussed further. It depends on interpretation of the law and needs to be balanced with industry standard practices. We need to have a definite time period.
17:05:44 [ifette]
why do we need to "allow" auditing?
17:05:45 [ifette]
17:05:45 [aleecia]
ack dwainberg
17:05:47 [susanisrael]
npdoty: noted one open question there. might be some services that would retain identifiable data for auditing for significant period of time just to make customer s more comofrtable
17:05:49 [ifette]
auditing isn't prohibited...
17:05:55 [susanisrael]
nick: want sense of group on this?
17:05:56 [jchester2]
+q unmute me, please
17:06:04 [Chapell]
+1 to auditing beyond legal requirements
17:06:05 [npdoty]
q- unmute
17:06:08 [ifette]
q- i think i may have misunderstood
17:06:11 [ifette]
17:06:13 [Chris_IAB]
npdoty, when you say auditing, are you referring to ad verification services?
17:06:17 [npdoty]
q- please
17:06:19 [susanisrael]
dwainberg: understand concern about loophole but need some flexibility on that due to real business requirements
17:06:26 [aleecia]
ack ifette
17:06:27 [ifette]
17:06:28 [ifette]
not me
17:06:29 [ifette]
17:06:33 [aleecia]
17:06:35 [susanisrael]
aleecia: hearing one branch to something other than required by law
17:06:38 [aleecia]
ack jchester
17:07:07 [susanisrael]
jeff: think we need to have more informatio nsupplied here quickly. want to see what industry standards are for financial reporting. can interpret law differently
17:07:22 [susanisrael]
jeff: don't want to get to situation of difrerence on law
17:07:32 [Chris_IAB]
Jeff, respectfully, the IAB doesn't publish such a standard (financial reporting is out of our scope)
17:07:34 [susanisrael]
jeff: call on regulators to supply this info (which info?)
17:07:37 [jchester2]
mute me, please
17:07:38 [npdoty]
Chris_IAB, yes, that's what I meant about auditing beyond legal requirements, maybe I should be using other terminology, very happy to accept suggestions on that
17:07:49 [npdoty]
Zakim, mute jchester2
17:07:49 [Zakim]
jchester2 should now be muted
17:07:58 [susanisrael]
aleecia: hearing required by law not flexible enough for biz, clear enough for privacy advocates
17:08:09 [Chris_IAB]
npdoty, no prob and thanks-- just trying to see if we are on the same page with the lingo :)
17:08:22 [susanisrael]
aleecia: have not been willing to get auditors to speak on record-if you can that would be welcome
17:08:28 [npdoty]
I was hoping "required by law" would let us avoid having to determine particular requirements within the WG
17:08:41 [susanisrael]
aleecia: hearing this phrase will not work for many. anyone in favor? nick
17:08:45 [justin_]
17:08:50 [aleecia]
ack justin_
17:08:52 [susanisrael]
aleecia: if no strong supprot for this need another metric
17:09:10 [Brooks]
17:09:15 [susanisrael]
justin: don't understand if billing out of scope
17:09:37 [fielding]
Most third-party audits are required by customers or as a regular part of business (annual), IIRC.
17:09:39 [susanisrael]
npdoty: tried to call out billing for ad impressions, thought that would be understood to be required by law
17:09:45 [susanisrael]
justin: don't think that's right
17:09:47 [fielding]
17:10:01 [Chris_IAB]
law vs. contract law?
17:10:04 [aleecia]
ack brooks
17:10:07 [susanisrael]
justin: this would be contract not law requirement, might need to write more expansively
17:10:25 [susanisrael]
brooks: diff between law and contract
17:10:36 [WileyS]
17:10:36 [npdoty]
justin: I don't think keeping logs in order to do billing is required by law
17:10:38 [justin_]
We need to find a middle ground between law and contract law. But I have no idea how to do that!
17:10:40 [jchester2]
Can the DAA and IAB/EU supply the set of industry standard practice documents related to billing. etc.
17:10:48 [Chapell]
.... auditing, including but not limited to ad vertification, billing, measurement, determining descrepancies in impression counts, etc
17:11:00 [susanisrael]
brooks: sarbox implicated but intersection of 2
17:11:07 [ifette]
17:11:08 [dsinger]
q+ to note the general conditions
17:11:10 [npdoty]
agreement from 5/23 was "Adherence to laws, legal and judicial process, and regulations take precedence over this standard when applicable, but contractual obligations do not."
