See also: IRC log
<npdoty> trackbot, start meeting
<trackbot> Date: 03 October 2012
<npdoty> Meeting: Tracking Protection Working Group Face-to-Face
<npdoty> vinay has set up a screen-sharing so remote attendees can follow slides/etc: http://my.adobeconnect.com/vigoel
<npdoty> let us know how/whether that's working
<npdoty> and let me know if there are phone problems, I think the teleconference may drop in 5 hours or so and I'll have to re-configure then
<npdoty> scribenick: npdoty
joris: chairman of the IAB here
... we're already very happy, you have to succeed of course in the following three days
... thanks to the Telegraaf Media Group to make sure all the facilities are in place
<BrendanIAB> audio sounds like there's some interference with local electronics.
joris: 60 attendees here, with many years of experience each
<vinay> For those not here in person, you can follow along via the web at http://my.adobeconnect.com/vigoel
joris: if the mayor were here, he
would tell you about openness and core values of
... those same core values appropriate to the important stuff you are debating
... last June we had a new telecommunications law, a chapter on cookies, opt in and opt out
... politicians are very willing to listen to Do Not Track solutions to that
... hope you have the energy to facilitate those solutions during this meeting
... introducing others from IAB NL
schunter: introductions of
matthias and aleecia
... since we have some newcomers, aleecia will give a quick tutorial on current state and agreements we've already reached
... and look at open issues
... in prior meetings it took quite a while to understand each other, and reached agreement in the easy pieces
... identified substantial agreements, for this meeting it may not be as easy
... we have defined how to solve unsolvable disputes, a procedure to follow from multiple alternative proposals
... a big purpose of the meeting will be carving out sound alternatives to the problem we are facing
... explaining scribing
... go through the agenda and assign scribes
working drafts and open issues, ifette to scribe
compliance and definitions, robsherman to scribe
more resolving definitions, JC to scribe
lunch, no scribe necessary
permitted uses for third parties, susan to scribe
more permitted uses for debugging, Joanne to scribe
user agent compliance, tedleung to scribe
final session of the day, amyc to scribe
<Chris_IAB> joining in person :)
<johnsimpson> Apologies that I am not there in person. Will follow closely.
"bring your own life preserver" :)
<johnsimpson> are slides available on line?
johnsimpson, you should be able to follow via Adobe Connect link from vinay
... history of the Web, TBL, commerce on the Web
<vinay> johnsimpson - http://my.adobeconnect.com/vigoel
aleecia: introductions of the co-chairs, and now introductions around the room
scribe is not trying to keep up with these
but the full group participants list is here: http://www.w3.org/2000/09/dbwg/details?group=49311&public=1
"well-known standards wonk"
<fielding> I am Roy T. Fielding, representing Adobe (a W3C member and sponsor) and co-editor of TPE; I am also a board member of the Apache Software Foundation (another W3C member) but am not representing Apache here.
<johnsimpson> I am John Simpson from Consumer Watchdog, an invited expert
<Chris_IAB> What's 3:30am in NY look like Brendan? :)
<schunter> Guys on the phone: Please put yourself into the queue and ping me to unmute you.
aleecia: from the charter
... need something that works for users
... need something voluntarily implementable by businesses
... creating a shared understanding of what DNT means
... two documents, Compliance and Tracking Preference Expression
... Note, not Rec, on Tracking Selections List
... talking about a Global Considerations doc, also a Note
... congratulations to the group on getting another published set of Working Drafts out
... thanks to editors and nick for helping get that out
... working through dates and successive drafts
<ifette> npdoty, i thought i was taking over after the intro
aleecia: Last Call to get wider review
<ifette> npdoty, Presentations: Working Drafts and open issues, presented by editors.
aleecia: Candidate Rec, call for
implementations, though we hope to see some implementation
... Proposed Rec, after which it's up to W3C Membership
... "Getting to Closed" review
... organically reach consensus on the direction and text, close the issue
... chairs can re-open an issue if there is new information and new text
... if we don't happily reach consensus on a single text
... might have multiple texts, or might have a Formal Objection from someone in the group who can't live with a particular decision
... consensus is the least objectionable proposal
... survey participants in writing, identify consensus in the least objectionable path
... substance and strength of objections, not a count and not who screams loudest
marc: substance and the strength of the objections as determined by... aleecia: the chairs, yes
aleecia: file a formal objection
at any decision point, with technical arguments and a proposed
... group can try to resolve that objection, if not, a review process up W3C management, including TBL
(catching up a few last introductions)
aleecia: in the US, Do Not Call list mandated by law
<fielding> we just lost the telecom?
aleecia: less a privacy concern than an intrusion concern, spam faxes, users want control over their devices
<johnsimpson> Agree no need to dscuss harms
<johnsimpson> working for me
<BrendanIAB> I have not heard any interruption in audio
aleecia: not sure privacy harm
discussion will be resolved by discussion among us
... Do Not Call does not prevent calls, has exceptions for political organizations etc.
... Do Not Call has had some confusion in those cases
... what are we building with DNT?
<johnsimpson> appreciate analogy to do not track on telephone
aleecia: continue to show
contextual ads to users, rather than lose them to ad
... haven't blocked all tracking, no proposals would prevent shopping carts from working
... haven't had proposals for blocking all cookies or similar
... we should not get in the way of users who actively want all the personalization
... some users have privacy concerns that DNT will not address
... DNT will not be adopted by all sites
... does not directly protect against governments or data breaches
... who is it for? typical users who want the Web to just work, but have privacy concern
... reminder that we are not ourselves typical users
... Global -- World Wide Web doesn't have the same country borders
... uniform signals, different results
... tri-part DNT signal: DNT:1, DNT:0, <no signal> -- will always be users who haven't chosen
marc: vehemently disagree with Do Not Call, a key part of privacy response, a certain kind of privacy harm
aleecia: thank you, that it's about privacy is interesting
bhuseman: at FTC even before Do Not Call, events, workshops, telemarketing sales rule, before enacting the Do Not Call registry
bhuseman: and subsequent
litigation regarding Do Not Call
... examination of the harms and all possible solutions
<johnsimpson> we are not here to debate do not call; let's talk about DNT
<BerinSzoka> well, John, then maybe Aleecia shouldn't have brought up Do Not Call!
rachel_n_thomas: don't understand harms being less regarding Do Not Call, consumer benefits are infinitely greater for behaviorally targeted ads
rachel_n_thomas: are there studies you are relying on regarding user desires?
<johnsimpson> berin, we've got real issues to discuss. why waste time on this??
<BerinSzoka> John, I don't think you appreciate how incendiary Aleecia's assertions were.
schunter: have in the back of our minds what discussions are the most important; try to focus on the normative language in the specs
<WileyS> John, this is a real issue - not looking at real-world harms derails the value of this conversation
<Zakim> ifette, you wanted to discuss dnt1 and to discuss no-dnt==dnt1 ine u
ifette: you were drawing an analogy between no signal and DNT:1 in the EU, but it's not identical
aleecia: sorry, if I indicated it was identical, I didn't mean to do so
<BerinSzoka> Essentially, John, Aleecia just reminded most of the room that she's hardly an objective moderator of this process
lmastria-DAA: difference from Do Not Call, which was based on an elected body review, which is not what we are
aleecia: yes, there are people from self-reg and other groups
<WileyS> DNC - one country, one law - exhaustive process to address a perceived harm to personal privacy. Very difficult to apply this to the DNT conversation (outside of perceived harms which hopefully comes back into scope of the discussion on DNT)
lmastria-DAA: specifically, Do Not Call was from an elected body, which we are not
jchester2: agree with Marc, we were there for Do Not Call, as part of self-regulatory discussion around privacy at the time
<BerinSzoka> for once, I think I agree with Jeff!
jchester2: want an opportunity to air/discuss accusations, regarding letters that have been published
<BerinSzoka> Let's talk through the hard questions raised about process
aleecia: is that going to be productive?
<ifette> I can't help but thinking that http://www.imdb.com/title/tt0089530/ (Mad Max Beyond Thunderdome) ought to be required viewing before any of these meetings...
jchester2: I would like these advertising organizations to go on the record regarding those concerns
aleecia: want to avoid a fundamental discussion if it's not going to be productive
mikez: I think we got off on the wrong foot in the last meeting, and don't want to do that again
<efelten> Can we talk about DNT please?
mikez: junk fax law was something that cost users money, paper, ink and time; that's why that was passed
<johnsimpson> we've had a year to lay a foundation. we are here to develop a standard that allows users to express their preference. let's please get to that!!!
mikez: also should note exceptions regarding the junk fax law as well
<jchester2> I asked that the DAA, ANA, DMA and others to go on the record about the letters they sent recently raising objections to do not track and their work to undermine the establishment of a meaningful standard. I also said several NAI members had been engaged in essence a smear campaign against W3C, etc. They dont seem to want to respond.
<BerinSzoka> Jeff, I think those groups are eager to air their concerns! what makes you think they don't want to respond?
mikez: regarding tri-part system, per the group decision that browsers aren't required to provide that option to all users
<jchester2> Berin: Let them speak out know and identify their concerns for the record here today.
<johnsimpson> There is NO reason to discuss harms. This is about developing a way for users to send a message about their preference about whether they are tracked.
<justin> Discussion of harms should go in the scope and intro section eventually.
WileyS: thought it was helpful in the breakout sessions at DC to have discussion of the harms, I think it would be useful to continue that work though I see that you didn't find it useful
<WileyS> John, thank you for your opinion - I respectfully disagree. We did some good work in DC (with you and others) that I believe would fit nicely here.
<Zakim> ifette, you wanted to ask procedurally if we did agenda bashing yet
<johnsimpson> No need to waste valuable time speaking about harms
jchester2: can we take comments from IRC as well? aleecia: can add yourself to the q
notes on IRC are also recorded, unless they are marked as off-the-record -- prepended with "/me"
aleecia: different types of
... first parties, very few restrictions
... service providers, contractual relationship to 1st/3rd parties
<WileyS> John, hard to build a solution if you don't know what problem you're attempting to solve. :-)
aleecia: silo'd data
<Zakim> dsinger, you wanted to discuss terminology
<BerinSzoka> Lewis Carroll would have agreed with Shane on
<BerinSzoka> the need to define harm: "Would you tell me, please, which way I ought to go from here?" "That depends a good deal on where you want to get to," said the Cat. "I don’t much care where--" said Alice. "Then it doesn’t matter which way you go," said the Cat. "--so long as I get SOMEWHERE," Alice added as an explanation. "Oh, you’re sure to do that," said the Cat, "if you only walk long enough."
aleecia reviews the agenda slide
<ifette> ISSUE: What do we mean by tracking?
<trackbot> Created ISSUE-169 - What do we mean by tracking? ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/169/edit .
<trackbot> ISSUE-5 -- What is the definition of tracking? -- raised
<ifette> Close ISSUE-169
<trackbot> ISSUE-169 What do we mean by tracking? closed
<ifette> ISSUE-169: duped on ISSUE-5
<trackbot> ISSUE-169 What do we mean by tracking? notes added
<justin> The word "tracking" is not used in the compliance document, so defining it has no substantive benefit. We address that issue in the definition of collection.
<ifette> npdoty, your memory is way better than mine :)
rachel_n_thomas: had discussion on the mailing list about the definition of tracking... can we open that issue and discuss during this meeting?
<jchester2> Can Ms Thomas of the DMA place on the IRC record the DMA's definition of what they consider tracking.
rachel_n_thomas: thought we would need to cover definition of tracking before reaching last call, if we're going to do that in this meeting
aleecia: we aren't going to be publishing a Last Call document during this meeting, no
<efelten> * You can remove yourself from the queue by typing "q-" on IRC.
lmastria-DAA: echo concern about identifying what we are doing
<jchester2> I would like the ANA to also place on the record what they consider tracking--which I assume reflects their members regarding tracking and privacy.
aleecia: we've also had the discussion about the name of Do Not Track, need to find out what we're building
<jchester2> I also would like to have Amazon clairfy whether it supports th position of the DAA regarding the DNT issues.
lmastria-DAA: because "Do Not Track" is such a good sound bite, hard to pull back from that
<johnsimpson> +1 to Tom
tl: encourage people to review mailing list and issue tracker, where discussions may have already been covered
<ifette> ScribeNick: ifette
<npdoty> rigo: -1 to defining tracking, discussing it right now
Aleecia: Please don't beat up the editors
… TPE is up first
… dsinger will present
dsinger: TPE is one of two docs dealing with the immediate signals going back and forth, headers from UA to server and the response
… as well as "well-known resource" and JS API
… what the parameters are and their effects
<justin> There's the doc to follow along with David.
… about the immediate conversation, basic protocol, doesn't deal with "what is the long term effect of any of these signals" - thats the compliance doc
… TPE is syntax of header (request/response)
… and immediate meaning of those
<johnsimpson> are there slides with this"?
… plus well-known resource expressing characteristics of the site (party definitions)
… could have contextual responses with the header
<vinay_> no slides
… consent, etc
… APIs for "exceptions"
<johnsimpson> thanks, vin ay
… terminology lesson
<jchester2> yes there are slides for Aleecia's presentation. Can they be sent to the members not in room?
… compliance doc says "You shouldn't track except that you can claim the following permissions for the following reasons"
… permissions come from compliance doc
<WileyS> john, click on the link above to open the doc in a browser window and follow along
… site can ask a user for an exception for broader permissions
… request for a user-granted exception, that's when you see a signal saying "I believe you've given me an exception and therefore I can do xyz"
… outbound is 0/1/absent
<johnsimpson> saw Aleecia's, Jeff
… return has qualifiers relating to permissions from the compliance doc. Debate as to requirements to use these
… as well as additional qualifiers
… exceptions have two kinds, a "first-party" saying "to continue to work with you, I need an exception for a given list of third parties" e.g. a site monetizing itself with ad revenue
… can ask for an exception for third parties on your site
… list of third party sites from the first party, user is asked (in an undefined manner) "are you ok with this" which then causes a 0 to be sent to these parties giving them permission to track the user in this context. a site-specific exception
… also site-wide exception, request from first party to say no matter what third party appears on my site, give them a DNT0
(didn't we get rid of site specific exception? or basically merge it into site-wide?) - ian
dsinger: also have web-wide exception
… user thinks it's advantageous/agreeable to be tracked by a site no matter where it turns up, e.g. "TrackMyReading.com" where you want a site to remember what sites you've visited, be able to "like" certain sites and get recommendations. Clearly want to give this site permission to track you across all sorts of different sites
… rough overview of TPE, throw to Matthias for open issues etc
<Zakim> rigo, you wanted to push back on tracking definition because this is boiling the ocean
<johnsimpson> cannot hear
<johnsimpson> ok now
justin: compliance doc, link pasted in IRC. Walk through document, identify major areas of contention, structure. hwest will pop in
… if you object to something I say, raise hand / holler
… document structure - 1 & 2 on intro scope / goals
… parked as people disagree, will fine tune once substance is in place
… as dsinger said, this is about what the obligations are
… section 3/4 how first parties comply
… 5 how UAs comply, controversial
… 6 is how third parties comply, bulk of the document
… a few controversial definitions
… "user agent" has recent discussion around perhaps different classes of UAs - add-on vs browser
… may have different obligations
… not really fleshed out
… 3.3 is definition of party
… lots of controversy at one point
… discussions around common branding vs ownership
… settled on corporate structure being sufficient as long as it's easily discoverable
… two options in text, relatively close
<dsinger> …notes that many other pieces of software other than web browsers access HTTP-loaded resources (e.g. RSS newsreaders, email agents)...
