18:17:15 RRSAgent has joined #dntc 18:17:15 logging to http://www.w3.org/2013/02/11-dntc-irc 18:17:17 ionel has joined #dntc 18:18:34 dsinger has joined #dntc 18:21:49 wseltzer has joined #dntc 18:23:05 ionel has joined #dntc 18:28:22 fielding has joined #dntc 18:28:34 WaltM_Comcast has joined #dntc 18:32:44 WaltM_Comcast has joined #DNTC 18:35:09 npdoty has joined #dntc 18:36:52 ionel has joined #dntc 18:38:53 dsinger has joined #dntc 18:40:29 adrianba has joined #dntc 18:40:35 zakim, who is on the phone? 18:40:35 sorry, adrianba, I don't know what conference this is 18:40:36 On IRC I see adrianba, dsinger, ionel, npdoty, WaltM_Comcast, fielding, wseltzer, RRSAgent, Zakim 18:40:37 DNT C is online on the phone. 18:40:43 zakim, this is 26633 18:40:44 ok, adrianba; that matches Team_(dntc)18:30Z 18:41:01 zakim, who is on the phone? 18:41:01 On the phone I see [Comcast]?, +1.617.324.aabb 18:41:06 zakim, who is on the phone? 18:41:06 On the phone I see [Comcast]?, +1.617.324.aabb 18:41:17 rrsagent, make minutes 18:41:17 I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba 18:41:40 zakim, aabb is statacenter 18:41:40 +statacenter; got it 18:41:42 rrsagent, make logs public 18:41:42 WaltM is Comcast 215-480-5838 18:42:12 zakim, [Comcast] is WaltM_Comcast 18:42:12 +WaltM_Comcast; got it 18:42:30 QUESTION 1: “Lifetime browsing history” is a phrase that is often used, but never defined clearly. What would LBH mean as a technical matter? 18:42:35 Scribe: adrianba 18:42:39 Lmastria_DAA has joined #dntc 18:43:33 rrsagent, make minutes 18:43:33 I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba 18:43:52 TOPIC: “Lifetime browsing history” is a phrase that is often used, but never defined clearly. What would LBH mean as a technical matter? 18:45:47 tlr has joined #dntc 18:46:48 we discuss background of 'buckets'... 18:47:09 Lmastria_DAA: for the 1024 case, we're talking about minimum number of people in a bucket 18:47:25 dsinger: so that the addition of one more piece of info doesn't identify the person 18:47:45 adrianba: so you would need 2000-ish people before you have more than one group 18:48:33 dsinger: there are some famous cases of problems with DeID 18:48:45 Lmastria_DAA: yes, but many of these examples were a long time ago 18:48:58 ... contractual constraints have been added often to stop this 18:49:18 ... one of the traps from the 1024 route is that it assumes there are no other constraints in place 18:49:47 ... if i give information to some company, what am I giving actually, and what are the safeguards for preventing non-authorised use of the information 18:49:57 ... 1024 doesn't address this 18:50:11 dsinger: okay, so let's look at Q1 18:50:44 dsinger: what does LBH mean as a technical matter 18:50:49 Lmastria_DAA: LBH of what? 18:50:59 ... of my browser? cellphone? person? 18:51:06 ... is it PII? 18:51:43 ... me vs. an IP address in some county 18:52:57 ... should be tied to use - it isn't only a technical matter 18:54:22 adrianba: is LBH the data we're trying to protect? 18:55:01 Lmastria_DAA: objectively, what is the thing we're trying to protect? 18:56:08 peterswire has joined #dntc 18:57:01 rrsagent, make record world 18:57:34 [general discussion about different kinds of risks - commercial, government] 18:58:52 dsinger: might someone be able to buy data about individuals? 