16:57:18 RRSAgent has joined #dnt 16:57:18 logging to http://www.w3.org/2013/01/16-dnt-irc 16:57:22 rrsagent, make logs public 16:57:23 + +1.408.836.aaaa 16:57:27 +Fielding 16:57:32 Meeting: Tracking Protection Working Group teleconference 16:57:35 Chris_IAB has joined #dnt 16:57:37 Chair: peterswire 16:57:43 1.408.836.aaaa -> brad kulick 16:57:46 +[IPcaller] 16:57:48 vincent has joined #dnt 16:57:50 I hear some underage participant 16:57:55 P39 is Mattias I think 16:58:06 Zakim, aaaa is kulick 16:58:06 +kulick; got it 16:58:08 + +31.65.141.aabb 16:58:12 + +1.202.587.aacc 16:58:16 Zakim, aabb is me 16:58:16 +rvaneijk; got it 16:58:18 zakim, [IPcaller] is me 16:58:18 +moneill2; got it 16:58:20 jeffwilson has joined #dnt 16:58:23 Zakim, ??P39 is maybe schunter 16:58:23 I don't understand '??P39 is maybe schunter', npdoty 16:58:28 +JeffWilson 16:58:29 +Chris_IAB 16:58:31 +vincent 16:58:34 +npdoty 16:58:45 JC has joined #DNT 16:58:53 Chris Mejia just joined the call from 212 16:58:57 samsilberman has joined #dnt 16:59:08 npdoty - I think the keyword you're looking for is "probably" rather than "maybe" 16:59:08 +Brooks 16:59:12 +[Microsoft] 16:59:21 Brooks has joined #dnt 16:59:40 Zakim, ??P39 is probably schunter 16:59:40 +schunter?; got it 16:59:46 +Susan_Israel 16:59:47 susanisrael has joined #dnt 16:59:51 +samsilberman 16:59:54 Lia has joined #dnt 17:00:02 Zakim, aacc is peterswire 17:00:02 +peterswire; got it 17:00:16 Zakim, who is on the phone? 17:00:16 On the phone I see BrendanIAB?, schunter?, dwainberg, walter, kulick, Fielding, moneill2, rvaneijk, peterswire, JeffWilson, Chris_IAB, vincent, npdoty, Brooks, [Microsoft], 17:00:19 ... Susan_Israel, samsilberman 17:00:20 +[CDT] 17:00:23 ChrisPedigo_OPA has joined #dnt 17:00:23 aleecia has joined #dnt 17:00:28 hefferjr has joined #dnt 17:00:29 +Keith_Scarborough 17:00:35 + +1.202.331.aadd 17:00:43 + +1.646.654.aaee 17:00:46 +DAvid 17:00:52 kj has joined #dnt 17:01:04 +hefferjr 17:01:07 +Chris_Pedigo 17:01:08 +Aleecia 17:01:12 Zakim, aaee is me 17:01:12 +Lia; got it 17:01:14 +RichardWeaver 17:01:18 scribe: JC 17:01:31 justin has joined #dnt 17:01:32 + +1.917.974.aaff 17:01:34 Peterswire: Put in IRC any new phone numbers 17:01:40 jmayer has joined #dnt 17:01:40 hwest has joined #dnt 17:01:41 Zakim, aaff is justin 17:01:41 +justin; got it 17:01:47 Zakim, who is making noise? 17:01:48 David_MacMillan has joined #dnt 17:01:48 please mute :-) 17:01:55 + +1.609.258.aagg 17:01:56 vinay has joined #dnt 17:01:57 npdoty, listening for 10 seconds I heard sound from the following: peterswire (50%), Susan_Israel (31%) 17:01:59 +Jonathan_Mayer 17:02:01 Zakim, aagg is me 17:02:01 +efelten_; got it 17:02:02 ... please be on mute if you are talking locally 17:02:13 peter-4As has joined #dnt 17:02:17 ... scribes will be selected before calls 17:02:17 +hwest 17:02:21 ... hello to everyone 17:02:24 + +1.202.344.aahh 17:02:45 Mike_Zaneis has joined #dnt 17:02:48 ... we will be looking at de-identification issues which will be important to future call 17:02:49 issue-191? 17:02:49 ISSUE-191 -- Non-normative Discussion of De-Identification -- raised 17:02:49 http://www.w3.org/2011/tracking-protection/track/issues/191 17:02:52 Keith has joined #dnt 17:03:02 ... a new issue 191 was created for this 17:03:08 -Chris_Pedigo 17:03:13 dsinger has joined #dnt 17:03:14 ... for linkability and de-identification 17:03:32 ... it is important to get clarity around definitions and problems that have come up 17:03:38 Is there a URL with info to participate remotely tomorrow for the de-ID workshop? 