17:11:32 [WileyS]
17:11:33 [fielding]
17:11:41 [susanisrael]
aleecia: meme proposed language re: old contracts remaining in force, not create new contracts shouldn't contradict requirements
17:11:50 [susanisrael]
aleedia: npdoty proposed law trumps
17:12:00 [aleecia]
17:12:06 [WileyS]
Nick - this is an issue of financial/tax law - if I enter into a contract and bill someone for XYZ, I need to retain proof that I delivered XYZ (receipt)
17:12:07 [susanisrael]
aleecia: so conflict between law/contract is covered
17:12:10 [Chris_IAB]
jchester, IAB doesn't have such a doc -- financial reporting is really out of scope for our practice, yet the necessity exists (we just don't stipulate any practices for them)
17:12:11 [aleecia]
ack WileyS
17:12:22 [fielding]
17:12:37 [Chapell]
17:12:45 [justin_]
That would invalidate future CPA implementations, which seems extreme. Maybe if we disassociate billing (relatively short term) from auditing (long term)? Just thinking out loud.
17:13:07 [susanisrael]
shane: said in irc too but we are saying contracts don't supercede law, but saying that re: finance and tax law, if you agree on something in contract you need to retain proof that you fulfilled obligations that you would deliver certain things
17:13:08 [Brooks]
shane, well said
17:13:19 [susanisrael]
shane: contracts are subject to law, need to document performance
17:13:27 [Chris_IAB]
and further to Shane's point, these laws and regs are highly jurisdictional around the world
17:13:27 [susanisrael]
shane: it's circular
17:13:32 [aleecia]
ack ifette
17:13:36 [jchester2]
But Shane, the contract device could be used to retain data far beyond what are the standard practices agreed to by the major advertisers
17:14:20 [justin_]
Contract law does not per se require independent auditing obligations, but if statutory law requires retention of billing contracts, that's different and I think we can agree that should be allowed.
17:14:26 [susanisrael]
ian: way that i find helpful to look at this is that jonathan and others are trying to forbit adding contract language solely to require retention of data when would not otherwise be able to do it
17:14:27 [WileyS]
Jeff, its not the contract that's the issue, its the federal, state, and local finance and tax laws that drive the retention of the elements contained in the contract
17:14:40 [npdoty]
WileyS, per that point, if you had a contract that required behavioral reporting (delivery only to people who had visited certain other sites, say), would you suggest that financial reporting law would require retaining data to prove that's fulfilled?
17:14:44 [susanisrael]
ian: think you can look at requirements from contracts vs legal from contracts
17:14:45 [Brooks]
jeff, perhaps but if law tells me I need to keep data to assure that a contract was fulfilled that is out of the advertisers hands
17:14:52 [Chris_IAB]
justin_, that approach seems reasonable to me at first glance, thanks
17:15:02 [susanisrael]
ian: think this is a distinction we need to follow
17:15:02 [efelten]
17:15:19 [aleecia]
ack dsinger
17:15:19 [Zakim]
dsinger, you wanted to note the general conditions
17:15:27 [susanisrael]
ian: don't think saying contracts grant you no rights to keep data will work in and of itself
17:15:29 [jchester2]
We don't have a clear understanding of what the law requires. Sarbannes/OIx can be interpreted in mutliple ways. We need to have a definite time period.
17:15:41 [Zakim]
17:15:51 [ifette]
+1 to dsinger
17:15:54 [efelten]
17:15:59 [Chris_IAB]
agree with dsinger verbal point
17:16:03 [susanisrael]
dsinger: need to say that if you retain data for permitted use it's your job to make sure it's used only for permitted use, i,e reporting/auditing for which it should be the minimum needed
17:16:05 [npdoty]
"Secondary Use" is listed in the additional/general requirements
17:16:13 [susanisrael]
dsinger: may be better to focus on function
17:16:14 [dwainberg]
Jeff, I get the issue. I don't think it'll be possible to establish a definite period in the way you want.
