15:10:52 RRSAgent has joined #dnt 15:10:52 logging to http://www.w3.org/2012/09/26-dnt-irc 15:11:12 Zakim, this will be dnt 15:11:12 ok, aleecia; I see T&S_Track(dnt)12:00PM scheduled to start in 49 minutes 15:11:19 chair: aleecia 15:12:12 regrets+ Susan, Ted Leung, Lauren Gelman 15:12:34 tl has joined #dnt 15:13:26 good morning, Tom 15:13:40 rrsagent, make logs public 15:13:48 agenda? 15:13:58 and good morning Thomas 15:14:21 zakim, clear agenda 15:14:21 agenda cleared 15:15:28 agenda + Selection of scribe 15:15:43 agenda+ Review of overdue action items: http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owner 15:15:56 agenda+ Quick check that callers are identified 15:16:20 agenda+ Discussion on the following quick summary of where we are on issues 15:17:31 agenda+ Reminders for the Amsterdam f2f (agenda: http://www.w3.org/2011/tracking-protection/agenda-2012-10-03-F2F-Amsterdam.html) 15:17:45 agenda+ Editors' working drafts 15:17:58 agenda+ Issue-25, Possible exemption for research purposes 15:18:17 agenda+ Debugging. On the Sept 12 call, we ended after reading the text proposal for debugging from the summary from Nick on Permitted Uses (action-235, available from http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0141.html) 15:18:33 agenda+ General permitted uses requirements. 15:20:49 agenda+ Log files: review to make sure the texts capture the conversation (http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0342.html) 15:21:18 agenda+ Review of texts for Issue-49, Third party as first party, with action-161, see http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0154.html 15:21:43 agenda+ Review of texts for Issue-119, "absolutely not tracking," with Action-252, Nick to reframe via permitted uses, completed here: http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0115.html and action-253, David Wainberg prefers dropping this all together, including the flag in the TPE, and wrote his proposal: http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0137.html 15:21:58 agenda+ Announce next meeting & adjourn 15:22:33 agenda? 15:32:00 adrianba has joined #dnt 15:35:46 Good morning, Aleecia! (Sorry for the delayed response, yo) 15:36:20 No problem. Nice to see you. 15:44:47 rigo has joined #dnt 15:50:04 fielding has joined #dnt 15:50:16 damiano has joined #dnt 15:53:11 T&S_Track(dnt)12:00PM has now started 15:53:19 +aleecia 15:55:05 jeffwilson has joined #DNT 15:55:30 justin_ has joined #dnt 15:55:34 WileyS has joined #dnt 15:55:36 BrendanIAB has joined #dnt 15:55:45 +jeffwilson 15:56:00 zakim, code? 15:56:00 the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), rigo 15:56:19 +Rigo 15:56:27 +[IPcaller] 15:56:28 npdoty has joined #dnt 15:56:37 +ifette 15:56:50 Zakim, IPcaller is probably me 15:56:51 +BrendanIAB?; got it 15:57:05 zakim, mute me 15:57:05 Rigo should now be muted 15:57:16 +fielding 15:57:21 mikeo has joined #dnt 15:57:29 jchester2 has joined #dnt 15:57:30 +[CDT] 15:57:44 zakim, unmute me 15:57:44 Rigo should no longer be muted 15:57:45 +WileyS 15:57:55 zakim, cdt has Joe_Hall 15:57:55 +Joe_Hall; got it 15:58:08 johnsimpson has joined #dnt 15:58:24 +npdoty 15:58:30 +[CDT.a] 15:58:37 Zakim, who is on the phone? 15:58:37 On the phone I see aleecia, jeffwilson, Rigo, BrendanIAB?, ifette, fielding, [CDT], WileyS, npdoty, [CDT.a] 15:58:39 [CDT] has Joe_Hall 15:58:52 zakim, CDT.a has justin_ 15:58:53 +justin_; got it 15:59:01 dwainberg has joined #dnt 15:59:01 dsriedel has joined #dnt 15:59:04 +schunter 15:59:10 suegl has joined #dnt 15:59:13 +jchester2 15:59:16 Testing 15:59:26 +damiano 15:59:28 Test failed 15:59:37 zakim, mute me 15:59:37 jchester2 should now be muted 15:59:47 +mikeo 15:59:53 Rigo :-) 15:59:56 + +1.408.887.aaaa 16:00:00 +dsriedel 16:00:05 zakim, mute me 16:00:05 dsriedel should now be muted 16:00:12 +johnsimpson 16:00:14 +dwainberg 16:00:30 JC has joined #DNT 16:00:32 - +1.408.887.aaaa 16:00:46 408 is not SF :-) 16:00:49 408 is more of the bay area - that is the same area code we use at Yahoo! 16:00:49 415 16:01:06 +[Microsoft] 16:01:12 But "Zak" already has me so it must be someone else from Silicon Valley 16:01:12 That Rigo knows roughly where US area codes map to is both impressive and scary :-) 16:01:20 + +1.408.887.aabb 16:01:26 +[Microsoft.a] 16:01:28 zakim, [Microsoft] is suegl 16:01:33 regrets+ Tom Lowenthal 16:01:34 +RichardWeaver 16:01:34 v has joined #dnt 16:01:37 RichardcomScore has joined #dnt 16:01:50 +vinay 16:01:50 vinay has joined #dnt 16:01:58 +suegl; got it 16:02:04 Simon has joined #dnt 16:02:06 Any volunteers to scribe? 16:02:07 zakim, mute me 16:02:08 Zakim, aabb is LesliePetrie 16:02:17 + +1.206.658.aacc 16:02:21 + +1.303.817.aadd 16:02:39 mikeo should now be muted 16:02:41 +LesliePetrie; got it 16:02:42 Joanne has joined #DNT 16:02:45 ninjamarnau has joined #dnt 16:02:53 303 area code is me 16:02:53 Zakim, aacc is amyc 16:02:58 Zakim, aadd is Simon 16:03:02 hwest has joined #dnt 16:03:09 - +1.303.817.aadd 16:03:22 dsinger has joined #dnt 16:03:30 +amyc; got it 16:03:32 sorry, npdoty, I do not recognize a party named 'aadd' 16:03:34 + +1.917.318.aaee 16:03:34 Chapell has joined #DNT 16:03:51 volunteers to scribe? 16:04:16 hi aleecia that's chapell 16:04:18 +hwest 16:04:19 zakim, aaee is Chapell 16:04:29 sure 16:04:31 +[Apple] 16:04:33 + +1.303.817.aaff 16:04:34 scribenick: Chapell 16:04:35 agenda? 16:04:35 zakim, [apple] has dsinger 16:04:43 scribenick:Chapell 16:04:47 Zakim, aaff is Simon 16:04:52 +Chapell; got it 16:05:05 http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owner 16:05:22 I think Alan sent that out and we're having discussion on the mailing list now 16:05:39 Zakim, who is making noise? 