IRC log of dnt on 2013-02-12

Timestamps are in UTC.

00:31:08 [dsinger]
dsinger has joined #dnt
02:22:46 [npdoty]
npdoty has joined #dnt
03:52:43 [schunter]
schunter has joined #dnt
10:27:08 [Zakim]
Zakim has left #dnt
11:45:39 [schunter]
schunter has joined #dnt
11:49:57 [fwagner]
fwagner has joined #dnt
12:52:57 [schunter1]
schunter1 has joined #dnt
13:25:36 [schunter]
schunter has joined #dnt
13:26:56 [vincent]
vincent has joined #dnt
13:28:14 [vincent]
vincent has joined #dnt
13:30:59 [adrianba]
adrianba has joined #dnt
13:33:54 [schunter]
schunter has joined #dnt
13:35:00 [Chris_IAB]
Chris_IAB has joined #dnt
13:41:30 [efelten]
efelten has joined #dnt
13:45:59 [vincent]
vincent has joined #dnt
13:47:52 [dsinger]
dsinger has joined #dnt
13:51:57 [LMastriaDAA]
LMastriaDAA has joined #dnt
13:54:48 [npdoty]
npdoty has joined #dnt
13:55:23 [Zakim]
Zakim has joined #dnt
13:55:49 [npdoty]
Zakim, this will be 87225
13:55:50 [Zakim]
ok, npdoty; I see Team_(dnt)13:55Z scheduled to start now
13:56:02 [BrianHuseman]
BrianHuseman has joined #dnt
13:56:19 [npdoty]
Zakim, code?
13:56:19 [Zakim]
the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), npdoty
13:56:43 [Zakim]
Team_(dnt)13:55Z has now started
13:56:50 [Zakim]
+BrianHuseman
13:56:58 [haakonfb]
haakonfb has joined #dnt
13:58:29 [Zakim]
+tlr
13:58:34 [johnsimpson]
johnsimpson has joined #dnt
13:59:32 [robsherman]
robsherman has joined #dnt
13:59:44 [Zakim]
-tlr
13:59:45 [Zakim]
+kulick
14:00:07 [Zakim]
+MIT-Star
14:00:24 [Zakim]
+johnsimpson
14:00:34 [npdoty]
microphones should be working to people on the phone, but we can't hear you yet, til I fix our speakers
14:00:47 [npdoty]
rrsagent, make logs public
14:00:48 [Zakim]
+vincent
14:00:50 [Zakim]
-kulick
14:01:04 [vincent]
zakim, mute me
14:01:04 [Zakim]
vincent should now be muted
14:01:14 [johnsimpson]
zakim, mute me
14:01:14 [Zakim]
johnsimpson should now be muted
14:01:17 [Zakim]
+kulick
14:02:19 [Zakim]
+yianni
14:03:51 [BerinSzoka]
BerinSzoka has joined #DNT
14:05:27 [Zakim]
+Aleecia
14:05:42 [vincent]
yes, can hear you
14:05:47 [johnsimpson]
nick I can hear you
14:06:54 [BerinSzoka]
code for the phone is 87225# right? anyone else having a problem signing onto the conference bridge?
14:07:07 [BrianHuseman]
i'm on phone
14:07:11 [vincent]
yes that's the code BerinSzoka
14:07:18 [vincent]
it worked for me
14:07:21 [Zakim]
+vinay
14:07:26 [BerinSzoka]
weird--I tried a few times...
14:07:28 [vinay]
vinay has joined #dnt
14:07:45 [David_Stark]
David_Stark has joined #dnt
14:07:47 [BrianHuseman]
+1.617.761.6200, conference code TRACK (87225)
14:07:59 [ashkan]
ashkan has joined #dnt
14:08:33 [Chris_IAB]
Chris Mejia of IAB joining in person
14:08:47 [npdoty]
Zakim, who is on the phone?
14:08:47 [Zakim]
On the phone I see BrianHuseman, MIT-Star, johnsimpson (muted), vincent (muted), kulick, yianni, Aleecia, vinay
14:09:26 [johnsimpson]
we hear you
14:09:35 [Zakim]
+ +1.202.656.aaaa
14:09:39 [aleecia]
aleecia has joined #dnt
14:09:53 [rvaneijk]
rvaneijk has joined #dnt
14:10:27 [hwest_]
hwest_ has joined #dnt
14:10:44 [hwest_]
hwest_ has joined #dnt
14:11:08 [aleecia]
Are mics in good use?
14:11:10 [justin]
justin has joined #dnt
14:11:13 [johnsimpson]
Is some on the telephone not muted?
14:11:22 [aleecia]
zakim, who is making noise?
14:11:22 [justin]
zakim, who is making noise?
14:11:33 [Zakim]
aleecia, listening for 10 seconds I heard sound from the following: MIT-Star (80%)
14:11:38 [Joanne]
Joanne has joined #DNT
14:11:38 [aleecia]
Sigh.
14:11:41 [johnsimpson]
hearing terrible background noise is there an open mic and someone typing?
14:11:43 [Zakim]
justin, listening for 10 seconds I heard sound from the following: MIT-Star (69%)
14:11:52 [aleecia]
And cannot hear Ed if he's speaking
14:12:03 [johnsimpson]
horrible line
14:12:06 [justin]
Ed's slides: https://www.dropbox.com/s/klyhmpc91bxbv84/Unlinkability%20Boston.pdf
14:12:09 [justin]
Ed is not speaking yet.
14:12:12 [aleecia]
Just went dead?
14:12:15 [johnsimpson]
now hearing nothing
14:12:16 [RichardatcomScore]
RichardatcomScore has joined #dnt
14:12:25 [aleecia]
Zakim thinks the line is up
14:12:30 [aleecia]
Ah. And unmuted.
14:12:57 [aleecia]
Then this is a good time to debug...
14:13:08 [johnsimpson]
terrible connection
14:13:17 [vincent]
sounds like someone his using his phone like a hammer
14:13:25 [dwainber_]
dwainber_ has joined #dnt
14:13:34 [aleecia]
Thank you, Nick
14:14:24 [Marc_]
Marc_ has joined #dnt
14:14:34 [jeffwilson]
jeffwilson has joined #dnt
14:14:34 [peterswire]
peterswire has joined #dnt
14:15:12 [johnsimpson]
hear peter
14:15:21 [susanisrael]
susanisrael has joined #dnt
14:15:35 [Joanne]
having trouble getting on the line
14:15:45 [BerinSzoka]
Me too, Joanne
14:15:49 [johnsimpson]
I can hear better
14:15:51 [aleecia]
Keep trying; I needed a few rounds but it worked
14:15:55 [BerinSzoka]
couldn't do it. been on hold for an operator for 10 minutes
14:16:04 [aleecia]
Call back in?
14:16:15 [BerinSzoka]
I tried 5 times
14:16:19 [johnsimpson]
sound seems to be working
14:16:21 [aleecia]
Oooof
14:16:41 [Zakim]
+Jonathan_Mayer
14:16:52 [jmayer]
jmayer has joined #dnt
14:17:00 [schunter]
schunter has joined #dnt
14:17:22 [aleecia]
hearing
14:17:34 [aleecia]
scribe?
14:17:37 [peterswire]
folks on the phone, we are working on the tech problems
14:17:42 [aleecia]
(not in - don't hear that well)
14:18:01 [ionel]
ionel has joined #dnt
14:18:04 [Zakim]
+Joanne
14:18:05 [peterswire]
question to those on the phone -- volume ok from thomas now
14:18:10 [peterswire]
that was a question
14:18:11 [vinay]
yep
14:18:12 [aleecia]
fine, thnaks
14:18:14 [Yianni]
Yianni has joined #DNT
14:18:23 [aleecia]
Peter, do we have a scribe?
14:18:23 [johnsimpson]
yes
14:18:35 [peterswire]
yianni is preparing to scribe
14:18:36 [johnsimpson]
that was yes on sound
14:18:37 [Yianni]
scribe: Yianni
14:18:46 [aleecia]
thank you
14:18:55 [npdoty]
scribenick: Yianni
14:18:58 [Yianni]
Thomas: You should all know that this is all an ongoing process
14:19:12 [Yianni]
...the concept of pseudonymous data
14:19:20 [Yianni]
...In germany, we have 2 types of data
14:19:21 [justin]
Thomas's slides: https://www.dropbox.com/s/klyhmpc91bxbv84/Unlinkability%20Boston.pdf
14:19:27 [Yianni]
...anonymous data and personal data
14:19:30 [justin]
He's on 2 now.
14:19:33 [vincent]
thanks, justin
14:19:40 [Yianni]
...pseudonymous data is still personal data but it is treated in a different manner
14:19:55 [vincent]
these are Ed Felten slides no?
14:20:01 [Yianni]
...anonymous data is not unique or tied to a specific person
14:20:02 [Zakim]
+tlr
14:20:09 [Zakim]
-tlr
14:20:13 [npdoty]
slides are here: http://www.w3.org/2011/tracking-protection/mit/bvdw_w3c_pseud-data_20130211.pptx.pdf
14:20:17 [Yianni]
...reading from the quote
14:20:30 [npdoty]
(linked from the agenda and the group home page)
14:20:35 [Yianni]
...if you not able to link to a person or indirectly link, you are out of scope
14:20:42 [Yianni]
...if you are able to link, you are in scope
14:20:43 [vincent]
thanks nick
14:20:56 [BillScannell]
BillScannell has joined #dnt
14:20:58 [WaltM_Comcast]
WaltM_Comcast has joined #DNT
14:20:58 [moneill2]
moneill2 has joined #dnt
14:21:06 [Yianni]
...personal data is information associated with an actual person
14:21:15 [Yianni]
...reading the definition from slides of personal data
14:21:33 [Yianni]
...the German government years ago recognized a grey zone, something in the middle
14:21:36 [schunter]
schunter has joined #dnt
14:21:40 [Yianni]
...that is the concept of pseudonymous data
14:21:57 [Yianni]
...a cookie can be identified with a device
14:22:04 [Yianni]
...but not tied to a known individual
14:22:14 [Yianni]
...different between US and German data
14:22:23 [Yianni]
...this data cannot be treated as anonymous
14:22:31 [Paul_G]
Paul_G has joined #dnt
14:22:59 [johnsimpson]
what slide are we on?
14:23:07 [vincent]
slide 8
14:23:09 [moneill2]
hhGerman Telemedia Law http://www.cgerli.org/fileadmin/user_upload/interne_Dokumente/Legislation/Telemedia_Act__TMA_.pdf
14:23:17 [Yianni]
...replace subjects name with other identifying feature to make impossible or extremely difficult to re-identify
14:23:32 [Yianni]
...are processes by digital advertising business making it impossible
14:23:42 [Yianni]
...huge debate around IP address, whether they are personal or not
14:23:58 [Yianni]
...there are processes rendering IP address anonymous
14:24:12 [BrianHuseman]
BrianHuseman has joined #dnt
14:24:19 [vincent]
slide 9 now I guess
14:24:24 [Yianni]
...German telemdia act, reading from slide
14:24:55 [Yianni]
......yes slide 9
14:25:21 [Yianni]
...Data is not allowed to be linked back then it does not make sense
14:25:45 [Yianni]
...regarding DNT and the definition of tracking, this definition covers advertising, market research, and tele media
14:25:59 [Yianni]
...it is a very broad approach that we can offer services without ecplicit consent
14:26:07 [Yianni]
...if I feel harmed by the tracking, I can push back
14:26:18 [Yianni]
...anonymous data is not personal data, it is out of scope
14:26:26 [Zakim]
+BerinSzoka
14:26:40 [Yianni]
...pseudonymous data are personal data for the business holding the key
14:27:11 [Yianni]
...third party, such as a researcher, without access to the key, that is lawful processing of the data
14:27:34 [fwagner]
fwagner has joined #dnt
14:27:46 [vincent]
slide 12
14:27:52 [Yianni]
...pseudnymous service, normally 3rd parties, change IP address or cookie with random numbers
14:28:06 [Yianni]
...last stage, offering users the right to object
14:28:22 [Yianni]
...this is the process to change personal data to pseudonymous data, slide 13
14:28:30 [Yianni]
...in German law it is a risk based approach
14:29:04 [Yianni]
...German law with attention to market research and marketing, not practical to treat session data like health data
14:29:07 [Zakim]
+Dan_Auerbach
14:29:22 [Yianni]
...it is difficult for companies to get huge number of consent for advertising
14:29:29 [susanisrael]
slide 14
14:29:33 [Yianni]
...there is lawful data processing without expicit consent
14:29:56 [Yianni]
...we try to convince German government, that there is a huge opt out regime, and based on German law
14:30:29 [Yianni]
...Slide 15 - DNT unset reading from slide
14:30:54 [peterswire]
just to be sure -- any sound problem on the phone?