<BrendanIAB> User Agent is strongly defined in the HTTP 1.1 spec - I'll need to catch up on the discussion. It's more that "intermediary" needs to be defined into subcategories.
… 3.4 on service providers / outsourcers
… a data processor / service provider need not obtain separate permission to work on your behalf
… 3 options in current draft
… one long one from jonathan/eff, two later that are less detailed
<aleecia> We also have non-User Agents setting DNT. That's on the agenda for today.
… roy put in text in ML last night which might help us here
… general agreement service provider should be able to work for you
… 3.5 distinguishes between 1st/3rd parties. Long definition at first, shorter alternative
… longer one may be less controversial
… lots of discussion on this
… second option is more vague
… "first party is the site you go to"
… 3.6 is for "unlinkable" data
… lots of chatter on ML about how to decide if something is unlinkable
… 3.9 definition of tracking
… may need more work
… "tracking" not used as a term in the document
<robsherman> Just for completeness, there's alternative text for multiple first parties that's been discussed on the mailing list that is based on what's in this draft.
… phrased in term of collection
<BrendanIAB> aleecia - Right, wrt intermediaries setting DNT header. It sounded like the definition of user agent (the software that initiates the HTTP request) may be up for discussion. Which would be complex.
… but maybe we need to make sure definitions of collection/retention are sufficient
… 3.10 on explicit and informed consent
<aleecia> I don't think we should re-define UAs. But we may want "UAs and others"
… used to turn DNT on int eh first place (explicit/informed consent) as well as for a user-granted exception
<aleecia> Or we may not.
… two options in the draft for this text as well
<aleecia> Worth talking through
… Sec 4 is on first party compliance
… general agreement there should be few restrictions, except e.g. send all the data to a third party
… some discussions around "Data Append"
… Sec 5, next is a relatively new section taken largely from TPE document, UA must have explicit consent to turn on DNT in the first lace
… shane suggested some modifications
… section 6 on third party compliance
<npdoty> I don't think "express and informed consent" in User Agent Compliance came from the TPE, I think that was just a new phrase just invented there
… will be debated over the day,
… short term collection/use
… discussion around 6-week grace period
… contextual ads
… 6.1.3 on first-party data use
… frequency capping
… financial logging / auditing
… fair amount of extent of that info
… aggregate reporting, may be taken out and structured in terms of unlink ability, up in the air
… compliance with local laws
… "nothing else"
… data minimization and transparency
… requirement to disclose
… no personalization
… and how much can you collect for these purposes
<aleecia> (requirement to disclose retention period)
… no persistent identifiers is one proposal, strong disagreement on that position
… a section here for a long time on geolocation compliance
… how precisely you can target with geolocaiton. Not consensus but hasn't been discussed in a long time
… provisions for user-granted exceptions
<npdoty> I thought it was basically consensus, we did a few iterations on the geolocation piece
… 6.4 is new about disregarding non-compliant user agents
<npdoty> scribenick: npdoty
<scribe> scribenick: ifette
justin: a very dry walk-through
<aleecia> geo-loc had been at consensus. Ian rejoined the group with new-to-us information, but I don't believe there is new text. This is the sort of thing we might reopen based on Ian's information.
… seeing no questions, turn back to allecia
Aleecia: coffee outside the door. Don't have scheduled time for a break. Take a minute, caffeniate, and get back here
<johnsimpson> Did we lose microphone? Now hearing nothing...
<johnsimpson> heard lots of chatter during break
<BrendanIAB> I think that folks turned off their mics
<johnsimpson> Thanks, Brendan. Hearing chatter now.
<BrendanIAB> JC is just trying to clear the room!
<npdoty> scribenick: robsherman
<ifette> rob, you good
<BrendanIAB> screen not being shared yet.
<justin> For those at home, we're discussing 3.8 of the compliance draft http://www.w3.org/TR/tracking-compliance/
aleecia: Looking at definitions in Compliance doc. Want to identify issues and assign actions to write alternative text.
<johnsimpson> waiting to see screen
<npdoty> vinay_, do you have a read on whether screen sharing should be working now?
<vinay_> For those who want to follow-along to what Aleecia is pointing at -- http://my.adobeconnect.com/vigoel
<npdoty> otherwise, you can follow the text just by looking at that section
… Sec 3.8 — collection/retention
<vinay_> npdoty - asked her to; she needs to enable it on her computer
… [reading text]
<johnsimpson> still not being shared. what is section in draft, please?
aleecia: Comments on issues in this text?
amyc: Need to work on definition of "share" because of prospect of downstream liability.
… Example of a small website that uses Google Ads. Under this definition, could be "sharing" info with Google. We're really concerned about circumvention.
<johnsimpson> Amy, but isn't that a first party and allowed?
rigo: Wants to work with Amy because "uses" prohibits forwarding. Different taxonomy from EU law.
<amyc> john, not sure I understand your question?
<justin> There's an argument that amyc's issue should be addressed in first-party compliance instead of the definition of "share," yes?
<npdoty> ACTION: Colando to draft updated 'share' definition to avoid concerns (with rigo and chris-p) [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action01]
<trackbot> Created ACTION-264 - Draft updated 'share' definition to avoid concerns (with rigo and chris-p) [on Amy Colando - due 2012-10-10].
<Joanne> +1 to help Amy
shane: We shouldn't be saying that information must be deleted if it's inadvertently collected; we should be saying that it must be used appropriately according to its appropriate context. Will update.
dwainberg: Overlap between "collects" and "retains."
… Also, "data coming within a party's control" seems broad/vague.
<npdoty> ACTION: Wiley to update text in 3.8.1 regarding bringing into compliance, not just deletion [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action02]
<trackbot> Created ACTION-265 - Update text in 3.8.1 regarding bringing into compliance, not just deletion [on Shane Wiley - due 2012-10-10].
…. 3.8.1: unclear what "reasonable efforts to understand its information practices" means. Also seems broad/vague.
<fielding> My objection has not changed. http://lists.w3.org/Archives/Public/public-tracking/2012May/0282.html
aleecia: We deliberately define "collects" and "retains" differently. Why do you think they overlap?
<rigo> Amy, do you think we could merge "share" and "use"?
<justin> rigo, no!
<npdoty> depending on how we come down on third-party compliance, it could be that our definitions will really need retention rather than collection
dwainberg: There may be cases when data comes within the party's control but the party holds the data only transiently. It seems like there is an element of retention in "collection."
<dsinger> +1 to Ian; collection implies you took active steps
ifette: Agrees that distinguishing is confusing because when we use "collect" in English we ordinarily think about keeping. There's also no real way to prove that once a party has touched data that it has never been swapped to disk, for example, even instantaneously. This may be addressed by the short-term retention period we've been discussing.
<BerinSzoka> +1 to Ian: COPPA is a great example of a legal regime where "collection" has a meaning beyond its normal use (including allowing kids to share personal information--i.e., communicating with other users) and it causes huge problems
<schunter> \me test
<fielding> I already did that.
<BrendanIAB> Consider "receives" as opposed to "collects"?
<npdoty> ACTION: fette to suggest retention related to a timed grace period (with dwainberg) [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action03]
<trackbot> Created ACTION-266 - Suggest retention related to a timed grace period (with dwainberg) [on Ian Fette - due 2012-10-10].
<WileyS> Matthias, "/"me
<npdoty> fielding, you're referring to your version of the "tracking" definition which incorporates the time period?
<BrendanIAB> If you're looking at something that doesn't imply retention in any way.
<fielding> no, I am referring to my definition of data collection
peter-4As: Seems to be a general notion in the documents that this is focused on "data," but we actually should consider what we mean when we use the term "data." Consider pseudonymous data - treated differently?
… Concern about covering anonymous/pseudonymous data in the same way as other data.
aleecia: We've already made some decisions on these issues.
… We decided we're not going to address children one way or the other.
<npdoty> I think the unlinkable definition (and such data out of scope) might be relevant to this point
… We decided not to categorize data (PII vs. non-PII, for example).
<tlr> +1 to npdoty
ruud: If we don't recognize that EU Parlaiment is taking a different approach, doesn't that hurt us?
<rigo> +1 to npdoty
aleecia: We recognize that our spec isn't going to map to any particular country's laws. We're working on a separate Global Considerations doc to give advice to people on how to manage this.
npdoty: It may be that the definition of "unlinkable" data — which would be out-of-scope largely — would address ruud's concern.
<justin> Unlinkable addresses some but not all of peter-4As's concerns.
ruud: We need to be sure that our standard is descriptive enough to be valuable. If "unlinkable" does that, we should dedicate the time to make it clear.
justin: Regarding amyc's small publisher example, this should be dealt with in the first party compliance section. We should leave the definition of "sharing" the same and just deal with what first parties can do.
…. On the "collection" point, if we leave "collection" but have a 6-week grace period as a permitted use, does that address the concern?
<rigo> I suggest to merge use and sharing. I also suggest to have collect only for the things stored and "retain" for things that are stored beyond 6 weeks
<npdoty> I think that might be a good approach, justin; many of the sharing use cases might be addressed by clarifying first-party compliance
ifette: I didn't have a problem with the goal of the text, but was just pointing out that the text was confusing.
<Chris_IAB> so are we going to put the burden of implementing DNT on the millions of little mom & pop websites around the world? These are almost all exclusively monitized by 3rd party ad networks.
<fielding> currntly the 6-week conflicts with the requirements on third-party as stated
dwainberg: [wants more actions!]
<fielding> BTW, ruud's comments are similar to mine in http://lists.w3.org/Archives/Public/public-tracking/2012May/0314.html
<justin> fielding, expand, don't fully understand. Is it that during the 6-week you might be transferring or personalizing without knowing you're a third party governed by DNT?
<npdoty> action-265: dwainberg interested, might have differing views on the first part of the unknowing piece
<trackbot> ACTION-265 Update text in 3.8.1 regarding bringing into compliance, not just deletion notes added
<rigo> WileyS, I think the definition of "collect" is far to harsh and creates problems IMHO
lmastria-DAA: DAA goes through all of this in discrete detail, which can be a resource for implementation.
<jchester2> I disagree. The DAAs spec is considered totally inadequate by privacy advocates and many academics,\.
<JC> JC has scribe
<scribe> scribenick: JC
dsinger: Roy has expressed confusion in collection term
<fielding> justin, I mean that the way that the collection is constrained right now does not take into account the 6-week window concept, so it is hard to know if having a broad definition and a 6-week allowance "helps"
<rigo> +1 to dsinger
<Chris_IAB> jchester2, which part(s) of the DAA Principals do you consider "totally inadequate"? Could you please be more specific?
dsinger: setting rules on something you already have
<ifette> ACTION-266: Note that dsinger used the term "exposure" which may be a better way to phrase things than collection
<trackbot> ACTION-266 Suggest retention related to a timed grace period (with dwainberg) notes added
<npdoty> lmastria-DAA, if you can provide that text to the group as a submission, that would be helpful (would also give us permission to include that text)
Aleecia Does 3.8 address that
Dsinger: not necessarily
<fielding> no, exceptions that are the rule are not a sensible solution
Aleecia: I don't understand why
Dsinger: much longer discussion
<npdoty> jchester2, I think Lou is suggesting taking advantage of definitions from the DAA document, rather than compliance on the whole
Aleecia: Maybe we don't need to define collection?
Dsinger: Collection sounds like an active act. Can be misleading for someone not reading definition.
<justin> fielding, I understand you don't like broad definitions with exceptions that carve things out, but logically they achieve the same purpose. But I am OK with restating if it achieves that same thing.
Aleecia: does exposed versus collection a meaningful description
Dsinger will work with Ifette on issue
<npdoty> action-266: dsinger to help, regarding a distinction regarding "exposed"
<trackbot> ACTION-266 Suggest retention related to a timed grace period (with dwainberg) notes added
Dwainberg: valid point
<jchester2> What is says it does to address user concerns; how it describes the problem; lack of coverage for sensitive data except what is required by law, such as COPPA, oe doesn't reflect what its members actually do in practice regarding financial and health data; the icon system was not tested and is not a valid way to serve privacy. The explanation of what is collected and why versus the actual practices of the companies regarding data collecting is purposefully mi
<npdoty> action-266: rigo also interested
<trackbot> ACTION-266 Suggest retention related to a timed grace period (with dwainberg) notes added
Aleecia: sounds like if we have
five people working on it then do it during a break
... we are out of time for this issue.
<justin> npdoty, Do we want to address the issues of unid'd callins at some point?
Aleecia: definitions for first and third party
<rachel_n_thomas> move to reopen the queue
Aleecia: section 3.5. Do we think
that these options are at final text?
... Should some of these be reworked or should additional options be added?
<lmastria-DAA> how do we respond to queue questions?
Aleecia: first party the user knowingly and intentionally interacted with it. Otherwise 3rd party.
<fielding> My comments and alternative are at http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0055.html
Aleecia: possible to have
multiple first parties on one page, but branding must be clear
and have separate privacy poicies
... the first party is not based on domain name
... domain could reference different party from URL
<dsinger> The second sentence in the third party paragraph is talking about first parties, and belongs in the first party paragraph.
Aleecia: diferrent URL could
belong to same party
... if that is not clear raise question
lmastria I have a questoin about process
Rachel why are not DMA proposals not listed here?
<lmastria-DAA> response to jchester2...the program was tested and is tested and validated every day by users (11 mm to date). the practices do match and when they don't we have enforcement to drive compliance, the latest of which happened monday
<npdoty> s/Rachel why/rachel: why/
scribe: I would like to see them
added or explained why not
... why have we moved on from discussion of unlinkable data
Aleeca: we have run out of time and will come back to unlinkable data at end of day
<justin> ChrisPedigoOPA, here is the definition of party discussing affiliateness http://www.w3.org/TR/tracking-compliance/#def-party
<ChrisPedigoOPA> thanks Justin
Aleeca: this is not the DAA or self-reg group
Rachel: I feel there are many DAA members here
<justin> rachel_n_thomas, Can you link the defs for us?
<fielding> Imastria-DAA, please send those proposals to the mailing list
Rachel: I have concrete proposals and can add them to IRC
<npdoty> does someone have a summary of how the DAA definitions would vary from the current options?
Aleecia: We can assign an action item to you and you can respond with your text to mailing list
<rigo> rachel_n_thomas: please share link to DAA definitions
Aleecia: let me know if you have question on process
Rachel: I am comfortable taking action item
<npdoty> ACTION: rachel to propose first/third party definitions from existing DAA documents [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action04]
<trackbot> Created ACTION-267 - Propose first/third party definitions from existing DAA documents [on Rachel Thomas - due 2012-10-10].
Rigo: We have a very sophisticated system in TPE on first and third party distinction. Should we use that.
<rachel_n_thomas> DAA definitons of first party and third party are available for review here http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf
Rigo: Can technology address this?
Aleecia: the two docs are not in sync and maybe we can address this.