16:05:54 +dsinger; got it 16:05:55 + +1.916.641.aagg 16:05:58 +[Microsoft] 16:05:59 +Simon; got it 16:06:04 zakim, [Microsoft] is me 16:06:08 Did call fail?? 16:06:18 Zakim, aagg is Joanne 16:06:20 npdoty, listening for 10 seconds I heard sound from the following: npdoty (15%), dwainberg (18%) 16:06:32 +adrianba; got it 16:06:36 +Joanne; got it 16:06:48 Amy: will have cleanup of language by friday 16:06:51 + +1.202.681.aahh 16:06:54 zakim, mute me 16:06:54 adrianba should now be muted 16:07:26 BerinSzoka has joined #DNT 16:07:35 schunter, can you update those actions in the tracker? 16:07:59 Action 256: DWainberg -- pending review 16:07:59 Sorry, couldn't find user - 256 16:08:13 cblouch has joined #dnt 16:08:57 heather: couldn't determine the context of the group from the minutes 16:08:58 am back in 16:09:08 text complete - Vinay found one typo 16:09:25 SWiley: Third parties acting as first parties language 16:09:35 zakim, who is making noise? 16:09:46 rigo, listening for 10 seconds I heard sound from the following: aleecia (87%), dwainberg (45%) 16:09:57 zakim, mute dwainberg 16:09:57 dwainberg should now be muted 16:09:57 .... other than typo, language is ready to go 16:10:00 WileyS, so the text is here: http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0150.html 16:10:04 Zakim, who is on the phone? 16:10:04 On the phone I see aleecia, jeffwilson, Rigo, BrendanIAB?, ifette, fielding, [CDT], WileyS, npdoty, [CDT.a], schunter, jchester2 (muted), damiano, mikeo (muted), dsriedel (muted), 16:10:08 ... johnsimpson, dwainberg (muted), suegl, LesliePetrie, [Microsoft.a], RichardWeaver, vinay, amyc, Chapell, hwest, [Apple], Simon, Joanne, adrianba (muted), +1.202.681.aahh 16:10:08 [CDT.a] has justin_ 16:10:08 [Apple] has dsinger 16:10:08 [CDT] has Joe_Hall 16:10:16 I'm 202.642---- 16:10:30 oh 16:10:33 actually, sorry 16:10:37 yes, I'm 681 16:10:40 zakim, [CDT] is me 16:10:40 +JoeHallCDT; got it 16:10:42 called in from a different gtalk this time 16:10:50 Zakim, aahh is BerinSzoka 16:11:09 +BerinSzoka; got it 16:11:09 Aleecia: rundown summary of issues 16:11:31 .... action 246 -- DWainberg gave a response --- asked for more specifics 16:11:42 I'm on it, and expect to have something soon. 16:11:42 .... change it back to open 16:11:59 cOlsen has joined #dnt 16:12:03 ifette has joined #dnt 16:12:13 +[FTC] 16:12:49 Issue 148: HWest to ask some sections to the compliance document -- will update to the list 16:13:12 action 119? 16:13:12 Sorry, bad ACTION syntax 16:13:14 Issue 119: Absolutely not tracking. Some responses, but not worked through yet 16:13:22 Rigo, what committment - that a Server is W3C DNT compliant? If that's your angle I completely disagree (but you know that already) 16:13:34 issue-119? 16:13:34 ISSUE-119 -- Specify "absolutely not tracking" -- open 16:13:34 http://www.w3.org/2011/tracking-protection/track/issues/119 16:14:14 topic: f2f 16:14:15 http://www.w3.org/2011/tracking-protection/agenda-2012-10-03-F2F-Amsterdam.html 16:14:15 Aleecia, requested "Global Considerations" be added to the agenda - what is the status of that request? 16:14:19 Aleecia: F2F reminders.... see agenda. See specifically day 2 plans to go through all 24 open issues against compliance doc 16:14:22 you're breaking up aleecia 16:14:29 WileyS, we can send a signal back that says: I only pretend to be DNT compliant by sending DNT signals, but I have my fingers crossed behind my back 16:14:36 +1 16:15:16 must be my equipment 16:15:19 * npdoty, still unable to join. I do not even reach the w3c telco system anymore. 16:15:32 .... strongly suggest that participants read the drafts, what it takes to get to last call and open items 16:15:35 Rigo, LOL - that of course makes no sense but neither does sending back a technical somehow suggest you're also compliant with a separate policy document. 16:15:59 Rigo, ...a technical 'signal' somehow... 16:16:12 WileyS, I don't want to do P3P with DNT-tokens 16:16:16 will call back in 16:16:20 -johnsimpson 16:16:37 Rigo, that's fine since you don't really implement something in the real-world. those of us that do want it 16:16:45 NDoty: Our hosts have arranged for dinner and canal boat tour on Wednesday (tentative) 16:16:47 "I'm on a boat..." 16:16:55 and if you can muster a group for Rijstaffel, that's awesome https://en.wikipedia.org/wiki/Rijsttafel 16:17:17 dsinger, as long as I'm the decider of who is contributing to progress :-) 16:17:34 +johnsimpson 16:17:39 tlr - LOL 16:17:56 Next topic: Editor's working drafts 16:18:22 Aleecia: some comments on the compliance draft. 16:18:27 The most important thing to know about Amsterdam is: go see http://www.rijksmuseum.nl 16:19:00 Jweiss: DWainberg gave significant comments. Justin still going through comments. Lack of consensus on certain points 16:19:01 + +49.431.98.aaii 16:19:03 Aleecia, are you going to discuss requests for modification to the agenda? 16:19:10 zakim, aaii is Ninja 16:19:10 +Ninja; got it 16:19:14 zakim, aaii is ninjamarnau 16:19:14 sorry, ninjamarnau, I do not recognize a party named 'aaii' 16:19:29 zakim, Ninja is really ninjamarnau 16:19:29 +ninjamarnau; got it 16:19:44 ,,,,, discussions re: permitted uses. Add to draft? 16:19:55 q+ 16:20:02 q+ WileyS on the f2f agenda 16:20:06 Aleecia: Don't worry about up to the minute changes, but try to get the bulk of the comments as they currently stand 16:20:43 Schunter: two open issues 16:20:45 TPE has no pending edits at the moment 16:20:46 q+ on TPE and "option" block 16:21:04 .... Service priovider flag -- diverging opinions 16:21:20 ..... call for objections to iron out remaining differences 16:21:33 I need to align the qualifiers with the compliance permissions, at least 16:21:59 Aleecia: we will submit the working drafts to w3c by this friday 16:22:03 +??P6 16:22:22 Chris_IAB has joined #dnt 16:22:25 Q? 16:22:28 q? 16:22:28 just joined via Skype 16:22:33 sorry for the late join 16:22:34 I think we have a note on that already 16:22:42 Zakim, ??P6 is Chris_IAB 16:22:42 +Chris_IAB; got it 16:22:46 Then I think we're ok 16:23:14 ack johnsimpson 16:23:44 Johnsimpson: confirming - public working draft ready for submission on friday (with a few clarifications) 16:23:53 .... what about further comments? 