14:30:57 [Yianni]
...the concept of pseudonymous data, tracking in Germany is lawful
14:30:58 [dan_auerbach]
dan_auerbach has joined #dnt
14:31:09 [Yianni]
...for us DNT unset leads to more flexibility
14:31:09 [vincent]
no peter, sound is fine for me
14:31:13 [Yianni]
...in the advertising market
14:31:42 [aleecia]
It's ok
14:31:59 [aleecia]
Must be Rob speaking?
14:32:01 [kulick]
kulick has joined #dnt
14:32:03 [Yianni]
Rob: this fits in well with the exercise we did yesterday
14:32:19 [Yianni]
...the directive is very clear and is usually left out of discussion
14:32:22 [peterswire]
rob van eijk
14:32:29 [peterswire]
q?
14:32:32 [Yianni]
...it is not just limited to data controller, it is limited to any other person
14:32:50 [Yianni]
...if police can use pseudonymous identifier because they are a subject, and they can identify then it is still personal data
14:33:05 [Yianni]
...pseudonymous data is not anonynous data, so data protection laws still apply
14:33:25 [Yianni]
...do not agree that pseudonymous data is a subset of personal data
14:33:33 [Yianni]
...it is a third subset of data
14:33:43 [Marc_]
q
14:33:47 [Yianni]
...if you go through the effort of de-identified the data, you are not done
14:33:56 [Yianni]
...you still need to manage the risk of re-identification
14:34:20 [Yianni]
...do to changes of technology, you need to organize your busienss process to continuously measure risk
14:34:35 [Yianni]
...if you are using pseudonymous data for OBA, explicit consent is still needed
14:34:48 [peterswire]
q?
14:34:58 [Yianni]
...notice and choice principle
14:35:10 [Yianni]
...we are making the concept of consent even stronger
14:35:20 [peterswire]
in Q, chris mejia is first, marc groman is second; I will ask Thomas to respond to Rob before those
14:35:31 [Yianni]
...leaves the task that maybe in some cases there is the ability to have anonymous data and still use the data
14:35:51 [Yianni]
...yesterday we used different words, red is highly detailed and identified
14:35:59 [Yianni]
...in orange you take steps to de-identify
14:36:15 [npdoty]
q+ chris_iab
14:36:17 [Yianni]
...in green, you ensure that data cannot be linked, throw away the key
14:36:19 [npdoty]
q+ marc
14:36:24 [Paul_G]
Paul_G has joined #dnt
14:36:26 [Yianni]
...at that moment it become anonymized
14:36:32 [Wileys]
Wileys has joined #dnt
14:36:40 [Yianni]
...the definition of identifiability, the burden is not on the controller
14:36:48 [Yianni]
...if anyone else can identify, it is personal data
14:37:03 [Yianni]
Thomas: Yes it is a process of pseudonymization
14:37:10 [Yianni]
...at the end you have pseudonymous data
14:37:52 [Yianni]
...DPA oppinions, the federal data protection authority that you need to implement in German tele media act
14:38:05 [Yianni]
...in Regulation that this proposal might have a good chance in regulation
14:38:23 [Yianni]
...it is ongoing discussion, 3 out of 4 reports contain the idea of pseudonymous data
14:38:34 [Yianni]
...we are trying to stregthen concept of consent
14:39:00 [fwagner]
q+
14:39:05 [Yianni]
Peter: part of why this is relevant is not because Europe is a big market
14:39:30 [Yianni]
...it is also important that when regulation goes forward is that 3rd parties gathering data would be expected to follow the rules of the regulation
14:39:47 [Yianni]
...if you are a 3rd party on a site serving Europeans, you would have to follow regulation
14:39:56 [Yianni]
...no distinction between 1st party and 3rd party
14:40:01 [Yianni]
...this is a reality that may be coming
14:40:16 [Wileys]
q+
14:40:31 [Yianni]
Chrs: how do you view DNT signal when it is set on by default, IE 10
14:40:42 [Yianni]
Thomas: for user choice, default settings are not appropriate
14:40:45 [npdoty]
ack chris_iab
14:40:47 [Zakim]
+[IPcaller]
14:40:48 [Yianni]
...default settings are not the way to go
14:40:53 [Walter]
zakim, ipcaller is walter
14:40:53 [Zakim]
+walter; got it
14:40:55 [Yianni]
...we must offer a proper choice for consumers
14:41:04 [Yianni]
...we must be able to recognize the non-choice
14:41:11 [Yianni]
...the unset status is pretty important
14:41:35 [BerinSzoka]
a bit hard to hear
14:41:36 [Yianni]
Thomas: we are talking about global standardiztion
14:41:42 [Yianni]
...default settings in spec are not the way to go
14:41:50 [Yianni]
...it is not directly a market issue
14:41:55 [johnsimpson]
q?
14:42:06 [rvaneijk]
for OBA explicit consent is needed for a lawull processing, even in Germany.
14:42:08 [npdoty]
ack marc
14:42:19 [Yianni]
Marc: interplay between this law and EU data directive and e-privacy directive
14:42:31 [Yianni]
Thomas: EU law is complex, EU directive is a guidline
14:42:38 [peterswire]
kimono is in Q as well
14:42:41 [Yianni]
...governments must transpose guidlines into naitonal law
14:42:47 [johnsimpson]
q?
14:42:50 [justin]
q+ kimon
14:42:51 [Yianni]
...we have Germany who have pretty much done nothing
14:43:08 [Yianni]
...at the end a directive may lead to 27 different laws, more or less a guidance
14:43:15 [Yianni]
...the second kind of law is a regulation
14:43:26 [Yianni]
...a regulation is direct to all member sin EU
14:43:39 [Yianni]
...if you want lawful processing you need to look into national laws
14:43:52 [Yianni]
...if you have a sentence in directive or local law, you need to look at local law
14:44:12 [susanisrael]
* john simpson, I think they are not seeing you bc you have to say q+ not q?
14:44:12 [Yianni]
...if national governments decide not to implement, then it could become law (complex)
14:44:25 [Yianni]
...German has implemented e-privacy law
14:44:45 [Yianni]
...German government that explicit consent is required by personal data, already covered
14:44:58 [Yianni]
...the pseudonymous data is going beyond minimum set, so more than required
14:45:05 [peterswire]
q?
14:45:22 [johnsimpson]
thanks susan, I am saying q? because I want to see who is in the q. I'm not seeking to speak
14:45:24 [Yianni]
...so already under directive, German government decided not to change German tele media act
14:45:39 [Yianni]
Rob: it has become clear that Germany is very specific at the moment
14:45:48 [Yianni]
...still need to revise e-privacy directive
14:46:11 [Yianni]
...risk in following the situation in Germany as a general consensus
14:46:26 [Walter]
This reading of the privacy directive doesn't mesh well with current thinking among the DPAs on pseudonymous data
14:46:43 [Yianni]
Thomas: pseudonymous risk of uncertainty, but also a chance to show how flexible data protection law can be
14:47:06 [Yianni]
Frank: point on from practical side, users can opt out of OBA
14:47:28 [Yianni]
...this is being done by different organizations, look at slides from Berkeley workshop
14:47:42 [kimon]
kimon has joined #dnt
14:47:57 [rvaneijk]
german pseudonymous view presentef br mr Schauf leads to legal uncertainty, you cna not generalize this situaation. DPAs postion explicit consent is needed, as indicated in teh reveised e-priv directive that has not been transporsed yet in Germany.
14:48:02 [Yianni]
...in adition to opt out, do not track is in place, we need to expose DNT 1 and DNT 0
14:48:14 [Yianni]
...in addition we have opt out and DNT, from my practical view this will not work
14:48:23 [Wileys]
Q?
14:48:24 [peterswire]
q?
14:48:29 [npdoty]
ack fwagner
14:48:40 [Yianni]
Thomas: cookie opt out and cookie opt in, consent and not consent, it is a general question
14:48:49 [Yianni]
...this is not only a question with pseudonymous data
14:49:02 [Yianni]
...in the UK, the e-privacy directive word by word
14:49:14 [Yianni]
...UK data protection authorities used implied consent
14:49:28 [Yianni]
...similar to give user notice with more information then user can decide what to do
14:49:38 [Yianni]
...need to be open about what spec document we send in the world
14:49:40 [Paul_G]
Paul_G has joined #dnt
14:49:55 [Yianni]
...make sure the interest of natural person is not harmed
14:50:05 [Yianni]
...95% of users who do not know what work is being done
14:50:22 [Yianni]
...need to inform them when data is stored, give them the information then they can safeguard there rights
14:50:27 [Yianni]
...consent is not the only way to go
14:50:43 [BerinSzoka]
folks the german speakers have been hard to follow on the phone
14:50:56 [Chapell]
Chapell has joined #DNT
14:51:00 [kj]
kj has joined #dnt
14:51:06 [rvaneijk]
q+
14:51:30 [jeffwilson]
wileys: data protection regulation formally introduces pseud ids
14:51:31 [Yianni]
scribenick: jeffwilson
14:51:38 [jeffwilson]
concept will likely surive
14:51:58 [jeffwilson]
we'll be discussing going forward, what value it provides consumers and businesses
14:51:58 [aleecia]
scribenick: jeffwilson
14:52:06 [Walter]
q+
14:52:13 [justin]
ack wileys
14:52:14 [aleecia]
ack wileys
14:52:15 [justin]
ack kimon
14:52:22 [moneill2]
q
14:52:33 [peterswire]
q?
14:52:33 [jeffwilson]
kimon: there are a few things to keep in mind: eprivacy directive says you need consent to store data
14:52:39 [jeffwilson]
it is not tech neutral
14:53:11 [justin]
q+ moneill2
14:53:15 [fwagner]
from a practical view out of the german law environment an approach which means that dnt is used in addition to the the oba opt-out mechanism will increase complexity users have to deal with. From our perspective dnt should be used instead of the actual opt-out approach.
14:53:22 [rvaneijk]
art 5.3 in the e-Priv directive is technology netutral.
14:53:46 [jeffwilson]
it is a neutral assessment, we need to recognize that some countries see the req. as so strict that it would not fulfill the requiremetns of pseud data
14:53:55 [Wileys]
Frank, why not use both? DNT for de-identification of data records and opt-out for ceasation of profiling
14:54:06 [vincent]
ack rvaneijk
14:54:19 [jeffwilson]
rob: one of the slides shows that the situation that the processing of profiles without consent is permitted
14:54:28 [jeffwilson]
this falls into the category of personal data
14:54:42 [jeffwilson]
text of telemedia act says this is not allowed
14:55:03 [jeffwilson]
thomas: thats wrong - profiles can be created based on pseud data
14:55:20 [jeffwilson]
rob: usage profile is diffferent, i dont think the two concepts are the same
14:55:52 [jeffwilson]
thomas: if tracking personal data, need explicit consent, if pseud tracking, offer right to refuse but no explicit consent is needed
14:56:19 [rvaneijk]
q+
14:56:23 [peterswire]
q?
14:56:28 [jeffwilson]
mike oneill: "to the extent that the recipient of the service does not object" is the key text
14:56:37 [Marc_]
q
14:56:38 [peterswire]
walter will be next; on phone, correct?
14:56:55 [jeffwilson]
they still require consent, pseud data is personal data
14:56:56 [Walter]
peterswire: yes, correct
14:57:31 [jeffwilson]
thomas: text- " service provider most offer the right of refusal"
14:57:39 [Walter]
q-
14:57:49 [rvaneijk]
this is not the current status quo , the e-priv directive (revised version), states: after having been provide with clear and coprehencsive informatin.
14:58:03 [hefferjr]
hefferjr has joined #dnt
14:58:06 [rvaneijk]
This iss not an opinion, but a baseline vor lawfull processing
14:58:07 [jeffwilson]
definition of pseud data - opinions of differ between the committees
14:58:49 [jeffwilson]
marc groman: thanks for the pres, very interesting, i dont think anyone is saying theres a reducting in privacy, only the recognition of three types of data
14:59:08 [jeffwilson]
and the appropriate risks each bucket has
14:59:26 [rachel_thomas]
rachel_thomas has joined #dnt
14:59:40 [jeffwilson]
peter: wrapping us session, thanks thomas
14:59:59 [jeffwilson]
tim berners lee is in the room!