17:03:40 +[Microsoft.a] 17:03:48 zakim, [Microsoft.a] is me 17:03:48 +adrianba; got it 17:03:51 ... two major reports have been sent out on this 17:03:56 zakim, mute me 17:03:56 adrianba should now be muted 17:04:02 ... the US document will be discussed today 17:04:12 David I had to try a few times too 17:04:15 -Brooks 17:04:15 zakim, who is on the phone? 17:04:15 On the phone I see BrendanIAB?, schunter?, dwainberg, walter, kulick, Fielding, moneill2, rvaneijk, peterswire, JeffWilson, Chris_IAB, vincent, npdoty, [Microsoft], Susan_Israel, 17:04:18 ... samsilberman, [CDT], Keith_Scarborough, +1.202.331.aadd, Lia, DAvid, hefferjr, Aleecia, RichardWeaver, justin, efelten_, Jonathan_Mayer, hwest, +1.202.344.aahh, adrianba 17:04:18 ... (muted) 17:04:18 .... Deven McGraw from CDT was involved in it 17:04:31 ... the second one was from UK ICO 17:04:42 ... links are in today's agenda 17:04:42 http://www.w3.org/wiki/Privacy/De-identification 17:04:55 Just to make sure, the UK ICO report is for the UK only... 17:05:00 WileyS has joined #dnt 17:05:05 Zakim, who is making noise? 17:05:10 You can not extrapolate it to the EU.. 17:05:14 ... hopefully we can work on advancement of common knowledge 17:05:15 npdoty, listening for 10 seconds I heard sound from the following: Susan_Israel (19%) 17:05:27 ... remember gathering at CDT 17:05:31 Zakim, 2023444652 is Mike Zaneis 17:05:31 I don't understand '2023444652 is Mike Zaneis', Mike_Zaneis 17:05:40 Zakim, aahh is Mike_Zaneis 17:05:40 +Mike_Zaneis; got it 17:05:46 Is there a URL with info to participate remotely tomorrow for the de-ID workshop? 17:05:47 ... ylagos@futureofprivacy.org should be emailed if you are attending in person 17:05:48 +Brooks 17:05:58 +Peder_Magee 17:06:06 +WileyS 17:06:07 + +1.646.722.aaii 17:06:09 ... one of the rules for discussion is no normative conversations 17:06:20 ... same call in rules for weekly calls 17:06:32 ATurkel has joined #dnt 17:06:38 Marc_G has joined #DNT 17:06:46 The UK document doesn't even bind the UK 17:06:56 +[Apple] 17:06:57 And definitely does not bind anyone in Europe 17:07:03 ... the documents do not bind countries or are necessarily the right way to go 17:07:03 zakim, [apple] has dsinger 17:07:03 +dsinger; got it 17:07:08 + +1.425.214.aajj 17:07:15 the UK document is centered around its definition of personal data. 17:07:22 + +1.425.455.aakk 17:07:28 + +1.202.265.aall 17:07:38 Marc 202 265 2736 17:07:42 ... I gave sample reasons why one might be less strict to use, not to say that these are the correct answers on how we shouild go on DNT 17:07:45 Zakim, aall is Marc_G 17:07:45 +Marc_G; got it 17:07:57 pedermagee2023263538 has joined #dnt 17:07:58 CraigSpiezle has joined #dnt 17:07:59 ... post any new documents to the Wiki Nick has setup 17:08:12 Zakim, who is making noise? 17:08:17 zakim, who is mnaking noise? 17:08:17 I don't understand your question, dsinger. 17:08:18 ... issues we plan to discuss tomorrow at 9:00 17:08:18 cannot understand 17:08:22 npdoty, listening for 10 seconds I heard sound from the following: Fielding (9%), peterswire (15%) 17:08:29 can't hear due to background noise 17:08:50 ... what are insentives to do de-identification 17:09:13 s/insentives/incentives/ 17:09:17 .... if we understand reasons, risks, benefits, that can lead to uses cases 17:09:21 + +1.206.658.aamm 17:09:45 ... second topic, what are some measurements of de-identification. what are risks of reidentification 17:09:47 Zakim, aamm is probably amyc 17:09:47 +amyc?; got it 17:09:56 ... what are goals as we define these regimes 17:10:12 q+ 17:10:19 ... what are goals technical safeguards versus adminstrative safeguards 17:10:32 ... number 4 hashing 17:10:43 ... what kind of safeguards can it provide 17:10:57 ... next issue, use of persistence identifiers 17:11:15 ... how is it that various buckets can be updated when deidentification is used 17:11:43 ... if there are other descriptive issues that should be identified send them to Peter Swire 17:12:00 ... We ccirculated Devin's slides earlier 17:12:09 ... any questions or comments? 