See also: IRC log
<jchester2> Shall we sing Old Lang Digital Syne?
<npdoty> schunter: hi everybody
<npdoty> volunteers to scribe?
<npdoty> I can do the second half, if someone can help with the first
<npdoty> ... where I think I will have to follow up on several of the issues
<aleecia> i am so muted. what
<npdoty> scribenick: wseltzer
<Chris_IAB> just joined via Skype
schunter1: added an item at the
end on core next steps for compliance doc
... start with that item.
<npdoty> Dwainberg, I thought your comments weren't differences for the agenda, but just comments on the issue items
tlr: ack aleecia
aleecia: I am stepping down as
co-chair. Thanks all for the opportunity to serve for the past
year and a half.
... it's been a great ride. Extremely excited to welcome Peter Swire.
<dwainberg> Nick, it was both.
aleecia: Thanks everybody for all your hard work. I'll continue to be an active participant in the group.
tlr: Thank you very much aleecia for your work and dedication.
<susanisrael> 215286-xxxx is Susanisrael
tlr: Peter, would you introduce yourself?
<jchester2> Bravo Aleecia! Welcome Peter
<jeffwilson> thanks aleecia!
Peter_Swire: Hello, and thanks to those who have been introducing yourselves.
<dwainberg> Thank you, Aleecia!
<npdoty> +1, thanks so much Aleecia
<susanisrael> Thank you very much Aleecia!
Peter_Swire: I ask for your patience and understanding as I work through the institutional history.
<tedleung> Thank you Aleecia!
Peter_Swire: There's lots I don't yet know.
<David_M> Zakim David_McMillan is David_MacMillan
<robsherman> +1 — Aleecia, thanks so much for your hard work on this important effort.
Peter_Swire: I'm going to try to
learn it all, to act in good faith, and I ask for your
... as I learn W3C process, technology.
... Aleecia and Matthias have been concert pianists, I'm still going through the finger exercises.
... Background: I know quite a few of your and your organizations, even though I haven't been through the DNT meetings.
... On the substance, I've worked on privacy as a law professor and elsewhere since the mid-90s.
<Chris_IAB> Thanks for all your work on this Aleecia-- not always easy, but always appreciated. Welcome aboard Peter!
Peter_Swire: 2 books out this
fall, global Foundations introductory course, US privacy law
... This is not a US process, it's a global process.
... My experience with the EU privacy regime may be helpful.
... 90's, part of the team that negotiated EU-US safe-harbor.
... Sensitivity to different regimes is important here.
... Background on substance, with institutions.
... Worked with FTC, at the White House under Pres. Clinton.
... where part of my role was as NAI was being formed.
... Good relations with US Congress, both Democrats and Republicans.
... Working with Art 29 WP in Europe.
... In addition to W3C, there are many other institutions playing in the privacy space.
... Consumer groups and privacy advocates.
... Worked with CDT, EFF, Jeff Chester, Stanford, others.
... Also spent time working professionally with business community. MS, Intel, IBM, Google, more
... Fellow with Future of Privacy Forum, industry-funded privacy expert group.
... worked to be practical working with business.
... with MoFo with real clients and real problems.
... Tech is at the center of W3C work, along with policy, politics, law.
... Worked for many years on encryption, 1999 chaired WH group on crypto.
... Spoken at FC.
... Main research recently has been on de-identification.
... that has given immersion in actual workings of how companies do de-ID.
... Finally, facilitating complicated negotiations. WH coorddinator for HIPAA.
<Chris_IAB> only 52,000 comments? ;)
Peter_Swire: That rule is still
in place today.
... In WH 2009-10 under Larry Summers NEC, chairing complicated processes.
<johnsimpson> Apologies, bad LA traffic
Peter_Swire: I hope and believe I can be a good listener to many perspectives and backgrounds.
<WileyS> Stellar resume Peter!
Peter_Swire: Hopeful we can make progress in W3C standards process and larger privacy issues.
<Chris_IAB> +1 to WileyS comment - very impressive indeed
tomorrow, I finish fall semester at Ohio State. Calendar clear
now-end of May.
... Cleared my schedule to try to be helpful here.
<aleecia> Here's to a reboot with new energy.
tlr: thank you Peter, welcome on
... questions or discussion?
<schunter1> or feedback.
