IRC log of dnte on 2013-02-11

Timestamps are in UTC.

18:17:28 [RRSAgent]
RRSAgent has joined #dnte
18:17:28 [RRSAgent]
logging to
18:18:33 [dwainberg]
dwainberg has joined #dnte
18:18:51 [rigo]
rigo has joined #dnte
18:21:57 [wseltzer]
wseltzer has joined #dnte
18:28:47 [fielding]
fielding has joined #dnte
18:35:09 [npdoty]
npdoty has joined #dnte
18:40:13 [RichardatcomScore_]
RichardatcomScore_ has joined #dnte
18:40:25 [hwest]
hwest has joined #dnte
18:40:39 [hwest]
Hey all - waiting on the phone connection before we get started
18:43:38 [hwest]
Anyone on the phone?
18:44:36 [tlr]
tlr has joined #dnte
18:44:45 [tlr]
zakim, call thomas-skype
18:44:45 [Zakim]
sorry, tlr, I don't know what conference this is
18:44:56 [tlr]
zakim, this will be conf5
18:44:56 [Zakim]
ok, tlr; I see Team_(dnte)18:30Z scheduled to start 14 minutes ago
18:44:59 [tlr]
zakim, who is on the phone?
18:44:59 [Zakim]
Team_(dnte)18:30Z has not yet started, tlr
18:45:00 [Zakim]
On IRC I see tlr, hwest, RichardatcomScore_, npdoty, fielding, wseltzer, rigo, RRSAgent, Zakim
18:45:04 [tlr]
zakim, call thomas-skype
18:45:04 [Zakim]
ok, tlr; the call is being made
18:45:06 [Zakim]
Team_(dnte)18:30Z has now started
18:45:06 [Zakim]
18:45:32 [tlr]
we can do skype if there's anybody remote.
18:45:37 [tlr]
Right now, I'm not sure there is anybody
18:46:38 [rigo]
RRSAgent, set log public
18:46:45 [rigo]
RRSAgent, pointer?
18:46:45 [RRSAgent]
18:47:02 [Zakim]
Team_(dnte)18:30Z has ended
18:47:03 [Zakim]
Attendees were Thomas
18:47:10 [rigo]
RvE: red orange and green logs
18:47:24 [tlr]
zakim, move TRACK to here
18:47:25 [Zakim]
ok, tlr; that matches Team_(dnt)15:30Z
18:47:29 [tlr]
zakim, who is on the phone?
18:47:29 [Zakim]
On the phone I see MIT-Star, Jonathan_Mayer
18:47:34 [rigo]
red have lots of identifying and precious information e.g. TomTom with geolocation stuff in it
18:47:51 [tlr]
tlr has changed the topic to: please use zakim code TRACK to dial into this room
18:48:25 [rigo]
in TomTom, they had id and changed it to pseudonymous ID within 24 hours you could translate and after 24 hours, they will break that link
18:48:45 [Zakim]
18:48:54 [rigo]
unlink data and maintain data that can be only de-identified on behavioral patterns
18:49:01 [Zakim]
18:49:04 [rigo]
so 1/ de-identification
18:49:20 [hwest]
Anyone on the phone?
18:49:21 [rigo]
2/ and manage the risk of re-identification
18:49:30 [rigo]
zakim, who is here?