17:16:23 [Chris_IAB]
great suggestion David
17:16:29 [susanisrael]
aleecia: will you (david singer) work with nick on language
17:16:47 [aleecia]
ack Chapell
17:16:48 [jchester2]
Can the NAI supply to the list the standard agreements used by the IAB/US, AAAA, etc?
17:16:50 [susanisrael]
npdoty: i think we already have text prohibiting secondary use but if we need clarifying text happy to work on it
17:17:16 [justin_]
I think the action should be translating what ifette described into the existing language.
17:17:24 [susanisrael]
alan chappell: this triggered memory of an issue I have encountered. pharma industry forbids advertising to clients in uk
17:17:38 [dwainberg]
Jeff, the standard I/O is available on the web. But I don't think it provides the info you want, and is not the only contract in use.
17:17:41 [npdoty]
justin, can you describe that action in more detail for me?
17:17:48 [Chris_IAB]
jchester2 are you referring to the IAB & AAAA Standard Terms and Conditions for Display Advertising?
17:17:59 [Chris_IAB]
if yes, I can supply the link here
17:18:00 [susanisrael]
alanchappell: had to show that ad agency and dsp did not serve the ads. it's edge case but sometimes you need records to prove something
17:18:09 [Chris_IAB]
but I don't think you will find what you are looking for...
17:18:16 [susanisrael]
alanchappell: reaching for more broad framework than law and auditing
17:18:18 [fielding]
I would think that siloing data by audit target would be a more useful limitation.
17:18:24 [susanisrael]
aleecia: suggestions?
17:18:31 [susanisrael]
alanchappell: will work with nick
17:18:40 [susanisrael]
aleecia: or make suggestions to mailing list
17:18:42 [jchester2]
yes, those. And if you could point to the group where they discuss financial reporting, payment requirements, auditing. Many thanks!
17:18:52 [justin_]
Sure, if statutory law requires retention for auditing of performance of a contract, that is allowed, but the contract cannot indepedently require extra retention for that purpose. Or something like that. Not sure if that's workable but that seemed to be where consensus was headed.
17:19:08 [Chris_IAB]
it doesn't go into such billing detail, and in practice it also only serves as only a basis for the negotiation of a contract (hardly ever accepted as-is)
17:19:10 [npdoty]
as we do increasing levels of review, we should get exposure of new use cases
17:19:12 [susanisrael]
aleecia: hearing that on frequency capping we are not comfortable
17:19:28 [susanisrael]
want to go throug remaining uses: next = security and fraud
17:19:28 [aleecia]
Operators MAY retain data related to a communication in a third-party context to use for detecting security risks and fraudulent activity, defending from attacks and fraud, and maintaining integrity of the service. This includes data reasonably necessary for enabling authentication/verification, detecting hostile transactions and attacks, providing fraud prevention, and maintaining system integrity. In this example specifically, this information MAY be used to
17:19:29 [aleecia]
alter the user's experience in order to reasonably keep a service secure or prevent fraud. Operators SHOULD use graduated or triggered responses where feasible.
17:19:41 [susanisrael]
susan israel thinks aleecia just meant financial/auditing in last comment
17:19:59 [susanisrael]
aleecia reads fraud/secutiry permitte use language from nick's draft
17:20:06 [jchester2]
Chris from IAB: Can you review for us the relevant items in such docs as:;
17:20:15 [dsinger]
notes we'll need an example in an annex on what we mean by 'graduated or triggered' :-)
17:20:21 [Chris_IAB]
jchester2, here it is:
17:20:32 [susanisrael]
aleecia: agree that we need examples for security and fraud uses
17:20:36 [npdoty]
I think someone wanted to take an action on new proposals regarding financial reporting permitted use
17:20:42 [susanisrael]
aleecia: any other reaction?
17:20:55 [Chapell]
17:21:02 [fielding]
17:21:04 [susanisrael]
aleecia: alan chappell would you take action to work on proposals for financial reporting? yes
17:21:07 [aleecia]
ack fielding
17:21:27 [susanisrael]
roy: it should also include case of recording data collected for use in pattern matching for third party
17:21:27 [dwainberg]
17:21:31 [susanisrael]
aleecia: explain?
17:21:38 [susanisrael]
roy: it's confidential
17:21:43 [Chris_IAB]
jchester, I'm quite familiar with those "best practices"; they are very high level and only a recommendation
17:22:04 [susanisrael]
aleecia: think you are trying to get at "have seen fraud before with certain data pattern, want to retain data that looks like that right?