<jchester2> Peter: Since we are in many ways at an impasse, how do you think we can move ahead?
<Chris_IAB> hear you loud and clear Peter, even on speaker
schunter1: Let's dive into the
... Happy to have Peter on the call. Really appreciated Aleecia's energy and advice.
<eberkower> aaqq = eberkower
<dwainberg> nick, note that I'm also on Mozilla's phone
schunter1: acknowledge that our
initial schedule was a bit optimistic, but thanks to Aleecia we
made lots of progress.
... one advantage for a newcomer is that he can ask all the stupid questions.
... That's it for intros.
schunter1: First, action items.
<trackbot> ACTION-334 -- Nick Doty to re-update on handling of sub-domains, clarify concrete options (issue-112, perhaps with Shane) -- due 2012-11-14 -- OPEN
npdoty: sent the review half an hour ago, summarizing issues.
<trackbot> ISSUE-112 -- How are sub-domains handled for site-specific exceptions? -- pending review
npdoty: if we can decide which option, that'll save writing up both.
<trackbot> ACTION-131 -- Roy Fielding to sketch use case for user agent requests on tracking status resource -- due 2012-11-21 -- OPEN
schunter1: we'll mark it as closed. Any objection?
<npdoty> fielding, you're suggesting that we close/drop action-131? (had trouble hearing)
schunter1: closing action-131
<trackbot> ACTION-258 -- Thomas Lowenthal to propose 'should' for same-party and why -- due 2012-10-22 -- OPEN
<fielding> yes, so someone else can pick it up. if not, I'll do it later.
<npdoty> is tl or someone from Mozilla able to report on this?
<trackbot> ACTION-323 -- Thomas Lowenthal to share results of what-the-response-is-for discussion -- due 2012-10-22 -- OPEN
schunter1: I'll send reminders to tl
<npdoty> action-131: fielding is happy to let someone else take this up if they have time, or will otherwise get to it later
<trackbot> ACTION-131 Sketch use case for user agent requests on tracking status resource notes added
schunter1: re 258, 323
<trackbot> ACTION-317 -- David Singer to draft non-normative examples on same-party (issue-164) -- due 2012-11-14 -- OPEN
<aleecia> david's on the bus
<schunter1> I can hear you
<trackbot> ACTION-333 -- David Singer to work with Ian's text, Adrian's text, and Nick's cleanup to produce a new exception API proposed specification -- due 2012-11-14 -- OPEN
dsinger: sent text on exceptions out to the mailing list already
dsinger; I wrote something, not sure if it went to mailing list or just to Roy
scribe: Will send it again and make sure it's linked.
dsinger: Re 333, sent text a few
weeks ago. Adrian wants a few more days to review.
... by the end of this week I'll send something to the mailing list.
<npdoty> dsinger: will send something to the mailing list by the end of the week, even if we haven't heard feedback from ian/adrian yet
<trackbot> ACTION-332 -- David Wainberg to review TPE spec to ensure iframes are fine for exception API; if not, propose text changes -- due 2012-11-21 -- OPEN
<Chris_IAB> very hard to hear you David
dwainberg: add a week or two
schunter1: I'll add a week
... done for TPE
<fielding> we are done? YAY
<dwainberg> yes, I didn't realize I had that action item -- need another week to review.
schunter1: Went through issues and categorized them; issues where we have some text
schunter1: do we accept the text,
ask for alternatives, agree to drop
... Second is open issues where we need to assign actions to produce text.
<trackbot> ISSUE-21 -- Enable external audit of DNT compliance -- pending review
scribe: ^ text on the table
dwainberg: Is Kevin on the call?
Joanne: No. We provided some updated text. ^ link.
<aleecia> I'm surprised we're talking about this on TPE?
<aleecia> Oh - because it's down to an array.
Joanne: General understanding is the group didn't have an objection as this would be optional flag.
dwainberg: can we take a minute to walk through this new text?
Joanne: TK response header as
optional tracking status resource
... where party responding to DNT signal can put in additional info
... along with other optional resources
<Chris_IAB> I don't believe we are in favor of this option
Joanne: way for companies to show accountability, communicate that they've agreed to comply with 3d-pty standards
<npdoty> I believe the mechanism is the `audits` optional field in the tracking status resource
<Chris_IAB> it's out of scope for DNT
Joanne: text we proposed back in
March was condensed, a lot less prescriptive.
dwainberg: is this normative?