15:00:16 [rigo]
rigo has joined #dnt
15:00:41 [jeffwilson]
tim berners lee: thanks for coming, braving the snow, (lost mic)
15:01:17 [jeffwilson]
this is hard work, creating designs, etc is not where the glory is
15:01:45 [jeffwilson]
listening to opinions that are not consistent with yours is hard, requires mental effort, but is very important
15:02:12 [jeffwilson]
this is how we reach consensus, however
15:02:45 [jeffwilson]
one of the reasons w3c working groups work is there is a backdrop of assumptions that the participants have - world will be better for the work
15:03:34 [jeffwilson]
people using the web to inform themselves, learn, buy things, - the web will be better than it was before, w3c has never been a place for people that hold on to their own opinions
15:04:12 [jeffwilson]
we're here to work together and make progress, sacrifice is expected but appreciated.
15:04:22 [jeffwilson]
so thanks very much
15:04:32 [jeffwilson]
and thanks to peter
15:04:38 [jeffwilson]
massive thank you to all
15:05:18 [jeffwilson]
peter: question to tim - for people who havent been part of w3c before, how do participants overcome objections from companies
15:05:36 [jeffwilson]
tim: its a bit general, but every working group is different
15:06:02 [jeffwilson]
look at things like the history of CSS, HTML, SVG, etc - these things took a lot of time
15:06:40 [jeffwilson]
there is a common thread, that you are the interface bettween teh group and your company
15:07:16 [jeffwilson]
ways of getting people up to speed, ways of sharing techniques, and experiences - going back to you company
15:07:39 [jeffwilson]
and openign up the windows a bit to see what else is out there, where things are headed
15:08:21 [jeffwilson]
marc: regardin participation, we see huge companies - but what about the very small companies - small sites, pubishers, companies who dont have the same voice or influence
15:08:31 [jeffwilson]
tim: very good question - we must ask ourselves this constantly
15:08:50 [jeffwilson]
the longtail is important
15:09:23 [jeffwilson]
yes, we have a duty to put ourselves in the shoes of small companies, communities, ind. developers
15:10:09 [rigo]
rrsagent, pointer?
15:10:09 [RRSAgent]
See http://www.w3.org/2013/02/12-dnt-irc#T15-10-09
15:10:14 [jeffwilson]
it is important to support the people who are developing the open web, much of this you dont see
15:10:43 [jeffwilson]
we must make an effort to understand the needs and postions of all
15:11:02 [Walter]
sound is really poor now :-(
15:11:08 [jeffwilson]
lou: we represent companies that make content possible - how does w3c measure success?
15:11:36 [jeffwilson]
tim: certainly - does it get used? does it solve the problems/
15:11:43 [Wileys]
Deployment equals success - you heard it here.
15:11:50 [Zakim]
+BerinSzoka.a
15:11:57 [Zakim]
+ +1.202.639.aabb
15:12:03 [jeffwilson]
are the consumers much happier, and does it unleash the potential, etc.
15:12:03 [Zakim]
-BerinSzoka
15:12:09 [ionel]
ionel has joined #dnt
15:12:09 [mecallahan]
mecallahan has joined #dnt
15:12:42 [jeffwilson]
peter: thanks so very much, tim!
15:12:56 [jeffwilson]
we'll break for 5 minutes
15:13:19 [Zakim]
-Dan_Auerbach
15:13:23 [aleecia]
Peter's mic is live
15:13:24 [Zakim]
+hefferjr
15:14:50 [npdoty]
npdoty has joined #dnt
15:15:31 [Walter]
not anymore, I think
15:15:52 [Zakim]
+Dan_Auerbach
15:17:23 [ionel]
ionel has joined #dnt
15:17:44 [aleecia]
not so muted
15:20:31 [Zakim]
-Dan_Auerbach
15:23:20 [ionel]
ionel has joined #dnt
15:23:47 [Paul_G_]
Paul_G_ has joined #dnt
15:24:05 [jeffwilson]
peter: hello on the phone - about to start. we'll do 15-20 mins with ed then breakout to groups
15:24:12 [jeffwilson]
after q&a with ed
15:24:55 [jeffwilson]
ed felton: peter asked me to talk about unlinkability, what we've learned over the last decade with data science
15:25:03 [hwest]
hwest has joined #dnt
15:25:04 [npdoty]
s/felton/felten/
15:25:09 [peterswire]
sound check -- ok on the phone?
15:25:16 [jeffwilson]
need some definition of de-identified that is precise enough that it can be applied in practice
15:26:08 [jeffwilson]
the rationale for creating unlinkable data was to be able to override the users DNT choice
15:26:40 [jeffwilson]
it is a mistake to think of a one dimensional privacy space - need to consider both privacy and utility
15:27:07 [jmayer]
I believe Ed's point was that this is an area justified by very limited privacy risk. It isn't an area where we're balancing privacy and business.
15:27:14 [jeffwilson]
if we're not careful we can design a solution that offers neither privacy or utility
15:27:27 [jeffwilson]
so where should the trade off be?
15:27:46 [jeffwilson]
it turns out to be easier to quantify utility, hard to quantify privacy
15:27:59 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
15:28:14 [aleecia]
no mic = no sound on call
15:28:16 [jeffwilson]
slide 5 - what does it mean to be privacy perserving with regards to perfomring a data operation?
15:28:23 [BrianHuseman]
can't hear
15:28:31 [BillScannell]
BillScannell has joined #dnt
15:28:45 [aleecia]
nope
15:28:52 [peterswire]
ed will repeat the question
15:29:05 [Joanne]
can't hear anyone
15:29:16 [chapell]
chapell has joined #DNT
15:29:18 [hwest]
We can hear you guys!
15:29:18 [aleecia]
matthias must be asking an epic question :-)
15:29:34 [jeffwilson]
matthias: i like your slide, but its important to realize that there is another dimension in implementation
15:29:39 [hwest]
He's going to put the comment in IRC
15:29:42 [BerinSzoka]
we can hear Peter but only him
15:29:45 [aleecia]
thanks!
15:29:59 [aleecia]
s/Peter/Ed
15:30:07 [schunter]
My comment (unheard, sorry) was: An important third dimension is the effort to get close to the frontier.
15:30:08 [jeffwilson]
ed: more than 40 years of research, huge amount of work
15:30:18 [susanisrael]
susanisrael has joined #dnt
15:30:30 [jeffwilson]
intuition is an unreliable guide
15:30:53 [schunter]
The slide may look hilly at the frontier: While implementations far from the frontier are simple and efficient, getting onto the border may require large implementation effort.
15:31:14 [jeffwilson]
intuition says: if you are not in the dataset, then the data cannot inform anything about you
15:31:21 [jeffwilson]
e.g. are you a smoker?
15:31:30 [jeffwilson]
if so, then your cancer risk is higher
15:31:54 [jeffwilson]
even if you are not part of the original dataset
15:32:24 [jeffwilson]
intuition always says that aggregate data is always safe
15:32:48 [jeffwilson]
e.g. hunch.com - make recommendations based on correlations of things about you
15:33:17 [jeffwilson]
more than a million users were using hunch, but data was relinkable in several instances
15:33:40 [jeffwilson]
lost.fm and amazon had similar problems, but since been addressed
15:34:03 [jeffwilson]
what does it mean for a data operation to be privacy perserving?
15:34:40 [jeffwilson]
imagine a raw dataset with some sensitive data (peter swire example) - some portion is private, some public
15:35:23 [jeffwilson]
some frameworks are built on atomically sanitized queries/data
15:36:24 [jeffwilson]
some scenarios have analyst and raw data siloed, some are not, but what must be true to maintain the privacy perserving def
15:37:03 [jeffwilson]
for privacy perserving, need the following: feasable, techically actionable, does not ban all data release, implies some limit on data inference
15:37:16 [susanisrael]
susanisrael has joined #dnt
15:37:51 [jeffwilson]
rachel: from your earier comment regarding amazon, do you believe an inference is the same as knowing the actual behavior?
15:38:14 [npdoty]
npdoty has joined #dnt
15:38:36 [jeffwilson]
ed: no, what i meant to say was that members of the public can make inferences about other members
15:39:00 [jeffwilson]
rachel: well, that is not actual knowledge - just an inference. there's a difference when considering a need to limit
15:39:12 [jeffwilson]
ed: well, im not going to argue to epistimology
15:39:32 [dsinger]
dsinger has joined #dnt
15:39:40 [rvaneijk]
@RACHEL: if inferred data is used to base a decision upon you are treating a person differently.. !
15:39:49 [Wileys]
+q
15:39:50 [jeffwilson]
chris mejia: inferences are not the same as observations
15:39:50 [aleecia]
rob++
15:39:59 [rvaneijk]
q+
15:40:02 [aleecia]
but even without decisions...
15:40:04 [jeffwilson]
peter: let me see if i can clarify
15:40:21 [bryan]
bryan has joined #dnt
15:40:36 [jeffwilson]
sometimes we make observations, sometimes we make inferences, difference is likelihood
15:40:39 [dwainber_]
q+
15:40:46 [Walter]
Couldn't hear Rachel, her mike was off?
15:40:46 [johnsimpson]
Rachel needs to use the microphone, please!!
15:40:58 [vincent]
moneill2, are you still on the qureu from your previous question on German Telemedia act or is this a new one?
15:40:59 [jeffwilson]
inferences are probabalistic
15:41:02 [Zakim]
-BerinSzoka.a
15:41:07 [bryan]
a statistical inference is not an implication for user privacy; to know that smokers may get cancer says nothing about a user unless you *know* they smoke, thus is not a privacy concern
15:41:12 [bryan]
q+
15:41:17 [peterswire]
q?
15:41:25 [jeffwilson]
david singer: theres a huge difference between finding teh record and examining the record
15:41:54 [BerinSzoka]
Remember what Justice Kennedy wrote in the majority's decision in IMS Health v Sorrell, striking down Vermont's restriction on use of data about drugs doctors prescribe in marketing of drugs back to them: "Facts, after all, are the beginning point for much of the speech that is most essential to advance human knowledge and to conduct human affairs. There is thus a strong argument that prescriber-identifying information is speech for First Amendment pur[CUT]
15:42:08 [jeffwilson]
ed; amazon example showed that facts could be gleened from teh public inference data
15:42:21 [jeffwilson]
ed: must be some limit on what analyst can learn from the data
15:42:46 [rvaneijk]
q- see note above in the minutes addressed to Rachel
15:42:52 [rvaneijk]
q-
15:42:55 [jeffwilson]
goals are modest, but hard to achieve, and knew of no definition tha can satisfy all until 2006
15:43:10 [jeffwilson]
ed: k anon is an example that fails to meet the requirements
15:43:22 [BerinSzoka]
total silence on the phone
15:43:26 [Walter]
BerinSzoka: really, I wished there was a way for the USA to learn about the value of data protection without suffering a totalitarian regime such as the German nazis, but am afraid there isn't.
15:43:59 [Walter]
efelten: poorly
15:44:06 [Wileys]
Berin - others are saying they can hear Ed
15:44:07 [jeffwilson]
imagine you have a bucket of hiv pos individuals, regardless of size you can infer trait
15:44:29 [jeffwilson]
other problems, assumes tehre' s only one query ever
15:44:30 [BerinSzoka]
no can hear Ed
15:44:52 [aleecia]
#t
15:44:53 [jeffwilson]
two k anon datasets combined can and have produces privacy issues
15:44:54 [Walter]
Yes, it is much better now
15:44:55 [marc]
marc has joined #dnt
15:44:55 [justin]
q?
15:44:59 [BerinSzoka]
hey, Rigo, my grandparents grew up in Nazi Germany. it is very much the moral context I inherited
15:45:16 [Walter]
BerinSzoka: It wasn't Rigo who said that, but me
15:45:42 [aleecia]
may i politely request we drop the Berin bating on this particular one?
15:45:50 [Walter]
you may
15:45:56 [BerinSzoka]
second
15:45:57 [aleecia]
thank you.
15:46:18 [jeffwilson]
dalenius' goal - what analyst learns about you (side info + answers) is essentially the same as (side info only)
15:46:33 [jmayer]
q+
15:46:37 [jeffwilson]
diffferential privacy is only one that meets all four criteria
15:46:48 [susanisrael]
q+
15:46:52 [Richard_comScore]
Richard_comScore has joined #dnt
15:47:16 [jeffwilson]
means that same answer is achieved regardless of whether or not the subject is in the dataset or not
15:47:30 [peterswire]
for the q, is everyone still requesting to speak, or were these from earlier?
15:47:53 [Zakim]
+BerinSzoka
15:48:06 [jeffwilson]
your participation / presence in the data is irrelevant. can also adust "leakage" level to trade privacy vs. utility
15:48:18 [susanisrael]
peter, i would still like to speak when ed is done
15:48:46 [rvaneijk_]
rvaneijk_ has joined #dnt
15:48:50 [jeffwilson]
enables mutiple queries, interactions. not affected by side information - entirely safe to enhace
15:48:55 [vincent]
I think moneill2 is from the previous session, others are requesting to speak
15:49:04 [Wileys]
Peter - yes
15:49:19 [jeffwilson]
enhance the data, "go wild" - it wont impact the privacy
15:49:20 [peterswire]
susan and shane -- I see your reconfirmation
15:49:46 [marc]
marc has joined #dnt
15:49:54 [jeffwilson]
there are known methods to archieve DP for aggregate counting queries
15:50:15 [adrianba_]
adrianba_ has joined #dnt
15:50:39 [jeffwilson]
peter: re: hashing - what are the attacks?