17:22:12 [jchester2]
Chris from IAB: It would be great if you could share with the list thelanguage in the standards--as well as with the AAAA and international ad bodies--that relate to this issue. Can you do? Thanks
17:22:19 [Chris_IAB]
17:22:25 [npdoty]
action: chapell to work on financial reporting text (with nick, ian) as alternative to legal requirements
17:22:25 [trackbot]
Created ACTION-255 - Work on financial reporting text (with nick, ian) as alternative to legal requirements [on Alan Chapell - due 2012-09-19].
17:22:39 [susanisrael]
roy: no, third party companies collect to create pattern matching after the fact, just trying to find patterns
17:22:46 [susanisrael]
aleecia: can you draft?
17:22:50 [npdoty]
action-255: justin may be able to help with that
17:22:50 [trackbot]
ACTION-255 Work on financial reporting text (with nick, ian) as alternative to legal requirements notes added
17:22:59 [susanisrael]
roy: i can't put it in writing on an email message
17:23:00 [amyc]
17:23:03 [susanisrael]
can anyone?
17:23:18 [susanisrael]
aleecia: can anyone take this?
17:23:20 [Chris_IAB]
not sure I understand the requested action?
17:23:31 [npdoty]
is it not data for detecting hostile transactions and attacks?
17:23:35 [amyc]
clarifying question for Roy
17:23:42 [Chris_IAB]
fraud and security
17:23:46 [amyc]
same question as Nick, actually
17:23:47 [susanisrael]
roy: if there is just a general thing that says dnt does not impact data collection for preventing fraud and attacks that is sufficient
17:24:00 [susanisrael]
roy: do not want to make that data avail for other purpose
17:24:06 [npdoty]
agree, we should not specify detailed mechanisms
17:24:13 [susanisrael]
aleecia: you want "includes but not limited to....right?
17:24:22 [dsinger]
zakim, who is making noise?
17:24:32 [amyc]
17:24:33 [susanisrael]
aleecia: does general case statement make sense to you?
17:24:33 [Zakim]
dsinger, listening for 10 seconds I heard sound from the following: damiano (3%)
17:24:47 [npdoty]
Zakim, mute damiano
17:24:47 [Zakim]
damiano should now be muted
17:24:48 [fielding]
includes but not limited to sounds good
17:24:52 [Chris_IAB]
17:24:58 [aleecia]
17:25:01 [susanisrael]
aleecia: not seeing some reason why general language would not cover-so maybe we are ok
17:25:06 [aleecia]
ack dwainberg
17:25:27 [Chris_IAB]
17:25:43 [susanisrael]
dwainberg: would prefer rather than "to extent reasonably necessary " just say can't be used for any other purpsose
17:26:04 [tl]
Right, and we obviously can't use words which have meanings.
17:26:08 [susanisrael]
dwainberg: second point: uncomfortable with use of word fraud, which is used for impression fraud in ad industry
17:26:23 [Chris_IAB]
deceptive, in addition to fraud
17:26:28 [susanisrael]
dw: prefer for prevention of security problems and malicious behavior
17:26:28 [Zakim]
17:26:31 [Brooks]
can we use the term "high quality" in place of fraud?
17:26:35 [ksmith]
ksmith has left #DNT
17:26:52 [susanisrael]
aleecia: have talked about this before. can you help with phrase that gets beyond legal version of "fraud"
17:27:01 [dwainberg]
"the detection and prevention of malicious or invalid activity"
17:27:08 [Chris_IAB]
click fraud, but also impression fraud
17:27:20 [fielding]
deception, fraud, or malicious activity
17:27:29 [susanisrael]
aleecia: dw suggestions prevention and detection of malicious and invalid activity
17:27:39 [Chris_IAB]
17:27:41 [susanisrael]
susan would deceptive be better than invalid?
17:27:55 [aleecia]
illegit, e.g. bots
17:28:07 [susanisrael]
dw: companies can identify activity that's not malicious but not valid impressions, needs to be filtered
17:28:11 [npdoty]
while it may be hard for me to convince advocates/regulators on a broad security exception for anything reasonably necessary, it will be much harder for me to win consensus for retaining anything (not even necessary) related to security
17:28:24 [susanisrael]
aleecia: illegitimate? can you draft one or 2 sentences?