18:49:30 [Zakim]
On the phone I see MIT-Star, Jonathan_Mayer
18:49:31 [Zakim]
On IRC I see tlr, hwest, RichardatcomScore_, npdoty, fielding, wseltzer, rigo, RRSAgent, Zakim
18:50:29 [rigo]
wanted to have speed average information in aggregate, did not want to throw data away
18:50:53 [Zakim]
18:50:54 [rigo]
SW: de-identification being bundled, technical operational and administrative
18:51:01 [Zakim]
18:51:42 [rigo]
18:52:32 [rigo]
RvE: de-identification by ?? In order to have it work. Can only work if the time the link is active is limited. To get from orange to green you have to de-link it
18:53:16 [rigo]
... if you want to list all the people used, it will get very difficult. Establish de-identification by throwing away the SALT
18:53:59 [rigo]
... wanted to proove that red-orange-green works well. Full URI == red
18:54:19 [rigo]
... URI + link to identifiable data == orange
18:54:31 [rigo]
... throw away the link == green
18:55:41 [rigo]
JeffWilson (JW): did you do final analysis and result
18:55:45 [Zakim]
18:56:00 [rigo]
RvE: did so after investigation, was able to quantify the risk, risk was low
18:56:11 [peterswire]
peterswire has joined #dnte
18:57:07 [peterswire]
rrsagent, make record world
19:00:58 [rigo]
SW: APEC most stringent things in Japan and South Korea. Most what we discuss would satisfy APEC
19:01:05 [rvaneijk]
rvaneijk has joined #dnte
19:02:17 [rigo]
RW: so finding consensus on something that satisfies Art. 29 would allow us to play everywhere
19:02:37 [rigo]
SW: yes, would have worded it differently, we have to try to find common ground
19:03:24 [rigo]
RvE: color scheme, green is mostly unintersting to DPA as normally also accompagnied with safeguards
19:04:07 [rigo]
HW: hashing throw away the SALT, how often should the SALT be rotated?
19:04:45 [rigo]
RvE: if you do not throw away the SALT, it remains in orange
19:05:21 [BillScannell____]
BillScannell____ has joined #dnte
19:05:30 [rigo]
SW: as soon as you break the SALT to chunks. In the chunks we do not want to be prescriptive.
19:05:41 [rigo]
RvE: agree, depends on the purposes of processing
19:10:37 [rigo]
RW: what does that mean?
19:11:17 [hwest]
Jeff: all contextual as to what the right period here would be or when something carries personal information
19:12:03 [rigo]
FW: only for permitted uses, we have already identified concrete purposes there. Can have different things. Web analytics could be days, some traffic measures need less
19:12:15 [peterswire]
peterswire has joined #dnte
19:12:34 [rigo]
HW: recapitulates discussion to peterswire
19:14:29 [rigo]
SW: we haven't created consensus on security. There we can not do de-identification. There retention periods are longer and not de-identify
19:15:05 [rigo]
... there you would rely on technical operational and administrative measures
19:17:30 [RichardatcomScore_]
rob: if you want to store data because you're worreid about click fraud
19:17:38 [RichardatcomScore_]
it would be good to just store the data you need
19:17:48 [RichardatcomScore_]
Rob: look at history of data retentio ndirective in EU
19:17:55 [RichardatcomScore_]
there was long discussion about what was necssary to retain
19:17:59 [RichardatcomScore_]
and it was separate from how long
19:18:19 [RichardatcomScore_]
rob the whole question of you acutally need to accomplish your goal is a relevant one
19:18:35 [RichardatcomScore_]
what i don;t hear in the dnt discussion often is taking account what i really need to acomplish that
19:18:50 [RichardatcomScore_]
Jeff: Rigo mentioned AOL data incident
19:18:56 [RichardatcomScore_]
there was small number of people xposed with a data set that large
19:19:04 [rigo]
RvE: Security is not a green card to do whatever. Clickfraud e.g. long discussion about data retention Directive showed that we needed for 6month - 3years. Relevant discussion. Real need and necessity for security data collection should be discussed
19:19:15 [RichardatcomScore_]
Even PHI released for public analsis and research is a higher treshold
19:19:34 [RichardatcomScore_]
I want to make sure that if we're saying that there is something to learn, that it was far under the radar
19:19:41 [RichardatcomScore_]
that should count as deidentified data.
19:19:58 [RichardatcomScore_]
Rigo - m,y point is procedural.
19:20:14 [RichardatcomScore_]
Theoretically in the fufutrre decrypting could take one sefcond
19:20:27 [RichardatcomScore_]
the standard we are doing can't provide this - we can only have a momentarily how to fix this for now
19:20:30 [RichardatcomScore_]
so that it's workable
19:20:36 [RichardatcomScore_]
because we are having in my opinion
19:20:47 [RichardatcomScore_]
we are sitting between 2 extremes - do nothing and run the cart in the wall
19:20:53 [RichardatcomScore_]
how do you do usable privacy with concrete technical hints
19:21:08 [RichardatcomScore_]
You need to go into the red-tape field and ask technicians
19:21:20 [RichardatcomScore_]
our client is the average website provider
19:21:22 [fwagner]
fwagner has joined #dnte
19:21:39 [RichardatcomScore_]
I'm concerned that we identify rules that requre certification, then that's the end of it
19:21:42 [RichardatcomScore_]
Shane - I agree
19:21:47 [RichardatcomScore_]
with that sentiment
19:21:51 [RichardatcomScore_]
deID is not a simnply problem.
