IRC log of dntc on 2013-02-11

Timestamps are in UTC.

18:17:15 [RRSAgent]
RRSAgent has joined #dntc
18:17:15 [RRSAgent]
logging to http://www.w3.org/2013/02/11-dntc-irc
18:17:17 [ionel]
ionel has joined #dntc
18:18:34 [dsinger]
dsinger has joined #dntc
18:21:49 [wseltzer]
wseltzer has joined #dntc
18:23:05 [ionel]
ionel has joined #dntc
18:28:22 [fielding]
fielding has joined #dntc
18:28:34 [WaltM_Comcast]
WaltM_Comcast has joined #dntc
18:32:44 [WaltM_Comcast]
WaltM_Comcast has joined #DNTC
18:35:09 [npdoty]
npdoty has joined #dntc
18:36:52 [ionel]
ionel has joined #dntc
18:38:53 [dsinger]
dsinger has joined #dntc
18:40:29 [adrianba]
adrianba has joined #dntc
18:40:35 [adrianba]
zakim, who is on the phone?
18:40:35 [Zakim]
sorry, adrianba, I don't know what conference this is
18:40:36 [Zakim]
On IRC I see adrianba, dsinger, ionel, npdoty, WaltM_Comcast, fielding, wseltzer, RRSAgent, Zakim
18:40:37 [dsinger]
DNT C is online on the phone.
18:40:43 [adrianba]
zakim, this is 26633
18:40:44 [Zakim]
ok, adrianba; that matches Team_(dntc)18:30Z
18:41:01 [adrianba]
zakim, who is on the phone?
18:41:01 [Zakim]
On the phone I see [Comcast]?, +1.617.324.aabb
18:41:06 [dsinger]
zakim, who is on the phone?
18:41:06 [Zakim]
On the phone I see [Comcast]?, +1.617.324.aabb
18:41:17 [adrianba]
rrsagent, make minutes
18:41:17 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba
18:41:40 [dsinger]
zakim, aabb is statacenter
18:41:40 [Zakim]
+statacenter; got it
18:41:42 [adrianba]
rrsagent, make logs public
18:41:42 [WaltM_Comcast]
WaltM is Comcast 215-480-5838
18:42:12 [adrianba]
zakim, [Comcast] is WaltM_Comcast
18:42:12 [Zakim]
+WaltM_Comcast; got it
18:42:30 [dsinger]
QUESTION 1: “Lifetime browsing history” is a phrase that is often used, but never defined clearly. What would LBH mean as a technical matter?
18:42:35 [adrianba]
Scribe: adrianba
18:42:39 [Lmastria_DAA]
Lmastria_DAA has joined #dntc
18:43:33 [adrianba]
rrsagent, make minutes
18:43:33 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba
18:43:52 [adrianba]
TOPIC: “Lifetime browsing history” is a phrase that is often used, but never defined clearly. What would LBH mean as a technical matter?
18:45:47 [tlr]
tlr has joined #dntc
18:46:48 [dsinger]
we discuss background of 'buckets'...
18:47:09 [adrianba]
Lmastria_DAA: for the 1024 case, we're talking about minimum number of people in a bucket
18:47:25 [adrianba]
dsinger: so that the addition of one more piece of info doesn't identify the person
18:47:45 [adrianba]
adrianba: so you would need 2000-ish people before you have more than one group
18:48:33 [adrianba]
dsinger: there are some famous cases of problems with DeID
18:48:45 [adrianba]
Lmastria_DAA: yes, but many of these examples were a long time ago
18:48:58 [adrianba]
... contractual constraints have been added often to stop this
18:49:18 [adrianba]
... one of the traps from the 1024 route is that it assumes there are no other constraints in place
18:49:47 [adrianba]
... if i give information to some company, what am I giving actually, and what are the safeguards for preventing non-authorised use of the information
18:49:57 [adrianba]
... 1024 doesn't address this
18:50:11 [adrianba]
dsinger: okay, so let's look at Q1
18:50:44 [adrianba]
dsinger: what does LBH mean as a technical matter
18:50:49 [adrianba]
Lmastria_DAA: LBH of what?
18:50:59 [adrianba]
... of my browser? cellphone? person?
18:51:06 [adrianba]
... is it PII?
18:51:43 [adrianba]
... me vs. an IP address in some county
18:52:57 [adrianba]
... should be tied to use - it isn't only a technical matter
18:54:22 [adrianba]
adrianba: is LBH the data we're trying to protect?
18:55:01 [adrianba]
Lmastria_DAA: objectively, what is the thing we're trying to protect?
18:56:08 [peterswire]
peterswire has joined #dntc
18:57:01 [peterswire]
rrsagent, make record world
18:57:34 [adrianba]
[general discussion about different kinds of risks - commercial, government]
18:58:52 [adrianba]
dsinger: might someone be able to buy data about individuals?