17:28:27 [susanisrael]
dw: yes
17:28:29 [BrendanIAB]
It may include bots and things other than bots
17:28:33 [BrendanIAB]
like accidental clicks
17:28:41 [susanisrael]
dw: to first point, any response? i would act on this?
17:29:00 [dsinger]
it's legitimate *activity*, it's not a legitimate *impression*, when a bot 'views' an ad
17:29:06 [susanisrael]
npdoty: i am hoping the reasonably necessary language would work, already a big move for advocates
17:29:18 [susanisrael]
dw: will consider and connect offline to discuss
17:29:27 [Chris_IAB]
was still in the q
17:29:31 [susanisrael]
aleecia: one minute left, 2 more to work through
17:29:33 [aleecia]
Operators MAY retain data related to a communication in a third-party context to use for identifying and repairing bugs in functionality. As described in the general requirements [reference to Minimization section], services MAY collect and retain data from DNT:1 users ONLY when reasonably necessary to identify and repair errors in functionality. Services SHOULD use graduated responses where feasible.
17:29:37 [aleecia]
ack chris_iab
17:29:43 [Zakim]
17:29:45 [Zakim]
17:29:46 [npdoty]
action: wainberg to propose update on security/fraud regarding deception/ad fraud
17:29:46 [trackbot]
Created ACTION-256 - Propose update on security/fraud regarding deception/ad fraud [on David Wainberg - due 2012-09-19].
17:29:47 [susanisrael]
chris: just wanted to reiterate a couple things.
17:30:14 [susanisrael]
chrisss_iab: when you collect data you don't know there is a pattern, you collect it and then look for pattern
17:30:18 [Zakim]
17:30:21 [susanisrael]
aleecia: appreciate the problem
17:30:27 [efelten]
Is it really a secret how this kind of technology works, in general terms?
17:30:35 [Zakim]
17:30:50 [Zakim]
17:30:53 [Zakim]
17:30:56 [susanisrael]
chris_iab: i like approach of either word reasonable or just limiting to this purpose
17:31:06 [susanisrael]
aleecia: so there may be a counterprposal there
17:31:18 [dwainberg]
Ed, there's great sensitivity about disclosing details because it's an ongoing cat-and-mouse game w/ bad actors.
17:31:19 [susanisrael]
aleecia reads normative text for debugging from nick's proposal
17:31:21 [Zakim]
17:31:22 [npdoty]
I think there's support on using general terms, both because it's a more flexible spec and it avoids concerns about IPR
17:31:39 [efelten]
I understand that people want to keep details of specific products secret. But general outlines are well known.
17:31:40 [dwainberg]
Bad actors are constantly inventing new ways to try to mask their behavior.
17:31:43 [Chris_IAB]
efelton, yes, very secret... we don't want that kind of intel to get into the hands of nefarious actors
17:31:46 [susanisrael]
aleecia: probably need to take this to mailing list
17:31:48 [Zakim]
17:32:01 [fielding]
efelten, probably not, but it is difficult to know what parts are proprietary and which are already published somewhere
17:32:20 [vincent]
not sure that should cover accidental clicks though...
17:32:25 [susanisrael]
aleecia: favor to ask. will need to use mailing list heavily in next few weeks. Please proofread to see if you can make your point in the most civil possible way that will help us to move forward
17:32:26 [Zakim]
- +1.646.827.aagg
17:32:38 [efelten]
Yeah, people not NDA'ed might be able to contribute more on these points.