<Zakim> rigo, you wanted to ask the browser folks whether we can draw from the TPE
Dsinger: yes they should be in
... I will take action to bring the docs into sync
Rigo: I will help
<npdoty> I think even with fielding's proposal and the existing TPE text, we still have concepts of user expectations/understanding in interaction
<dsinger> ACTION: dsinger to edit the TPE document to make sure that the final definition of parties is in sync across the two specifications [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action05]
<trackbot> Sorry, couldn't find dsinger. You can review and register nicknames at <http://www.w3.org/2011/tracking-protection/track/users>.
Aleecia: Does either author wish
to revise them based on feedback
... one from Johanthan tom and peter
... another from Shane et. al.
Shane: what is disucssion
Aleecia: first and third party
<dsinger> ACTION: dsinger to edit the TPE document to make sure that the final definition of parties is in sync across the two specifications [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action06]
<trackbot> Sorry, couldn't find dsinger. You can review and register nicknames at <http://www.w3.org/2011/tracking-protection/track/users>.
Justin: I wanted to modify definition to address multiple-first party issue. How would TPE address that
<npdoty> ACTION: singer to edit the TPE document to make sure that the final definition of parties is in sync across the two specifications [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action07]
<trackbot> Created ACTION-268 - Edit the TPE document to make sure that the final definition of parties is in sync across the two specifications [on David Singer - due 2012-10-10].
Dsinger: it doesn't
<fielding> Why would it matter?
Dsinger: substantial chunks of the TPE looks at top level domain
WileyS: It should be no different
from multi-domain structure. Each party responds as first
... handle it in that the beacon responds as first party
Aleecia: That's great if they are co-first parties, but how does that work for FB button
<justin> Thanks, rachel_n_thomas. I find the definition of third party too narrow given where we are (only OBA companies are first parties), but the first party definition tracks pretty closely to what we have as Option 2 right now.
<justin> Ugh, s/first/third
Aleecia: same for clicking on an ad and why the discussion matters
Dsinger: the TPE discusses promotion
Robsherman: Need to discuss how to manage multiple first parties
<fielding> It is not relevant to TPE. It could be "solved" in a tracking policy document, or even an array of policy links, but it is still not relevant to the protocol.
Robsherman: both address but not clearly. I sent proposed text to email list
Aleecia: Nick will assign action number to work
<johnsimpson> Explain more please, Roy
<npdoty> have we reviewed robsherman's text? maybe that would supplant existing options?
<justin> Agree with fielding, I think that has to be addressed specifically in compliance doc.
<fielding> That does not stop it from being relevant to compliance.
Dwainberg: There was more
discussion about determining with high probability, but now
description on how that is done
... can someone describe
<amyc> as a process question, why isn't proposed text included as option?
Aleecia: that is in first option
Dwainberg: in 3.5.2 websites is discussed and the work applies beyond websites and we should address
<tlr> robsherman's text is here:
Aleecia: could Shane or Heather address
Aleecia: Justin will address
Justin: Address what?
WileyS: need to elaborate on websites to something more appropriate
<npdoty> ACTION: brookman to update 3.5.2 to expand beyond "Web site" [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action08]
<trackbot> Created ACTION-269 - Update 3.5.2 to expand beyond "Web site" [on Justin Brookman - due 2012-10-10].
Dwainberg: Can clarification be made on option 1. It's not clear to me
<WileyS> Justin, more expansive term than "web site" in 3.5.2. Perhaps "user interaction" instead?
Aleecia: I believe that Rob suggested some text and we should look at that
<WileyS> Justin, or perhaps a list: "site, server, or application central to user interaction"?
Robsherman: I will paste link into IRC
<robsherman> http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0247.html (HT tlr)
Kevinsmith: I'm concerned about
having a link to separate privacy policies. There can be
situations where it will be difficult due to realestate
... I don't have an obvious example, but I believe it is an issue
WileyS: We didn't look at idea of
promotion for multiple first parties
<rigo_> note that "branding" is a commercial concept and DNT goes beyond commerce only
<justin> Multi first party should be fairly rare.
<fielding> This is another topic I already provided written comments for … http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0114.html
<amyc> as housekeeping matter, we need to move interaction/promotion section to option 2 as well, right?
<justin> +1 to npdoty --- these two definitions are functionally the same.
<amyc> in other words, both option 1 and option 2 need to accommodate multiple first parties and promotion to first party
<WileyS> Let's work on combining them then - I'm open to that
<npdoty> npdoty: I think these two definitions may not be all that different, both rely on user expectations for the sake of promotion / interaction
<justin> WileyS, if you have an action item here, may want to consider fielding's test too: http://lists.w3.org/Archives/Public/public-tracking/2012Apr/0114.html
<npdoty> ... think there's a good chance we could combine these, particularly since we need to update "visiting" a "site" already, which might correspond to the concept of intending to in interact with
<WileyS> Justin, got it - shared the text with David as we work on the rewrite
<dsinger> option 3 only talks about first parties, which is a problem
<WileyS> Justin - rewrite of 3.8.1 to be specific
<npdoty> WileyS, justin - I thought we were talking about the first/third party definition updates -- for which we don't have an action
<dwainberg> I don't know why I keep doing that :)
<johnsimpson> sorry, lost track what section?
<npdoty> scribenick: npdoty
<justin> npdoty, Yes, I think you should make an option on WileyS on this, but I'm willing to take it on --- I am fine with killing "high probability" in favor of the other text (though I still think you have subjective questions either way).
rachel_n_thomas: happy to add definitions from DAA as an option, especially since most people in the room were involved with that
<johnsimpson> Rachel: Don't think everyone in room developed that. I sure didn't have a hand in it.
amyc: I do like option 3, though
it would need to be broadened to third party as well
... service providers to detect fraud and monitor security
amyc: those service providers
need to aggregate that information across multiple
... talks to the permitted uses, not just silo'ing
<JC> Amy: I like option 3 since it doesn't specifically require siloing
<hwest_> Not sure whether this got in there - but intention to option 3 is to have a pure definition that's simple and in line with consensus of gthe group in Seattle.
aleecia: is the siloing just around security/fraud, or all of them?
some people in the room: all of them
<fielding> I consider such data-gathering for security to be a permitted third party, not a service provider relationship.
dwainberg: language about "no independent rights" could be too limiting, service providers will have certain needs (debugging, maintaining)
<amyc> options need to include ability to use across clients, rather than strict siloing. Example is fraud detection services that need to aggregate data across multiple clients in order to effectively detect fraud
dwainberg: scoped to instead be "no independent rights" for a particular use
npd: fielding, I assumed that as well
<amyc> fielding, first parties are prohibited from sharing with third parties, can only share with service provider
<amyc> sites need to share with service provider that may be aggregating information for security detection
rigo: if the service provider on
your behalf uses the data to secure their own service, that's
... the key is the *independent* use
<fielding> amyc, I think we would need additional text to allow it -- tightly scoped to not be a huge privacy hole
<scribe> ACTION: rachel to propose existing DAA text for service providers [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action09]
<trackbot> Created ACTION-270 - Propose existing DAA text for service providers [on Rachel Thomas - due 2012-10-10].
<amyc> fielding, I wonder whether option three, which speaks to permitted uses as well in context of service provider relationship - and fraud detection is permitted use
<fielding> I proposed rough text on the list for service provider within first party rather than as a separate party
<susanisrael> roy thanks for clarification re: security use
<scribe> ACTION: west to update service provider language to apply to first and third parties [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action10]
<trackbot> Created ACTION-271 - Update service provider language to apply to first and third parties [on Heather West - due 2012-10-10].
<Chris_IAB> npdoty, fyi, I was kicked out of IRC and had trouble re-joining
<rigo> I can live with option 3 but for the sake of beauty and simplicity, legally we would not need anything beyond "no independent right to process"
action-271: WileyS said the s// language aloud, but I couldn't capture that
<trackbot> ACTION-271 Update service provider language to apply to first and third parties notes added
<scribe> scribenick: npdoty
<dwainberg> rigo, I'm not sure whether we disagree
<rigo> David, I'm pretty sure we aren't
WileyS: added the permitted uses text to that third option regarding service providers
<dwainberg> I'm comparing to contractual language I've seen in the US, and in that context, I think companies will find the no independent use language confusing.
<JC> Rene: in EU we have industry bodies representing owner of data. Is this something we can place under unlinkable?
rene: audience measurement, working on behalf of the owner of the data -- is this a service provider relationship?
<scribe> scribenick: JC
<dwainberg> what we generally see is "no independent rights, except..."
UNKNOWN_SPEAKER: Is sharing by SP covered by unlinkable?
Aleecia: depends on the definition
<WileyS> Heather - new Option 3: Service Providers acting on the behalf of another Party and with no independent rights to use that Party’s data outside of the context of that that Party and Permitted Uses are also considered to be acting as the that Party.
<susanisrael> David and Shane I have an idea for service provider definition clarification-will try to help if you want
<WileyS> Susan - definitely - please let us know
<npdoty> fielding, I thought we've just asked that we extend service provider beyond just first parties
Roy: I want to know in addition to Aleecia's list is there a broader definition of a first party versus sprinkling throughout the document
<justin> That would be hard for me too!
Roy: since it would affect the entire definition section it would be tough to write a new compliance document
<jchester2> I agree with Justin
Aleecia: We can't go through it now, but it should be in tracker
<tlr> ACTION: roy Fielding to propose text for party and outsourcing definitions [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action11]
<trackbot> Created ACTION-272 - Fielding to propose text for party and outsourcing definitions [on Roy Fielding - due 2012-10-10].
<tlr> ACTION-272: done in http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0055.html
<trackbot> ACTION-272 Fielding to propose text for party and outsourcing definitions notes added
Aleecia: we will have an action that points to the text if that is okay
<trackbot> ACTION-272 -- Roy Fielding to fielding to propose text for party and outsourcing definitions -- due 2012-10-10 -- OPEN
Roy: that's fine
<tlr> ACTION: robsherman to draft text on first party [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action12]
<trackbot> Sorry, couldn't find robsherman. You can review and register nicknames at <http://www.w3.org/2011/tracking-protection/track/users>.
<npdoty> ACTION: sherman to propose text regarding multiple first parties [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action13]
<trackbot> Created ACTION-273 - Propose text regarding multiple first parties [on Rob Sherman - due 2012-10-10].
ChrisPedigo: Going back to David and Rigo statement about SP using data to improve service, does independent right include that?
Rigo: I doubt that it would
Rigo: a person that processes on behalf of first party then it depends on reslationship. The first party is still in control
<tlr> ACTION-273: done in http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0247.html
<trackbot> ACTION-273 Propose text regarding multiple first parties notes added
<dwainberg> (boy I'm having trouble using this thing today)
WileyS: I believe there is a difference in understanding. You can take learnings in those you work for. You can't use the data itself, but you can learn from it. Anything that is unlinkable can be used.
<jchester2> Shane: Including if such learning is used for tracking?
<WileyS> Jeff, no - that would be an independent use - not allowed
Rob: The first party determines the purpose and means. It is important to distinguish between learning and use, but work should not go beyond original agrement
Aleecia: two people are reading same statement and coming up with different meanings. This should be fixed.
<rvaneijk> controller determines purpose and means. Any serviceprovider who does anything with the actual data beyond that scope becomes a controller himself
<jchester2> Shane: So what happens with the "learnings"--it wuld be used for some part of the targeting function at some point, no?
<npdoty> WileyS, is your suggestion that a service provider can make unlinkable data of a customer's data and then use it for other purposes not for the customer?
WileyS: I don't think Rob was commenting on text, but EU position. If not I would like to get his response
Aleecia: WileyS will take action to add non-normative text to clarify text
<npdoty> ACTION: wiley to propose non-normative text on service providers to clarify "independent use" (with rvaneijk) [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action14]
<trackbot> Created ACTION-274 - Propose non-normative text on service providers to clarify "independent use" (with rvaneijk) [on Shane Wiley - due 2012-10-10].
Rob: we had text already, maybe we could copy and paste it. I will work with wileyS on it.
Lmastria: Bridges between
Rachel's action item and Rigo's independence could be
addressed. A large portion of our businesses are subject to
enhanced notice and control around data usage.
... that should be considered.
Aleecia: One of our proposals has less notice vs. more.
Dwainberg: I look forward to
extra text because I'm confused by it
... we dont want to unintentionally cause a problem between SP doing work for a party and a first party that can do it themselves
... this would create a competitive disparity that we should try to avoid
Aleecia: Basically we see the SP
standing in the shoes of the first party
... SP can be seen as the same, but they cannot for example share data across first parties
<rvaneijk> @shane: "For the EU, the outsourcing scenario is clearly regulated. In the
<npdoty> I think there's support for that principle (from dwainberg) in general, although limiting independent use gets at the potential privacy difference between a company performing the practice itself and a service provider doing it
<rvaneijk> current EU Directive 95/46/EC, but also in the suggested regulation
<rvaneijk> reforming the data protection regime, an entity using or processing data
<rvaneijk> is subject to data protection law. A First Party (EU: data controller)
<rvaneijk> is an entity or multiple entities (EU: joint data controller) who
<rvaneijk> determines the purposes, conditions and means of the data processing
<rvaneijk> will be the data controller. A service provider (EU: data processor) is
Aleecia: Dwainberg came up with some text for data append.
<rvaneijk> an entity with a legal contractual relation to the Data Controller. The
<rvaneijk> Service Provider does determine the purposes, conditions and means of
<rvaneijk> the data processing, but processes data on behalf of the controller. The
<rvaneijk> data processor acts on behalf of the data controller and is a separate
<rvaneijk> legal entity. An entity acting as a first party and contracting services
<rvaneijk> of another party is responsible for the overall processing. A third
<rvaneijk> party is an entity with no contractual relation to the Data Controller
<rvaneijk> and no specific legitimacy or authorization in processing personal data.
<rvaneijk> If the third party has own rights and privileges concerning the
<rvaneijk> processing of the data collected by the first party, it isn't a data
Aleecia: a lot of these use cases may be addressed else where
<rvaneijk> processor anymore and thus not covered by exemptions. This third party
<rvaneijk> is then considered as a second data controller with all duties attached
<rvaneijk> to that status. As the pretensions of users are based on law, they apply
<rvaneijk> to first and third party alike unless the third party acts as a mere
<rvaneijk> data processor."
Aleecia: my suggestion is that we
leave this at is and come back to it
... once definition is done
... there is an action for data append, but no issue so we should create one
<johnsimpson> makes sense
ChrisPedigo: I don't believe there should be a data append restriction as it may be out of scope
Aleecia: let's define it and then decide
<npdoty> issue: definition of and what/whether limitations around data append
<trackbot> Created ISSUE-170 - Definition of and what/whether limitations around data append ; please complete additional details at http://www.w3.org/2011/tracking-protection/track/issues/170/edit .
<lmastria-DAA> ditto ChrisPedigo re data append
<npdoty> issue-170: see action-229
<npdoty> postpone issue-170
Aleecia: Npdoty will create new issue and attach to action 229
<trackbot> ISSUE-170 Definition of and what/whether limitations around data append notes added
Aleecia: covered everything except unlinkable and now will go to lunch
<npdoty> issue-170: let's come back to this issue after we've made decisions around service providers
<trackbot> ISSUE-170 Definition of and what/whether limitations around data append notes added
<BrendanIAB> I'm going to disconnect from phone for the next 60 minutes
<npdoty> adjourned for lunch.
<johnsimpson> are we back
<amyc> not quite yet
<justin> We are working out boat-dinner logistics.