15:50:59 [jeffwilson]
complex issue - individual methods can be good or bad
15:51:01 [moneill2]
moneill2 has joined #dnt
15:51:11 [jeffwilson]
replacing identifiers doesn't always help
15:51:33 [jeffwilson]
(ed's reponse)
15:51:38 [LMastriaDAA]
q+
15:51:49 [jeffwilson]
peter: what about wriiing code to break hasing schemes?
15:52:15 [jeffwilson]
ed: suppose you have an identifier, such as a phone number - this fails to a simple dictionary attack
15:52:25 [Wileys]
Wileys has joined #dnt
15:52:26 [rvaneijk_]
hashing does not lead to anonymization , because the one that hashed knows the algorit and the salt. The hash is reproducable.
15:52:32 [Walter]
microphones please!
15:52:40 [Walter]
and who is speaking now?
15:52:41 [jeffwilson]
shane: you still need to know the key/salt
15:52:53 [peterswire]
q?
15:53:06 [jeffwilson]
there is no brute force dictionary method if you don't know the salt
15:53:18 [jeffwilson]
ed; can be complicated depending on whether or not keys are managed properly
15:53:28 [jmayer]
If there's a salt or key, there are key management and oracle problems.
15:53:35 [BerinSzoka]
+q
15:53:40 [rvaneijk_]
salted hashing is not relevant if you want to accomplish the goal of trying to anonymize the data . The ONLY thing that is going to help you is break the LINKABILITY.
15:53:50 [jeffwilson]
even with rotating keys it can be done improperly
15:53:58 [jmayer]
And, as Ed and Rob just noted, that does nothing about linkability.
15:54:07 [jeffwilson]
peter: going to queue
15:54:27 [dwainber_]
q?
15:54:54 [marc]
I think we should continue this discussion and not break out into groups yet
15:55:10 [jeffwilson]
susan: i realized that our difference might be different with regards to privacy and de-id, your assumption about possessing info about anyone might be an invasion of privacy
15:55:17 [jmayer]
...is there a technical question here?
15:55:18 [peterswire]
http://www.w3.org/wiki/Privacy/DNT-Breakouts is link to the five breakout groups
15:55:27 [Wileys]
Peter, could you please manage the queue in order? thank you
15:55:48 [aleecia]
same groups as yesterday?
15:55:59 [jeffwilson]
if someone receives value/content online - they are interacting. its is important to note that not all interactions are in invasion of privacy
15:56:04 [peterswire]
yes, same groups as yesterday; some different leaders
15:56:07 [peterswire]
q?
15:56:09 [aleecia]
thanks
15:56:21 [justin]
q- susanisrael
15:56:37 [Walter]
+q
15:56:42 [Joanne]
same dial in for the groups as yesterday?
15:56:45 [jeffwilson]
ed: this is why we have different levels of sensitivity
15:57:01 [peterswire]
alphabetical dial in groups as for yesterday
15:57:02 [moneill2]
-q
15:57:10 [npdoty]
q- moneill2
15:57:18 [jeffwilson]
the only way the definition fails is if the analyst can learn everything
15:57:34 [bryan]
q?
15:57:38 [bryan]
q?
15:57:41 [justin]
ack wileys
15:57:56 [jeffwilson]
shane: it is important to point out that bullet 3: "does not ban all data release" is relevant to our work
15:57:56 [Walter]
susanisrael: I don't think anyone is advocating that any processing of personal data is inherently invasive
15:58:17 [jmayer]
You can certainly use differential privacy for internal data practices.
15:58:19 [Walter]
susanisrael: I wouldn't, and am probably on the protective end of the spectrum
15:58:21 [marc]
+1
15:58:23 [jeffwilson]
when we are discussing our practices - we are not talking external release - only internal use
15:58:24 [susanisrael]
walter, i think they are advocating that
15:58:28 [BerinSzoka]
Peter, I would really like to hear how Ed would respond to what our Supreme Court has said about reconciling privacy protections and free speech in the context of striking down a consent requirement: "Facts, after all, are the beginning point for much of the speech that is most essential to advance human knowledge and to conduct human affairs. There is thus a strong argument that prescriber-identifying information is speech for First Amendment purposes"
15:58:29 [jmayer]
And, in fact, some advertising companies already do just that.
15:58:36 [jeffwilson]
where we have the benefit of controls and practices to protect the data
15:58:37 [peterswire]
q?
15:58:42 [jeffwilson]
FTC recognizes this
15:58:47 [BerinSzoka]
that seems pretty relevant to me
15:58:50 [Walter]
susanisrael: No, I think you have to decouple the question of what is linkable (personal) data and when you may process it
15:59:01 [jeffwilson]
your presentation focuses more on external uses of the data
15:59:09 [Walter]
susanisrael: I would concur that observation in a public space shouldn't be curtailed
15:59:14 [marc]
q
15:59:16 [jeffwilson]
ed: no it is not exclusive to external use
15:59:17 [justin]
We've already had this discussion (several times) --- internal misuse/forced re-ID is one of the threat models we're concerned about.
15:59:20 [peterswire]
q?
15:59:20 [Walter]
susanisrael: persistent observation would be a different question though
15:59:36 [dwainber_]
q-
15:59:48 [susanisrael]
walter, my point is in part that the internet is in part a public space. There is a valid discussion about where personal boundaries should lie
15:59:54 [vincent]
+1 to justin
16:00:04 [jeffwilson]
all i am saying is that the "analyst" can be internal or external, but the analyst still may learn from the data
16:00:12 [jeffwilson]
controls will vary based on internal/external
16:00:20 [Walter]
susanisrael: and there we go off the rails, a HTTP(s) session is not a public space, it is a fairly private conversation between a UA and a server
16:00:20 [susanisrael]
walter: when I keep walking in public and you keep observing me then that is not inherently an invasion of privacy
16:00:26 [rigo]
q?
16:00:27 [Wileys]
All of the examples were external data releases
16:00:34 [justin]
ack bryan
16:00:35 [aleecia]
shall we close the queue?
16:00:45 [Walter]
susanisrael: if I keep following you around you might consider a restraining order on me at some point
16:00:46 [aleecia]
(not sure if that's what Peter wanted)
16:01:00 [justin]
aleecia, yes, close the queue. Can I tell Zakim that?
16:01:07 [jeffwilson]
brian: for privacy issue, you must have a link in teh data to that person
16:01:07 [justin]
zakim, close the queue!
16:01:07 [Zakim]
I don't understand 'close the queue!', justin
16:01:17 [aleecia]
zakim, close the queue
16:01:17 [Zakim]
ok, aleecia, the speaker queue is closed
16:01:29 [vincent]
:)
16:01:30 [jeffwilson]
if we've done everything possible to ensure it's not linkable, then we should be safe
16:01:49 [jeffwilson]
ed; its about whether the analyst can learn the facts about an individual
16:02:05 [Walter]
susanisrael: one of the Transatlantic divides is the lack of appreciation that continuous observation affects access to information
16:02:16 [jeffwilson]
the problem with hunch.com was that the analyst could learn a great deal of attributes via reverse engineering
16:02:35 [susanisrael]
walter: in this group we are talking about whether a third party that we do not know is part of my interaction/transaction can learn things about me by lurking behind the scenes, to continue the analogy. We are not trying to outlaw observation, however persistent
16:02:40 [dsinger_]
dsinger_ has joined #dnt
16:02:41 [johnsimpson]
q?
16:02:41 [peterswire]
q?
16:02:42 [adrianba]
adrianba has joined #dnt
16:02:48 [aleecia]
(continuous observation makes humans neurotic, same as continuous isolation.)
16:02:52 [npdoty]
ack jmayer
16:02:59 [jeffwilson]
jon mayer: re: differential privacy - can you provide some examples?
16:03:14 [jeffwilson]
ed: sure - aggregate counting queries is one
16:03:17 [susanisrael]
aleecia, i question your assertion and I don't think we are here to cure neuroses either
16:03:31 [aleecia]
we appear to be here to cause them :-)
16:03:47 [jeffwilson]
most common method is to compute with some amount of noise, typically less than what is in the data already
16:03:47 [marc]
q
16:03:53 [Walter]
susanisrael: This is my point, none is for outlawing observation. What I hope we achieve is giving users an option to say: I don't want to be observed by you or third parties outside the context of this website visit
16:04:03 [npdoty]
ack LMastriaDAA
16:04:10 [Walter]
q-
16:04:26 [jeffwilson]
lou: thanks, ed. what is your perspective on permitted uses here?
16:04:31 [susanisrael]
Ed[s theory implies/rests on the assumption that all observation or collection of information is an invasion of privacy. That is clearly not true.
16:04:42 [justin]
susanisrael, the chilling effect of persistent surveillance is absolutely one of the problems this working group is here to address. peterswire acknowledged as much yesterday with reference to the right to read anonymously.
16:05:17 [jmayer]
Susan, this isn't a personal "theory" of privacy. It's the way computer scientists have come to think about the problem.
16:05:23 [jeffwilson]
ed: the FTC privacy report shows a common structure - a company has enough measures in place, including contractual, internal controls, etc.
16:05:23 [Walter]
susanisrael: no, Ed's theory is not on the legitimacy of the observation, but on the extent to which observation can take place
16:05:46 [aleecia]
Susan - that's not actually what Ed is saying. I suggest a one-on-one discussion quickly to clear that up with Ed, if you're still interested.
16:05:47 [jeffwilson]
the core of all that is "what is the thing that you have enough confidence in"?
16:05:49 [Zakim]
+ +1.206.658.aacc - is perhaps Amy_Colando
16:05:59 [jeffwilson]
what is the goal vs. the compliance superstructure
16:06:08 [susanisrael]
Justin, while it may be the case that we would like to limit "surveillance" i.e. unknown observation, or that even persistent known observation may have a chilling effect, that does not mean that acquiring any one fact about a person is an invastion of privacy and that is what ed is saying
16:06:21 [Walter]
susanisrael: what is contested is what is observable and what not, that is the essence of anonymisation vs pseudonimisation
16:06:42 [aleecia]
Susan - I strongly believe that's not what Ed is saying
16:06:45 [jeffwilson]
lou: you mentioned techniques from 2006 - its a moving target
16:06:54 [susanisrael]
Aleecia, I do not agree.
16:07:00 [Walter]
susanisrael: and I meant by 'can take place' not in the legal sense, but in the factual sense
16:07:03 [aleecia]
I can tell :-) I suggest you speak with Ed.
16:07:08 [jeffwilson]
ed: the inventor of k anon knew that some methods were inadequate
16:07:25 [jeffwilson]
diff. privacy works, there may be new methods that will work better
16:07:34 [aleecia]
He's looking at a way to eval different approaches
16:07:35 [Walter]
who is whispering?
16:08:12 [susanisrael]
justin, aleecia, and walter, my point is that we need not only agreement on de-identification, but agreement on a definition of privacy. I do not believe Ed is presenting the right parameters for this
16:08:13 [jeffwilson]
to be clear - not proposing diff. privacy, only that we keep in mind what is feasible. k anon has its limits and may not work
16:08:18 [Walter]
and as jmayer said, this is a computer science approach, it is the inevitable conclusion of information theory
16:08:39 [LMastriaDAA]
i agree that specific de-id should not be set in stone
16:08:42 [Walter]
susanisrael: Oh, i concur that a definition of privacy is also needed
16:08:51 [dsinger_]
dsinger_ has joined #dnt
16:09:01 [jeffwilson]
felix wu: i am noticiing a disconnect in our conversation. its a question of quantifiers - are there any limits on data inferences that meet the goal?
16:09:12 [Walter]
susanisrael: or more precisely, of what we try to protect
16:09:16 [aleecia]
if we were to use the defn of privacy as control (not my personal favorite, but the most common) then Ed looks like he's utterly permissive
16:09:18 [jeffwilson]
ed; the inferences i am thinking about is "facts" about individuals
16:09:40 [LMastriaDAA]
one of the open questions from the de-id preso is what risk are we mitigating?
16:09:47 [Zakim]
-Amy_Colando
16:09:49 [Richard_comScore]
Richard_comScore has joined #dnt
16:10:04 [aleecia]
we're not mitigating risk. we're providing a PET.