17:12:13 ack fielding 17:12:19 Could somebody post a link to Deven's slides? 17:12:30 fielding: can you describe why deidentification is it applicable to DNT 17:12:33 +1 17:12:38 Wileys has joined #dnt 17:12:42 as in, I'd like to get a link to the slides too 17:12:45 peterswire: I see it relevant in a couple of ways 17:13:01 ... data collected online is so aggregated it is not considered tracking 17:13:24 ... at the other end data is associated with a specific individual such as Peter 17:13:28 echo: Could somebody post a link to Deven's slides? 17:13:41 ... knowing were data falls is important to the process 17:13:56 Hi Roy, we're basically working through http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#def-unlinkable 17:14:01 -Susan_Israel 17:14:03 ... second thing, int he compliance spec it is related to the various uses 17:14:14 The standard says it doesn't apply to data that has been deidentified/delinked. And it's been one of the most debated topics within the group. How is that not relevant? 17:14:25 ... there can be time when data goes into a DB and it should not come out in a way that can be linked to an individual 17:14:26 to the individual or to the unique ID? 17:15:02 ... I'm not saying that the DAA rules a perfect, but that have definitions about how data goes into the system but does not come out 17:15:03 tedleung has joined #dnt 17:15:08 ... in an identifiable way 17:15:09 justin, because I have no interest in keeping data when DNT:1 is set other than for security purposes 17:15:25 Justin's right that we've discussed anything being permitted for de-id'ed data, but that's not nailed down as we were still working through which defn we would go through 17:15:33 ... because the compliance spec covers the meaning of tracking and others I feel it is relevant 17:15:36 Nick, could you share the Twiki link you created - does it host the presentation being referenced? 17:15:51 chris_iab: when you say individaul do you mean unique ID? 17:16:03 peterswire: I'm trying not to make decisions about what I mean 17:16:15 Wileys, wiki page is here http://www.w3.org/wiki/Privacy/De-identification some people have already added more to it 17:16:21 ... sometimes it is associated with a machine or cookie or individual 17:16:38 ... that is what I mean by creating a working definition 17:16:51 ... so we know what we are referencing in conversations 17:17:02 Thank you Nick 17:17:29 ... I will introduce Devin McGraw 17:17:37 fielding, I am glad to hear it! But other working group members want to do more with that data. So the previous discussions we had about product improvement/market research have now migrated to the discussion of deidentification. 17:17:46 ... she was very involved in public hearings on deidentification 17:17:49 q+ 17:17:50 s/Devin/Deven/ 17:18:04 q? 17:18:06 ack rvaneijk 17:18:14 rvaneijk: Can we get a link to the slides? 17:18:15 Nick, checked the Twiki and can't find the slides 17:18:17 +1 on slides 17:18:23 +q 17:18:33 peterswire: I met have created an error in my email 17:18:42 Shane: can you post the slides? 