<justin> We're assuming you're a no, johnsimpson.
<johnsimpson> A no on what?
<johnsimpson> I'll be there in spirit...
<npdoty> screen should be shared now, let us know if you're having problems
<vinay> Those can follow Aleecia screen at http://my.adobeconnect.com/vigoel
<npdoty> scribenick: susanisrael
<johnsimpson> yes have screen
aleecia: will be talking about financial logging, don't have enough text to discuss clearly
have text originally in draft and action 235 from nick, discussed a bit on phone
there is a lot of nonnormative text that's useful
<npdoty> from me: http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0141.html
ran into trouble with "to the extent required by law."
there is a lot of additional text re: permitted uses, this is just one of them
in editor's draft have different text right now. [read 188.8.131.52
those are the 2 texts we are looking at
<npdoty> regarding action-255, we also had a proposal from Alan: http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0243.html
have not started to flesh out differences
will take comments/questions about this text
ian: i will note that nick's text introduces term of tracking and that is not defined or used elsewhere
<justin> Replace tracking with "collection, retention, and use"?
aleecia: there may be an action on that elsewhere already
nick: happy to do that
aleecia: if that isn't in action form already it should be created
nick: in queue to talk about "not
my text"--alan took action to provide info re: financial
... that's how we got into discussion re: contract
nick: i was using law because of suggestion from shane that there might be applicable law
<npdoty> regarding action-255, we also had a proposal from Alan: http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0243.html
aleecia: which action?
<trackbot> ACTION-255 -- Alan Chapell to work on financial reporting text (with nick, ian) as alternative to legal requirements -- due 2012-09-19 -- PENDINGREVIEW
sorry, nick: 255
<npdoty> I think most of the discussion on that thread is not directly related, but the start of it has the proposal about contracts
aleecia reads from email chain
chris: my concern is "required by
... i did some research on auditing since 60s by MRC which requires retaining data for a year
chris: i don't think this organization should have ability to override another organization's standards
shane: the issues with contracts are not with contracts directly but just with proving you performed under contract
<dsinger> Indeed, I believe even financial auditing is technically not law, often, but required e.g. to get listed on a stock exchange, or to conform to an industry norm
need to prove having performed is an issue across jurisdiction. don't know how to get around this problem.
shane: contracts not the problem: but proof of contract
<Chris_IAB> According to the Media Rating Council (MRC), the normal retention period for "source data" required for industry accreditation of third-party audience estimates is 1-year, as documented in their published standards: "Minimum Standards for Media Rating Research" (available for download at http://mediaratingcouncil.org/MRC%20Standards.htm).
<npdoty> WileyS, I hear your point about proof of fulfillment of a contract, rather than fulfillment directly required by the contract itself
aleecia: getting a sense of other needs may help
<WileyS> Nick, how could we integrate that perspective into the proposed text from Alan?
jeff: i do think it's important that we have identified what is required by law
<justin> I think someone should take an action to write Shane's middle ground text.
jeff: we did research on sarbox and couldn't find any specific language re: interactive advertising
can't depend on contractual procedures industry has developed before privacy crisis. don't have enough documentation
jeff: there is resistance to providing proof to govt agencies
alan: point i was trying to make is that there are standards created by other bodies that companies i work with will have to make
<rigo_> WileyS, do I understand you right that you want limited purpose to have it retained for audit purpose only and for financial proof. That could be added to the spec
alan: there are hobson's choices for these companies. they will try to do right thing but it speaks to goal here if it's industry implementability
alan: i am not here to say which
other standards are legitimate but it is uncomfortable
... jeff: i love you but there has been a lot of information that has gone around pls acknowledge
<WileyS> For those interested - this is only SOX (many financial laws outside of this one): http://www.gpo.gov/fdsys/pkg/PLAW-107publ204/html/PLAW-107publ204.htm
jeff: one of the organizations that just joined has said it could provide more if ms default taken off the table
david singer: how much will general permissions help? if you demo that you only collected data for permitted use for the specified time that may help
<Zakim> dsinger, you wanted to check to what extent the general provisions make life easier here
david singer: we will not police collection or retention but it helps to be able to point to an industry requirement. does that help off pressure?
aleecia: quick straw poll
does anyone want to continue to argue for to the extent required by law?
jeff: only vote for this
<johnsimpson> i think law is important
rigo: the relation is different. req'd by law will trump anyway
<WileyS> law trumps all else in the standard
rigo: qu is whether anyone opposed to adding other requirements, i would be opposed to removing reqmt' to comply with law
aleecia: jeff was concerned that sox compliance could become indefinite
<dsinger> …and much auditing is a requirement of e.g. belonging to a trade group, being listed on a stock exchange, isn't it?
<trackbot> ACTION-235 -- Nick Doty to draft middle way draft on permitted uses -- due 2012-09-04 -- PENDINGREVIEW
jeff: i agree with you that you
could interpret -- i do have this concern that sarbox is so
vague that you could make lots of arguments
... at the same time i think my point is show me the tofu
chris: i provided tofu
jeff: i have not seen evidence of legal requirements and extent of data retained
<npdoty> ACTION: doty to update middle way proposals to avoid relying on "tracking" [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action15]
<trackbot> Created ACTION-275 - Update middle way proposals to avoid relying on "tracking" [on Nick Doty - due 2012-10-10].
ed: difficult question what's the limiting principle. if entities got together and decided keep everything that could be a problem
aleecia: not seeing huge support for to the extent required by law
<johnsimpson> the key is what is he limiting factor
<npdoty> aleecia: I think we are moving to something else besides "required by law"
chris: i think i agree with david
singer's principle so we could find a place to start
... i think we already have text without required by law
ed: so limiting principle is requirements for collection and use?
chris: could interpret it that way
justin: a lot of my question is similar to what ed is pointing out but i guess 6. 1. 2.2 is data minimization principle
<npdoty> chris is referring to the existing Working Draft / editors' draft text on financial reporting
<tl> +q to say that we don't want to oblige people to break the law, but we don't want contracts to allow for a hole you could drive a double-decker bus through, and the same applies to other standards.
justin: contracts shouldn't be dispositive
<tlr> susanisrael: Is the principle best expressed not through contracts -- but proof of delivery of the ad is the basis?
<tlr> ... not necessarily required that data linkable
<npdoty> susanisrael: is the principle best expressed through contracts, "proof of delivery" -- which doesn't require that data be linkable
<tlr> ... maybe that's also something to work with?
susan scribing again
<WileyS> Jeff, here is a direct SEC mandate requiring data used for transacational audits be retained for 7 years: http://www.sec.gov/rules/final/33-8180.htm
<Chris_IAB> would need to know definition of "linkable"
<Zakim> tl, you wanted to say that we don't want to oblige people to break the law, but we don't want contracts to allow for a hole you could drive a double-decker bus through, and the
<npdoty> susanisrael: question whether linkable data is required for this purpose
<Brooks> it might be a useful term
<efelten> Shane, doesn't that SEC doc apply only to accounting firms?
aleecia: linkable not part of definition right now
tl: standard should not require breaking law
<jchester2> Thanks. I had lawyers review this and they did not find any evidence that Sarbannes requires online ad companies to keep data linked to users. We will have them review this. But at the moment, we don't believe that sufficient evidence has been given.
<Simon> There are other industry standars, such as GAAP accounting standards that may come into play
tl: i think compliance with contracts or other standards could make standard emptyt
<justin> I think we can incorporate the workaround that contracts DNT following the law, but that issue is somewhat orthogonal to what is reasonable retention/use for financial logging.
<jchester2> Can Tom propose how it should be written?
<WileyS> Ed, in this case it does - but the orgin of the records has the same retention requirement OR GREATER - looking for the exact reference now. IRS requirements not as easy to thread in this context (receipt/financial record retention laws).
<fielding> I think the standard should be written based on Do Not Track, not Do Not Collect, since these issues have nothing whatsoever to do with tracking.
david w: i think we are somewhere in gap between required by law but don't want big loophole permitting throwing it out
david w: might help to hear bad things we think might result so we can protect against them
aleecia: can i sum up as worry be
able to have contracts do away with the standard and global
... i think that is the concern rather than any specific thing
<npdoty> (want to: identify concern over billing of past/subsequent activity; billing of profile of the audience)
<justin> +1 to amyc
amy: i was going to highlight
that i have an action pending re: not using the contract to
circumvent the spec. so rather than trying to deal with this
... let's rely on that global requirement
aleecia: could be helpful
<WileyS> +1 to AmyC
<npdoty> +1 on global requirement, amyc
chris: in arguing vs the way the draft is today, i am trying to understand why it's a problem...
are you trying to protect against bad actors? spec requires some level of trust
<Joanne> +1 to Amy
<npdoty> s/are you/... are you/
rachel: newbie question: why legal requirements in standard
<tlr> rachel, different discussion.
rachel: my question is why does it need to be in doc if w3c standard process and if not why not
aleecia: we have said we are for
law compliance and we're not going down that path so don't need
to discuss this
... it's dead
alan: trying to use reasonable person standard, but in hypo that i have given there may be a requirement to report
lou: we have certainly found language acceptable to broad swath of language acceptable to industry. not sure what we would want beyond that
aleecia: so are you suggesting read daa text? was originally suggested but people may not have read recently
<tl> +q to say that this is not the DAA
<jchester2> Consumer and privacy groups were not involved with the DAA process at all. Consequently it is narrowly drawn and does not reflect the interests of users, esp on privacy.
aleecia: lou has action to provide text re data retention which is applicable to financial logging
<npdoty> ACTION: luigi to provide text regarding data retention, applicable to finanical logging data [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action16]
<trackbot> Created ACTION-276 - Provide text regarding data retention, applicable to finanical logging data [on Luigi Mastria - due 2012-10-10].
<jchester2> Hello Walter!
nick: i wanted to pick up on point ed was making and i think alan or david w re: what we might have concern about that is not captured in text
<Walter> Good afternoon Jeffrey (and the rest)
nick: examples that have come up
in thread with alan. one is billing re: past or subsequent
... contract where i get paid differently if someone sees ads then purchases, that might be a concern
... other might be billing based on profile of audience. do i need to keep data re: type of people who saw ad for financial reporting?
<jchester2> Nick. That's what the industry calls attribution, and where a user's history and actions are tracked and stored so billing can be shared with multiple parties.
<Zakim> rigo_, you wanted to respond to Ed and finding purpose limitation an option, concerned by the level of document required.
rigo: as the other contributor to epic thread with alan, i think thread is epic because it goes beyond financial logging, so generally alan is saying certain business practice required
we would pull in activity through financial reporting. my concern is that you create consortium, create standard then dissolve
rigo: as soon as no requirement
on business practice we open up hole in ground where other
group can decide whether our docs useful or not
... this is the concern. you have document here but can dismiss through consortium you create
alan: that is exactly what we are
... if we here are prepared to say that standards bodies have to be ignored then that's what we are doing
<Zakim> dsinger, you wanted to suggest a note on contracts and practices
david singer: reacting to ed's concern and reasonable man idea, and idea that contract may be a good reference but not if it's unreasonable
david s: a large reputable auditor should be considered but this is not a get out of jail free card
david: it's something that you can say in your defense
<dsinger> add the note on the general principles (on "the data as reasonably needed, and as long as reasonably needed") – a contract or other specification might be a reference of reasonable need for the data or period, but may not suffice if its requirements are not reasonable"
mike z: not sure it works but couldn't agree more
aleecia: so non-normative text
... david has action item
<npdoty> ACTION: singer to propose non-normative text regarding contracts/other specifications [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action17]
<trackbot> Created ACTION-277 - Propose non-normative text regarding contracts/other specifications [on David Singer - due 2012-10-10].
ian: would be useful to go through practices like conversion tracking to see how they work under standard
<npdoty> action-277: add the note on the general principles (on "the data as reasonably needed, and as long as reasonably needed") – a contract or other specification might be a reference of reasonable need for the data or period, but may not suffice if its requirements are not reasonable"
<trackbot> ACTION-277 Propose non-normative text regarding contracts/other specifications notes added
<jchester2> David. But industry could change the standards--and the financial crisis showed the inadequacies of leading auditing firms. So I am afraid that here will still be loopholes that permit practices that override user expectations related to the permitted uses.
ian: there are toher things not a standard practice that would also be interesting to review
ian-aleecia dialogue: first party in first example
<vinay> ebates.com is an example of Ian's use case
aleecia: not sure these 2 are very different
<Chris_IAB> what does "ack" mean rigo_ ?
aleecia: we have a bunch of non-normative examples here
<Chris_IAB> got it, thanks
aleecia: actually we just have the note, don't yet have the examples
<dsinger> (In IRC only as it's historical --on 'good and bad actors'). Our restrictions are for organizations that (a) wish to claim with a straight face that they comply yet (b) will take every inch of the permissions -- will 'drive right up to the fence'. Where the fence is matters a great deal for us, for those organizations. We have much less to say about organizations whose apsirations are well within the fence, and nothing to those who will go where they want and
<dsinger> not care about the fence at all.
<Simon> It appears that the "reasonable standard" would be a rebuttable presumption so if someone was making a claim that this standard is violated then it is up to the trier of fact to determine reasonableness
<Chris_IAB> dsinger, great point
<jmayer> The "good actors" argument has been made again and again. Not helpful.
david wainberg: we have already enumerated allowed uses, and beyond that good actors don't have a desire to retain the data and bad actors will ignore standard anyway
alan: nick you and i were going to draw up some additional text on this--maybe first thing tomorrow? [nick yes]
<npdoty> Chapell: can volunteer, to help with Nick tomorrow
tlr: against which text is david s's action item
aleecia: i think i heard the text in action 235 does not survive, but 255 alan is suggesting he and nick try to work through so 255 goes back to open
<tlr> reopen action-255
<trackbot> ACTION-255 Work on financial reporting text (with nick, ian) as alternative to legal requirements re-opened
<tlr> action-235: decided not to do legal requirement for financial
<trackbot> ACTION-235 Draft middle way draft on permitted uses notes added
aleecia: they should have 2 weeks or so to go through and we still have editor's draft - any questions?
kathy joe: we have text pending re: market research and will put it in
aleecia: we are looking at financial right now
nick: can i clarify my
understanding? i am not wedded to my text if we come up with
... hope we can get our action done in 24 hours
... does group think conversion tracking and audience profiling are permitted uses?
jeff: i think it's a very good question, i put it in irc and would like to know whether attribution is a practice under what you suggested
<npdoty> should we have a permitted use for these things?
<justin> I'm OK with the first use case, npdoty, as a subcategory within reporting.
jonathan mayer: want to make sure i understood nick's question--is it are we assuming whether we have these things? ok i got clarification from irc
jonathan: my position is that you should not be able to collect whatever you want for these things
<WileyS> Unlinkable data doesn't meet the needs in this case.
<npdoty> justin, you think it would be consistent with a Do Not Track preference to track subsequent activity of an ad impression in order to bill differently?
mike z: we are having a discussion about permitted uses. obviously it's what david says that obviously we have permitted uses. But we are not having discussions about what type of data you need to have
aleecia: there has been growing discussion re: doing all of these if data is unlinkable but ther ehas been no support for ad industry
<jmayer> Chris_IAB: "If you look at the DAA, just to beat that drum a little bit more..."