16:24:08 Tues 16:24:10 Aleecia: no more substantive comments before the document is out 16:24:19 (usually) 16:24:34 ack WileyS 16:24:34 WileyS, you wanted to comment on the f2f agenda 16:24:34 Tues and Thurs, correct 16:24:59 further comments would certainly be welcome, just wouldn't be reflected in this particular snapshot publication 16:25:04 ShaneW: Question on the Agenda re: Global considerations 16:25:09 +1 Nick 16:25:15 .... will this receive some time on the agenda? 16:25:30 Aleecia: some time for small group discussions, tbd. 16:25:31 WileyS: global considerations document: we committed to provide people and want to have some time on the agenda for it 16:25:35 q+ 16:25:38 +cblouch 16:25:41 ..... we like the idea, trying to find the time in the agenda 16:26:11 .... Friday is best bet - although that may not work for all 16:26:15 discussion of a document on the boat? :) 16:27:12 q- later 16:27:15 host a dinner ;-) 16:27:21 +1 16:27:36 +1 on Global Considerations Dinner :) 16:27:52 +1 on dinner 16:28:32 q? 16:28:33 Aleecia: happy to pull together a global considerations dinner 16:28:54 ack ri 16:28:56 ShaneW: sooner the better re: schedules 16:29:08 ack rigo 16:29:14 sorry rigo! 16:29:30 Better for a lunch time meeting if at all possible 16:29:31 who will be present from the edps? 16:29:36 Rigo: The Commission will be in the room on Wed and Thurs -- crucial for the global consideration discussion 16:30:04 Ninja, I tried to get Rosa and Achim 16:30:06 .... perhaps a lunch is better. 16:30:14 Thank you Rigo 16:30:21 Rigo to check with folks with the Commission re: scheduling 16:30:25 Rigo - lunch is better than dinner if at all possible 16:30:34 ack npdoty 16:30:34 npdoty, you wanted to comment on TPE and "option" block 16:30:37 Allows for a day trip (flights in/out of Amsterdam) 16:30:50 exactly 16:31:14 Npdoty: on the draft, we still have an issue around "user granted exceptions" 16:31:38 action: rigo to follow up with EU/EC colleagues regarding possible lunch (or dinner?) to talk Global Considerations 16:31:38 Created ACTION-259 - Follow up with EU/EC colleagues regarding possible lunch (or dinner?) to talk Global Considerations [on Rigo Wenning - due 2012-10-03]. 16:31:41 unclear, what is the action? 16:31:42 Dsinger: people are working out the details of the APIs rather than concerning themselves with structure 16:31:45 +1 to dsinger 16:31:56 npdoty: remove the "option" block around the exceptions 16:32:11 .... wants to remove the option block around the exceptions 16:32:36 Schunter: send a final email to the list, and look to remove by next week 16:32:40 I would be happier if at least one browser committed to deploy it. 16:32:51 Dpdoty: will sen email 16:32:58 q? 16:33:01 s/dpdoty/npdoty/ 16:33:03 agenda? 16:33:06 s/will sen/will send/ 16:33:16 zakim, drop agendum 1 16:33:35 agendum 1, Selection of scribe, dropped 16:33:36 Aleecia: everything discussed on from here on in potentially goes into NEXT editor's draft 16:33:41 issue-25? 16:33:41 ISSUE-25 -- Possible exemption for research purposes -- pending review 16:33:41 http://www.w3.org/2011/tracking-protection/track/issues/25 16:33:49 topic: issue 25, research purposes 16:33:50 zakim, drop agendum 2 16:33:56 +[Microsoft] 16:34:02 -amyc 16:34:10 agendum 2, Review of overdue action items: http://www.w3.org/2011/tracking-protection/track/actions/overdue?sort=owner, dropped 16:34:12 q? 16:34:14 q+ 16:34:16 Aleeica: can we close issue-25? OBjections? 16:34:20 ack npdoty 16:34:21 -mikeo 16:34:39 Market research is highlighted as an element under Aggregate Reporting 16:34:45 "aggregate reporting" 16:34:56 Npdoty: still have some permitted uses being discussed: Aggregate Reporting 16:35:03 zakim, drop agendum 3 16:35:03 agendum 3, Quick check that callers are identified, dropped 16:35:12 It's disputed, so we should probably keep it open. 16:35:16 +ksmith 16:35:20 amyc has joined #dnt 16:35:22 zakim, take up agendum 4 16:35:22 agendum 4. "Discussion on the following quick summary of where we are on issues" taken up [from aleecia] 16:35:30 q? 16:35:39 .... keep it open 16:35:39 Brooks has joined #dnt 16:35:40 "re-structuring to reflect reality" :) 16:36:01 I'll put ISSUE-25 in the draft in aggregate reporting. 16:36:14 Aleecia: need to capture some of the history behind issue-25. Nick to capture 16:36:14 update issue 25 to refer to the current open question around aggregate reporting as a separate permitted use 16:36:21 http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0141.html 16:36:23 + +1.678.492.aajj 16:36:34 +efelten 16:36:37 I understand that we do have agreement on market research itself not being a separate permitted use 16:36:39 zakim, take up agendum 8 16:36:39 agendum 8. "Debugging. On the Sept 12 call, we ended after reading the text proposal for debugging from the summary from Nick on Permitted Uses (action-235, available from 16:36:42 ... http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0141.html)" taken up [from aleecia] 16:37:07 To the extent reasonably necessary for inspection of product bugs and performance, third parties may engage in tracking. Use of graduated response is preferred. 16:37:07 Operators MAY retain data related to a communication in a third-party context to use for identifying and repairing bugs in functionality. As described in the general requirements [reference to Minimization section], services MAY collect and retain data from DNT:1 users ONLY when reasonably necessary to identify and repair errors in functionality. Services SHOULD use graduated responses where feasible. 