17:18:49 -q 17:19:24 just paste the link in here? 17:19:31 Thank you Peter 17:19:39 Peterswire: I will send these to Nick and he can post them 17:19:47 ... Deven you can go 17:19:47 +Susan_Israel 17:19:58 Deven: The slides are mostly text without math 17:21:09 ... The guidance that was given on deidentification came from the HIPAA and that where we will start 17:21:15 +Ted_Leung 17:21:32 ... HIPAA protects health information in the US, but it is not a data protectin law 17:21:40 +Chris_Pedigo 17:21:52 ... most of the data holders in the US are covered by HIPAA 17:22:07 ... HealthVault and similar apps are not covered 17:22:08 Roy it's possible that some of the discussion around how to keep data protected may be interesting in the context of data held to prevent fraud / for security. Unclear to me, but I could imagine some cross-over there 17:22:24 ... the bad news is HIPAA does not cover all health data 17:22:36 ... deven@cdt.org is my email 17:22:38 zakim, who is making noise? 17:22:49 dsinger, listening for 10 seconds I heard sound from the following: Susan_Israel (48%) 17:23:05 zakim, mute susan_israel 17:23:05 Susan_Israel should now be muted 17:23:06 i have musted sorry 17:23:19 ... when you have data that meets the standard for deidentification it is not covered by the law 17:23:34 ... you can do almost anything with deidentified data 17:23:47 ... the deidentification standard is a legal one 17:24:16 ... there is no specific percentage risk which is established as a baseline 17:24:25 -amyc? 17:24:28 ... risk is contextual 17:24:38 +[Microsoft.a] 17:24:41 ... there are two methods that can be used 17:24:59 ... the expert method requires someone with expertise to document that the risk is small 17:25:20 ... it must be determined who the data is going to and what other data they have 17:25:44 ... safeharbor metho requires removing ?? amounts of data 17:25:50 ... I"m on slide 5 17:26:19 ... a code can be assigned to deidentified data to allow data to be reidentified as long as the code is not derived from individual 17:26:37 ... and you cannot deisclose the code to the identity you are giving the data to 17:26:49 -Susan_Israel 17:27:08 ... this provision permits healthcare entities to be able to reidentify the data when notification is required 17:27:24 ... for example in case of an infectious desease 17:27:25 http://www.w3.org/2011/tracking-protection/HealthDe-IdentifiedDataSlides.pdf 17:27:30 sorry, but have the slides that we are reviewing been distributed? I can't seem to find them? 17:27:47 see in now npdoty, thanks 17:27:51 ... the assignment of codes is covered in guidance 17:28:09 ... on slide 6 let's discuss safeharbor 17:28:18 slides are not numbered 17:28:37 -Brooks 17:28:45 if you view in other mode, you can see the slide numbers 17:29:21 it's a pdf peterswire; which mode are you referring to? 17:29:33 ... names, addresses, zip codes, all elements of dates, ages are okay except for the elderly, telephone number, account number, VIN, IP address, URL 17:29:50 ah, I'm viewing in powerpoint 17:29:51 ... and any other unique identifying number or code cannot be used 17:30:10 I do not think I understand this "code" 17:30:13 ... the trick with safeharbor is you have to remove all of these types of data to be covered 17:30:20 +Brooks 17:30:41 ... if this does not work you can use the statistician method, but someone must validate the method 17:30:49 + +44.772.301.aann 17:31:04 ChrisPedigo_OPA has joined #dnt 17:31:24 ... safeharbor method deems that the data is deidentified and thus unregulated 17:31:25 schunter has joined #dnt 17:31:29 phildpearce has joined #dnt 17:31:43 ... it is also a cookbook that tells you how to deidentify 17:31:56 +??P24 17:32:00 -schunter? 17:32:12 + +1.213.239.aaoo 17:32:22 ... under the statistical method there are no rules for the statistician 17:32:27 Mike_Zaneis_ has joined #dnt 17:32:28 mecallahan has joined #DNT 17:32:51 ... I have never heard of anyone be held up by a regulator because they did not properly deidentify data 17:33:33 Zakim, ??P24 is schunter 17:33:33 +schunter; got it 17:33:38 ... the standard is to reach low risk of reidentification, not zero risk 17:33:50 ... requiring zero risk would remove all utility 17:34:02 Ahh. 1999. Before a lot of the re-identification work had happened. 