<Brooks> difficult to think about exceptions in terms of non-defined terms
<Chris_IAB> what does "unlinkable" mean? We need a definition in order to evaluate and move forward
mike z: we have permitted uses but ......de-identification, not either/or
<npdoty> s/Chris_IAB: "if you/mikez: "if you/
<Chris_IAB> Aleecia, for at least a month we have asked for a definition of "linkable"
<jmayer> Thanks Nick.
<Joanne> Susan - I'll take over scribing
aleecia: these permitted uses all ok if unlinkable
mike z: not in scope, not permitted uses but unlinkability
<Chris_IAB> npdoty, sorry, I don't understand your text?
aleecia: but that could be a way out if we could agree that these uses ok if unlinkable, this is not out of scope
mike z: so is it the same type of data to be used for permitted use:
<jmayer> Mike Zaneis, please stop arguing with Aleecia and allow the queue to comment.
<justin> npdoty, Yes, our proposal has allowed for this from the beginning. I understand that the user is monitored across sites, but it's a very narrow set of tracking (did action occur on this one site) for a narrow purpose.
<Joanne> Mike Z: are we having a disucssion around permitted uses
<Joanne> Aleecia: we are moving off of this
<Joanne> Aleecia: how many in queue
aleecia: it is still within the concept of permitted uses to say you could do if unlinkable
<WileyS> Jonathan, he is still discussing his item in this queue and is allowed to work through that.
<Joanne> answer: 5
<Joanne> Nick: down to three
aleecia: pls drop from q if you think we have discussed
<jchester2> I think the unlinkability issue is relevant.
rachel: don't see how we could say industry has not agreed to unlinkability if we haven't found defintion, and linking of that to tracking definition
aleecia: i ahve heard that a couple of times looking for new points
<jmayer> rachel_n_thomas, there is nothing new about the unlinkability proposal.
lou: i think we heard a couple of
use cases that require data to be used in a couple of way s
that are different than what is being proposed
... have trouble because we are trying to make some of these things binary
<efelten> We have been discussing these issues for over a year.
<WileyS> Jonathan, would you agree that we've not yet come to consensus on the definition of unlinkability and until we do so its difficult to look a Permitted Uses through that lens?
<jmayer> I dropped myself from the queue.
lou: there are exceptions/use cases that need to be factored in
aleecia: we have been doing that
<jmayer> WileyS, we have a range of definitions on unlinkability. Any should be adequate. There's not a dependency there.
aleecia: re: financial reporting. hearing this allows businesses to prove they have done what they said they would do vs. very expansive approach
also heard concerns about standards for limiting
<johnsimpson> so what would be*reasonable*?
david wainberg: clarification: we aren't talking about unlimited retention
aleecia: so what is the way out? set period for retention?
<WileyS> indefinite and not defined are already not allowed
<npdoty> I think we may have that text (specific to indefinite retention) in the spec already
<WileyS> Please see Nick's version
david wainberg: but no one wants indefinite. idea of loophole to retain data forever is kind of a fairy tale
aleecia: but some people think that idea has validity
<jmayer> David Wainberg, people in your industry have been talking about 7+ year retention.
<jmayer> That may not be unlimited, but it's close enough.
<jmayer> Who is talking?
<jmayer> And could she decrease her volume a bit?
rachel: no one wants unlimited retention: want only as long as is necessary or required by law. all of industry has already commited to it
<Simon> Rachel Tomas DAA talking
aleecia: in global section you will find language that is similar but not as restrictive
<JC> Rachel thomas DMA
rachel: but you say there are people who don't believe it
<jmayer> Ok, would you mind asking her to decrease her volume a bit? Thanks.
<jchester2> It's not about forever. It's kept too long for when people send DNT: 1
aleecia: some people feel global section not ok
<JC> There is no individual way to do that
<efelten> To point out the obvious, not all companies belong to DAA.
<jmayer> There are two separate issues - whether a standard is enforceable, and what the standard requires.
rachel: if an existing self-reg framework not sufficient what is
<jmayer> I'm glad we agree on enforceability.
aleecia: that's what we are looking for
<jchester2> Only if the FTC has the knowledge and political will to enforce meaningful privacy safeguards
lou: apologize that i will not offer any additional text but this is not just us based, other reg bodies not engaged
aleecia: queue closed
<justin> I thought the proposal was Chapell works with npdoty on language.
<Joanne> Susan, good job scribing this session
aleecia: if no concrete proposal we keep one of these texts, and decide global language ok
david w: does data minimization and retention section solve this if parties have to disclose retention period
<rvaneijk> my answer to the sufficiency of data collection by 3rd parties under DAA principles is: Do Not Collect.
aleecia: that is the question
<johnsimpson> When do you need the text proposal?
<Chris_IAB> how many people think David Singer's proposal is not sufficient?
jeff: i will take it on to write some text will do in 2 weeks and will go to my privacy colleagues
<justin> The existing language in the text is broader than the DAA requirement (requires disclosure).
<npdoty> dsinger, we have proposals from Alan, from the editor's draft, from my proposal (although perhaps that won't get support)
jeff: are you saying default will be daa text if no alternative? then i will write it
aleecia: does anyone else want to help
<johnsimpson> Isn't there text already from Mozilla/Stanford/EFF
tl: i would like to repropose the text that jonathan peter and i proposed
jeff: then i will withdraw my action
<npdoty> I think Chapell and I are going to find time in the next 24 hours
<npdoty> right, Chapell?
<johnsimpson> Can we please see recap the three options?
aleecia: next debugging
<npdoty> scribenick: Joanne
<npdoty> thanks to susanisrael for scribing!
Aleecia: looking for info on debugging. 184.108.40.206
<susanisrael> nick, shane, my pleasure. hope i captured it
Aleecia: text from Nick.
Nick: action 235
<npdoty> Operators MAY retain data related to a communication in a third-party context to use for identifying and repairing bugs in functionality. As described in the general requirements [reference to Minimization section], services MAY collect and retain data from DNT:1 users ONLY when reasonably necessary to identify and repair errors in functionality. Services SHOULD use graduated responses where feasible.
Nick: suggestions from last week's call to add non-normative text and normative text around that it is short term
<Chris_IAB> seriously, just to be clear, industry does not retain data "forever" (what's the point of this debate then?)
Aleecia: anything further to discuss or wait for Nick to add text. May want to discuss graduated response
<npdoty> Chris_IAB, I think the concern is about retaining data too long, rather than forever
<Chris_IAB> <efelten> To point out the obvious, not all companies belong to DAA (neither to the W3C)
<Chris_IAB> "too long" is vague... we are saying, as long as we need it to do our legitimate business, within our rules, and as GOOD actors
<Chris_IAB> good luck regulating bad actors-- they aren't here in Amsterdam
<efelten> Chris_IAB, point taken. Was responding to an assertion that nothing is needed here because "the industry" is following the DAA program.
<johnsimpson> Isn't most debugging by first party site?
Ifette: issue is if discver a
bug, you want to go back and look at log data to fix it. if
small percentage of users, then may need to log additional data
to track and fix bug
... minimal scope for fixing bug
<npdoty> I think we are debating a variety of business practices; behavioral targeting is a legitimate business practice that would be limited in part by DNT, for example
Allecia: we don't have minimazation for debugging and something useful to write up
<Chris_IAB> efelten, we do however have representatives from industry representing thousands of companies
<lmastria-DAA> efelten: re: DAA not all, but many many do and the number continues to grow each day...our umbrella covers thousands of companies in the space in the US and internationally
Adriaanb: purpose of text was that data minzation to capture data that was necessary
<rachel_n_thomas> efelten, you're correct that no group represents every single company...but the DAA - through the associations that form it - represents more than 5,000 companies. That includes all of the major players in every sector of the online advertising ecosystem. It's the most inclusive and representative group ever created in the industry, and the only one to successfully bring all of those companies on board wiht one self-regulatory standard. No small feat.
Aleecia: thanks for context
Shane: disagree with graduated response in reality
Shane: its that information we
can't predict what is going to break. there the graduated
response isnt helpful
... like to understand how how this works, esp for 3rd party
Aleecia: not all companies are the same
<Simon> "should whenever reasonably possibe"
<amyc> wouldn't the global principles on data minimization get us out of this box?
Shane: Roy has helped us
understand a should be interperted as a must
... isolate this as a May
<Chris_IAB> that's just not how debugging works
Aleecia: text as it stands,
Should use graduated response. then use debugging for non-DNT
users. can we collect less data upfront. not all cos aren't
going to do this the sames.
... we suggest not using the phrase "graduated response"
TL: concenr we collect data now becuase something might go wrong
<jeffwilson> not only are not all companies the same, debugging scenarios differ. each scenario is by nature 'graduated'.
Aleccia: do you have something to address that
TL: suggestion substantially different from graduated response
TL: may collect information necessary to resolve issue as long not used beyond that purpose
<jmayer> I would note that this is a new concession. The EFF/Mozilla/Stanford proposal does not allow collection of linkable data as a graduated response to debugging.
TL: security discussion around fraud and malicous behavior
<npdoty> tl is suggesting that "once you have identified a problem," rather than ongoing graduated response
not applicable here
<jmayer> The latest EFF/Mozilla/Stanford text is at http://jonathanmayer.github.com/dnt-compromise/compromise-proposal.html.
scribe: will write up sentence in IRC write now
<justin> If you're allowing for prophylactic collection for security, what is the privacy advantage of . . . what ifette is saying now.
ifette: without reopening wounds...data may collected another use may now be used for this purpose
<npdoty> ACTION: lowenthal to suggest an alternative to debugging graduated response ('once identified a problem') [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action18]
<trackbot> Created ACTION-278 - Suggest an alternative to debugging graduated response ('once identified a problem') [on Thomas Lowenthal - due 2012-10-10].
ifette: back to Shane's point, audio example
<jmayer> Justin, once you allow collection for *any* purpose, the privacy advantages of focusing on uses quickly diminish.
Aleecia wants Ian to write up something
Aleecia: explaniation around graduated use cases and how that may work
<justin> jmayer, I'm just trying to envision a scenario where data collection for debugging > data collection for security.
<npdoty> ACTION: fette to write an explanation of graduated response and a list of explanatory use cases [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action19]
<trackbot> Created ACTION-279 - Write an explanation of graduated response and a list of explanatory use cases [on Ian Fette - due 2012-10-10].
ifette: say something ends up with action
<Zakim> ifette, you wanted to give examples of additional information we may collect
lou: good practie inside a company but not sure if policy that needs to be pushed down. not sure worthy of full on conversation
Jmayer: ask for more info about debugging in general to learn more
<dwainberg> Is David saying that a best practice should be read as a MUST?
<npdoty> dsinger, would a "SHOULD where feasible" work for that?
Dsinger: agree with Lou and disagree with Shane a little. Collecting data for debugging is a best practice. Document what Ian described. Collecting data for bug you are aware of to fix it then get rid of it
Chris_IAB: lots of cos read that as a MUST
<tl> npdoty, my text: "After identifying an error that impairs existing intended functionality, it is acceptable to collect additional data which may be needed to identify the cause of the error and resolve it, so long as the resolution of that error is as prompt as possible, and that the data is used only for that purpose and deleted immediately afterwards."
<npdoty> action-278: "After identifying an error that impairs existing intended functionality, it is acceptable to collect additional data which may be needed to identify the cause of the error and resolve it, so long as the resolution of that error is as prompt as possible, and that the data is used only for that purpose and deleted immediately afterwards."
<trackbot> ACTION-278 Suggest an alternative to debugging graduated response ('once identified a problem') notes added
<jmayer> Is this the "good actors" argument again?
<dsinger> maybe we need an explicit note on this 'should' explaining why it's not a must?
Chris_IAB: what harm are we trying to prevent in putting further restrictions on debugging
<adrianba> agreed - don't think this is a SHOULD here - it's an english suggestion that it would be a good idea to only collect what is needed when it is needed
<tl> Thanks, npdoty!
<npdoty> action-278 pending review
<npdoty> action-278 pending-review
Aleecia: two possilbe wasy to address Should v May. 1. change the word Should. 2. provide example when graduated response does not make sense and add as non-normative text
Chris_IAB: doesn't agree with approach. should remove the word "shoud"
KevinS: agress with both sides. in enterprise world, graduated response is not fesible. wishes it was. however, cos are dealing with 1000's of bugs
<justin> If we don't use SHOULD, I'd prefer a non-normative example using graduated response instead of MAY which is irrelevant.
KevinS: can;t turn on off collection. not very practical
Aleecia: good direction.closing queue
<jmayer> Many third parties don't collect ID cookies from opted-out users. They do debugging just fine.
<jmayer> I'm aware of several third parties that presently use graduated response on debugging.
<JC> They probably use IP info
ShaneW: made it in the queue. 3rd parties wanting to be fast and reactive. collecting more data to determine root cause not realistic. moved beyond collection v use. graduated response is not real. strongly support moving to a "may"
<tl> And you don't think you can rely on non-DNT users?
<jmayer> JC, that would be OK under our proposal.
Aleecia: alternative - don't change collection styles, but change retention
<Chris_IAB> WileyS, one good example of such a company is Unicorn, Inc.
<npdoty> WileyS, when you say we've moved beyond "collection v. use", which way do you mean that we've moved past it?
<johnsimpson> Rob is breaking up
Rob: quick Q. talking about debugging in a general sense or in a prod dev sense
Aleecia: reading text
<tl> +q to say "bugs"
<adrianba> i don't think a MAY is appropriate - we're definitely not saying graduated response needs permission in the spec - perhaps this is a non-normative suggestion?
Rachel_N_Thomas: it should be "may". lawyers will interpert "should" as a "must"
<adrianba> (i also don't think SHOULD is appropriate)
Rachel_N_Thomas: request it be "may"
<Chris_IAB> Joanne, to clarify my audible comment, the 2nd point was that we have already agreed not to use the data for targeting, so I don't think this should be a debate any longer.
Aleecia: "should" is a strong statement and you are hearing it correctly
<schunter> ... defines the keywords SHOULD, MUST, ...
<Chris_IAB> I support Rachel's request to change "should" to "may"
Aleeica: action item to clean up text a bit
<dsinger> we can avoid 'should' by being clearer "the best and safest practice is to use graduated response; an un-graduated response has some risks..."
<dsinger> I do not think "may" has quite the right formal sense, either.
<Chris_IAB> dsinger, good suggestion to make this non-normative best practice
<justin> Yes, MAY is clearly wrong.
Aleecia: genuie differnce on graduated response. solid text on this proposal and we'll go from there
<justin> "best and safest practice is to use graduated response WHEN FEASIBLE"?
<Chris_IAB> should may be should? who's on first? :)
Aleecia: break 15 minutes early and hoepfully we can keep ahead
<npdoty> break early, back in half an hour.
<johnsimpson> are we back?