19:22:12 [RichardatcomScore_]
All concepts of DeID - we have today's staet where there is none. Typically, small to medium size comapnies don't know what to do with that
19:22:22 [RichardatcomScore_]
They don't try to address the data
19:22:26 [RichardatcomScore_]
They probably don't even know what they have
19:22:43 [RichardatcomScore_]
Asking them to rotate keys, do admin controls, etc. - small companies won't know what dto do
19:22:50 [RichardatcomScore_]
They can just delete the data.
19:22:56 [RichardatcomScore_]
They can choose not ot implement DNT
19:23:02 [peterswire]
peterswire has joined #dnte
19:23:04 [RichardatcomScore_]
or I do think that this will spawn a new bujsiness and there will be fcompanies
19:23:14 [RichardatcomScore_]
that igve you a server plugin that will do deidentification for server users
19:23:21 [RichardatcomScore_]
I think it's iomportant to keep small and medium size businesses in mind
19:23:51 [RichardatcomScore_]
Rigo - we have a good ujnderstanding of what we could do
19:24:04 [RichardatcomScore_]
I would, on the risk of creating some kind of error, I would compare this to envrionemnt moment
19:24:09 [RichardatcomScore_]
where 30 years ago they were laughed at
19:24:14 [RichardatcomScore_]
and today this creates a billion dollar business.
19:24:27 [RichardatcomScore_]
If we are laying boudnaries for businesses, we should be aware of it. This should be workable for businesses.
19:24:43 [RichardatcomScore_]
Shane - we have Small Biz at Yahoo
19:24:50 [RichardatcomScore_]
we host hundreds of thousands of sites today
19:25:07 [RichardatcomScore_]
There are store systems, payment systems, etc.
19:25:29 [RichardatcomScore_]
Rigo - where is the pain point
19:25:36 [RichardatcomScore_]
Heather - The pain wil lbe around waht is appropriate
19:26:05 [RichardatcomScore_]
Let's note down that we have agreement on Rob's plan - w
19:26:12 [RichardatcomScore_]
we needto drill down on Rob's approach for three color plan
19:26:16 [RichardatcomScore_]
Heather - we need more context
19:26:27 [RichardatcomScore_]
Rigo - we can go to the main grroup about Rob's appraoch
19:26:42 [RichardatcomScore_]
We think this as an approach that coudl be supported
19:26:57 [RichardatcomScore_]
the trouble is now defining how the links would be cosntructed - how they would be thrown away.
19:27:03 [RichardatcomScore_]
How is the risk assesment done?