16:37:19 678 580 is Brooks just joining 16:37:54 Zakim, aajj is probably Brooks 16:37:54 +Brooks?; got it 16:38:02 Notes that this is also under the general requirements for all permissions (that data collected for a permission cannot be used for other purposes) 16:38:17 zakim, unmute dwainberg 16:38:17 dwainberg should no longer be muted 16:39:21 can someone point me to dwainberg's text here? 16:39:38 I would introduce "strictly bound to debugging purpose" 16:39:39 Parties may collect and use data in any way to the extent reasonably necessary for the detection and prevention of malicious or illegitimate activity. 16:40:03 for security/fraud: Parties may collect and use data in any way to the extent reasonably necessary for the detection and prevention of malicious or illegitimate activity. 16:40:17 debugging = product development? 16:40:23 no 16:40:32 debugging == debugging 16:40:36 So, dwainberg, are you against retaining the language about preferring graduated response? Your answer was unclear. 16:40:58 I'm not sure what purpose it serves. 16:41:06 Chris_IAB, you can only debug a product that already exists 16:41:12 q? 16:41:15 q+ 16:41:16 q+ 16:41:20 ack npdoty 16:41:22 with all respect rigo, just as a clarification, debugging is in fact a part of ongoing product development 16:41:32 q+ to say i have no idea what graduated responses means 16:41:48 Rigo, Chris could be suggesting "product improvement" (as development could mean something net new or something that is evolving from its current state) 16:41:56 debugging v. security confusion on my part -- not helpful! -- sorry, all 16:41:58 Chris_IAB debugging may be a subset of product development, but there's a lot more under that umbrella 16:41:58 Dpdoty: graduated response came from discussions in bellevue 16:42:09 q? 16:42:11 q+ 16:42:13 s/dpdoty/npdoty/ 16:42:16 we need a definition of graduated response; we use it in several places. "As you dig deeper, and know you need more data, then turn on the collection then." 16:42:16 ack Fielding 16:42:28 we also discussed it in the debug session 16:42:39 fair enough points all; I just wonder if all of this can be effectively handled under the same condition model? 16:42:45 Rfielding: graduated response came from security discussion not the debugging discussion -- doesn't belong in bebugging 16:42:55 WileyS: product improvement is a semantically loaden term in our area 16:42:56 s/discussed it/discussed graduated response/ 16:43:00 debugging a 3rd party ad network - one individual reports the bug but you need to look at the data of many to confirm the source of the issue 16:43:02 +1 to roy 16:43:14 Fielding: not sure how this deserves a seperate exception 16:43:31 I do not feel very strongly, and "reasonably necessary" should effectively mean the same thing. 16:43:53 q? 16:44:02 ack ifette 16:44:02 ifette, you wanted to say i have no idea what graduated responses means 16:44:25 Publisher reports an error with an ad showing on their site - requires you look at the data of many users seeing the add to see what variables may be driving the source of this issue. Not only user reported issues (althought that's a valid source as well) 16:44:47 :) 16:44:53 npdoty that sounds like the UC Berkeley I School graduate student bullpen that I know and love 16:44:58 Zakim, who is making noise? 16:44:58 ack dwainberg 16:45:10 npdoty, listening for 10 seconds I heard sound from the following: schunter (22%), dwainberg (81%) 16:45:16 presumably someone put us on mute :-( 16:45:21 zakim, mute schunter 16:45:21 schunter should now be muted 16:45:33 or rather, hold 16:45:51 -Joanne 16:45:53 Dwainberg: don't understand the purpose of the language. It hinders our goals by offering too much explanitory text. When we say "to the extent reasonably necessary for..." is enough 16:45:54 ksmith has joined #DNT 16:45:55 Non-normative explanation: This permitted use is intended for short-term diagnosis and repair of third-party Web functionality, commonly in real time. Long-term retention of all data is not compatible with this permitted use. This permitted use is not intended to cover broad quality assurance measurements. 16:45:58 Roy, do those examples give you enough context? 16:46:03 q+ on "illegitimate" 16:46:08 q+ 16:46:15 .... big terms like graduated responses may lead to confusion and ambiguity 16:46:15 Shrug. Fine. 16:46:20 q- 16:46:38 q? 16:46:44 the short-term should be normative 16:46:54 ack dsinger 16:47:00 I understand that we're talking about the debugging use, not the security/fraud use 16:47:02 +1 to fielding 16:47:24 Debugging not security: so sorry to have started us down the wrong path 16:47:49 DSigner - doesn't represent the real-world. We have bugs EVERY day, not just SOME day. :-) 16:47:51 Dsinger: the graduated response language means that you are able to collect a bit more data because you suspect you have a specific problem that needs to be diagnosed 16:48:09 My software does not have bugs every day. ;-) 16:48:11 q+ 16:48:11 q? 16:48:15 +1 Singer 16:48:26 ack dwainberg 16:48:29 +1 to dsinger's description 16:48:40 * Chapell notes that Google is recruiting ringers for the next battle of the ad industry bands 16:48:48 LOL WileyS, you mean that all of our commercial code is flawed? No way ;) 16:48:54 Roy, Your users may implement things incorrectly such that they point the finger at your software as being the source (when they're really the problem). 16:49:03 I know that bugs are eternal, but specific issues that warrant collection of specific data are not 16:49:15 I'll give them a full refund on Apache 16:49:31 q+ 16:49:37 Chris, with over 160 platforms and products - we definitely generate bugs everyday. 16:49:38 did call fail 16:49:51 Roy, LOL - you get what you pay for! 16:49:54 Dwainberg: talking about debugging for DNT in particular 16:50:04 -johnsimpson 16:50:11 johnsimpson, we are still on 16:50:12 .... What are "Broad quality assurance measures"? 