<johnsimpson> Cant't telephone in. says conference is "restricted"
<tedleung> scribenick tedleung
<amyc> Aleecia: next discussion is user agent compliance
<npdoty> scribenick: tedleung
<amyc> oops, sorry ted, I will scribe next
ok, that's fine
<johnsimpson> having trouble calling in. Says conference is "restricted" and won't let me in
<npdoty> make sure we have the universe of issues that we need to resolve
npdoty: amyc will scribe, not me
since i am already the nick
reviewing section 5 on UA compliance
<jmayer> dsinger and hober, how does Apple feel about a mandatory link in the browser UI?
taking WileyS;s point
<jmayer> *raises hand*
<johnsimpson> still locked out of call
browser folks object to link to explanatory text when DNT is enabled
<johnsimpson> did that and am holding for an operator....
ifette in chrome, when user checks the box, more info will be given in an additional dialog as opposed to a link to a document
ifette prefer less prescription, but agree with the spirit
<npdoty> s/ifette in/ifette: in/
<npdoty> s/ifette prefer/ifette: prefer/
<WileyS> The goal is a "pre-selection" option
<johnsimpson> still holding for an operator
dsinger don't want to stray into product / ui design. also unhappy with a MUST that says you have to explain how your product works to your users
<npdoty> s/dsinger don't/dsinger: don't/
<johnsimpson> looks like nobody plans to answer the telephone
<johnsimpson> still holding
aleecia are you changing the MUST to SHOULD, non-normative text, or deleting?
dsinger any of those
<jmayer> Proposal: SHOULD provide users with information about Do Not Track. Don't specify the form of that information.
<jmayer> Why does pre- or post-selection matter, Shane?
<jmayer> One click to deselect.
<johnsimpson> thanks, nick. should i hang up and call back? still getting message to hold for an operator
WileyS the goal here is to have pre-selection means of informing the user, not a post-selection means
<jmayer> We've talked about the "balance" argument before. Many in the group don't buy it.
WileyS goal was to bring balance between UA's and servers
aleecia I hear no disagreement with moving away from link
<npdoty> violent agreement that we don't need language specific to a link
<johnsimpson> Still no operator. Am hanging up and redialing...
<ifette> Shane, I think what you said was "Inform the user as part of enabling" was a good way to approach this
no one in the room in favor of link, so moving on
aleecia still have a question on MUST vs SHOULD
tl current test builds for Firefox have a tri-state build, but we don't think people should be forced to do this. We might find a better way, this language seems restrctive
tl very worried that this will be used to rule UA's non—compliant.
<johnsimpson> Nick, called back still holding for an operator to answer,
tl this is oriented towards mouse based GUI's. What about curl or UI less extension
<ksmith> Tom, is that the actual text? Has anyone ever checked the box "Tell sites I want to be tracked?"
<johnsimpson> Nick, any ideas?
aleecia: if we change the MUST to SHOULD, and then give examples of best practices, give an example with no UI, and give info about DNT at the point of download, could people live with that
<afowler> ksmith, the tri-state with explanatory link that Tom mentioned is still in our experimental builds and not in our full releases, yet.
<Chris_IAB> cURL? Seriously Tom, what's the installed based of cURL users surfing websites?
WileyS: concern is over making sure people understand DNT before turning it on
<Chris_IAB> cURL is the use case we hinging on?
tl: still concerned over ruling browsers non-compliant, and still feel that curl isn't covered
<dwainberg> Can we have an explicit exception for Curl?
tl: don't want a situation where browser vendor says "we're compliant" and site says "no, your not"
<johnsimpson> Nick, should I hang up or keep on "holding for an operator"
<jmayer> Shane, we're not renegotiating the working group charter.
<Chris_IAB> Shane: what's good for the goose should be good for the gander - agree
<justin_> There are no UX requirements on servers.
WileyS: we have all these rules for servers, but not allowed to have rules for UAs?
<johnsimpson> Nick, so hang up?
WileyS: we could work on the text so that curl could be covered
<Chris_IAB> jmayer, Shane is arguing within the working group charter, as he reads it
<dsinger> three suggestions (a) 'should
<jmayer> Chris, the working group charter explicitly excludes UI. You know that.
<Chris_IAB> jmayer, We are talking about requirements, not actual UI
tl: we can get around this by making a SHOULD suggestion that enough information is provided for a GUI Browser, a UI less extension, and, a program like curl. A combination of normative and non-normative text
<dsinger> three suggestions (a) 'should' (b) 'as well documented as other user choices and operations' and (c) a gentleman's agreement not to use this as a way to deem UAs non-compliant (as a compromise on the 'should')
WileyS: to update text
<npdoty> ACTION: wiley to draft updated text on UA requirements; explanatory text made more general; add 'prior to selecting DNT'; add examples; change MUST to SHOULD [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action20]
<trackbot> Created ACTION-280 - Draft updated text on UA requirements; explanatory text made more general; add 'prior to selecting DNT'; add examples; change MUST to SHOULD [on Shane Wiley - due 2012-10-10].
<jmayer> Chris, if mandating a particular format (link) for information in a particular place (before clicking the DNT button) isn't a UI requirement, I don't know what is.
<Chris_IAB> jmayer, general requirements don't = specifying UI
<justin_> Gentleman's agreement?
<WileyS> Jonathan, we already agreed to remove link
dwainberg: was going to propose review of charter statement on UI
<jmayer> I agree that, sans link, we're in scope.
aleecia: we are walking close to the line, but not crossing it
<Chris_IAB> jmayer, just because you don't understand how this fits, doesn't mean it's not a valid proposal for discussion (many here, including Shane and obviously the Chairs agree that this is something to talk about)
<johnsimpson> Nick, should I hand up or keep holding?
review of charter content around UI/UE
<ksmith> Shane - rather than "Prior to selecting" you might consider "Prior to enabling" or some such which would allow for Ian's suggested workflow in which turning on DNT is a 2 (or more) step process of selecting, and then accepting
<johnsimpson> I'll hang up now.
<WileyS> Kevin, I like that "prior to enabling"
<WileyS> Kevin, consider it borrowed/stolen :-)
jmayer: what about current implementation of help pages - is that enough for DNT?
<WileyS> Jonathan, do you feel comfortable if I make an opt-in choice work in the same way?
WileyS: does the current implementation of Firefox and IE satisfy the test
<johnsimpson> Nick, please let me know when to call back.
<johnsimpson> thanks for your help, I don't mean to sound impatent
<Chris_IAB> tl, what does the one sentence next to the DNT check-box mean?
<Chris_IAB> sorry, what does it say?
<jmayer> Then I strongly object.
<Chris_IAB> and mean?
<rvaneijk> @WIleyS: users have made an active and informed choice to allow or disallow DNT... ?
WileyS: it does not meet the text
<Chris_IAB> tl, what I meant to ask is, "what does that sentence next to the check-box say exactly"
aleecia: does anyone want to draft alternative text
<jmayer> I can draft alternative text.
<johnsimpson> vinay, are you sharing on screen?
mikez: DAA will supply alternative text
<johnsimpson> vinay, thanks got it.
<vinay> johnsimpson - sorry. didn't see your request for access. You should see her screen now
<tl> Chris_IAB: The release implementation right now has a checkbox and the phrase "Tell websites I do not want to be tracked."
<johnsimpson> can I dial back in now?
<jmayer> ...so now everyone's off the call...
<Chris_IAB> tl, thanks-- what does "Tell websites I do not want to be tracked" mean? Websites = ALL websites, including first party?
<Joanne> *Nick is working in the phone issue
<johnsimpson> let us know when to call back in
Chapell: asking drafters to supply more meat around the framework in addition to the details
<tl> Chris_IAB: If the box is checked, a "DNT:1" header is sent with every HTTP request.
<npdoty> okay phone folks, please dial back in, and use code 26631
<npdoty> sorry for the drop
<Chris_IAB> tl, can you please answer my actual question?
<susanisrael> to those who were on the phone, nick is working on getting you all back on
<tl> Chris_IAB: I'm not sure I understand your question?
<Chris_IAB> tl, I get what happens
<tl> Chris_IAB: What confuses you?
<Zakim> dsinger, you wanted to point out that not every UA is a browser
dsinger: not every UA is a browser: RSS feed readers, Mail UA's, etc
<Chris_IAB> what I want to know, is what does Mozilla (and presumably it's users) mean by "websites" in this sentence you are using to turn on the sending of DNT:1. It's a simple question Tom.
mikez: can't live with suggested proposal to change MUST to SHOULD
<johnsimpson> do we use a different code?
<justin_> mikez, you just argued that SHOULD was effectively the same as MUST for graduated response :)
<jmayer> Mike Zaneis, there was nothing clear about that White House "agreement." One of your own member companies thought it allows a silent default.
<tl> Chris_IAB: The recipient of any HTTP request from the browser.
<tl> Chris_IAB: When you check the box, Firefox tells everyone that you don't want to be tracked by sending them a signal in the form of a DNT header.
lmastria-DAA: forthcoming language on mobile; DAA representing many in ecosystem, browser vendors will be gaining responsibility
<mikez> justin, no, I argued that browsers should have an affirmative, non subjective obligation
dsinger: if we have rules about what browsers must present to users, then we will have to contemplate rules about what sites must present to users. at the moment we are silent. on bot h sides. it's a balance argument
<trackbot> ISSUE-150 -- DNT conflicts from multiple user agents -- raised
<Chris_IAB> tl, so ALL websites then? Since ALL websites would receive the HTTP request... So by checking your box, the user is asking that ALL WEBSITES (including first party sites) not "track" them. Ok, that's clear now, thanks. Ad industry has HUGE issue with this.
<WileyS> David Singer - UAs have zero business impactful implications from DNT - having a single requirement for user disclosure prior to selecting DNT IS BALANCE.
<mikez> jmayer, read this and then get back to me about whether our position on defaults are unclear - https://www.documentcloud.org/documents/445384-daa-commitment.html
<jmayer> mikez, take it up with Microsoft.
going to close 150 with: up to the browsers to resolve DNT conflicts beween multiple plugins
<dsinger> it's non-compliant to send multiple headers, and it is non-compliant to send a header that does not reflect the user's intent. do we need to say more?
schunter: can browser plugins set headers?
<johnsimpson> thanks for all your help, Nick
<lmastria-DAA> to dsinger: DAA has specific rules on what "sites" have to tell users and how that is accomplished
ifette: depends on which browser. flash for example does not use the browser's network stack in some browsers. In some browsers extensions can add headers, multiple extensions can set multiple headers
<npdoty> do I need to create action items for mikez and jmayer for proposals on UA requirements?
<Zakim> ifette, you wanted to answer matthias' questions and to
ifette: hard to enforce "there must be only 1 DNT header"
<Chris_IAB> ALL, if you read up, tl points out that Mozilla's UI of asking websites not to track the user, applies to ALL websites (if I read it right). That seems to be why we are having the UI discussion here.
<Joanne> Can an out of band request to confirm the user preference help in the case of multiple DNT header request?
dsinger: HTTP only allows on instance of a given header. Therefore it's up to the browser to ensure a single header
<Chris_IAB> can we please define "user intent"?
<npdoty> I believe it's already invalid, at the HTTP level, per discussion with fielding
tl: 2 dnt headers in a single request is an invalid HTTP request
<dsinger> from HTTP: "Multiple message-header fields with the same field-name MAY be present in a message if and only if the entire field-value for that header field is defined as a comma-separated list [i.e., #(values)]. " this is not the case for the DNT header
<WileyS> If multiple DNT signals come in the same header, DNT:0 wins.
disagreement over HTTP compliance of multiple DNT headers.
<WileyS> Similar outcome in MSFT's TPL white/black list conflict resolution (I'm in no way supporting TPLs - they are still horrible)
aleecia: propose "UA may only send 1 DNT signal", "A transaction with 2 DNT headers is invalid and is equivalent to DNT unset"
<npdoty> lmastria-DAA, can you take on the action item with Mike Z.?
<jmayer> Sounds very reasonable to me.
<jmayer> Language in the TPE about invalid syntax, that is.
dsinger: whoever added the 2nd DNT header is non complient
tl: let's not rule pieces compliant, lets just say the request is invalid
<jmayer> I was totally onboard... until the multiple headers component.
<jmayer> If you get multiple "DNT: 1"s, that should be "DNT: 1"
<justin_> DNT: muffins = DNT unset
<jmayer> Example: both browser and extension blindly add "DNT: 1"
<dsinger> ACTION: dsinger to add to the TPE that at most one DNT header is permitted in any HTTP request [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action21]
<trackbot> Sorry, couldn't find dsinger. You can review and register nicknames at <http://www.w3.org/2011/tracking-protection/track/users>.
result of this discussion to go into TPE
<WileyS> DNT:1, DNT:0, DNT:1 = DNT:<null>
<npdoty> ACTION: singer to add to the TPE that at most one DNT header is permitted in any HTTP request (issue-150) [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action22]
<trackbot> Created ACTION-282 - Add to the TPE that at most one DNT header is permitted in any HTTP request (issue-150) [on David Singer - due 2012-10-10].
<tl> WileyS: well, not DNT:<null>, just not DNT header.
<johnsimpson> Sounds good
<jmayer> I would like to volunteer to draft alternative text.
<npdoty> aleecia: if we're fine with that text, then we'll close issue-150
<WileyS> tl, fair
<jmayer> We do not have agreement on duplicate headers for ISSUE-150.
<npdoty> action-282: if this text goes through, we can close issue-150
<trackbot> ACTION-282 Add to the TPE that at most one DNT header is permitted in any HTTP request (issue-150) notes added
<trackbot> ISSUE-153 -- What are the implications on software that changes requests but does not necessarily initiate them? -- raised
<schunter> The statement that aleecia made is different: She concluded: If you have multiple DNT headers (no matter what they contain), the http request is invalid (and a 505 error will be returned9.
<justin_> jmayer, David already volunteered, do you want to write an alternative?
<npdoty> my proposal with dave singer: http://lists.w3.org/Archives/Public/public-tracking/2012Aug/0001.html
<WileyS> Matthias, that's not what we all just agreed to
<trackbot> ISSUE-153 -- What are the implications on software that changes requests but does not necessarily initiate them? -- raised
<tl> I think Aleecia just mis-stated it.
<npdoty> ACTION: mayer to draft an alternative for multiple DNT headers (issue-150) [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action23]
<trackbot> Created ACTION-283 - Draft an alternative for multiple DNT headers (issue-150) [on Jonathan Mayer - due 2012-10-10].
<npdoty> I don't believe there is any such encompassing piece of software.
dwainberg: i submitted some text around this to ensure that user choice is reflected
<dwainberg> "A UA that allows or enables other software to alter the DNT setting MUST ensure that such alteration reflects the user's intent."
aleecia: we are looking at going beyond a UA. A UA or anything else that sets DNT
objections from the room
jeffwilson: referring to multiple DNT header situation, is that true in relation to the JS API?
dsinger: that can't happen
<WileyS> Issue - 143: requires naming the setter of the DNT signal
<npdoty> what are the objections in the room to moving towards requirements beyond the user agent?
<trackbot> ISSUE-116 -- How can we build a JS DOM property which doesn't allow inline JS to receive mixed signals? -- pending review
<dsinger> the objection is that whatever is behind the HTTP end-point is opaque and out of scope, and it's a waste of time to discuss it.
tl: the API's that we currently have defined do not have a consistency problem. We haven't figured out how to build the API in issue-116.
<npdoty> issue-116 is pending review because I think we actually do have it resolved, and we include language noting that a JS API signal won't guarantee a future value of a DNT header, which governs
aleecia: AVG was the driver for issue 153
dsinger: that's a poorly engineered UA
<ksmith> Tom - I think the question I heard from Jeff (correct me if I am wrong Jeff) - if there are multiple headers (say both a DNT:1 and DNT:0), thereby making the DNT request invalid, will the JS API also get an invalid response, or will it get a 1 or 0?