Joanne: I'll paste proposed normative text into irc.
<npdoty> although I actually think this could be non-normative text, as they're examples/suggestions
dwainberg: [hard to hear]
... propose moving this to compliance spec
schunter1: two angles to the audit
<aleecia> This actually does fit in TPE, it took me a minute to remember why too
schunter1: compliance angle,
extra data fields in the response protocol
... in TPE, we shoudl focus on what are the data field exchange flags needed.
<aleecia> It did start in Compliance, but now that it's simplified it's really more of a TPE fit
<jmayer> matthias, could we tackle ISSUE-137 next?
fielding: we have an audit field in the response
fielding: we can move on.
<jmayer> I have to run to Corporations in 10 minutes and would like to be able to comment.
<jmayer> I don't follow why this would be a Compliance issue. It's a way to transmit something—pure protocol.
schunter1: Action on Kevin to see whether he needs additional fields
Chris_IAB: DAA and IAB would not support
<Joanne> Matthias, I can take any action items assigned to Kevin
Chris_IAB: an issue of scope. Programs are important, but not part of DNT.
Chapell: nothing to add to David and Chris.
<npdoty> Alan, you were a contributor to this text proposal, yeah?
aleecia: a little history. We were happy with this proposal
<Chapell> npdoty, I participated in a preliminary call, but did not provide text
aleecia: it started very long and
involved, has now been trimmed to something manageable.
... give ability to have more transparency, trust. let users understand status of 3d-pty auditing.
<Chris_IAB> DAA has a program that already addresses this
aleecia: surprised to hear
... this has had a lot of work, now moving to something optional for companies that want to show this info to their users.
<Joanne> Aleecia covered this well
<Chris_IAB> the DAA program is different than DNT (today's definition)
<npdoty> Chris_IAB, maybe there's some confusion here, I don't think this would in any way replace an existing program, it lets the site tell the user that they follow such a program
<Chapell> .... while I'm sure that some may provide audit / evaluations for DNT, I don't think there is any benefit to specifying this in the text
<Joanne> please assign it to me
<npdoty> scribenick: npdoty
<Chris_IAB> npdoty, I feel it's out of scope, per the Charter
<efelten> It's an *optional* field, so "my company won't use it" isn't a strong argument against.
schunter: worth making an update to see if we need any additional language or additional fields
<ChrisPedigoOPA> I don't remember there being consensus on this
<Chris_IAB> I fail to see where this is in scope per our current Charter
<scribe> ACTION: joanne to update on audits field proposal and any normative requirements as necessary [recorded in http://www.w3.org/2012/11/28-dnt-minutes.html#action01]
<trackbot> Created ACTION-340 - Update on audits field proposal and any normative requirements as necessary [on Joanne Furtsch - due 2012-12-05].
<Chapell> I don't remember consensus on this item either
" <npdoty> any objections to an audit field?
<npdoty> no objections to the audit field. ", from Bellevue
fielding: agree with aleecia in general, not sure the text that we looked at in emails today is necessary for the TPE side
<aleecia> there are two things out of scope by charter. This is neither of them.
<schunter1> We agree on the audit field. We discuss what non-normative text to wrap around it.
fielding: but if there's anything that needs to be updated on the audits field, please let us know
<dsinger> yes, I would like to know what more edits are proposed to TPE, and why (over and above the 'audit' field)
ChrisPedigoOPA: don't want to get
in the way of audits, concerned that we're adding complexity or
too strongly encouraging use of the audit identifier
... don't think we need the TRUSTe proposal right now
npd: not entirely sure what ChrisP means by the TRUSTe proposal and what isn't needed
<Joanne> here is the yest from teh TPE
Chris_IAB: we have our own ways
through the DAA program to confirm compliance with the DAA
program, a program that's quite different from DNT, would lead
to confusion if we add on additional compliance regimes at this
... want to stay focused on defining tracking and dnt
Dwainberg: should move on, we have an action item to revise text
<aleecia> Is there any reason someone *cannot* live with this proposal?
Dwainberg: better suited to discussion in compliance?
<fielding> aleecia, which one?
npd: are the objections to having the audit field at all? or the text proposed in march?