16:50:20 WileyS, I'm totally with you... Bugs are reported constantly (not all are bugs in the end) 16:50:29 You're allowed a 6-week (or so) grace period anyway, do we need extra retention beyond that for prophylactic debugging? 16:50:43 I think it suggests you are not collecting data either (a) to make sure you don't have a bug or (b) in case a bug turns up. 16:50:47 +johnsimpson 16:50:55 chris, but you need to data to determine if the report is truly a bug or not - and then diagnose the source if it is. 16:50:59 ack ifette 16:51:10 justin_, I agree with your premise in general, just not the 6-weeks part 16:51:19 +1 to what Ian just said (all debugging - not just DNT) 16:51:22 Ifette: Dwainberg assumed that this was bugging in relation to DNT --- Ian's assumption is that this may have nothing to do with DNT 16:51:26 agree, this is about debugging in general, not just about DNT 16:51:28 +1 16:51:38 agree with ifette, the BUG might be non-DNT-related (like, you're showing the wrong ads to under-3-year-olds) 16:51:43 +1 to Ian's point 16:51:44 .... the point is that one may want to collect additional information from certain users who have DNT enacted -- just to address the bug 16:51:48 +mikeo 16:52:07 so at that point, why not debug just with the non-DNT:1 users if possible? 16:52:08 zakim, mute me 16:52:08 mikeo should now be muted 16:52:21 q+ 16:52:22 if you have a very small set, that makes sense to me 16:52:22 Chris_IAB, ha, not meaning to weigh in on the call-for-objections issue, just saying we should keep that grace period in mind . . . 16:52:25 DSinger, is this a common problem for Apple, showing ads to under 3 year olds? 16:52:57 that makes sense to me 16:53:13 if you're worried specifically about retaining too much data for DNT users and trying to debug that, I'm not sure we need a permitted use to retain more data on those users 16:53:16 WileyS, rumors of pending regulations in Elbonia around neonatal advertising etc. :-) 16:53:31 and: agree this is not *limited* to debugging DNT:1 users 16:53:33 and it's not just about debugging DNT, it's about needing to collect data that DNT would otherwise prevent 16:53:40 +1 16:53:42 Ifette: If you get a signal that some of your users are experiencing an issue, and you know you need additional data to debug, this tries to create some flexibilty for that scenario 16:53:50 -ifette 16:53:52 dsinger, but that's the best time to program them though! 16:54:47 q? 16:54:58 ack fielding 16:55:15 Potential response to DNT user: we see your bug, but we can't fix it because you are not allowing us enough information to fix it... sound good? I'm not sure... 16:55:21 hah 16:55:24 short term & diagnostic 16:55:37 ack rigo 16:55:39 fielding: really think this should be short term and diagnostic 16:55:51 Fielding: cautions against others from trying to have this exception apply to data collection in the long term and/or a broad based exception for data collection 16:56:08 I'm hearing fielding's suggestion that we add something related to "short term" or "diagnostics" into the normative text, not just explanatory text 16:56:28 Chris_IAB - problem with that is - often the bug is not visible to the end user. 16:56:52 And I"m hearing questions about what graduated response means 16:57:04 With suggestions from David Singer there 16:57:06 Rigo: short retention on debugging data is key 16:57:22 ksmith, I agree. I think we should allow data collection and retention for the purpose of debugging and ongoing product development/improvement. Full stop. 16:57:25 ... debugging a precise, understood term 16:57:27 Non-normative text of "try not to use DNT:1 data" doesn't seem necessary if it's clearly "for debugging" 16:57:56 q? 16:58:50 Remove "graduated response" 16:58:58 +1 WileyS 16:59:00 +q 16:59:07 not graduated response (it doesn't even make sense for security) 16:59:16 ack WileyS 16:59:17 sure, but get short retention and debugging purpose 16:59:20 Also remove "tracking"? 16:59:38 WileyS: Graduated response will be difficult to explain 16:59:39 suggest that concept and text of reasonableness would be good substite for graduated response 17:00:03 Isn't moving from " 17:00:04 Aleecia: wants Nick to use Graduated Response for now -- may take it out 17:00:04 WileyS, we could replace the compliance spec by one sentence: be reasonable. But that may be subject to dispute :) 17:00:18 Does anyone want to argue on behalf of graduated response? I do not if "reasonably necessary" is in there. 17:00:22 Rigo, I like that - AmyC said something similar 17:00:27 action: doty to update debugging text (add normative 'short term', 'diagnostic', expand on or replace "graduated response") 17:00:35 so, (a) specific problem (not general anxiety) (b) short-term (not indefinite) and (c) proportional/graduated response (only the data you reasonably need)? and the last is in anxiety/dispute? 17:00:45 Created ACTION-260 - Update debugging text (add normative 'short term', 'diagnostic', expand on or replace "graduated response") [on Nick Doty - due 2012-10-03]. 17:01:04 +I think graduated response is more effective for users 17:01:06 Isn't moving from "I am not collecting DNT:1 traffic" to "I am collecting DNT:1 traffic for debugging" a two-stage "graduated response" anyway? Calling out "graduated response" seems redundant. 17:01:29 -q 17:01:30 q? 17:01:37 jchester2, doubt that, "graduate response" was the name of the NATO doctrine to nuke the russians 17:01:47 Research: collection and use of identifiable data for market research or other longitudinal aggregation purposes is not generally within the context of a particular request; only unlinkable data may be retained for this purpose. As described above, identifiable data can be stored during short term logging to generate aggregate reports. 