18:58:57 Yianni has joined #dntc 18:59:19 Lmastria_DAA: providers of data for advertising provide instances of people in a particular category but not down to the individual level 19:00:18 Ionel: to be constructive - we either say we don't know what LBH is because we don't know what it is or come up with some answer and try to define it 19:00:40 ... we should be able to define as something like points of data across time - e.g. all the URIs a computer traverses across time 19:01:08 ... you put all this in a giant database, collect it, that's it 19:01:23 ... the issue is can you link it back to a person or is it just some unknown ID 19:01:41 mike: is this part of DeID? 19:01:46 Yianni: yes 19:02:39 rrsagent, make minutes 19:02:39 I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba 19:03:38 q? 19:04:04 Yianni: we need to consider all the risks - LBH has some risks, we identify the possible harm and try to mitigate it 19:04:25 BillScannell__ has joined #dntc 19:04:42 Ionel: with cookies being deleted, if someone tries to keep a LBH they will lose me 19:05:05 dsinger: i think you're optimistic about how easy it is to be forgotten 19:05:24 rrsagent, make minutes 19:05:24 I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba 19:07:00 Lmastria_DAA: advertisers need to scale - they don't target an ad at an individual 19:07:06 ... the use really matters 19:12:15 peterswire has joined #dntc 19:18:21 WaltM_Comcast has joined #dntc 19:18:26 TOPIC: In light of this definition what technical measures would suppress or delete LBH? 19:21:57 dsinger: LBH: Personally identifiable browsing history (URLs, search terms, etc.) that represents a 'reasonable portion' of that person's activity over a 'significant time'. 19:23:02 peterswire has joined #dntc 19:30:57 rrsagent, make minutes 19:30:57 I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba 19:34:08 ionel has joined #dntc 19:34:57 mike: we could put rules on browsers 19:35:06 Lmastria_DAA: that's not feasible 19:35:20 dsinger: browsers don't know what cookies are being used for 19:36:07 [discussion of alternative techniques for identification, contractual/best practice/etc safeguard measures] 19:39:38 [could configure browsers to not visit some sites] 19:39:57 [set limits on what and how long data is retained] 19:40:14 [set browsers to limit maximum cookie lifetimes] 19:40:38 rrsagent, make minutes 19:40:38 I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba 19:41:10 schunter has joined #dntc 19:44:40 [discussion of timeline for deletion] 19:48:04 TOPIC: Tying LBH to the previous group discussions of "buckets" or "low-entropy cookies", how can the latter continue while suppressing or deleting LBH 19:53:12 rrsagent, make minutes 19:53:12 I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba 19:54:38 [discussion that the URLs are useful to begin with but not later - can we put people in buckets after that time] 19:55:02 ionel has joined #dntc 19:55:37 TOPIC: Are there any compelling use cases for retaining detailed browsing history beyond a general time limit on retention? 19:57:46 dsinger: we already have permitted uses that say you only collect the data you need for the purposes you need and only for as long as needed for that purpose 19:57:51 ... this is already in the spec 19:57:57 [all agree] 19:58:18 TOPIC: If so, how would you limit those use cases consistent with the goals of (1) limiting LBH; while (2) enabling "buckets" or "low-entropy cookies"? 19:58:27 rrsagent, make minutes 19:58:27 I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba 19:59:08 Chair: dsinger 19:59:10 rrsagent, make minutes 19:59:10 I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html adrianba 20:00:06 peterswire has joined #dntc 20:13:07 ionel has joined #dntc 20:16:18 -statacenter 20:16:27 -WaltM_Comcast 20:16:29 Team_(dntc)18:30Z has ended 20:16:29 Attendees were +1.215.480.aaaa, +1.617.324.aabb, statacenter, WaltM_Comcast 20:24:36 dsinger has joined #dntc 20:33:19 ionel has joined #dntc 20:43:58 dsinger has joined #dntc 20:56:01 peterswire has joined #dntc 21:06:23 Zakim has left #dntc 21:09:05 dsinger has joined #dntc 21:16:49 schunter has joined #dntc 21:33:15 schunter has joined #dntc 21:38:44 rrsagent, draft minutes 21:38:44 I have made the request to generate http://www.w3.org/2013/02/11-dntc-minutes.html tlr 21:48:49 ionel has left #dntc 21:54:27 peterswire has joined #dntc 22:04:56 schunter has joined #dntc 22:19:38 dsinger has joined #dntc