<aleecia> With an optional TPE field for audit transparency
<schunter1> Agreement on "audit" field. Disagreement on whether additional text is needed.
jmayer: arguments seem in favor of adding an optional audit field, if consumers did want to learn about auditing, having an optional consistent path is what we would do to facilitate marketplace competition
<Chris_IAB> npdoty, I object to both
<jmayer> Phone fail. Hope that made sense, off to class.
schunter: don't debate the audit field, we had consensus at our last f2f about that field, just a question of whether additional text is necessary
<Chapell> Kick off que (:
schunter: leave it to Joanne to see if we need an update at all
Joanne: we're fine with the language in the TPE, but if the group is fine with what's in the TPE now, issue 21 can be closed
schunter: quick turnaround on that action
<Chapell> Wondering if the audit field is related to the token field discussion --- is it ok for DNT compliant to be audited pursuant to the DAA or NAI Codes?
<trackbot> ISSUE-21 -- Enable external audit of DNT compliance -- pending review
<Chapell> I was....
schunter: suggest closing issue
21, unless we need additional text
... does anyone need additional text for issue 21?
<Chapell> Thanks TLR
Chris_IAB: didn't recall an agreement in Amsterdam about the audit field
<Joanne> it was in Seattle we discussed it
<fielding> yes, in Bellevue
<npdoty> any objections to an audit field?
<npdoty> no objections to the audit field.
<aleecia> thank you, Nick
Chris_IAB: can you get an update on that from the minutes offline?
<aleecia> Which meeting was it?
<tlr> aleecia, 22 June, Bellevue, WA
<Chris_IAB> npdoty, I am not in favor of an audit field
Chapell: if we set up an audit field, there might be some concern from the group about whether NAI or others is providing an audit, or what ruleset might apply
<aleecia> thanks. I also remembered this discussion but not Amsterdam. This seems right to me.
<fielding> tes, this is going down a rathole and we are not discussing it -- audit is a link
Chapell: blank check around an audit function
<Chris_IAB> npdoty, I am searching the notes from Amsterdam, and can't find where we agreed on adding an audit field??
<tlr> Chris, http://www.w3.org/2012/06/22-dnt-minutes
schunter: for the protocol, this is just a field
<trackbot> ISSUE-137 -- Does hybrid tracking status need to distinguish between first party (1) and outsourcing service provider acting as a first party (s) -- pending review
<dsinger> I think this is very different from a previous discussion, where we considered and rejected a proposal to say which compliance you claim; this is about whether you have been *audited* for the compliance...
<aleecia> (might make sense to put the link to the minutes into the notes for the issue, so we don't have to pull this again)
<tlr> issue-21: see discussion at Bellevue face-to-face, http://www.w3.org/2012/06/22-dnt-minutes
<trackbot> ISSUE-21 Enable external audit of DNT compliance notes added
<dsinger> this links to my action-317 same-party (optional)
schunter: tl had said at one
point that it's important to indicate whether a server is a
... fielding had pointed out that they may not be allowed to or want to
... we need alternatives of text for this, in order to close it
<Chris_IAB> npdoty, thanks for pointing me to this. I must have stepped out of the room, so I apologize. I'm still not in support of it, but anyway, I see how it was added.
dsinger: my recollection is that
we accepted fielding's point on this, but might be useful to
indicate when you're in a service provider relationship (like
when you are on a different domain)
... connected to my action-317, but also to Rigo's @@@
... optional, in order to disambiguate in cases where you might appear to be a "rogue" first party
<Chris_IAB> npdoty, reading the notes, I believe the context of an audit field is with respect to a DNT audit (against THIS spec), not for just any old audit.
<efelten> +1 dsigner, I remember it the same way.