17:01:48 Changes from the editors' draft: Remove "Aggregate Reporting" section. Ensure that unlinkable data is prominently declared out of scope of these requirements earlier in the document. Ensure that the "Short Term" permitted use makes it clear that retaining identifiable data for the short term is allowed for creating aggregate reports. 17:03:23 q+ 17:03:24 What do we mean short term for ID retention? Is that linked to a specific campaign? 17:03:30 ack rigo 17:04:01 Rigo, I believe its the definition of "unlinkablity" that is the bigger confusion 17:04:02 +Rigo 17:04:03 Rigo: complexity, not consensus, explains lack of response 17:04:06 jchester2, I mean "short term" to refer to the separate short term logging permitted use (which might be 6 weeks, or whatever the group comes down on) 17:04:29 Rigo: what is the minimum requirement on the aggregate information? 17:05:02 ... Aggregate is fine, but please make sure that you can't re-identify in order to avoid discrimination 17:05:04 Nick, I think that's do vague for this key area. It needs a discussion to understand the contours and impact of such use. 17:05:14 q+ 17:05:16 I think that the text is clear that you cannot maintain non-deidenfitied data for the purpose of research/improvement. 17:05:30 jchester2, can you explain more? 17:05:33 q? 17:05:40 ack dwainberg 17:05:54 Justin, agreed - you'd maintain the data only to develop the aggregate outcome to then do market research and product development 17:06:04 I think rigo's point is that defining unlinkable is the difficult part 17:06:07 justin_, non-deidentified? ouch 17:06:08 q+ 17:06:21 Dwainberg: Doesn't understabnd "not generallyin the context of a particular request" 17:06:25 Market research has changed in terms of capabilities and use, inc. in the real time targeting context. So I hope our market research colleagues and others can discuss how it's used today and the implications for DNT:1 17:06:28 fielding, You know what I mean! 17:06:28 fiedling, using double negatives like that is an art 17:06:30 WileyS, we have to come up with a plausible process of transforming personal data to unlinkable data, not define unlinkable data 17:06:43 npdoty: Not proposing this as text for the document. 17:06:57 so we just define that process, not the quality itself 17:07:11 because "unlinkable is a moving target" 17:07:24 Rigo, I believe those are one in the same 17:07:33 apologies for the formatting, which was apparently very confusing :) 17:07:41 rigo, there is a separate outstanding question of what consistutes unlinkabling 17:07:42 q- 17:07:46 yes 17:07:51 q? 17:07:53 Yes, I think! 17:07:56 -damiano 17:08:28 npdoty: intended "generally within the context" to explain the reasoning for this permitted use, not as new text 17:08:37 say again what we have agreement on.. 17:08:48 I like unsinkable Ed :) 17:08:56 Aleecia: action item: editors make changes for NEXT editors draft 17:08:57 Sure 17:09:15 we might have more consensus if it was just unsinkable! 17:09:27 thanks got it 17:09:43 +damiano 17:10:00 agreement to remove this as a separate permitted use and move the discussion to the unlinkable definition 17:10:22 * Legal Compliance: as previously agreed, legal requirements overrule prohibitions of this standard, though contractual obligations do not. 17:10:22 Adherence to laws, legal and judicial process, and regulations take precedence over this standard when applicable, but contractual obligations do not. 17:10:23 Changes from the editors' draft: Replace "Compliance With Local Laws and Public Purposes" section with previously agreed upon text (5/23/2012). 17:10:43 Oh you folks in academia! Always making obscure references 17:10:47 action: brookman to update draft to remove aggregate permitted use, highlight unlinkable section where discussion may continue 17:10:47 Created ACTION-261 - Update draft to remove aggregate permitted use, highlight unlinkable section where discussion may continue [on Justin Brookman - due 2012-10-03]. 17:11:19 is there a link for that text? 17:11:41 JoeHallCDT has left #dnt 17:11:41 q+ 17:11:47 ack npdoty 17:11:51 depending on jurisdiction, common legality could be tied to contract legality 17:12:01 Shane. Yes, we are all getting sinking feeling. Hopefully cured before F2F! 17:12:02 Aleecia: this ties into what Nick and I are discussing re: Permitted Uses 17:12:03 q+ 17:12:03 JoeHallCDT has joined #dnt 17:12:03 q+ 17:12:08 ack rigo 17:12:16 Nick's text: Adherence to laws, legal and judicial process, and regulations take precedence over this standard when applicable, but contractual obligations do not. 17:12:23 s/Aleecia: this/Aleecia, this/ 17:12:42 q+ 17:12:55 zach has joined #dnt 17:12:55 npdoty: just proposing the text that we agreed on in May, which may have gotten confused as editors combined new text 17:13:02 EU Data Retention Directive 17:13:13 q? 17:13:17 ack amyc 17:14:03 q+ 17:14:06 Amyc: Discussions in Bellevue. Existing contractual obligations vs new terms.... 17:14:24 was there broad consensus in the room around that? grandfathering existing contracts? 17:14:24 .... granfathering concept for existing contracts are not embodied in current text 17:14:29 Devils advocate on a potential 3rd-rail topic: What/who decides what is a "law" then? Which states are recognized by the W3C? 17:14:37 Amcy: to add additional language to address 17:14:41 q- 17:14:42 Amy - I can help you with it 17:14:46 Chris_IAB, all! 17:14:46 q+ 17:14:53 thanks 17:15:08 ack dsinger 17:15:26 action: colando to draft text regarding existing contracts (with vinay) 17:15:26 Created ACTION-262 - Draft text regarding existing contracts (with vinay) [on Amy Colando - due 2012-10-03]. 