17:34:05 amyc has joined #dnt 17:34:27 ... provides rules for contractors 17:34:56 ... data use agreements are not required, but a data holder may require an agreement for deidentificaiton 17:35:10 ... slide 12 guidance covers who is an expert 17:35:38 ... no specific degree or level or education is required, but they will look at that in a review 17:36:04 ... no numeric target is given for risk 17:36:17 aleecia, isn't this much more recent guidance? I'm hearing explicit acknowledgement of re-identification -- low risk, not no risk 17:36:43 ... multiple algorithms can be used in a single datasets 17:36:58 ... as long as datasets cannot be combined for reidentification 17:37:09 ... slide 13 shows dataflow 17:37:21 Nick, one example of outdated thinking is the discussion of k-anonymity. 17:37:23 ... deidentification can be iterative 17:38:08 ... an agreement cannot be a tool of deidentification 17:38:21 the guidance is more recent, I agree. The original text was from '99. That explains why there would be an identifier added back after doing all the de-identifying work -- the risk of that was likely not really appreciated at the same level in '99 17:38:25 ... slide 14 and 2.9 of guidance 17:38:34 bryan has joined #dnt 17:38:36 ... you cannot assign a code that is given away with the data 17:38:37 And here we are :-) 17:38:53 So it sounds like they're trying to fix it 17:38:55 efelten, forgive my ignorance, why is discussing k-anonymity outdated? 17:39:00 this is 2012 guidance; original rule drafted in 1999/2000 17:39:12 ... however you can disclose a code that has been derived from the data as long as the code and data meet low risk standard 17:39:44 ... you can take protected health information and transform it into values for cryptographic hash functions 17:39:49 k-anonymity does not imply any limitation on the the analyst's ability to infer sensitive data about individuals, for one thing. 17:40:01 ... but do not give away the formula or hash 17:41:02 ... slide 16 remember when you are using safeharbor to remove 18 types of data you have to know if the data can be reidentified 17:41:42 ... structured data and free text fields are covered by deidentification rules 17:42:04 ... deidentification is aimed at protecting patients and families not staff 17:42:24 + +1.917.318.aapp 17:42:34 ... HIPAA rules does not cover healthcare providers 17:42:37 -Chris_Pedigo 17:42:58 +Chris_Pedigo 17:43:12 ... I will let you know when the guidance does not cover something 17:43:16 Zakim, aapp is Alan 17:43:16 +Alan; got it 17:43:30 ... the agency did what congress asked them to do and nothing more 17:44:06 Some of this is really good. But it starts from a point of trying to create incentives for de-id'ing data, presumably because aggregate health information has so much public benefit. Bit different here, but very very interesting to hear what they did 17:44:22 Peterswire: Under safeharbor IP address is PHI. What about cookies or browsing habits? 17:44:29 Deven: there is no guidance on that 17:44:39 I didn't understand IP address as personal health information, but just as information that would have to be removed to de-identify 17:44:42 ... you would need to look at what is being examined 17:44:55 -Jonathan_Mayer 17:44:56 ... the hospital's website would not necessarily be covered 17:45:20 Peterswire: Is knowing where the patient is logging in from covered 17:45:33 URLs are covered as PHI, right? 