<trackbot> ACTION-317 -- David Singer to draft non-normative examples on same-party (issue-164) -- due 2012-11-14 -- OPEN
<fielding> The entire point of having service provider constraints is to classify them as part of the first party controller. There is NO reason to indicate that in the protocol.
dsinger: can move forward with my text suggestion for 317
fielding: don't have any need or
desire for mechanical distinction between sites that are made
up of multiple service providers
... a flag added to the protocol does not help except for sites wholly owned by one corporation
... if it weren't for the constraints on service providers (handling the data as if they were wholly owned by the provider, so there's no additional loss of privacy there)
schunter: to recap an argument,
when the service provider is running on an independent domain,
a user agent may be confused if two separate sites are
indicated as the same party
... declaring when an independent site is not the same party but a service provider
<dsinger> yes, this is to enable dealing with the case when a site appears different (e.g. because of hostname) but is in fact under an SP relationship
aleecia: to roy's point, I have two possible concerns where the distinction would be useful for the user
aleecia: one possible approach
for service providers is that they could combine data from
multiple first parties
... if that were the approach we took (which I wouldn't support), I would be concerned about a lack of signal to the user
<dsinger> is having a hard time seeing why an *optional* notifier is objectionable
<dsinger> if you don't see a need to use it, then don't use it
aleecia: second, if DNT were
providing value mostly on transparency rather than controlling
collection, then it might be an issue to reduce
... might depend on our definition of service provider
<vinay> Aleecia -- which proposed text are you referring to where it allows a service provider to combine user-level data (not aggregate data) across first parties?
efelten: given that we're talking about an optional field, then we should look at whether it would be useful for a server to say whether it's a service provider
<aleecia> Shane's been proposing that for months
efelten: for example, if a site
is offering from a different domain, but says that it has
consent from the user
... it would look to the user/ua like a false assertion of consent
<dsinger> +1 to ed; this makes possible disambiguation, but does not require it
efelten: where there would be genuine confusion about whether a site is a service provider or not
schunter: the question was just whether to have it as mandatory, not whether to have it as an optional field
<fielding> I don't see how a flag disambiguates that. I have no problem with a link that says who the first party is for each tracking status resource
efelten: not taking a position on mandatory, but keeping an optional field is important
<Chris_IAB> how do optional fields get added to the spec in the end? must we show use before they are added to the final spec?
efelten, I think fielding believes that the policy link can be used to disambiguate in those cases
<fielding> or a new "first-party" link
schunter: optional doesn't mean whether we add the field to the spec, but a piece of info that sites may or may not transmit
<aleecia> Roy, that's interesting. What would that look like?
<aleecia> In Europe, I think that works really well. In the US, not as well.
<dsinger> notes that issue-168 is the other related issue here
schunter: optional from a syntax perspective, there are sometimes messages that don't have the field
<aleecia> So would a first party just list itself as the first party?
<aleecia> Or just claim "I'm a first party" and be done?
<efelten> Roy, there's also a cases where a SP is acting on behalf of a third party.
schunter: truly optional, sites may or may not transmit the flag for whatever reasons it has
<fielding> efelten, but in those cases they cannot claim more than 3rd party status
Chris_IAB: procedurally, do we have to show two parties
<dsinger> yes, if we end up with no-one implementing, we could/woudl remove the feature eventually
<dsinger> linked to 317
Chris_IAB: do we have to have two interoperable implementations in order to move forward with it?
npdoty: we can as a group
indicate features that are "at risk" that would be removed from
the spec if those features were not implemented
... a step we would take at CR
dsinger: happy to have it optional but not mandatory, and (related to 317) can write up some cases where it might be useful
<Chris_IAB> thank you npdoty, that seems very clear
<fielding> making it option does not remove the concern about UAs discriminating on the basis of this field, which again is an anti-competition issue
fielding: not a case where you can make it optional and it's still okay
<Chris_IAB> +1 to fielding
<dsinger> ah, ok, I will take that into account when I do the write-up, thanks Roy
fielding: if users use the flag
to discriminate, then that could have a negative market effect
on smaller players
... would have to be a formal objection, even if optional
<scribe> ACTION: singer to write up potential use cases for optional indication of service provider status, including points from Roy [recorded in http://www.w3.org/2012/11/28-dnt-minutes.html#action02]
<trackbot> Created ACTION-341 - Write up potential use cases for optional indication of service provider status, including points from Roy [on David Singer - due 2012-12-05].