16:10:13 [susanisrael]
Aleecia, again, I do not agree
16:10:18 [jeffwilson]
ed; need to focus about attributes on people in the world, not whats in the DB
16:10:33 [susanisrael]
+1 to Berin
16:10:40 [dsinger__]
dsinger__ has joined #dnt
16:10:54 [aleecia]
the alternative is we think users should not have choice, control, and transparency
16:10:59 [jeffwilson]
berin: can you give your reaction to the supreme court for the requirements for consent that companies needed to use prescription information for marketing
16:10:59 [jmayer]
Isn't this a question for a lawyer?
16:11:05 [justin]
First Amendment governs W3C?
16:11:08 [susanisrael]
Aleecia, I don't agree that that is the alternative
16:11:15 [Zakim]
+ +1.646.654.aadd
16:11:19 [Zakim]
- +1.646.654.aadd
16:11:33 [jeffwilson]
ed: i'll remind you of the state actor doctrine (?)
16:11:45 [jmayer]
s/actor/action/
16:11:48 [jeffwilson]
peter: going to breakout now
16:11:55 [npdoty]
http://www.w3.org/wiki/Privacy/DNT-Breakouts
16:11:58 [aleecia]
P3P was a PET. DNT is a PET. efficacy remains to be discovered.
16:12:11 [Walter]
aleecia: that is a lovely way of putting it
16:12:19 [Walter]
I'll store that for later abuse
16:12:41 [Zakim]
- +1.202.656.aaaa
16:12:54 [LMastriaDAA]
efficacy needs (perhaps presumes) an objective basis for determining whether we achieve or not
16:13:15 [BerinSzoka]
for the record, I don't accept Ed's answer--in large part because I do not accept the premise that there is no state action behind this effort. Exhibit A would be the pressure brought to bear by the W3C, notably through Ed himself
16:13:20 [Zakim]
-kulick
16:13:22 [Walter]
LMastriaDAA: I'd be happy to take Ovums's recent research as a starting point
16:13:22 [Zakim]
- +1.202.639.aabb
16:13:25 [Zakim]
-Joanne
16:13:26 [aleecia]
oh, no doubt we'll be debating efficacy for years. Every time there's an attempt at legislation, at the very least
16:13:37 [Walter]
BerinSzoka: W3C is not a state actor
16:13:41 [Zakim]
-Jonathan_Mayer
16:13:42 [Zakim]
-vinay
16:13:50 [Zakim]
-vincent
16:14:08 [Zakim]
-johnsimpson
16:14:09 [Zakim]
-yianni
16:14:13 [justin]
Does a Joe Barton letter to a data broker asking about their practices constitute a First Amendment violation, BerinSzoka?
16:14:16 [susanisrael]
walter< I think Berin was talking about the principal not about W3C standards. Ed was making assertions about what rules should apply.
16:14:23 [Zakim]
-hefferjr
16:14:25 [Zakim]
-Aleecia
16:14:26 [aleecia]
aleecia has left #dnt
16:14:42 [BerinSzoka]
yes, I was talking about the general principle, which Ed dodged
16:14:51 [susanisrael]
Justin, i don't think berin was saying inquiry about practices is a first amendment violation
16:15:15 [BerinSzoka]
Justin: does Joe Lieberman making a phone call to Amazon and "persuading" them to cut off hosting to Wikileaks count as state action?
16:15:23 [Walter]
susanisrael: I think that if companies agree to use standard X, which includes promises on what data to process and what not, then the FTC enforcing that as part of their consumer protection mandate is not abridging free speech since the companies chose to adhere to standard X
16:15:49 [BerinSzoka]
could someone remind us on the phone about which group to call in for?
16:15:53 [Walter]
this coming from someone who obviously is outside any US tradition of constitutional law interpretation
16:16:18 [Walter]
BerinSzoka: I think that's an apples & oranges comparison
16:16:22 [Zakim]
-BerinSzoka
16:17:30 [Walter]
susanisrael: and again, Ed was expressing the current scientific thought on what constitutes anonymity from a computer science perspective. That is not a value judgement of non-anonymity
16:17:42 [Walter]
anyway, time for coffee here
16:20:19 [npdoty]
npdoty has joined #dnt
16:20:39 [johnsimpson]
johnsimpson has left #dnt
16:22:46 [robsherman]
robsherman has joined #dnt
16:23:12 [fwagner]
fwagner has joined #dnt
16:25:44 [susanisrael]
walter, re: comment at 11:15. No one said FTC enforcement of rules and laws re: deceptive practices is an abridgement of free speech rights
16:26:26 [Walter]
susanisrael: I tried to infer your reasoning. I hope I don't come across as overly aggressive here, because I think your concerns are genuine and need a frank discussion.
16:26:31 [robsherman]
robsherman has joined #dnt
16:26:32 [dsinger]
dsinger has joined #dnt
16:27:47 [schunter]
schunter has joined #dnt
16:28:13 [hwest]
Folks on the phone - if you're dialled in to the normal number, you should join #dnte
16:29:30 [Zakim]
-walter
16:30:54 [haakonfb]
haakonfb has joined #dnt
16:32:43 [Zakim]
+MIT346
16:33:20 [ionel]
ionel has joined #dnt
16:34:23 [Zakim]
-MIT346
16:35:11 [hwest]
Zakim, who is here?
16:35:11 [Zakim]
On the phone I see BrianHuseman, MIT-Star
16:35:12 [Zakim]
On IRC I see ionel, haakonfb, schunter, dsinger, robsherman, fwagner, npdoty, adrianba, rvaneijk_, bryan, susanisrael, hwest, rigo, hefferjr, kj, kulick, BrianHuseman, peterswire,
16:35:12 [Zakim]
... Joanne, ashkan, Zakim, RRSAgent, hober, trackbot, mischat, Walter
16:37:00 [hwest]
BrianHuseman, type "/join #dnte" if you want to be in the room for the discussion we're about to have
16:41:05 [BrianHuseman]
BrianHuseman has left #dnt
16:41:25 [vincent]
vincent has joined #dnt
16:48:23 [rigo]
nick? can you tell me how the zakim rooms are named?
16:48:38 [rigo]
I want to tell zakim what conference that is
16:48:49 [rigo]
I'm in dnte
17:15:45 [hwest]
Zakim, who is making noise?
17:15:57 [Zakim]
hwest, listening for 10 seconds I heard sound from the following: BrianHuseman (54%), MIT-Star (45%)
17:16:33 [hwest]
Zakim, mute BrianHuseman
17:16:33 [Zakim]
BrianHuseman should now be muted
17:43:26 [Zakim]
+ +1.202.656.aaee
17:44:09 [Zakim]
- +1.202.656.aaee
17:58:28 [Thomas_Schauf]
Thomas_Schauf has joined #dnt
17:59:05 [Thomas_Schauf]
Thomas_Schauf has left #dnt
18:01:34 [fielding]
fielding has joined #dnt
18:01:49 [BerinSzoka]
BerinSzoka has joined #DNT
18:08:00 [adrianba]
adrianba has joined #dnt
18:08:07 [fielding]
rrsagent, draft minutes
18:08:07 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/12-dnt-minutes.html fielding
18:08:13 [rachel_thomas]
rachel_thomas has joined #dnt
18:13:45 [fwagner]
fwagner has joined #dnt
18:18:41 [Zakim]
+tlr
18:18:53 [Zakim]
-tlr
18:28:32 [fielding]
Meeting: Tracking Protection WG F2F, Cambridge, MA
18:28:44 [fielding]
rrsagent, draft minutes
18:28:44 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/12-dnt-minutes.html fielding
18:30:23 [fielding]
zakim, list attendees
18:30:23 [Zakim]
As of this point the attendees have been BrianHuseman, tlr, kulick, MIT-Star, johnsimpson, vincent, yianni, Aleecia, vinay, +1.202.656.aaaa, Jonathan_Mayer, Joanne, BerinSzoka,
18:30:27 [Zakim]
... Dan_Auerbach, walter, +1.202.639.aabb, hefferjr, +1.206.658.aacc, +1.646.654.aadd, MIT346, +1.202.656.aaee
18:31:19 [dsinger]
dsinger has joined #dnt
18:31:37 [vinay]
vinay has joined #dnt
18:31:55 [Zakim]
+vinay
18:34:57 [schunter]
schunter has joined #dnt
18:51:03 [ionel]
ionel has joined #dnt
18:51:03 [fielding]
zakim, move TRACK here
18:51:03 [Zakim]
I don't understand 'move TRACK here', fielding
18:51:18 [fielding]
zakim, TRACK is here
18:51:18 [Zakim]
sorry, fielding, I do not recognize a party named 'TRACK'
18:53:00 [fielding]
zakim, what conferences?
18:53:00 [Zakim]
I see Team_(dnt)13:55Z active
18:53:01 [Zakim]
also scheduled at this time are T&S_(DNTC)1:00PM, SW_RDB2RDF()12:00PM, WAI_PF(Text)1:00PM, XML_ET-TF()11:00AM, SYMM_WG()2:00PM
18:53:46 [fielding]
zakim, what is the passcode
18:53:46 [Zakim]
I don't understand 'what is the passcode', fielding
18:53:59 [fielding]
zakim, what is the passcode?
18:53:59 [Zakim]
the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), fielding
18:55:14 [Zakim]
+Fielding
19:00:26 [aleecia]
aleecia has joined #dnt
19:00:28 [BerinSzoka]
when are we starting again?
19:00:32 [Joanne]
Joanne has joined #DNT
19:01:13 [Zakim]
+Joanne
19:01:28 [hwest]
hwest has joined #dnt
19:01:40 [Richard_comScore]
Richard_comScore has joined #dnt
19:02:10 [fwagner]
fwagner has joined #dnt
19:02:41 [Thomas_Schauf]
Thomas_Schauf has joined #dnt
19:03:01 [johnsimpson]
johnsimpson has joined #dnt
19:04:28 [aleecia]
I'm calling in from home. Someone outside just started up a jack hammer. Bwah?
19:05:15 [Zakim]
+johnsimpson
19:05:45 [johnsimpson]
Thanks
19:06:10 [npdoty]
npdoty has joined #dnt
19:06:22 [peterswire]
peterswire has joined #dnt
19:06:23 [bryan]
scribenick: bryan
19:06:46 [susanisrael]
susanisrael has joined #dnt
19:06:49 [vinay]
yep
19:06:50 [Joanne]
yes - coming in
19:07:18 [justin]
justin has joined #dnt
19:07:23 [fielding]
Chair: peterswire
19:07:26 [npdoty]
thanks to bryan and susan for volunteering
19:07:26 [Zakim]
+Aleecia
19:07:28 [efelten]
efelten has joined #dnt
19:07:29 [Zakim]
+kulick
19:07:38 [moneill2]
moneill2 has joined #dnt
19:07:45 [bryan]
topic: de-id working group readout, path forward
19:08:09 [bryan]
peter: struck how similar answers were from the groups
19:08:13 [Paul_G]
Paul_G has joined #dnt
19:08:26 [David_Stark]
David_Stark has joined #dnt
19:08:32 [bryan]
... 1st what terms to use. all groups ended up focusing on de-id
19:08:47 [robsherman]
robsherman has joined #dnt
19:08:52 [bryan]
... unlinkable is a promise, de-id comes closer to the goal
19:09:28 [Zakim]
+BerinSzoka
19:09:32 [bryan]
... 2nd what text to use, basic agreement on the structure of the words using DAA / FTC as base
19:09:38 [fielding]
But de-identified is a process, not a state of being. Non-identified would make more sense.
19:10:05 [bryan]
... Rob (FB) had a question about reliance upon agreement to not re-id
19:10:11 [WaltM_Comcast]
WaltM_Comcast has joined #dnt
19:10:26 [npdoty]
+1, I think this is smart, may not need any separate public statement
19:10:35 [bryan]
... if we put "wont" in the text we may not need a 2nd requirement to explicitly promise
19:10:43 [aleecia]
q+
19:10:51 [rigo]
rigo has joined #dnt
19:11:00 [aleecia]
zakim, open the queue please
19:11:00 [Zakim]
ok, aleecia, the speaker queue is open
19:11:01 [npdoty]
Zakim, please open the queue
19:11:01 [Zakim]
ok, npdoty, the speaker queue is open
19:11:03 [justin]
I asked "what does this solve for?"
19:11:17 [rvaneijk]
rvaneijk has joined #dnt
19:11:28 [dwainberg]
dwainberg has joined #dnt
19:11:29 [Chapell]
Chapell has joined #DNT
19:11:40 [haakonfb1]
haakonfb1 has joined #dnt
19:11:44 [Yianni]
Yianni has joined #DNT
19:11:53 [bryan]
robsherman: concern is that we have a response header, but it gets complicated in addition that there needs to be text somewhere that says more than the standard calls for
19:11:55 [fielding]
q+
19:12:22 [BrianHuseman]
BrianHuseman has joined #dnt
19:12:24 [npdoty]
ack BerinSzoka
19:12:25 [justin]
As long as you still have an obligation to say you're honoring the signal, I don't care about a separate promise . . .