17:32:46 [susanisrael]
aleecia: i owe you all work on the tripartite state, that's late and on me, coming soon
17:32:50 [Zakim]
17:32:51 [Zakim]
17:32:51 [Zakim]
17:32:52 [Zakim]
17:32:53 [Zakim]
17:32:54 [Zakim]
17:32:54 [Zakim]
17:32:54 [Zakim]
17:32:55 [efelten]
efelten has left #dnt
17:32:57 [Zakim]
17:32:57 [susanisrael]
aleecia: thanks, look forward to speaking soon
17:32:58 [Zakim]
17:33:00 [Zakim]
17:33:00 [npdoty]
rrsagent, make logs public
17:33:02 [Zakim]
17:33:04 [npdoty]
rrsagent, draft minutes
17:33:04 [RRSAgent]
I have made the request to generate npdoty
17:33:04 [Zakim]
17:33:06 [Zakim]
17:33:08 [npdoty]
Zakim, list attendees
17:33:08 [Zakim]
17:33:10 [Zakim]
17:33:12 [Zakim]
17:33:14 [Zakim]
17:33:16 [Zakim]
17:33:18 [Zakim]
17:33:20 [Zakim]
- +aamm
17:33:22 [Zakim]
17:33:24 [Zakim]
17:33:26 [Zakim]
17:33:28 [Zakim]
As of this point the attendees have been +44.186.573.aaaa, npdoty, samsilberman, mikeo, aleecia, dsriedel, +1.919.388.aabb, +1.202.326.aacc, tl, +1.703.438.aadd, efelten,
17:33:31 [Zakim]
... stevebellovin, vincent, +1.202.370.aaee, AnnaLong, +1.813.366.aaff, RichardWeaver, robsherman, jchester2, dwainberg, damiano, justin_, Lee, cblouch, johnsimpson, suegl, jmayer,
17:33:34 [Zakim]
... hefferjr, bryan, +1.646.827.aagg, +1.206.658.aahh, +1.917.934.aaii, +1.646.654.aajj, dsinger, Joanne, susanisrael, eberkower, fielding, +1.646.666.aakk, vinay, chapell,
17:33:37 [Zakim]
... adrianba, WileyS, KevinT, Chris_IAB?, hwest, +1.202.386.aall, ifette, Brooks, BrendanIAB?, +aamm, ksmith, schunter, laurengelman?, +1.202.507.aann, ChrisPedigoOPA, [Microsoft]
17:33:40 [Zakim]
17:33:42 [Zakim]
17:33:44 [Zakim]
17:33:46 [Zakim]
17:33:48 [Zakim]
17:34:16 [schunter]
17:34:31 [Zakim]
17:34:41 [cblouch]
cblouch has left #dnt
17:34:45 [robsherman]
robsherman has left #dnt
17:39:31 [Zakim]
disconnecting the lone participant, AnnaLong, in T&S_Track(dnt)12:00PM
17:39:33 [Zakim]
T&S_Track(dnt)12:00PM has ended
17:39:33 [Zakim]
Attendees were +44.186.573.aaaa, npdoty, samsilberman, mikeo, aleecia, dsriedel, +1.919.388.aabb, +1.202.326.aacc, tl, +1.703.438.aadd, efelten, stevebellovin, vincent,
17:39:33 [Zakim]
... +1.202.370.aaee, AnnaLong, +1.813.366.aaff, RichardWeaver, robsherman, jchester2, dwainberg, damiano, justin_, Lee, cblouch, johnsimpson, suegl, jmayer, hefferjr, bryan,
17:39:35 [Zakim]
... +1.646.827.aagg, +1.206.658.aahh, +1.917.934.aaii, +1.646.654.aajj, dsinger, Joanne, susanisrael, eberkower, fielding, +1.646.666.aakk, vinay, chapell, adrianba, WileyS,
17:39:37 [Zakim]
... KevinT, Chris_IAB?, hwest, +1.202.386.aall, ifette, Brooks, BrendanIAB?, +aamm, ksmith, schunter, laurengelman?, +1.202.507.aann, ChrisPedigoOPA, [Microsoft]
17:40:03 [npdoty]
Meeting: Tracking Protection Working Group teleconference
17:40:08 [npdoty]
Chair: aleecia
17:40:11 [npdoty]
rrsagent, draft minutes
17:40:11 [RRSAgent]
I have made the request to generate npdoty
17:54:20 [tlr]
tlr has joined #dnt
18:03:10 [mischat]
mischat has joined #dnt
18:14:17 [aleecia]
aleecia has joined #dnt
20:20:37 [aleecia]
aleecia has joined #dnt
20:23:25 [tl]
tl has joined #dnt
21:30:00 [tl]
tl has joined #dnt
21:32:07 [tlr]
tlr has joined #dnt
21:50:36 [mischat]
mischat has joined #dnt
22:17:52 [npdoty]
npdoty has joined #dnt