<Chris_IAB> fielding and dsinger, we should always consider the "level playing field" when considering features here -- very good call Roy
<aleecia> Hi, Peter
<efelten> Obviously, any (mis)use of the standard in violation of antitrust law would be subject to law enforcement.
npd: fielding, that would be a disincentive to using the optional field, yeah?
peterswire: we'll post this
request, want to solicit input from any of you
... comments to be submitted for the call a week from today
<aleecia> The only note I have is pretty obvious from this call: I'll be taking a different role here now that I'm not co-chair.
peterswire: no more than 3 points and no more than 300 words
<Chris_IAB> efelten, good point, though it can be a grey line as you know
peterswire: I'll read all that
fit that limit
... what are the most important things for the process to consider, areas of agreement to highlight, things for the new co-chair to know
... comments posted by a week from now, for response by Wed, Dec 12
<dsinger> …is confused; comments on what?
tlr: usual way is just to use the mailing list, answers to the email that Peter will send
<Chris_IAB> should we set up a topic on the mailing list?
<schunter1> Kick-off advise and your main requirements
<aleecia> Can we *please* have a second dlist that is not for discussion?
<tlr> yes :)
<aleecia> That's been promised for months now
<tlr> peter was asking for input on priorities
<susanisrael> +1 aleecia
peter: will post request for comments today, exact wording
<afowler> +1 aleecia and susan
npd: aleecia, susanisrael, afowler, will follow up on that again, apologies
schunter: from my perspective
that's all, anything I overlooked for today in last
... if not, we can close the call
... thanks a lot, adjourned, see you all next week.
This is scribe.perl Revision: 1.137 of Date: 2012/09/20 20:19:01 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/@@/sent text on exceptions out to the mailing list already/ Succeeded: s/tes/yes/ Found ScribeNick: wseltzer Found ScribeNick: npdoty Inferring Scribes: wseltzer, npdoty Scribes: wseltzer, npdoty ScribeNicks: wseltzer, npdoty Default Present: +1.408.674.aaaa, npdoty, wseltzer, tlr, aleecia, BrendanIAB?, +1.703.438.aabb, jchester2, RichardWeaver, TedLeung, Jonathan_Mayer, +1.703.265.aacc, jeffwilson, +1.415.520.aadd, dsinger, moneill2, +49.431.98.aaee, ninjamarnau, +1.714.852.aaff, +1.202.331.aagg, +1.202.587.aahh, schunter, +1.202.296.aaii, Chris_Pedigo, peter, adrianba, Lia, +1.917.934.aajj, peter-4As, vinay, fielding, +1.206.658.aakk, amyc, +1.813.366.aall, hefferjr, +1.202.370.aamm, +aann, +1.646.666.aaoo, +1.408.349.aapp, Chris_IAB?, +1.646.654.aaqq, WileyS, +1.215.286.aarr, susanisrael, +385345aass, David_MacMillan, +1.949.573.aatt, +1.609.258.aauu, efelten, +44.772.301.aavv, +1.310.392.aaww, johnsimpson, +1.206.910.aaxx, Joanne, eberkower, Dwainberg, Chapell, robsherman, +44.772.301.aayy, +1.408.423.aazz, Keith, JC, peder, chris, PhilPearce Present: +1.408.674.aaaa npdoty wseltzer tlr aleecia BrendanIAB? +1.703.438.aabb jchester2 RichardWeaver TedLeung Jonathan_Mayer +1.703.265.aacc jeffwilson +1.415.520.aadd dsinger moneill2 +49.431.98.aaee ninjamarnau +1.714.852.aaff +1.202.331.aagg +1.202.587.aahh schunter +1.202.296.aaii Chris_Pedigo peter adrianba Lia +1.917.934.aajj peter-4As vinay fielding +1.206.658.aakk amyc +1.813.366.aall hefferjr +1.202.370.aamm +aann +1.646.666.aaoo +1.408.349.aapp Chris_IAB? +1.646.654.aaqq WileyS +1.215.286.aarr susanisrael +385345aass David_MacMillan +1.949.573.aatt +1.609.258.aauu efelten +44.772.301.aavv +1.310.392.aaww johnsimpson +1.206.910.aaxx Joanne eberkower Dwainberg Chapell robsherman +44.772.301.aayy +1.408.423.aazz Keith JC peder chris PhilPearce Agenda: http://www.w3.org/mid/50B513D8.firstname.lastname@example.org Got date from IRC log name: 28 Nov 2012 Guessing minutes URL: http://www.w3.org/2012/11/28-dnt-minutes.html People with action items: joanne singer[End of scribe.perl diagnostic output]