19:12:31 [BerinSzoka]
yes, I'm on the phone
19:12:31 [Zakim]
+hefferjr
19:12:32 [bryan]
efelten: you can say that compliance means that you promise to not re-id
19:12:33 [BerinSzoka]
but not in the queue
19:12:34 [BerinSzoka]
I'm muted
19:12:40 [BerinSzoka]
I can hear you fine
19:12:41 [justin]
zakim, unmute berinszoka
19:12:41 [Zakim]
BerinSzoka was not muted, justin
19:12:41 [BerinSzoka]
yes
19:12:44 [wseltzer]
zakim, unmute BerinSzoka
19:12:44 [Zakim]
BerinSzoka was not muted, wseltzer
19:12:49 [fielding]
q- will type in irc
19:12:51 [LmastriaDAA]
LmastriaDAA has joined #dnt
19:12:53 [fielding]
q-
19:12:56 [Zakim]
+Mark_Vickers
19:13:01 [peterswire]
q?
19:13:02 [wseltzer]
q?
19:13:04 [rachel_thomas]
rachel_thomas has joined #dnt
19:13:35 [bryan]
peter: next task was to id examples via use cases that do or not qualify for de-id
19:13:46 [marc]
marc has joined #dnt
19:13:55 [bryan]
... a # of examples that were not de-id, e.g. UDID on smarphone
19:14:43 [jeffwilson]
jeffwilson has joined #dnt
19:14:44 [bryan]
fwagner: on the case of UDID, it can be directly id'd to a user, thus cannot be classed as de-id supporting
19:15:05 [bryan]
... cookie info similarly cannot be classsified as de-id
19:15:41 [bryan]
dwainberg: looked at de-id methods per its risk of re-id, and UDID is one that had high risk
19:15:51 [Zakim]
-Mark_Vickers
19:15:51 [bryan]
peter: ed explain other use cases
19:16:06 [LmastriaDAA]
+1 relative re-id
19:16:07 [bryan]
efelten: 3 use cases did not meet the definition
19:16:12 [bryan]
... #1 ???
19:16:27 [peterswire]
q?
19:16:34 [bryan]
... #2 there is something in the URL that contains a de-identifier
19:17:12 [bryan]
... e.e. user name, email address, id on sites where that's correlatable,
19:17:51 [bryan]
... #3 URL history where company holding the data cannot reasonably say that the history can't be linked
19:17:57 [johnsimpson]
q?
19:18:09 [bryan]
lmastria: on the 1st, PII, straighforward
19:18:19 [bryan]
... 2nd also if PII it's similar
19:18:37 [bryan]
... 3rd one is hard to define, and not sure it moved the concensus forward
19:18:55 [bryan]
peter: open to comments on the use cases, presume they will be written up
19:19:05 [fielding]
I still don't see any connection between de-id and tracking given that we have already agreed that tracking is turned off for DNT:1 unless consent has been given. De-id is a general privacy concern for keeping data beyond the permitted uses, but we do not have any reason to keep data that cannot be used for tracking and isn't necessary for one of the permitted uses. So, I'd rather see a definition for tracking.
19:19:06 [bryan]
... any comments on the rest? none
19:19:27 [npdoty]
q+ WileyS
19:19:33 [bryan]
... other question: need to a 2nd category on pseudomized data
19:19:38 [justin]
ack wileys
19:20:04 [bryan]
shanew: on the use cases, we also id'd two other areas re other things to prohibit; modeling to a small population
19:20:28 [bryan]
... e.g. this model can work for one user, the pattern is too specific
19:20:31 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
19:20:39 [peterswire]
q?
19:20:48 [aleecia]
q+
19:20:52 [bryan]
... also do we infuse concepts of sensitivity into this
19:20:58 [efelten]
"Modeling of an individual user" sounds a lot like re-identification.
19:21:23 [ChrisPedigoOPA]
q+
19:21:24 [bryan]
... e.g. HIV example, none of us would do that, but does it have a place in this conversation
19:22:01 [Yianni]
q?
19:22:37 [bryan]
peter: sounded like there were certain categories in which an extra level of screening is needed... how would that qualify for de-id
19:22:51 [peterswire]
q?
19:22:52 [npdoty]
for child data, we explicitly chose to leave that sensitive category out of the standard altogether
19:22:54 [aleecia]
This issue is closed
19:22:55 [aleecia]
http://www.w3.org/2011/tracking-protection/track/issues/15
19:23:12 [bryan]
shanew: should we just be silent, leave to regulatory / legal? fine with that
19:23:12 [npdoty]
ack aleecia
19:23:13 [susanisrael]
efelten, i think what shane said is that he would not model at the level of one user or even a small group. I think it was just not captured right here.
19:23:28 [Wileys]
Wileys has joined #dnt
19:23:30 [justin]
Sensitive data is stuff you should get an opt in for. DNT is an opt out standard --- goes to everything else.
19:23:42 [bryan]
aleecia: we close the issue whether we would treat sensitive data differently, e.g. for children's data
19:23:44 [Wileys]
Justin - that works for me
19:23:58 [Wileys]
Aleecia - thank you, I'm fine with keeping it closed
19:23:58 [bryan]
... if there is new info we can reopen the earlier issue
19:24:05 [npdoty]
q+ felixwu
19:24:09 [aleecia]
ack aleecia
19:24:19 [npdoty]
ack ChrisPedigoOPA
19:25:11 [Mark_Vickers]
Mark_Vickers has joined #dnt
19:25:19 [bryan]
chrisPedigoOPA: we talked about browsing history. a concern from a publisher view is that the user turned DNT on, and is served an ad based upon a visit to the publisher's site,
19:25:33 [aleecia]
For first parties?
19:25:44 [bryan]
... something would seem to be awry, if the ad was based upon browsing history
19:25:50 [aleecia]
I'd support that
19:25:50 [npdoty]
was that concern about ads customized to other articles on the same site?
19:26:25 [bryan]
efelten: FTC thought its definition did apply to browsing history; the key question was to the level of confidence, but no special treatment for history
19:26:31 [npdoty]
ack felixwu
19:26:38 [rvaneijk_]
rvaneijk_ has joined #dnt
19:27:19 [bryan]
felix: what happens when you have tracking enabled by browsing history? if history is collected, building a model that feeds back to UX, can we distinguish ways that is OK?
19:27:28 [ChrisPedigoOPA]
Aleecia, my concern is that a user may be retargeted off the publisher's site based on their visit to that site
19:28:01 [bryan]
... an example is that it feeds back based upon a sensitive category
19:28:24 [peterswire]
q?
19:28:45 [susanisrael]
aleecia, i think chris is talking about 3rd parties, but he can comfirm
19:28:53 [bryan]
... it's no purely a use case question, but the notion of how the nature of de-id'd data could affect its future use
19:29:05 [aleecia]
That seems a reasonable concern, but I am still not clear if you mean first or third parties
19:29:18 [aleecia]
(we may already have this covered, depending)
19:29:27 [bryan]
efelten: thru the 2nd branch of the FTC language, promise not to re-id speaks to how to use the data
19:29:30 [bryan]
q+
19:29:40 [justin]
ack bryan
19:29:55 [ionel]
ionel has joined #dnt
19:30:07 [aleecia]
-- still disagree
19:30:09 [npdoty]
bryan: very much in line with what we asserted; a de-identified privacy history is not a privacy concern, the concern is if it is reattached to a user at a later date
19:30:26 [bryan]
bryan: a de-id'd history by itself is not a concern, but only when it was reconnected to a user
19:30:31 [aleecia]
(disagreeing with Bryan, that is)
19:30:34 [bryan]
peter: on the role of admin/tech controls
19:31:13 [bryan]
... shane has spoken about the role of these controls
19:31:37 [Zakim]
+Jonathan_Mayer
19:31:38 [ChrisPedigoOPA]
I mean 3rd parties
19:31:43 [fielding]
Content customization based on request context is not tracking -- that is anticipation of needs based on similar requests that occurred in the past (models) or based on the guesses of the content developers.
19:31:44 [bryan]
shanew: this comes to the confidence question, the risk based model, its not a technical outcome but a confidence-based one
19:32:01 [Lia]
Lia has joined #dnt
19:32:36 [bryan]
peter: commenting on that, re HIPAA, it has a standard for ver low risk
19:32:45 [bryan]
... there is some low risk that is acceptable
19:33:09 [bryan]
... but in HIPAA de-id'd means that you can put it on the net with no controls
19:33:12 [npdoty]
fielding, did that just come up? or is that a general comment?
19:33:45 [bryan]
... but in a database/locked world, the risk may be greater give someone breaches the controls
19:33:57 [bryan]
... that's a reason for org controls to be considered
19:34:17 [Chapell]
q+
19:34:22 [Wileys]
The user never said that
19:34:25 [bryan]
efelten: the user has said they do not want that info to be collected, retained, or used.
19:34:28 [peterswire]
q?
19:34:28 [jeffwilson]
q+
19:34:31 [Wileys]
q+
19:34:32 [rachel_thomas]
q+
19:34:32 [peterswire]
q?
19:34:33 [fielding]
npdoty, it was based on some earlier comments about models that was not clear
19:34:42 [bryan]
... the question is whether what is done with the data is aligned with user preference
19:34:58 [dwainberg]
q?
19:35:00 [susanisrael]
*Bryan, let me know when you want me to scribe. We can take short turns.
19:35:01 [dwainberg]
q+
19:35:20 [rachel_thomas]
it is difficult to make statements about "what the user wants" with any certainty when we haven't defined what tracking means.
19:35:22 [npdoty]
ack Chapell
19:36:14 [bryan]
chapell: since we decided not to require browser to define DNT, it's not reasonable to say that a promise is being made to the user
19:36:28 [Jmayer_]
Jmayer_ has joined #dnt
19:36:32 [rigo]
q?
19:36:35 [susanisrael]
Bryan, shall i scribe?
19:36:35 [bryan]
... (please correct if I did not get that)
19:36:42 [bryan]
ok
19:36:54 [aleecia]
scribenick: susanisrael
19:36:58 [susanisrael]
scribenick: susan
19:37:17 [haakonfb1]
haakonfb1 has left #dnt
19:37:20 [haakonfb1]
haakonfb1 has joined #dnt
19:37:36 [npdoty]
Chapell: "promise" seems to imply a regulatory involvement, as opposed to just complying with a standard
19:37:41 [fielding]
q+
19:37:45 [susanisrael]
peter: ......my working assumption was that you said you were going to do something, if you say you are doing do not track, so that we be something ftc could hold you to
19:37:48 [justin]
Promise is not magical. Any statement (as we've agreed to in the std) is actionable by regulators.
19:37:48 [rigo]
q?
19:37:57 [rvaneijk_]
agree with Rigo, in the EU it is a legal obligation.
19:38:00 [efelten]
I didn't mean "promise" as a legal term of art (if it is one). I just meant a clear representation to the user that a company was compliant.
19:38:00 [haakonfb1]
haakonfb1 has left #dnt
19:38:02 [haakonfb1]
haakonfb1 has joined #dnt
19:38:05 [npdoty]
ack aleecia
19:38:20 [susanisrael]
peter: can you review history?
19:38:41 [Chapell]
efelton: thanks for the clarification.
19:38:52 [npdoty]
s/efelton:/efelten,/
19:38:52 [justin]
Privacy policy or elsewhee (response header, wkr, etc)
19:38:52 [susanisrael]
aleecia: talked about regulatory hook, conclusion was that we didn't need separate statement for reg hook, but saying they are following dnt in privacy policy ok in us, at least
19:39:02 [justin]
s/elsewhee/elsewhere
19:39:21 [susanisrael]
peter: what i heard you say was if you put in priv policy we are following dnt that would trigger sec 5 kind of promises in us
19:39:37 [susanisrael]
has there been discussion whether there is discussion in tech spec
19:39:45 [susanisrael]
shane: we have open issue on this
19:39:47 [aleecia]
that was our belief, but we are not the FTC
19:39:53 [Chapell]
q+
19:39:58 [fielding]
At least some of us are not lawyers and cannot answer that question.
19:40:00 [npdoty]
that was one of the stated goals of the tracking status response
19:40:18 [aleecia]
and by "our" my meaning here is the WG, not the academic or royal we
19:40:21 [susanisrael]
davidwainberg: if a co were to act contrary to specific statements, like saying they are 3rd party not 1st, yes, that's deceptive,
19:40:25 [haakonfb1]
haakonfb1 has left #dnt
19:40:41 [haakonfb1]
haakonfb1 has joined #dnt
19:40:48 [justin]
q?