<jmayer> Chris, please stop interrupting. It's very difficult to follow.
<jeffwilson> ksmith, overall question about getting status of conflicting preferences, regardless of the source
<jeffwilson> in all such cases, should be treated as dnt not set
Chris_IAB: do we have a common definition of user expectation?
<jmayer> Chris, this is totally off-topic.
<trackbot> ISSUE-153 -- What are the implications on software that changes requests but does not necessarily initiate them? -- raised
<jmayer> Chris, please stop fighting with the chair.
<trackbot> ISSUE-143 -- Activating a Tracking Preference must require explicit, informed consent from a user -- raised
WileyS: issue-143 is related. It is difficult for one UA to know what another UA is doing
<amyc> ted, let me know when you want me to take over
<justin_> scribenick: amyc
<tedleung> let me finish this part out
<justin_> scribenick: tedleung
<dsinger> to WileyS: the user-agent header tells you what the user-agent is.
discussions about whether issue-143 should come over from TPE
<Chris_IAB> dsinger, you asserted the notion of "user expectation" in your argument. I asked if there was a definition for "user expectation" (since it's so commonly used here, but in many different contexts, and can be confusing)
<WileyS> dsinger, not true, installed software can overwrite UA settings and make it appear as if its still coming from the UA. For example, AVG. :-)
<Chris_IAB> since I was cut off by the chair, can someone here please point me to the definition or tell me that there is not one?
<dsinger> to WileyS: But your complaint is then to the user-agent that allowed that to happen. THAT is what terminated the HTTP transaction.
<Chris_IAB> to be clear, is there a definition of "user expectation"?
tl: Browser vendors cannot vet their add-on's. All addon's should convey user intent - different addon's ascertain intent via different mechanisms.
<vincent> Chris_IAB, I remember at least one paper mentioned about user expection of DNT mention during princeton workshop and then some recall during santa clara meeting
<lmastria-DAA> follow up to Chris_IAB: this discussion was suspended without all of the stakeholders in the q were heard
<adrianba> WileyS, we're only allowed to use APIs in IE to store settings in Windows that any other software is allowed to use - we can't prevent other people calling them
<Chris_IAB> vincent, can you please point to the definition in this doc?
tl: i have no objection to clarifying
<Chris_IAB> vincent, that's what I'm looking for-- a definition in of "user expectation" in this document
<efelten> The record shows who was allowed to speak in that session, and who spoke how often.
<rigop> I think that defining "user expectation" is boiling the ocean
<Chris_IAB> efelton, the record does not reflect that the chair cut me off before I was done making my point, because she didn't understand the point I was trying to make, and decided it was off topic
<vincent> agree with rigo, defintion would not be stable at all and varies for each user
<rachel_n_thomas> efelten, the record shows that chris and i were both in the queue and were cut off without being given the opportunity to speak to the issue raised at the time we entered the queue. TPWG is not following its own processes, let alone those of W3C's process document.
<Chris_IAB> rigop and vincent, then we should remove it from the documents -- if we can't define something, it shouldn't be in the document (context is everything)
<amyc> that argues against using user expectation in docs, or in justifications
<rachel_n_thomas> removing myself from the queue, i want to know that there seems little point in trying to closely follow the W3C / TPWG processes if the chairs do not comport with them in their management of the meeting.
<rigop> Chris_IAB: it says currently: "We do not specify how tracking preference choices are offered" so this is the verbose claim of not defining anything
<rvaneijk> @rachel: you can paste what you want to say in IRC or post it to the mailing list. Anything decided in the meetings here will need to go through the mailinglist anyways.
BrendanIAB: browser plugins are like a new/2nd class of intermediary, should we be viewing this through the lens of intermediary compliance?
<Chris_IAB> rigop and vincent- if we can't agree to talk "apples and apples" in this forum, especially with all the language barriers, then it's work product will be clouded. What's wrong with nailing down definitions of terms commonly used in the documents and in discussions/debates/arguments?
<rachel_n_thomas> if we are allowed to entere the queue, we should be allowed to speak.
<rigop> Aleecia: Intermediary compliance is a good topic for the mailing list <= me agrees
<dsinger> from HTTP 1.1 "user agent
<dsinger> The client which initiates a request. These are often browsers, editors, spiders (web-traversing robots), or other end user tools."
<BrendanIAB> dsinger - what is the scope of "these requirements"?
<dsinger> notes that that does NOT include plug-ins
<justin_> I think existing text already does that, but fine adding this too.
npdoty: submitted language around software that modifies the DNT header needing to preserve the user intent
<jmayer> I would like to suggest best practice language.
<rachel_n_thomas> Rehashing an earlier conversation from Chris_IAB and tl in order then respond to it in IRC... [15:48] <Chris_IAB> tl, thanks-- what does "Tell websites I do not want to be tracked" mean? Websites = ALL websites, including first party? [15:49] <tl> Chris_IAB: If the box is checked, a "DNT:1" header is sent with every HTTP request. [15:51] <Chris_IAB> what I want to know, is what does Mozilla (and presumably it's users) mean by "websites" in this sentence
<jmayer> If software affects the DNT setting for other software, it is a best practice to clearly explain that to the user.
<dsinger> to BrendanIAB: the requirements are on all HTTP request headers. They must contain at most one DNT header which must reflect the user's intent.
<Chris_IAB> so rigop, in response to your "We do not specify how tracking preference choices are offered", a valid user agent could say "I don't like pink unicorns" and the agent can send DNT:1? Is that acceptable to you?
ifette: propose not allowing other software to modify the header
<jmayer> *hand up*
<rigop> Chris_IAB: sure, have you seen the opera bork browser? It is valid
dsinger: propose the null proposal
<dsinger> to ifette: but that again is a rule for the user-agent author to write. don't modify existing headers
<rachel_n_thomas> [15:55] <Chris_IAB> tl, so ALL websites then? Since ALL websites would receive the HTTP request... So by checking your box, the user is asking that ALL WEBSITES (including first party sites) not "track" them. Ok, that's clear now, thanks. Ad industry has HUGE issue with this.
<johnsimpson> +1 David Singer
<rigop> Chris_IAB: normal language can also be used to tell nonsense
jmayer: see my IRC proposal
<npdoty> ACTION: fette to propose barring other software from altering a DNT signal if the browser already set it [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action24]
<trackbot> Created ACTION-284 - Propose barring other software from altering a DNT signal if the browser already set it [on Ian Fette - due 2012-10-10].
<rachel_n_thomas> Want to reiterate that this is a huge issue for the entire ad industry. I cannot object more strenuously to tl's understanding that ALL websites would be required not to track (including first party) when box is checked.
amyc: over to you
<scribe> scribenick: amyc
<npdoty> ACTION: mayer to propose non-normative text to add on to action-231 (with nick) [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action25]
<trackbot> Created ACTION-285 - Propose non-normative text to add on to action-231 (with nick) [on Jonathan Mayer - due 2012-10-10].
Aleecia: quite a thread on
... have two world views on unlinkable
<npdoty> jeffwilson, dwainberg, Chapell, Marc -- if you have more comments on 153 but not new action items, maybe you can follow up with us over coffee or dinner?
Aleecia: as a group, haven't talked about Shane's proposal; EFF proposal was reviewed in DC
<npdoty> scribenick: amyc
Shane: end goal is that resulting data (not raw form) then take unique identifiers like cookies and IP addresses
<dsinger> to Rachel: we should chat about why the DNT header is sent to everyone, even though what it means varies depending on whether you are first or third party
Shane: undergo one way hash, so that resulting info cannot be linked back to original production idenfiers
Shane: notes that there are
technical discussions about hashing, but end goal is that info
cannot be used directly to link back to production system
... not meant to say that can't be associated to real world user or browser, wouldn't affect
... 32 byte idenfiier, one way hash, could rotate
<ifette> when you say "not tied to a production system" i assume what you mean is being able to link back to a given user or computer?
Shane: result may be longer or shorter in byte length, but would not link back to original idenfier
Aleecia: two options in text
3.6.1 and 3.6.2
... goes to queue, but need to end at 545
... please keep civil
jmayer: what exactly does
unlinkability mean? what should not be linked after hash?
... user ID from data, or ability to connect various actions
<Chris_IAB> rigop, are you serious that if the UI of a DNT UA says "I don't like pink unicorns", you would consider this a valid UI for the W3C? I want to ensure I got this right...
jmayer: which would be unlinking
with respect to browser, but questions whether one way hash
would make more difficult to connect to original source of
... but would retain linkability across events or sessions
... seems like tension between one way hashes OK, but saying that OK to connect across sessions
Shane: connection back to device
or browser, looking at maintaining longitudinal
... major goal is delinking from production sets
<jmayer> Can I follow up on that with another technical clarifying question?
Shane: so could not affect user
in real world, but could be used to maintain value of
... differences between option one and option two, difference in granularity, but maintain value of data while addressing harms
Aleecia: how does this fit into
document, this is data that is outside of DNT, anyone can use
without worrying about permitted use
... not replacement for actually reading doc
<npdoty> while there may be several differences between Option 1 and Option 2, the key question seems to be whether the data can't be re-linked, or isn't linkable back to the production identifier?
<Chris_IAB> rigop, just want to make sure you don't miss my question (above): are you serious that if the UI of a DNT UA says "I don't like pink unicorns", you would consider this a valid UI for the W3C? I want to ensure I got this right...
dtauerbach: two separate definitions, what Shane is describing requires prior state, this is more like hashed data, need common sense definition
Aleecia: option one should be named something else?
efelten: linkability back to original identifier vs to user or device, need to understand distinction
<schunter> Chris: My take is that the preference collected via the "pink unicorn" UI (if used alone) would not satisfy the requirement that the resulting DNT values are reflecting the (unbiased) user preference.
<johnsimpson> Shane, why wouldn't the 'should' in the last sentence be a 'MUST'
<schunter> note: "Chris" meant "response to chris" not anything chris said.
Shane: one is unlinkable to production systems, so that even if using unique cookie, when you hash then info could not be associated with that user in real world
<npdoty> s/Chris: My/Chris, My/
<jmayer> Shane: is this a technical claim you're making?
Shane: but could be used longitudinally across data set, identifiers simply don't relate back to real world
<npdoty> s/Shane: is/Shane, is/
<jmayer> Because one-way hashing does not provide the technical properties you described.
<WileyS> Jonathan, I'm not sure I understand your question
<dsinger> …wonders if what we want is data that is detached from any specific user, user-agent, or device. maybe we are using the wrong term of art?
tl: thinks that all of the privacy folks are thinking about academic definition of unlinkable
<Zakim> ifette, you wanted to ask clarifying question to shane
<jmayer> Are you claiming that one-way hashing prevents associating production data with hashed data?
<npdoty> tl, so is your concern just with the name "unlinkable"?
ifette: even in academic community it is difficult to determine or define whether data set is re identifiable
<Marc> Question for clarification for Dan. Was Dan proposing that neither options are appropriate or that 3.6.1 is the right option? I simply didn't follow.
ifette: this is unsolved problem, so best thing that we can do is de-identify to do one way hash, not a strict guarantee that there is no technical way to re-associate
Aleecia: dumping cookies is not
part of what Shane is associated
... where dumping is equivalent of deletion
<WileyS> Jonathan, if you look at the larger definition there is a further restriction to NOT attempt to link unlinked data with linkable data. There will always be ways to break encryption given the appropriate tools and access. If I give you a list of data records (breach/gov't request) that has been "unlinked" you, with only that data, be able to re-identify that data.
<efelten> It would be useful to have some non-normative text giving examples that we can agree are still linkable, and some that are definitely unsinkable.
<Chris_IAB> npdoty, point of clarification please: how do we (DAA and DMA) open an action item?
<WileyS> would not be able
<Chris_IAB> npdoty, a new action item?
rvaneijk: if goal is to de-anonymize so that law does not apply, will be difficult case for NL and EU, Second proposal addresses technical and organizational measures
<npdoty> ifette, the definitions suggest certain levels of confidence or use of legal means to prevent re-identifiability; but it seems like Shane's intent is not to prevent re-identifiability
<WileyS> ed, "unsinkable" - LOL
<ifette> npdoty, that's a fair assessment
<johnsimpson> Shane, did you see my question about "should" vs "must"?
rvaneijk: may still be considered personal data, also concerned about safeguards for further uses
<ifette> npdoty, i think all we can do is say "de-identify the data you have collected" e.g. one-way salted hash of cookies, not "guarantee the data could not be reidentified in any manner"
<WileyS> John, I didn't - speaking so unable to watch IRC at the same time - what is your question?
<susanisrael> i understood shane to be discussing preventing the likelihood but not the absolute possibility of de-identification.
rvaneijk: if go with option one, still need to comply with laws. but in option two, then that would not be personal info
<johnsimpson> Why not a "Must" in item 3 instead os "should"?
<efelten> Ian, I think that's what the "reasonable" in some definitions is trying to address
<WileyS> Susan - spot on
<npdoty> Chris_IAB, we can open action items for any DAA or DMA folks that are listed as participants in the group (currently Luigi, Rachel, respectively)
Aleecia: what would work in EU?
<npdoty> Chris_IAB, which we can do from IRC or from https://www.w3.org/2011/tracking-protection/track/actions/new
<susanisrael> if there is no solution, how can we meet the standard?
<Chris_IAB> npdogy and rachel_n_thomas, thank you Nick.
<npdoty> Chris_IAB, I suggested that we open an action on Luigi for something that Mike Z volunteered to do
rvaneijk: not really a solved problem in academia, process of anonymization still tricky, concerned about "reasonable" not being prescriptive, doesn't have solution
<johnsimpson> Shane, Why not a "Must" in item 3 instead of "should"?
lmastria: tend to look at one
issue at a time, would fall under many different regimes
... additional legal protections
... thinks that one way hash is a solution, but don't think that would work for everyone
<rvaneijk> option 1: data protection law applies, also for permitted uses: ie companies still need a legal ground. option 2: if done correctly, we are not dealing with (in)direct identifyable data anymore.
lmastria: plenty of industries
where much more senstive data is de-identified and kept for
long periods of time (medical, education)
... no harms come out of those, don't discount, simply because of fear of unknown, needs to be practical solvable solution
... DAA has specific text on de-identified data, could draft up and send along
... companies working on indirect identification, would boil the ocean
<WileyS> John, SHOULD due to the level of detail required to find the balance between not giving too many details to help bad guys figure out what you're doing and enough information for you and others to understand our approach generally.
Aleecia: not talking about security, separate issue
vincent: hashing cookies and IP addresses, what about info in referral, personal info in referrer
<npdoty> ACTION: luigi to propose DAA text regarding de-identification (for unlinkability discussion) [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action26]
<trackbot> Created ACTION-286 - Propose DAA text regarding de-identification (for unlinkability discussion) [on Luigi Mastria - due 2012-10-10].
shane: at yahoo look at suspected
PII in headers, and transforms, websites shouldn't be sending
PII in referrers
... best efforts should be made
Aleecia: can text reflect that?
Shane: previously drafted non normative text
<WileyS> John, remember SHOULD in this case means you should do it unless you have a good reason not to
<npdoty> ACTION: west to update unlinkable with non-normative text from Shane [recorded in http://www.w3.org/2012/10/03-dnt-minutes.html#action27]
<trackbot> Created ACTION-288 - Update unlinkable with non-normative text from Shane [on Heather West - due 2012-10-10].