18:58:57 [Yianni]
Yianni has joined #dntc
18:59:19 [adrianba]
Lmastria_DAA: providers of data for advertising provide instances of people in a particular category but not down to the individual level
19:00:18 [adrianba]
Ionel: to be constructive - we either say we don't know what LBH is because we don't know what it is or come up with some answer and try to define it
19:00:40 [adrianba]
... we should be able to define as something like points of data across time - e.g. all the URIs a computer traverses across time
19:01:08 [adrianba]
... you put all this in a giant database, collect it, that's it
19:01:23 [adrianba]
... the issue is can you link it back to a person or is it just some unknown ID
19:01:41 [adrianba]
mike: is this part of DeID?
19:01:46 [adrianba]
Yianni: yes
19:02:39 [adrianba]
rrsagent, make minutes
19:02:39 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba
19:03:38 [dsinger]
q?
19:04:04 [adrianba]
Yianni: we need to consider all the risks - LBH has some risks, we identify the possible harm and try to mitigate it
19:04:25 [BillScannell__]
BillScannell__ has joined #dntc
19:04:42 [adrianba]
Ionel: with cookies being deleted, if someone tries to keep a LBH they will lose me
19:05:05 [adrianba]
dsinger: i think you're optimistic about how easy it is to be forgotten
19:05:24 [adrianba]
rrsagent, make minutes
19:05:24 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba
19:07:00 [adrianba]
Lmastria_DAA: advertisers need to scale - they don't target an ad at an individual
19:07:06 [adrianba]
... the use really matters
19:12:15 [peterswire]
peterswire has joined #dntc
19:18:21 [WaltM_Comcast]
WaltM_Comcast has joined #dntc
19:18:26 [adrianba]
TOPIC: In light of this definition what technical measures would suppress or delete LBH?
19:21:57 [adrianba]
dsinger: LBH: Personally identifiable browsing history (URLs, search terms, etc.) that represents a 'reasonable portion' of that person's activity over a 'significant time'.
19:23:02 [peterswire]
peterswire has joined #dntc
19:30:57 [adrianba]
rrsagent, make minutes
19:30:57 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba
19:34:08 [ionel]
ionel has joined #dntc
19:34:57 [adrianba]
mike: we could put rules on browsers
19:35:06 [adrianba]
Lmastria_DAA: that's not feasible
19:35:20 [adrianba]
dsinger: browsers don't know what cookies are being used for
19:36:07 [adrianba]
[discussion of alternative techniques for identification, contractual/best practice/etc safeguard measures]
19:39:38 [adrianba]
[could configure browsers to not visit some sites]
19:39:57 [adrianba]
[set limits on what and how long data is retained]
19:40:14 [adrianba]
[set browsers to limit maximum cookie lifetimes]
19:40:38 [adrianba]
rrsagent, make minutes
19:40:38 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba
19:41:10 [schunter]
schunter has joined #dntc
19:44:40 [adrianba]
[discussion of timeline for deletion]
19:48:04 [adrianba]
TOPIC: Tying LBH to the previous group discussions of "buckets" or "low-entropy cookies", how can the latter continue while suppressing or deleting LBH
19:53:12 [adrianba]
rrsagent, make minutes
19:53:12 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba
19:54:38 [adrianba]
[discussion that the URLs are useful to begin with but not later - can we put people in buckets after that time]
19:55:02 [ionel]
ionel has joined #dntc
19:55:37 [adrianba]
TOPIC: Are there any compelling use cases for retaining detailed browsing history beyond a general time limit on retention?
19:57:46 [adrianba]
dsinger: we already have permitted uses that say you only collect the data you need for the purposes you need and only for as long as needed for that purpose
19:57:51 [adrianba]
... this is already in the spec
19:57:57 [adrianba]
[all agree]
19:58:18 [adrianba]
TOPIC: If so, how would you limit those use cases consistent with the goals of (1) limiting LBH; while (2) enabling "buckets" or "low-entropy cookies"?
19:58:27 [adrianba]
rrsagent, make minutes
19:58:27 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba
19:59:08 [adrianba]
Chair: dsinger
19:59:10 [adrianba]
rrsagent, make minutes
19:59:10 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba
20:00:06 [peterswire]
peterswire has joined #dntc
20:13:07 [ionel]
ionel has joined #dntc
20:16:18 [Zakim]
-statacenter
20:16:27 [Zakim]
-WaltM_Comcast
20:16:29 [Zakim]
Team_(dntc)18:30Z has ended
20:16:29 [Zakim]
Attendees were +1.215.480.aaaa, +1.617.324.aabb, statacenter, WaltM_Comcast
20:24:36 [dsinger]
dsinger has joined #dntc
20:33:19 [ionel]
ionel has joined #dntc
20:43:58 [dsinger]
dsinger has joined #dntc
20:56:01 [peterswire]
peterswire has joined #dntc
21:06:23 [Zakim]
Zakim has left #dntc
21:09:05 [dsinger]
dsinger has joined #dntc
21:16:49 [schunter]
schunter has joined #dntc
21:33:15 [schunter]
schunter has joined #dntc
21:38:44 [tlr]
rrsagent, draft minutes
21:38:44 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html tlr
21:48:49 [ionel]
ionel has left #dntc
21:54:27 [peterswire]
peterswire has joined #dntc
22:04:56 [schunter]
schunter has joined #dntc
22:19:38 [dsinger]
dsinger has joined #dntc