17:45:40 Deven: Since web data is covered this could be covered 17:46:02 Or at least URLs are one of the things that have to be removed under the safe harbor. 17:46:03 ... that is why there is the catch-all category to catch these types of things, such as cookies 17:46:16 efelten, the latter, yes 17:46:20 Peterswire: have people use one method over the other 17:46:21 The HIPPA standard for de-identification is focused on 'External Sharing' - whereas our discussions have centered around de-identification for data that is not to be shared externally. I believe it makes sense to have two standards here: internal vs. external 17:46:22 guid in cookie obv. can be used to re-identify 17:46:44 Deven: The analytical folks tend to use statistician method because they need dates 17:47:14 Shane, I could imagine that working 17:47:15 ... similaryly understanding health trends is difficult with safeharbor method 17:47:37 ... bess analytics is done with statitically deidentified data 17:47:53 justin has joined #dnt 17:47:58 What about Shane's question or point above? 17:48:00 Peterswire: Can you explain if salts are required with hashing 17:48:32 Deven: I believe the guidance states if you are using a hash, after you hand the data to a recipient they should not be able to reidentify the data 17:49:03 ... the risk should be very low and examples are provided for when codes can be provided 17:49:07 In healthcare, providers are given different treatment because they have informed consent from the patient. 17:49:34 ... for hashes you cannot provide the key or salt 17:52:11 scribenick: npdoty 17:52:15 Ed, if the URL is non-specific to a user, then this would not have to be removed (meets 'very low risk' standard) 17:52:42 peterswire: regarding data-use agreements under HIPAA, when does de-identification happen vs. data-use agreements? 17:53:08 JC_ has joined #DNT 17:53:08 deven: data-use agreement is not required when you've reached de-identification (statistically to low risk, or under safe harbor) 17:53:15 Shane, a dataset with full URL's contains behavioral information, which is specific to a user 17:53:29 ... you don't need to execute an agreement with the recipient of your data, they don't need to commit not to re-identify 17:53:46 ... if you want to use a data-use agreement as an extra measure of caution, you can do that 17:53:48 test 17:53:52 ... enforced as a matter of contract 17:54:10 ... can't use the data-use agreement to get to the low risk of de-identification 17:54:26 JC has joined #DNT 17:54:42 ... gray area regarding "anticipated recipient" 17:54:42 - +1.425.455.aakk 17:54:59 ... because there might be other people who can reidentify this data but you can't 17:55:31 -Chris_Pedigo 17:55:43 ... still raises questions about whether the agreement can limit recipients in a way that changes your statistical needs 17:56:03 Rob - as long as the receiptient is not able to leverage the URL history to re-identify the user then it does not need to be stripped. 17:56:12 peterswire: how much the expert's methodology should be public. what level of transparency is required? 17:56:21 +Chris_Pedigo 17:56:35 deven: not required to document the methodology, but required to maintain evidence for use in response to regulators [did scribe get that right?] 