19:40:52 [susanisrael]
but idea of commitment to spec being a promise that gives rise to sec 5 authority was contentious, open issue
19:41:17 [npdoty]
dwainberg: agreement that if specific statements in the tracking status resource is incorrect that would be binding, but dispute whether tracking status resource implied compliance with entire standard
19:41:33 [susanisrael]
rigo: i think there is no contention here bc main discusison was that sending headers back and forth was not sufficient to trigger liability for lying or deceptive practices
19:41:37 [justin]
6.6 of the Compliance std: In order to be in compliance with this specification, a third party must make a public commitment that it complies with this standard. A "public commitment" may consist of a statement in a privacy policy, a response header, a machine-readable tracking status resource at a well-known location, or any other reasonable means. This standard does not require a specific form of public commitment.
19:42:00 [aleecia]
justin, my memory is that was one option, yes?
19:42:01 [susanisrael]
bc of p3p cases where companies sent deceptive p3p headers to make ie6 work and court said that was not sufficient to trigger deception
19:42:13 [jeffwilson]
q-
19:42:18 [npdoty]
as I understand the current draft (and the stated purposes during the design process) of the TPE, tracking status resource files/headers indicate third- or first-party compliance
19:42:30 [justin]
aleecia, I thought we were in agreement --- you have to make some sort of representation. I disagree with rigo that a response header would not be sufficient.
19:42:30 [susanisrael]
that is why i think no contention, but that is why us side wanted statement in privacy policy
19:42:54 [dsinger]
q+
19:42:59 [schunter]
schunter has joined #dnt
19:43:04 [fielding]
who is speaking?
19:43:06 [npdoty]
to be clear, none of us knows for sure what the FTC would do.
19:43:13 [susanisrael]
chris p: no company--I would be shocked if any co just said I am w3c compliant...they would lay out in privacy policy how they comply when 1st/3rd party, how they de-id data, etc
19:43:30 [aleecia]
the concern was it might not be enough in the non-US countries
19:43:33 [Chapell]
q+
19:43:44 [aleecia]
that it might not be enough in the US was not a widely voiced view at the time
19:43:51 [justin]
q+
19:44:00 [wseltzer]
q+
19:44:06 [npdoty]
ack dsinger
19:44:07 [susanisrael]
peter: to confirm, merely sending headers would not be deemed a commitment for which violation would be deceptive
19:44:19 [aleecia]
but the idea was you accept all of DNT, not that you reply with an ack and then put in your privacy policy "but what my implementation is..."
19:44:27 [wseltzer]
q+ wseltzer
19:44:29 [aleecia]
(that is, the point David is making right now)
19:44:31 [wseltzer]
q- wseltzer_cpdp
19:44:33 [BerinSzoka]
+q
19:44:34 [peterswire]
q?
19:44:34 [Wileys]
open issue - providing a response header that points the user to the specific representation by a website
19:44:44 [susanisrael]
david singer: browsers want to know what you get when you implement/send dnt, and compliance doc needs to establish a baseline of meaning
19:44:45 [npdoty]
ack justin
19:44:50 [dsinger]
q-
19:44:59 [dwainberg]
q?
19:45:07 [johnsimpson]
+1 to Justin
19:45:19 [susanisrael]
justin: I thought if you acknowledge dnt header, and then disobey, i thought that was to be actionable
19:45:27 [johnsimpson]
q?
19:45:34 [npdoty]
ack WileyS
19:45:35 [fielding]
ack WileyS
19:46:08 [susanisrael]
shane: 2 points: to this point, we have an open issue as to allowing orgs to point to response header, as to opposed to just acknowledging receipt of header
19:46:13 [susanisrael]
peter: in tpe?
19:46:49 [susanisrael]
shane, yes. to ed's point : the user has asked for x and we don't know that - up to this group to decide what we want to offer
19:46:54 [aleecia]
Turns out there's research on that, Shane
19:47:03 [justin]
Yes, agree (somewhat) with WileyS on that --- I don't like that disparate compliance approach, but either way I think the server response would be actionable . . .
19:47:12 [aleecia]
We can answer reasonably well what users (say) they (think they) want
19:47:14 [wseltzer]
[My recollection of the P3P case was that the incorrect response was deemed sent in order to trigger browser action, rather than as indication of a promise. That's different from just "standards compliance."]
19:47:18 [wseltzer]
q-
19:47:23 [wseltzer]
q- wseltzer
19:47:42 [fielding]
NOT an open issue
19:47:59 [susanisrael]
peter: suggest we take off meaning re: sec 5 of response to dnt header from today's discussion
19:48:08 [johnsimpson]
Please note Roy's comment
19:48:09 [aleecia]
wendy - actually, FTC said they would enforce for P3P. Ignoring CP abuse is rather absurd.
19:48:20 [susanisrael]
chris_iab: don't understand how ftc's view is relevant
19:48:31 [Wileys]
Aleecia - I disagree that you can make that assertion - surveys are all over the map on this (directional or tied to material impact to real-world give-n-take scenarios)
19:48:37 [wseltzer]
aleecia - I was commenting in reference to Rigo's comment
19:48:48 [susanisrael]
peter: bc of rob sherman's point that we don't need an independent promise, but now I think we may have to revisit that.
19:48:52 [ChrisPedigoOPA]
Justin, I'm not saying that companies are going to blatantly depart from the W3C standard. Just that they wouldn't open themselves to broad liability by simply saying they are DNT compliant.
19:49:21 [npdoty]
q+ robsherman
19:49:21 [Chapell]
My apologies to the group - I wish I had not brought this up. The more important point is that we seem to be assuming that the User is being promised something, but we aren't defining what that thing is
19:49:22 [aleecia]
Shane - would love to trade references some time, but I disagree with you. Perhaps you are reading things I am not -- I'm open to learning more. At present, I believe you are quite wrong.
19:49:32 [susanisrael]
so that was a specific point about whether such a promise, which some people thought was stronger, would be duplicative
19:49:42 [fielding]
ack rachel_thomas
19:49:44 [haakonfb1]
haakonfb1 has left #dnt
19:49:50 [haakonfb1]
haakonfb1 has joined #dnt
19:50:05 [justin]
ChrisPedigoOPA, I thought we had agreement that you had to make a public assertion of compliance in order to be compliant. I thought that issue was closed. Either way, I think the response header from a company will suffice as that representation.
19:50:09 [susanisrael]
rachel: i think it's context of this discussion today that is making a promise about re-id more important
19:50:28 [Zakim]
+Mark_Vickers
19:50:28 [susanisrael]
rachel: i question whether we need to revisit that
19:50:47 [npdoty]
Zakim, please clear the queue
19:50:47 [Zakim]
I don't understand 'please clear the queue', npdoty
19:50:51 [Mark_Vickers]
Mark_Vickers has joined #dnt
19:50:53 [npdoty]
Zakim, q=
19:50:53 [Zakim]
npdoty, if you meant to query the queue, please say 'q?'; if you meant to replace the queue, please say 'queue= ...'
19:50:55 [tlr]
queue=
19:50:56 [Chapell]
q+
19:51:04 [susanisrael]
rob sherman: just to respond--suggest we leave specific commitment out, unless we decide we need that globally and not on this specific issue
19:51:08 [fielding]
q+
19:51:15 [ChrisPedigoOPA]
I think if a company is DNT compliant, they are most certainly going to publicize that. But they won't simply say they are DNT compliant. They will want to lay out exactly how they comply so there is confusion or ability to interpret it differently
19:51:20 [rigo]
aleecia, wendy, it wasn't the FTC, it was the court that decided it is "mere technical exchange of messages", so the FTC is not in question
19:51:29 [johnsimpson]
Q?
19:51:30 [BerinSzoka]
Can I just have 30 seconds on the FTC enforcement issue?
19:51:32 [peterswire]
q?
19:51:33 [BerinSzoka]
I think it's quite simple
19:51:34 [Zakim]
+ +1.415.920.aaff
19:51:37 [BerinSzoka]
=q
19:51:38 [dwainberg]
q+
19:51:39 [BerinSzoka]
+q
19:51:40 [susanisrael]
don't want to set up precedent that no magic language on something makes it different, and we can't resolve ftc authority here
19:51:41 [efelten]
+q
19:51:42 [npdoty]
ack Chapell
19:51:43 [justin]
ChrisPedigoOPA, that is not a unified DNT standard. There has to be a floor.
19:51:50 [Zakim]
+vincent
19:51:57 [aleecia]
Rigo that's new to me -- would love a citation (not arguing with you, would really like to see what that was.)
19:52:14 [susanisrael]
chappell: apologies for rathole, i think we've been careful about describing promises
19:52:49 [npdoty]
Chapell, I think dsinger's response was that the browser couldn't explain to the user until we set what compliance would mean
19:52:50 [susanisrael]
fielding: what we are describing here is protocol, cannot decide how regulators will interpret. If we do i will log off, can't participate in those discussions
19:52:59 [jmayer]
jmayer has joined #dnt
19:52:59 [npdoty]
ack fielding
19:53:06 [jmayer]
I don't think this is or should be a TPE issue.
19:53:10 [jmayer]
+q
19:53:13 [susanisrael]
peter: have sense that response to header is more limited to some people
19:53:37 [rigo]
aleecia, I never saw the orginal text of that court decision. I think it would be worthwhile to ask Lorrie whether she has the text
19:53:38 [susanisrael]
peter: shane made a point that there would be lower risk in practice with these organizaitonal controls
19:53:51 [npdoty]
is there disagreement between WileyS and efelten on applicability of organizational controls? would either differ on how to apply the FTC definition of de-id?
19:54:02 [dan_auerbach]
dan_auerbach has joined #dnt
19:54:05 [Zakim]
-Jonathan_Mayer
19:54:12 [aleecia]
rigo having talked about CPs with Lorrie and written on the topic of their abuse, to the best of my recollection she never mentioned any such thing
19:54:14 [Zakim]
+Jonathan_Mayer
19:54:23 [rvaneijk]
rvaneijk has joined #dnt
19:54:23 [susanisrael]
ed: definition talks about how a company has to have a necessary level of confidence that data can't be used to infer or ...........
19:54:33 [npdoty]
q+ LMastriaDAA
19:54:37 [npdoty]
ack LMastriaDAA
19:54:39 [susanisrael]
ed: i don't know how we know an actor not in this room has org controls
19:54:47 [susanisrael]
lou: ftc definition does not include infer
19:54:51 [susanisrael]
ed: i will find it
19:55:12 [justin]
From FTC report: First, the company must take reasonable measures to ensure that the data is de-identified. This means that the company must achieve a reasonable level of justified confidence that the data cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device.
19:55:31 [justin]
Page 21 of http://www.ftc.gov/os/2012/03/120326privacyreport.pdf
19:55:37 [jmayer]
If "topic" = "talking point," then yes, the good actors vs. bad actors line is a common recurrence.
19:55:38 [susanisrael]
peter: i think there has been discussion re: good actors and spec, vs bad actors who will not sign on. Aleecia, history?
19:55:40 [bryan]
"a particular consumer..."
19:55:52 [LmastriaDAA]
my bad
19:55:55 [justin]
Good actor v bad actor is not a dichotomy.
19:55:56 [susanisrael]
aleecia: generally we are speaking more about good actors, but not exclusively
19:55:56 [bryan]
not a modeled class/set of consumers
19:56:03 [peterswire]
q?
19:56:26 [npdoty]
ack jmayer
19:56:40 [efelten]
-q
19:56:43 [susanisrael]
ed: p. 21 of march 2012 ftc report: means co must have reasonable confidence that co cannot infer ....identity....etc. [quotes]
19:56:52 [fielding]
efelten, "infer information about" is awful broad
19:57:08 [susanisrael]
jmayer: we noted in our group lack of agreement re: how ftc/daa texts apply
19:57:09 [peterswire]
q?
19:57:30 [npdoty]
jmayer: there might be less agreement than there appears
19:57:34 [npdoty]
q- dwainberg
19:57:37 [npdoty]
ack BerinSzoka
19:57:48 [vinay]
yep
19:57:49 [bryan]
and the inference cannot occur unless the data controls are breachedm, which is intended to be an unreasonable situation
19:58:20 [aleecia]
P3P != P3P CPs
19:58:24 [susanisrael]
berin: people who are referring to p3p statements being nonenforceable are citing red herring. issue in those cases was materiality. should assume enforceability
19:58:44 [BerinSzoka]
fair, aleecia
19:59:04 [dwainberg]
q+
19:59:06 [susanisrael]
peter: propose to state from de-id today: the term de-identify. re: a no of use cases, i heard several people say agree.