17:15:34 thinks we should not say that doing something contrary to the spec. in order to comply with local law is *compliant* but may be *needed*, and maybe we need a qualifier to indicate (as previously discussed) 17:15:39 Rigo, for example, does tribal law in the US, where the tribe is legally a sovereign state able to make it's own laws, work for you? 17:15:40 Dsinger: "it may be necessary for you not to comply with this specification in order to comply with local law" 17:15:51 -schunter 17:15:52 Chris_IAB, sure! 17:16:06 Rigo, if so, then all ad networks may move to American Indian reservations, and help them enact new laws... 17:16:08 q? 17:16:09 dsinger, I think that point was raised in earlier discussion, and we came to agreement on this text 17:16:09 think there is a eparate section and issue regarding spec compliance 17:16:15 ack dwainberg 17:16:43 Chris_IAB, they didn't move yet to the Caiman Islands or to the turkish part of Cyprus? 17:16:52 local law = city government laws and regulations too? 17:16:52 Dwainberg: This ties into the concept of enabling parties to communicate that their honoring of DNT may be different from that outlined in the spec 17:17:09 .... agrees with the concept about not creating contractual loopholes 17:17:17 "applicable law" 17:17:18 if you agree with the concept and we came to consensus on this several months ago.... 17:17:35 Aleecia: suggests that DWainberg work with Npdoty 17:17:44 tlr, "applicable" may be the main headache 17:18:01 we can't solve what's applicable. So we just say "comply with applicable law, please" 17:18:05 q? 17:18:08 I am struggling to understand why we need this clause -- no other specification I've worked on needs to point out that local laws might apply 17:18:13 rigo, they haven't moved... yet. 17:18:22 What might be bother Dwainberg is the example that I've outlined in IRC 17:18:24 david, welcome your participation in my action :-) 17:18:29 * Identifiers: flexibility is provided to implementers on how they accomplish permitted uses and minimize data retention and use. Implementers are advised to avoid data collection for DNT:1 users where feasible to enable external confidence. 17:18:30 Placing third-party cookies with unique identifiers (and other techniques for linking data to a user, user agent or device) are permitted where reasonably necessary for a permitted use. Requirements on minimization and secondary use, however, provide limitations on when any collection technique is compatible with a Do Not Track preference and what the implications of that collection are. 17:18:31 To give flexibility to implementers in accomplishing the requirements of this specification and the listed permitted uses, no particular data collection techniques are prescribed or prohibited. 17:18:32 re: the pharma company self-reg requirements that may fall outside of what 'the law' says, but must be complied with nonetheless 17:18:32 Implementers are advised that collection of user data under a Do Not Track preference (including using unique tracking cookies or browser fingerprinting) may reduce external auditability, monitoring and user confidence and that retention of such data may imply liability in certain jurisdictions in cases of secondary use; for more information, see the Global Considerations. 17:19:08 Alan, what was that example? I missed it? 17:19:18 amy, yes, I'll be happy to 17:19:20 Rigo- Interesting that a state wishing to induce commerce, might create laws that are favorable to industry, in an effort to circumvent DNT... given this provision. 17:19:32 so by "identifiers" we mean "unique identifiers" 17:20:15 Rigo, do laws include case law in addition to stated law? 17:21:01 Great work Nick on threading the unique ID needle 17:21:08 No idea where it goes in spec. 17:21:09 Chris_IAB sure 17:21:16 +1 17:21:26 -1 17:21:26 Aleeica: Straw poll. +1 if you can live with this text 17:21:28 +1 17:21:30 +1 17:21:30 -1 17:21:32 +1 17:21:34 +1 17:21:35 +1 17:21:36 Rigo, it may be more wise to stay away from the "law" provision in general, and stay silent... 17:21:37 +1 17:21:38 fielding, we currently have this section on identifiers: http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#no-persistent-identifiers 17:21:39 +1 17:21:42 +1 17:21:45 +1 17:21:47 +1 17:21:49 +1 17:21:50 +1 (though same company -- Adobe -- as Roy) 17:21:55 +1 17:22:14 Chris_IAB, nope, this is a rule of conflict. And we clearly say that law overrules. This is essential for later regionalization 17:22:28 ninjamarnau has joined #dnt 17:22:35 johnsimpson or jchester2, is it possible to elaborate on those concerns? (via email or a separate call is fine) 17:22:55 Rigo, respectfully, I think that weakens the spec, but it's your call I suppose 17:23:12 * Minimization 17:23:13 A third party MUST ONLY retain information for a permitted use for as long as is reasonably necessary for that use. Third parties MUST make reasonable data minimization efforts to ensure that only the data necessary for the permitted use is retained. A third party MUST provide public transparency of their data retention period; third parties may enumerate each individually if they vary across Permitted Uses. Once the period of time for which a party has declare 17:23:14 data retention for a given use, the data must not be used for that permitted use. After there are no remaining Permitted Uses for given data, the data must be deleted or rendered unlinkable. 17:23:16 Where feasible, a third party SHOULD NOT collect linkable data when that data is not reasonably necessary for one of the permitted uses. In particular, data not necessary for a communication (for example, cookie data, URI parameters, unique identifiers inserted by a network intermediary) MUST NOT be retained unless reasonably necessary for a particular permitted use. 17:23:18 Changes from the editors' draft: Add collection limitation requirements. 