19:27:09 [RichardatcomScore_]
Heather - i would go further
19:27:21 [RichardatcomScore_]
For now, we can work with the hash, throw away the salt technical mechanism,
19:27:28 [RichardatcomScore_]
we shoujld talk about thje policy
19:27:49 [RichardatcomScore_]
Rigo - I am against that because once you get a tech solution that everyone agrees to, policy people will bicker and wash away the tech side
19:28:13 [RichardatcomScore_]
Heather - in my mind, we are here to ediscuss the policy stuff
19:28:18 [RichardatcomScore_]
talk through the definitions
19:28:28 [RichardatcomScore_]
'if we are going to address lifetime browisng histroy, then what is the policy that shoudl be implemented
19:28:39 [RichardatcomScore_]
Becaues otherwise, there will be differences
19:28:47 [RichardatcomScore_]
Rob - it's about accountability -
19:28:53 [rigo]
RvE: time is accountability
19:29:45 [RichardatcomScore_]
Shane - a lot of people see DeIDed and delinked to be the same
19:29:47 [rigo]
SW: don' t like colors, need new names
19:29:51 [RichardatcomScore_]
depends on your definitoion
19:30:03 [rigo]
=> discussion on names for the three buckets we have
19:30:06 [RichardatcomScore_]
Rob - there is a misconception in the US about what is anonymous and pseudonymous
19:30:28 [rigo]
RvE: we should not talk about anonymous/pseudonymous
19:30:36 [rigo]
stage 1 /2/ 3/
19:30:59 [rigo]
JW: raw, transition, de-identified
19:34:54 [rigo]
red == raw data
19:36:28 [rigo]
orange == obfuscated
19:37:45 [rigo]
green == de-identified (that includes de-identified event data and completely aggregated data)
19:38:20 [rigo]
orange still change
19:40:55 [rigo]
line between orange and green is whether it is still considered personal data anymore. If re-identification is too hard, it goes green
19:41:08 [schunter]
schunter has joined #dnte
19:42:16 [rigo]
red: all of data of red exists also in orange, replace all identifiers with a lookup table. In rotating hash with SALT as orange. You still have the knowledge of SALT and key. Can link in your domain
19:43:08 [hwest]
Ok, so raw event data -> managed data -> deidentified data
19:44:00 [rigo]
orange == managed data
19:48:16 [rigo]
managed data: all characteristics of raw plus some new
19:49:00 [Zakim]
19:49:43 [rigo]
JW: we could have permitted uses depending on what kind of data is the object. So Security should remain raw. Once it is managed, change requirements
19:50:03 [hwest]
Is anyone on the phone?
19:51:51 [rigo]
zakim, who is here?
19:51:51 [Zakim]
On the phone I see MIT-Star, [Nielsen]
19:51:53 [Zakim]
On IRC I see schunter, fwagner, BillScannell____, rvaneijk, tlr, hwest, RichardatcomScore_, npdoty, fielding, wseltzer, rigo, RRSAgent, Zakim
19:53:03 [rigo]
RvE: start with raw. managed, de-identified and then talk about permitted uses
19:53:17 [rigo]
rrsagent, please draft minutes
19:53:17 [RRSAgent]
I have made the request to generate rigo
19:54:05 [rvaneijk]
19:55:57 [hwest]
Rigo: Several axes - one is time and one is restrictions and one is sensitivity
19:56:07 [hwest]
Rigo: The more sensitive it is, the more restrictions we apply.
19:58:36 [rigo]
SW: managed means striping
19:58:48 [rigo]
RW: what stripping is not clear yet
20:00:06 [peterswire]
peterswire has joined #dnte
20:03:02 [rigo]
HW: some data will remain high level (gives scoring example)
20:03:18 [rigo]
RvE: this is augmentation of identity data
20:06:25 [rigo]
RW: We have a rather clear understanding of raw and de-identified, but we have a range of possibilities and hash them out
20:11:47 [rigo]
JW: orange data could be stripped to have it less rich than the raw data you got.
20:11:56 [rigo]
rrsagent, please draft minutes
20:11:56 [RRSAgent]
I have made the request to generate rigo
20:12:31 [fwagner]
fwagner has joined #dnte
20:17:02 [Zakim]
+ +1.215.480.aakk - is perhaps WaltM_Comcast
20:18:21 [Zakim]
20:18:53 [Zakim]
+ +1.215.480.aall - is perhaps WaltM_Comcast
20:19:39 [Zakim]
20:20:00 [Zakim]
20:20:14 [Zakim]
+ +1.215.480.aamm - is perhaps WaltM_Comcast
20:20:51 [Zakim]
Team_(dnt)15:30Z has been moved to #dnt by fielding
20:56:01 [peterswire]
peterswire has joined #dnte
20:57:51 [fwagner]
fwagner has joined #dnte
21:16:49 [schunter]
schunter has joined #dnte
21:33:15 [schunter]
schunter has joined #dnte
21:38:52 [tlr]
rrsagent, draft minutes
21:38:52 [RRSAgent]
I have made the request to generate tlr
21:54:27 [peterswire]
peterswire has joined #dnte
22:04:56 [schunter]
schunter has joined #dnte
22:06:36 [Zakim]
Zakim has left #dnte
22:13:33 [rigo]
rrsagent, bye
22:13:33 [RRSAgent]
I see no action items