17:56:56 ... certainly been to many conferences where computer scientists will share those methodologies for feedback 17:57:14 Shane - it turns out URL history is an effective fingerprint. If "able to" is the threshold, then URLs are certainly going to need to be stripped 17:57:20 ... if you're willing to attest, put your name as a statistician, you don't have to document the method 17:57:33 ATurkel has joined #dnt 17:57:45 ... not specified what level of attestation is needed 17:58:03 ... I would want enough documentation as the data holder to respond to regulators who knock on my door 17:58:14 ... a handful of people who do this on a regular basis, and everybody uses them 17:58:34 Aleecia - if I give you a handful of URLs and ask you to re-identify the individual they belong to, I doubt you'd be able to. This is the receiptent test. 17:58:54 ... gives legal comfort to pick someone who has been regularly used 17:59:05 Zakim, who is making noise? 17:59:14 Actually the test is: if you give her all of your data, can she re-identify. 17:59:18 npdoty, listening for 12 seconds I could not identify any sounds 17:59:22 zakim, who is making noise? 17:59:23 Zakim, who is making noise? 17:59:34 dsinger, listening for 11 seconds I heard sound from the following: justin (56%), peterswire (39%) 17:59:38 Ed, agreed - the assembly of the specific data elements is a key factor 17:59:39 Zakim, drop justin 17:59:39 justin is being disconnected 17:59:39 Wileys, if you include the the timestamps I bet you could re-identify someone even with a few urls 17:59:40 -justin 17:59:42 does anyone else hear that?! 17:59:48 npdoty, listening for 13 seconds I heard sound from the following: peterswire (85%) 17:59:55 missed everything you said during noise 17:59:56 we certainly did 18:00:06 Chapell has joined #DNT 18:00:16 peterswire: q regarding categories of information 18:00:31 Vicent, I'm not sure I agree but this does align with my conversation with Ed on the assembly of data elements is key to the determination of "very low risk" 18:00:36 WIley, that is the whole point of pixel tagging 18:00:38 deven: not all holders, aimed at hospitals and doctors, and the records they use to treat patients and pay healthcare claims 18:01:00 +justin 18:01:03 ... of the data that's in those types of records, what elements are most likely to be re-identifiable 18:01:07 Shane - it turns out people visit the same few sites in the long tail. So for me, that's going to be a specific set of four web comics. :-) The set of sites people visit is persistent and often unique 18:01:08 zakim, mute me 18:01:08 justin should now be muted 18:01:19 justin: your cat sat on the phone? 18:01:28 Rob - pixel tagging through a unique cookie ID is meaningful to me - but since you as a receiptent don't have access to my cookie ID platform would not allow you to re-identify an individual 18:01:36 ... safe harbor categories came around after Latanya Sweeney's reidentification of the governor's record 18:02:04 ... data elements that she used are now listed in the safe harbor 18:02:28 ... but as we increase the amount of data in the external world, we shouldn't assume every year that the safe harbor makes it a very low risk 18:02:38 ... but a lot of public databases are not covered by HIPAA 18:03:23 peterswire: some discussion regarding date of birth, different from other data fields in that it splits the population into 25,000 cells 18:04:09 ... what kind of data can be easily searched on the outside? when you're coming up with your definition of very low risk, demographic data or data that lasts with you for a long time is a higher risk 18:04:25 ... persists longer and is more easily obtainable from other sources 18:04:57 deven: that's the level of detail in discussion of the statistical methodology 18:04:59 q? 18:05:16 kj has joined #dnt 18:05:30 peterswire: thanks very much to Deven 18:06:04 peterswire: in person availability in Brussels; next Thursday or Friday, will provide more information 18:06:16 I have no doubt that understanding deidentification is useful in general for the privacy of all users [not just those sending DNT]. I don't believe discussing it here is useful because I don't see us redefining what it means in our specs. That's in stark contrast to defining tracking, which hasn't been defined by anyone else, we are specifically chartered to define, and we aren't going to make any real progress until we do. And, no, I don't think that 18:06:17 unlinkability is relevant just because someone made it an issue for TCS. 18:06:20 ... I'm not available next Wednesday, Matthias will have a technical call at the usual time 18:06:24 ... questions or comments? 