<johnsimpson> Shane, seems to me ought to be a MUST on transparency, because you have the qualifier "to the extent it will not provide confidential details...
jmayer: first, with response to technical claim that one way hash would mean unusable in production systems, not accurate
<ifette> that would be why you drop the key
jmayer: as long as still have
key, just one operation to reassociate
... could have dictionary list of hash matches
<ifette> what jonathan is describing is not at all what shane/others are describing
<justin_> ifette, you can't drop the key if you're doing longitudinal research
jmayer: second, likes DAA language
<justin_> ifette, right?
jmayer: prefers FTC language
<ifette> justin, that would depend on the timeperiod
<ifette> e.g. are you hashing with a salt you drop after 1 day, or do you do this on a 90-day or N-day period
<justin_> ifette, sure, but WileyS's language doesn't seem to envision a time limitation
lmastria: if not going down harms road, let's not go down path of speculating
<jmayer> I didn't understand that last comment.
aleecia: not as chair, other than
data breach, is there a big difference practically between
... just hard, as opposed to k-anon option
... may be cross-linked data, but a problem in both options
<jmayer> The second part of my comment: I don't understand how Shane's proposal aligns with the DAA text. It seems like a much more rigorous requirement than what Shane's proposed.
Shane: primary difference is that option 2 forces much stronger anon end state
<ifette> not 1024 buckets
<ifette> 100M / 1024
Shane: but it limits usefulness of data
<tl> +q to say that there's a big difference in secondary use risks which aren't leaks
Shane: correct that you could
look back after hashing, but spec says that you can't do
... focus on one is breaking conneciton with prod data, the focus on two is significant less value
<jmayer> Data breach is far from the only concern.
<jmayer> Access or use by anyone.
Aleecia: if change keys, then also losing value?
<jmayer> I imagine government access, for example, weighs on the mind of some.
Shane: yes, matters when you hash, when you rotate hash, each time boundary will impact how you use info and value going forward
<JC> The govt can get the data anyway
Aleecia: does anyone disagree with Shane's description?
ifette: how different are these to implement, or risk to user?
<vincent> I beleive using public comments that are posted on webstie, it is is enough to deanonymize the browsing history of someone
ifette: not much difference in risk to user
<jmayer> I disagree.
Aleecia: so other than breach, no difference to users?
tl: many types of data sharing
and disclosure, outside of breach
... for example, company is acquired or sharing info with affiliates
... really, this is transofrming data, as opposed to k-anon
<WileyS> Vincent, fair - how often has that occurred in the real-world with 3rd party ad serving data?
dtauerbach: need to have a real
standard, rather than some sort of hash
... option two makes more sense
Aleecia: can we adjust to make more acceptable, need to have complete understanding
<Zakim> tl, you wanted to say that there's a big difference in secondary use risks which aren't leaks
Aleecia: may be ways to address breach and other concerns with option one
kj: concerned about going into
technical implementatin, technology will change quickly
... DPR has proportionality and balance of interest, we should take that into account
... supports research, while being careful about security and linkability
<rvaneijk> the text Kathy is putting forward applies to SCIENTIFIC RESEARCH, not commercially data use
<vincent> WileyS, as far as I am aware of, there has not been any concrete example, but someone inside the ad-network could easily do it... and I would still not be aware of it
Aleecia: we should try to avoid specific text, focus on outcomes
<npdoty> scribenick: npdoty
<eberkower> Kathy IS talking about research - "market research"
amyc: echo Shane and Kathy in
proportionality and value of the data
... for a voluntary standard that is not required to implement, please implement this (even though your competitors might not), want to entice as many as possible to implement
amyc: language in there about protecting intellectual property
<dtauerbach> let's get into the nitty gritty of how the data is valuable
amyc: value of the data in improvement of research
<amyc> thanks Nick
<jmayer> The "we want broad implementation" argument has very limited force. Taken to the limit, we would just declare Do Not Track a nullity. There are countervailing considerations, of course.
<scribe> scribenick: amyc
Aleecia: anything else?
efelten: lauren gelman may propose language?
<dtauerbach> is the data valuable because you want to retroactively bucket the data?
aleecia: not a member or IE
<dtauerbach> or do you want to use it in a non-bucketed way?
efelten: thread went a lot of
places, but didn't answer my questions
... perhaps shane and I should chat
Shane: thought I had answered, happy to follow up
Aleecia: suggests doing this in real time
jmayer: wanted to get more information about what the business uses for this info are
jmayer: what are business
... and do they overlap with other permitted uses
<Chapell> Jmayer - to the extent that industry shares more about uses of this data, would you be willing to share you insights re: the harms you are trying to prevent?
Shane: simplest form of reporting, product improvement, review through lens of being able to run reports
<dtauerbach> "able to run reports" -> bucketed data
<dtauerbach> so 1024-unlinkable
<jmayer> Chapell, sure, take a look at my paper "Third-Party Web Tracking: Policy and Technology."
<dtauerbach> should be no problem
Shane: can't specify all, so really want to make sure that busienss can understand its operations better
<dtauerbach> do you need raw data ever?
<dtauerbach> for what?
<Chapell> does every example in that paper address issues that are in the scope of DNT?
Shane: want to remove from production use
<jmayer> Chapell, I believe so. Read it and get back to me.
<Chapell> Will do
Aleecia: what if option two is DAA, and option one is data transformation, with retention period and new permitted uses
Aleecia: who hates it
<npdoty> dtauerbach, I think it depends on exactly what kind of reporting you would want to do -- some of it might require longitudinal linkable data
Aleecia: Rob, Jeff and Shane don't seem to like, unlikely to get traction
<dtauerbach> you can link data into buckets
<dtauerbach> npdoty, can you give a concrete example?
susanisrael: the kind of standard that Shane suggests, may not need to be same level of debate about permitted uses, if agreement that level of protection is adequate
<dtauerbach> it can be hypothetical
<Chapell> Jmayer: thanks, but found it.... to be clear, are you referring to section THIRD-PARTY WEB TRACKING POLICY III. PRIVACY PROBLEMS?
Aleecia: can we get economic value of data, while not providing get out of jail free card
<jmayer> Chapell, sounds right.
<dtauerbach> amyc, i would love an example of the economic value
Rigo: two suggestions, this is pseudonymity discussion that Ruud raises
<jmayer> Chapell, presently multitasking. Always glad to chat about my academic research offline.
Rigo: warning againt fog (in)
... we need to think about data breach
... with option one, concerned about sharing with others
<Chapell> Jmayer: Ok thanks. would love to discuss at some point.
<Chapell> .... "Each particular scenario may have a low probability of occurring. But the chance of some scenarios occurring is substantial, especially when considered over time and across many companies."
Rigo: maybe with publsihing, would look at k-anon for external use
Shane: maybe sharing outside of service provider would require additional anon, as opposed to external sharing
Aleecia: could be direction to consider, where we have option one for internal use plus service provider
<Chapell> ...."Third, an action that harms the consumer. The action could be, for example, publication, a less favorable offer, denial of a benefit, or termination of employment. Last, a particular harm that is inflicted. The harm might be physical, psychological, or economic."
Aleecia: then option two for external
Simon: staring at two options,
not that far apart
... commercially reasonably but not less than 1024
<Chapell> .... I would like to discuss how these issues are being addressed by the W3C DNT effort AND why they are not addressed by the current industry standards.
<Chapell> ..... JMayer: I welcome the discussion. Thanks.
Aleecia: Shane would reject
Shane: reduce viable buckets of
data to very small number
... by using by k-anon 1024 bar
... and reduces value of data
Aleecia: for some companies, may be case by case as to value
dtauerbach: give me example of report, unless the report is by request
Shane: thousands of employees,
billions of records daily, unrealistic
... would never be able to look back
Aleecia: k-anon would require that you never have a bucket of fewer than 1024
Shane: can't build tables on fly, doesn;t make sense in real business
<jmayer> You don't have to predetermine reports. You can build an unlinkable dataset, then use that to generate reports.
<rachel_n_thomas> none of this is in the queue...
lmastria: number of assumptions
... no one gives data to man on street, many professionals and contracts and security
... can't pretend that we can preconceive buckets of data
... don't want to prevent innovation
<jchester2> Lou. I have to disagree. Online ad industry in US--despite having privacy employees-are continually expanding their data collection practices. Innovation is about more data mining and invading privacy of users. We have not seen much on promoting innovation to protect privacy in an online ad context.
Rigo: put into one bucket for internal use data
dtauerbach: don't need to
detemine in advance
... can come up with tables on fly, add to pipeline
... still with k-anon
rachel: wants to point out that DAA sent letter to W3C
<jmayer> Why is Rachel talking about the DAA letter to the W3C leadership? We're talking about technical issues related to data linkability.
rachel: wants to post letter,
this is not appropriate process or means to move forward
... should not try to refine industry practice where there is already a consensus
<jmayer> "The working group shouldn't try to refine industry practice where there isn't already widespread consensus..."
rachel: out of scope of w3c
mission of developing web techology
... looks like w3c thinking about more policy issues, let's focus on technology rather than policy
Aleecia: will take process discussion offline
<rachel_n_thomas> DAA letter to W3C https://www.aboutads.info/blog/press-release-daa-issues-open-letter-w3c-actions-working-group-threaten-ad-supported-internet
tl: don't need to know in advance
what you are doing
... just need to collect it correctly, then reports wouldn't go back to data
<jchester2> The DAA/IAB admitted last week in DC that they did not test itse self-regulatory system using the icon. They did not test, for example, how its system interacts with the optimized system designed to process users to conversion, inc. data collection. I ask again for the IAB/US and DAA to submit to this list any research any any outside independent research they used to establish its so-called privacy system.
<jmayer> Shane fifteen minutes ago: this can't be done. Shane now: OK, it can be done. But it's hard.
Shane: not disputing
philosphically that this can be done, Google is large company,
but speaking from own experience buidling data tables on the
fly is incredibly expensive, current software packeage don't
... so likely no one would implement
<susanisrael> jeff I was at the meeting you are describing and i did not hear the dialogue quite that way.
<lmastria-DAA> ditto shane
<rachel_n_thomas> jchester2 DAA admitted no such thing with regarding to testing the icon. An unrelated party made that assertion, when in reality TRUSTe did significant testing on the icon with extremely positive findings.
<lmastria-DAA> ditto dwainberg
dwainberg: dpn't want to adopt standard that disadvantages small companies
npdoty: w3c process questions, happy to follow up
Aleecia: will submit DAA text, see whether everyone can live with this
<rachel_n_thomas> from DAA letter: • DAA expressed strong opposition to the current posturing of the W3C’s effort to establish a “do-not-track” standard.
Aleecia: Shane making some modifications
<jchester2> IAB could not say any research was done. It referred to World Privacy Forum, which its researcher said wasn't a study. Provide the Evidon research and its design, and the outside review it undertook.
<rachel_n_thomas> • This agenda states, “We will now accept that many issues cannot be resolved in a way that does not raise any objections.”1 o TPWG states that the goal of this meeting is to come to a decision on a standard through the following non-consensus process: “we will put more focus on creating viable alternative texts as input for our decision procedure where the chairs call for objections and then analyze the resulting input to come to a conclusion th
<rachel_n_thomas> • This is not an appropriate process or means for moving forward on decisions that could affect the future of an entire online ecosystem. o A non-consensus decision by the TPWG, an organization of unelected individuals who do not represent the interests of all stakeholders, should not be substituted for the consensus judgment of the participants given the impact such a decision could have on consumers, commerce, national and global economies, jobs, an
<efelten> s/will submit/Lou will submit/
<rachel_n_thomas> • The TPWG should not try to redefine established industry practice and consumer expectations in an area where widespread consensus already exists.
<ksmith> Nick - I don't see an action item for me, but I was assigned to edit section 3.5.2 slightly. Did you get that? Or am I looking in the wrong place?
Aleecia: will contine when we see texts
<rachel_n_thomas> • The DAA has developed a comprehensive standard governing web-viewing data practices.
<rachel_n_thomas> • To my knowledge, W3C is a technology standards organization that has traditionally focused on developing consensus around specifications and guidelines for web technologies. The W3C’s recent foray into setting public policy standards is outside the o The public interest is not served by this expansion of the W3C’s efforts, especially because the method by which the W3C is seeking to achieve results is not through consensus and gives all stakehold
<rachel_n_thomas> • The TPWG should remain true to the W3C’s mission of developing consensus around specifications for web technologies and o should not seek to expand its scope into public policy issues that would be better addressed in other policy forums that have the experience and qualifications to evaluate these issues.
<npdoty> ksmith, I may have missed that one, what's the action?
<hwest> Thank you Aleecia!
<hwest> Anyone headed to Centraal, Rob and I are headed straight there to get checked in first
<ksmith> in widget scenarios
This is scribe.perl Revision: 1.137 of Date: 2012/09/20 20:19:01 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/designer/dsinger/ Succeeded: s/discussion/discussing/ Succeeded: s/peter-4As/ruud/ FAILED: s/Rachel why/rachel: why/ Succeeded: s/DMA/DAA/ FAILED: s/test/text/ FAILED: s/244/255/ FAILED: s/DNT/DNE/ FAILED: s/are you/... are you/ FAILED: s/Chris_IAB: "if you/mikez: "if you/ FAILED: s/ifette in/ifette: in/ FAILED: s/ifette prefer/ifette: prefer/ FAILED: s/dsinger don't/dsinger: don't/ Found ScribeNick: npdoty Found ScribeNick: ifette Found ScribeNick: npdoty Found ScribeNick: ifette Found ScribeNick: robsherman Found ScribeNick: JC Found ScribeNick: npdoty Found ScribeNick: npdoty Found ScribeNick: JC Found ScribeNick: susanisrael Found ScribeNick: Joanne Found ScribeNick: tedleung Found ScribeNick: amyc WARNING: No scribe lines found matching ScribeNick pattern: <amyc> ... Found ScribeNick: tedleung Found ScribeNick: amyc Found ScribeNick: amyc Found ScribeNick: npdoty Found ScribeNick: amyc Inferring Scribes: npdoty, ifette, robsherman, JC, susanisrael, Joanne, tedleung, amyc Scribes: npdoty, ifette, robsherman, JC, susanisrael, Joanne, tedleung, amyc ScribeNicks: npdoty, ifette, robsherman, JC, susanisrael, Joanne, tedleung, amyc WARNING: Replacing list of attendees. Old list: +31.20.585.aaaa Telegraaf +1.714.852.aabb fielding BrendanIAB? +1.310.292.aacc johnsimpson +1.425.214.aadd bryan_ Jonathan_Mayer New list: Telegraaf Jonathan_Mayer johnsimpson BrendanIAB? Default Present: Telegraaf, Jonathan_Mayer, johnsimpson, BrendanIAB? Present: Telegraaf Jonathan_Mayer johnsimpson BrendanIAB? Agenda: http://www.w3.org/2011/tracking-protection/agenda-2012-10-03-F2F-Amsterdam.html Found Date: 03 Oct 2012 Guessing minutes URL: http://www.w3.org/2012/10/03-dnt-minutes.html People with action items: brookman colando doty dsinger fette fielding lowenthal luigi mayer rachel robsherman roy sherman singer west wiley[End of scribe.perl diagnostic output]