17:23:20 Note: it may be that this is the only time a requirement/prohibition is necessary regarding "collection". All other requirements would be prohibitions on retention (beyond what is necessary, or beyond a short-term logging period) or sharing. A definition of collection, then, is only needed for this minimization concept. "Tracking" can be defined through "retention", "use" and "share" only. 17:23:22 johnsimpson or jchester2, could you please provide the details of your concerns on the public email list? 17:23:26 W3C is no ruling authority, just a platform that creates useful things 17:24:09 text before "Changes from the editors' draft" is the normative text, text after that heading describes the changes 17:24:51 the paragraphs with MUST ONLY, MUST and SHOULD NOT would be the normative text 17:25:02 q+ 17:25:06 ack dsinger 17:25:14 q+ 17:25:21 ack npdoty 17:25:41 * Secondary Use 17:25:41 A third party MUST NOT use data retained for a particular permitted use for any other purpose. 17:25:43 Changes from the editors' draft: 17:25:44 Clarify that data retained for one purpose cannot be re-purposed (even if the second purpose might be related to another permitted use). 17:25:44 Note: This does not require keeping separate copies of data for different permitted uses (agreement in Seattle that a single copy is allowable), but does require that data retained for one stated purpose cannot be repurposed, even in aggregate form. (See resolution at the end of: http://www.w3.org/2012/06/21-dnt-minutes#item08) 17:26:38 -[CDT.a] 17:26:42 Aleecia: IFette had text from Seattle that was helpful 17:26:53 q+ 17:27:00 ack fielding 17:27:24 Where is Nick's text now? Just on email list? 17:27:29 ninjamarnau has joined #dnt 17:27:32 q+ 17:27:44 if someone has a pointer to Ian's text that would be useful, please point me to it 17:27:46 Fielding: has concerns with last sentence 17:27:58 this one: In particular, data not necessary for a communication (for example, cookie data, URI parameters, unique identifiers inserted by a network intermediary) MUST NOT be retained unless reasonably necessary for a particular permitted use. 17:28:26 Ninja, After there are no remaining Permitted Uses for given data, the data must be deleted or rendered unlinkable. 17:28:46 maybe it should say "In particular, data not necessary for a communication (such data might be cookie data, URI parameters…" to respond to Roy? 17:28:56 q+ 17:29:05 q- 17:29:07 .. should be only kept for that particular permitted use, shift in use shouldn't be possible 17:29:16 ... or shift in purpose 17:29:18 the sentences before that are sufficient (and more accurate) 17:30:03 -[Microsoft] 17:30:08 q? 17:30:47 -Brooks? 17:30:52 -ksmith 17:31:04 ksmith has left #DNT 17:31:11 It's redundant, isn't it? 17:31:13 +q 17:31:18 q- dsinger 17:31:20 and adds potential for confusion 17:31:23 I don't think it is redundant 17:31:23 -hwest 17:31:26 q? 17:31:33 ack WileyS 17:31:38 "MUST only retain ... " says enough doesn't it? 17:32:24 Oh well, I tried. :-) 17:32:39 -mikeo 17:32:40 I'll take an action to try to address that, thanks WileyS for the promising suggestion 17:32:43 -damiano 17:32:47 move (examples) at the end of sentence 17:33:11 ninja wants to contribute text to minimization? Action? 17:33:31 action: ninja to provide updated text regarding minimization (with nick) 17:33:31 Created ACTION-263 - Provide updated text regarding minimization (with nick) [on Ninja Marnau - due 2012-10-03]. 17:33:41 q 17:33:57 -[FTC] 17:33:58 -[Microsoft.a] 17:33:59 -RichardWeaver 17:33:59 -efelten 17:34:00 -aleecia 17:34:00 -WileyS 17:34:01 -cblouch 17:34:02 -vinay 17:34:02 JoeHallCDT has left #dnt 17:34:04 -ninjamarnau 17:34:06 -dsriedel 17:34:08 -LesliePetrie 17:34:10 -Simon 17:34:12 -[Apple] 17:34:14 we will have a call-in bridge and ability to see screens remotely 17:34:14 -jeffwilson 17:34:16 adjourned. 17:34:16 -Rigo 17:34:18 -johnsimpson 17:34:20 -Chapell 17:34:22 -suegl 17:34:24 -adrianba 17:34:26 -Chris_IAB 17:34:28 zakim, list attendees 17:34:28 -fielding 17:34:29 RRSAgent, set logs world-visible 17:34:30 -BerinSzoka 17:34:32 As of this point the attendees have been aleecia, jeffwilson, Rigo, ifette, BrendanIAB?, fielding, WileyS, Joe_Hall, npdoty, justin_, schunter, jchester2, damiano, mikeo, 17:34:35 ... +1.408.887.aaaa, dsriedel, johnsimpson, dwainberg, +1.408.887.aabb, RichardWeaver, vinay, suegl, +1.206.658.aacc, +1.303.817.aadd, LesliePetrie, amyc, +1.917.318.aaee, hwest, 17:34:38 ... +1.303.817.aaff, Chapell, dsinger, +1.916.641.aagg, Simon, adrianba, Joanne, +1.202.681.aahh, JoeHallCDT, BerinSzoka, [FTC], +49.431.98.aaii, ninjamarnau, Chris_IAB, cblouch, 17:34:39 RRSAgent, make minutes 17:34:39 I have made the request to generate http://www.w3.org/2012/09/26-dnt-minutes.html aleecia 17:34:41 ... [Microsoft], ksmith, +1.678.492.aajj, efelten, Brooks? 17:34:43 -BrendanIAB? 17:34:47 cblouch has left #dnt 17:38:10 -jchester2 17:56:29 -JoeHallCDT 17:59:37 johnsimpson has left #dnt 18:06:32 mischat has joined #dnt 18:29:48 mischat has joined #dnt 18:57:55 -npdoty 18:59:37 -dwainberg 18:59:38 T&S_Track(dnt)12:00PM has ended 18:59:38 Attendees were aleecia, jeffwilson, Rigo, ifette, BrendanIAB?, fielding, WileyS, Joe_Hall, npdoty, justin_, schunter, jchester2, damiano, mikeo, +1.408.887.aaaa, dsriedel, 18:59:38 ... johnsimpson, dwainberg, +1.408.887.aabb, RichardWeaver, vinay, suegl, +1.206.658.aacc, +1.303.817.aadd, LesliePetrie, amyc, +1.917.318.aaee, hwest, +1.303.817.aaff, Chapell, 18:59:40 ... dsinger, +1.916.641.aagg, Simon, adrianba, Joanne, +1.202.681.aahh, JoeHallCDT, BerinSzoka, [FTC], +49.431.98.aaii, ninjamarnau, Chris_IAB, cblouch, [Microsoft], ksmith, 18:59:40 ... +1.678.492.aajj, efelten, Brooks? 21:06:43 schunter has joined #dnt 21:24:37 tl has joined #dnt 22:27:37 mamund has joined #dnt 23:00:11 tl has joined #dnt 23:38:40 npdoty has joined #dnt