18:06:27 What about the MIT meeting? 18:06:33 any more details on the f2f? 18:06:33 - +1.646.722.aaii 18:06:33 is there logistics information for the f2f? 18:06:34 -DAvid 18:06:34 -RichardWeaver 18:06:35 -Chris_Pedigo 18:06:35 - +1.425.214.aajj 18:06:36 ... thanks everybody 18:06:37 -[CDT] 18:06:37 - +1.202.331.aadd 18:06:37 -dwainberg 18:06:37 -[Apple] 18:06:37 -Mike_Zaneis 18:06:37 -hwest 18:06:38 -efelten_ 18:06:38 -hefferjr 18:06:39 -WileyS 18:06:39 -Keith_Scarborough 18:06:41 -rvaneijk 18:06:41 -kulick 18:06:41 -peterswire 18:06:41 -Brooks 18:06:42 -Peder_Magee 18:06:42 -vincent 18:06:42 thanks 18:06:43 -Alan 18:06:43 - +1.213.239.aaoo 18:06:43 -samsilberman 18:06:43 -justin 18:06:43 -[Microsoft.a] 18:06:45 -Ted_Leung 18:06:45 -BrendanIAB? 18:06:46 -walter 18:06:46 -adrianba 18:06:47 -moneill2 18:06:51 Hi Nick did you see my message? 18:06:52 -Chris_IAB 18:06:54 -Aleecia 18:06:55 efelten_ has left #dnt 18:07:01 -schunter 18:07:05 -[Microsoft] 18:07:07 I'm hearing questions about MIT logistics, and will follow up on the mailing list 18:07:12 Zakim, list attendees 18:07:12 As of this point the attendees have been BrendanIAB?, dwainberg, walter, +1.408.836.aaaa, Fielding, kulick, +31.65.141.aabb, +1.202.587.aacc, rvaneijk, moneill2, JeffWilson, 18:07:14 thanks, Nick! 18:07:15 ... Chris_IAB, vincent, npdoty, Brooks, [Microsoft], schunter?, Susan_Israel, samsilberman, peterswire, [CDT], Keith_Scarborough, +1.202.331.aadd, +1.646.654.aaee, DAvid, hefferjr, 18:07:15 ... Chris_Pedigo, Aleecia, Lia, RichardWeaver, +1.917.974.aaff, justin, +1.609.258.aagg, Jonathan_Mayer, efelten_, hwest, +1.202.344.aahh, adrianba, Mike_Zaneis, Peder_Magee, 18:07:16 thanks 18:07:20 ... WileyS, +1.646.722.aaii, dsinger, +1.425.214.aajj, +1.425.455.aakk, +1.202.265.aall, Marc_G, +1.206.658.aamm, amyc?, Ted_Leung, +44.772.301.aann, +1.213.239.aaoo, schunter, 18:07:20 ... +1.917.318.aapp, Alan 18:07:20 -Lia 18:07:22 -Marc_G 18:07:22 -Fielding 18:07:24 - +44.772.301.aann 18:07:25 -npdoty 18:07:30 rrsagent, draft minutes 18:07:30 I have made the request to generate http://www.w3.org/2013/01/16-dnt-minutes.html npdoty 18:07:47 -JeffWilson 18:07:48 T&S_Track(dnt)12:00PM has ended 18:07:48 Attendees were BrendanIAB?, dwainberg, walter, +1.408.836.aaaa, Fielding, kulick, +31.65.141.aabb, +1.202.587.aacc, rvaneijk, moneill2, JeffWilson, Chris_IAB, vincent, npdoty, 18:07:48 ... Brooks, [Microsoft], schunter?, Susan_Israel, samsilberman, peterswire, [CDT], Keith_Scarborough, +1.202.331.aadd, +1.646.654.aaee, DAvid, hefferjr, Chris_Pedigo, Aleecia, Lia, 18:07:50 ... RichardWeaver, +1.917.974.aaff, justin, +1.609.258.aagg, Jonathan_Mayer, efelten_, hwest, +1.202.344.aahh, adrianba, Mike_Zaneis, Peder_Magee, WileyS, +1.646.722.aaii, dsinger, 18:07:50 ... +1.425.214.aajj, +1.425.455.aakk, +1.202.265.aall, Marc_G, +1.206.658.aamm, amyc?, Ted_Leung, +44.772.301.aann, +1.213.239.aaoo, schunter, +1.917.318.aapp, Alan 18:08:40 zakim, aapp is Chapell 18:08:40 sorry, Chapell, I do not recognize a party named 'aapp' 18:08:53 Peter? 18:09:14 Thanks - called in from mobil 18:10:30 rrsagent, bye 18:10:30 I see no action items 18:10:32 Zakim, bye