See also: IRC log
<dsinger> DNT C is online on the phone.
<WaltM_Comcast> WaltM is Comcast 215-480-5838
<dsinger> QUESTION 1: “Lifetime browsing history” is a phrase that is often used, but never defined clearly. What would LBH mean as a technical matter?
<scribe> Scribe: adrianba
<dsinger> we discuss background of 'buckets'...
Lmastria_DAA: for the 1024 case, we're talking about minimum number of people in a bucket
dsinger: so that the addition of one more piece of info doesn't identify the person
adrianba: so you would need 2000-ish people before you have more than one group
dsinger: there are some famous cases of problems with DeID
Lmastria_DAA: yes, but many of
these examples were a long time ago
... contractual constraints have been added often to stop this
... one of the traps from the 1024 route is that it assumes there are no other constraints in place
... if i give information to some company, what am I giving actually, and what are the safeguards for preventing non-authorised use of the information
... 1024 doesn't address this
dsinger: okay, so let's look at
... what does LBH mean as a technical matter
Lmastria_DAA: LBH of what?
... of my browser? cellphone? person?
... is it PII?
... me vs. an IP address in some county
... should be tied to use - it isn't only a technical matter
adrianba: is LBH the data we're trying to protect?
Lmastria_DAA: objectively, what is the thing we're trying to protect?
[general discussion about different kinds of risks - commercial, government]
dsinger: might someone be able to buy data about individuals?
Lmastria_DAA: providers of data for advertising provide instances of people in a particular category but not down to the individual level
Ionel: to be constructive - we
either say we don't know what LBH is because we don't know what
it is or come up with some answer and try to define it
... we should be able to define as something like points of data across time - e.g. all the URIs a computer traverses across time
... you put all this in a giant database, collect it, that's it
... the issue is can you link it back to a person or is it just some unknown ID
mike: is this part of DeID?
... we need to consider all the risks - LBH has some risks, we identify the possible harm and try to mitigate it
Ionel: with cookies being deleted, if someone tries to keep a LBH they will lose me
dsinger: i think you're optimistic about how easy it is to be forgotten
Lmastria_DAA: advertisers need to
scale - they don't target an ad at an individual
... the use really matters
dsinger: LBH: Personally identifiable browsing history (URLs, search terms, etc.) that represents a 'reasonable portion' of that person's activity over a 'significant time'.
mike: we could put rules on browsers
Lmastria_DAA: that's not feasible
dsinger: browsers don't know what cookies are being used for
[discussion of alternative techniques for identification, contractual/best practice/etc safeguard measures]
[could configure browsers to not visit some sites]
[set limits on what and how long data is retained]
[set browsers to limit maximum cookie lifetimes]
[discussion of timeline for deletion]
[discussion that the URLs are useful to begin with but not later - can we put people in buckets after that time]
dsinger: we already have
permitted uses that say you only collect the data you need for
the purposes you need and only for as long as needed for that
... this is already in the spec
This is scribe.perl Revision: 1.137 of Date: 2012/09/20 20:19:01 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found Scribe: adrianba Inferring ScribeNick: adrianba Default Present: +1.215.480.aaaa, +1.617.324.aabb, statacenter, WaltM_Comcast Present: +1.215.480.aaaa +1.617.324.aabb statacenter WaltM_Comcast WARNING: No meeting title found! You should specify the meeting title like this: <dbooth> Meeting: Weekly Baking Club Meeting Got date from IRC log name: 11 Feb 2013 Guessing minutes URL: http://www.w3.org/2013/02/11-dntc-minutes.html People with action items:[End of scribe.perl diagnostic output]