19:59:07 [BerinSzoka]
(But let's not use CP for "compact policy." It's generally used in tech policy to mean child porn)
19:59:19 [susanisrael]
propose to have a task to clean up this part and create text on it
19:59:23 [fielding]
efelten, for example, distinguishing a human from a zombie attack robot is inferred information about the user but is in no way identifying that user
19:59:24 [npdoty]
ack dwainberg
19:59:25 [peterswire]
q?
19:59:55 [susanisrael]
dwainberg: in our group no consensus that definition of de-identify is right place to draw line re: what is in scope for specification
20:00:26 [johnsimpson]
Q?
20:00:28 [susanisrael]
peter: understood that to be a logical requirement for a standard that at some point things be aggregated enough or de-identified enough that spec does not apply
20:00:31 [aleecia]
(thanks for that tip, Berin)
20:00:55 [fielding]
q+
20:00:57 [efelten]
Roy, the definition was aimed at linkability, which isn't quite the same thing as identifiability.
20:01:00 [susanisrael]
dwainberg: appreciate approach of taking risk-based approach, but don't know that we are at point of defining state of things outside do not track
20:01:14 [susanisrael]
have not had conversation about what is in scope and what we are trying to solve
20:01:27 [rigo]
aleecia, here it is http://blog.ericgoldman.org/archives/2011/12/the_cookie_crum.htm
20:01:29 [aleecia]
without mic -> hard to hear
20:01:34 [peterswire]
q?
20:01:42 [susanisrael]
Peter: undrestand link in your mind between scope and definition of tracking
20:01:54 [npdoty]
ack fielding
20:02:02 [aleecia]
Rigo thank you, but that's LSOs
20:02:17 [rvaneijk]
rvaneijk has joined #dnt
20:02:40 [rigo]
I know, but perhaps we can write the guy to find out what happened and get the decision
20:02:53 [susanisrael]
fielding: where we state that de-identifiable data is ok the most common practice in the room people exclude [delete] the data
20:02:56 [aleecia]
there is no user representation other than members of IAB promise not to use LSOs for behavioral advertising
20:03:01 [susanisrael]
BREAK
20:03:17 [Zakim]
-Joanne
20:03:19 [wseltzer]
[adjourn for 10 min]
20:03:25 [aleecia]
pulling the decision shouldn't be hard, but it's a decision about a very different thing
20:03:43 [Zakim]
-Aleecia
20:06:26 [fielding]
efelten, then it should say "infer linkability to" and not "infer information about"
20:07:35 [haakonfb1]
haakonfb1 has left #dnt
20:07:38 [haakonfb1]
haakonfb1 has joined #dnt
20:16:18 [npdoty]
npdoty has joined #dnt
20:16:45 [Zakim]
+Joanne
20:16:50 [npdoty]
rrsagent, make logs public
20:16:51 [npdoty]
rrsagent, please draft minutes
20:16:51 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/12-dnt-minutes.html npdoty
20:18:02 [npdoty]
scribenick: bryan
20:18:25 [bryan]
peter: starting again
20:18:37 [bryan]
topic: achieving success in the compliance spec
20:18:55 [ionel]
ionel has joined #dnt
20:19:14 [bryan]
peter: asked to co-chair in Nov, since then >50 stakeholder meetings
20:19:17 [susanisrael]
*Bryan if you want me to do this part let me know
20:19:28 [bryan]
... attempt to listed to the very diverse input so far
20:19:59 [bryan]
... 1st question: working slowly on the TCS we could be here a year, any problem with that?
20:20:14 [Chapell]
Chapell has joined #DNT
20:20:35 [Zakim]
+Aleecia
20:20:41 [bryan]
shanew: agree that we could be here for a year, but would rather put in the time to ensure that the spec is not full of unintended consequences
20:21:38 [bryan]
peter: what will it take for us to converge sooner? an april F2F may be needed...
20:21:52 [fielding]
how about fewer F2F meetings and more time spent writing the actual draft?
20:22:30 [bryan]
... Tim spoke today, he described what we are doing as (1) relieving the tension, that have led to contentious debate, and (2) the result should not be null
20:22:45 [bryan]
... (showing "Criteria for Standard" slide)
20:22:48 [npdoty]
http://www.w3.org/2011/tracking-protection/mit/plenary.swire.021113.pptx.pdf
20:23:02 [npdoty]
slides 5 and 6, I believe
20:23:44 [bryan]
... overall criteria is to create a W3C standard, not null e.g. exactly the same as when this started, and that can reduce tracking for participating sites
20:23:55 [bryan]
... looking at the charter
20:24:14 [bryan]
... mission of the WG is (reads the mission in the charter)
20:24:39 [bryan]
... (reading from the scope)
20:24:59 [bryan]
... also compliance
20:25:19 [bryan]
... (reading deliverables)
20:25:42 [bryan]
... group has decided not to move forward on TSL
20:26:18 [bryan]
... sine I'm chairing the compliance spec, producing one is what we have to do
20:26:35 [npdoty]
(slide 3 from peter's opening slides)
20:26:42 [bryan]
... (looking at "History & DNT" slide)
20:27:08 [bryan]
... persistent, one-time choice for user; tech neutral, and reversible
20:27:17 [bryan]
... talk about choice and harm
20:27:37 [bryan]
... I understand that DNT Is a choice mechanism for users
20:27:49 [bryan]
... we have at least one other, eg. the DAA mechanism
20:28:34 [bryan]
... I asked yesterday what was the harm that resulted in the DAA, and did not hear anything, thus consider it a choice mechanism
20:28:47 [justin]
q?
20:29:08 [bryan]
... so we are looking at a choice mechanism; now will consider some things we might to do complete that
20:29:37 [vinay]
Is Peter talking off of slides? If so, can someone share them to those on the phone
20:29:43 [BerinSzoka]
+q
20:29:50 [johnsimpson]
Are there slides on this?
20:29:56 [bryan]
... laying out a set of things, trying to make sense of this; every decision will be subject to consensus, and issues will be discussed one by one
20:30:51 [bryan]
... the job is to determine if there are reasonable objections to each item, not all at once; capped by an overall process to determine if you can live with it
20:30:52 [Zakim]
+BerinSzoka.a
20:31:14 [bryan]
... consensus on any one item does not affect agreement to the whole thing
20:31:29 [bryan]
... another way... there are not line item vetoes
20:32:26 [bryan]
... Tim said we are here to get a job done, not make a point; sacrifices are expected and appreciated; listening to other opinions is hard but important
20:32:48 [bryan]
... now talk about the provisions
20:32:54 [bryan]
... permitted uses
20:33:24 [bryan]
... an optimistic thing; there is a lot of consensus on what's important on what is needed for the net to continue
20:34:21 [Wileys]
John, no slides here in the room
20:34:26 [bryan]
... on de-id, we know now what should go into the normative text
20:34:32 [aleecia]
thanks, Shane
20:34:49 [bryan]
... we may need more work on explanatory text, but need to create issues and work them
20:35:08 [bryan]
... re service providers... some things to make all sides upset
20:35:52 [bryan]
... for SPs, there are well defined procedures for controllers and processors; turns out to be identical those rules under HIPAA
20:36:14 [bryan]
... e.g. responsibility is to the principle and contractually bound
20:36:35 [bryan]
... defining details of inhouse and outhouse gets into difficulty
20:37:05 [bryan]
... I would suggest that this not be in the standard: a list of SPs that can be shared with the world
20:37:18 [bryan]
... also a list of who may be getting the data but not complying
20:37:40 [johnsimpson]
q?
20:38:04 [bryan]
... similar to HIPAA that a practical level, it is very difficult for large companies to provide a list of every SP
20:38:10 [justin]
Current strawman text from bare bones document: Outsourced service providers are considered to be the same party as their clients if the outsourced service providers only act as data processors on behalf of that party in relation to that party, silo the data so that it cannot be accessed by other parties, and have no control over the use or sharing of that data except as directed by that party.
20:38:25 [marc]
marc has joined #dnt
20:38:37 [npdoty]
justin, that seems promising. is there a reason permitted uses compliance heading now includes service providers?
20:38:47 [rigo]
I thought we have had consensus on service providers since ages as "having no own rights on the data" In which case they are considered first party
20:39:12 [aleecia]
Rigo, not only do I disagree, this is a body-on-the-tracks disagreement
20:39:24 [bryan]
... I have heard proposals about appending data; as I understand there is 1st party known info that can shared with data brokers, to get more info about users; my understanding is that this is outside DNT's intent re limiting leakage
20:39:32 [aleecia]
In the EU, you have legal liability resting with the data controller. In the US, we do not.
20:39:44 [aleecia]
We cannot add liability to a technical spec
20:40:08 [bryan]
... also some aspects of market research; thanking ESOMAR for explaining how this works
20:40:09 [justin]
npdoty, don't understand the question
20:40:17 [npdoty]
I think we have ISSUE-170 for data append, though BareBones.html refers to a non-existent issue-229
20:40:19 [aleecia]
To me this is about transparency: no secret databases. No data flows that users cannot understand
20:40:31 [bryan]
... one aspect is the panel-based collection and use; this works and is understood
20:40:48 [npdoty]
justin, sorry, the heading for section 6.2, Permitted Uses, now explicitly includes service providers as well as third parties
20:41:02 [rigo]
aleecia, we said that first parties better mention those service providers (should) because browser could consider them third parties or malicious
20:41:12 [bryan]
... 2nd is the targeted collection of info for specific demographic groups; under DNT 1, this would be reaching out for additional info after they have said they do not want to be tracked
20:41:25 [fielding]
aleecia, curious where you get the idea that US has no liability for data handling, but we should have that conversation in person some time
20:41:53 [Yianni]
Yianni has joined #DNT
20:41:53 [Wileys]
Aleecia, for users the important element is who is responsible for the relationship with them. In this case, the 1st party is responsible, not the Service Provider. Companies should not be forced to display who their vendors are if those vendors are simply agents of that company. LEGALLY that Service Provider is no different than the company it is representing.
20:41:54 [aleecia]
Roy any time we're in the same place, I will buy the first round
20:42:44 [justin]
That should go out.
20:42:50 [bryan]
... seems to me hard to explain how pervasive tracked info put into databases is OK as long as it's not shared
20:42:59 [aleecia]
Rigo if you listen to Peter he is saying no, there's no need to mention service providers. That the companies themselves do not know where they send data, so we should not worry about it because it's too hard. I deeply disagree.
20:43:03 [Wileys]
Aleecia, for US conteaxt, please review the legal concept of "agency" (which is a bit more limited in the Service Provider case as they are not able to take on liability for the company they are serving)
20:43:33 [justin]
"real market research" . . . I don't see how you can draw that line.
20:43:57 [Wileys]
It is this same concept of responsibility in representation that leads to the Data Controller / Data Processor divide in the EU.
20:44:01 [susanisrael]
justin, it is worth further discussing how you draw that line
20:44:04 [bryan]
... sitting down with W3C staff, there aren't many more unresolved pieces in the document;much is stable
20:44:33 [rigo]
aleecia: I see. I say: We have a good definition, everybody was ok with it and we have a reasonable "should" for the tracking status. I do not see why we should get rid of that
20:44:40 [bryan]
... there may be some areas where more work is needed; issues can be created with leaders and small groups to work on them
20:44:46 [justin]
susanisrael, sure, I'm willing to have the conversation. I just don't see from peterswire's talk where that line logicially is, and why "real market research" would logically retain less data.
20:45:12 [aleecia]
Shane you've read the FIPPs. without knowing where your data goes, you cannot have notice, choice, access, or user-initiated redress
20:45:14 [bryan]
... two things not mentioned: default settings, and meaning of compliance to DNT
20:45:23 [aleecia]
and that's just the US subset
20:45:31 [susanisrael]
justin, i think he is suggesting it is better defined and arguably has a known scope in each instance
20:45:34 [justin]
Also, if there is a *narrow* carve-out for market research, that argues for a stronger locking down on the deidentification requirement.
20:45:35 [bryan]
... a continuing thread about the def of tracking
20:45:44 [bryan]
... the spec is the simple answer
20:45:59 [bryan]
... others have said no def is the way to proceed
20:46:01 [justin]
susanisrael, and I disagree at first blush, but willing to have the discussion! Maybe there's a silver bullet.
20:46:03 [aleecia]
Rigo that's not what Peter just suggested. He just suggested not even a should. Just: companies don't know where they send data, so don't worry about it.
20:46:08 [aleecia]
That's not reasonable at all.
20:46:12 [bryan]
... any def limits everything in the spec
20:46:28 [susanisrael]
aleecia, if a service provider has no rights to the data independently, your data does not 'go' there
20:46:34 [rigo]
+1 to Wileys It is funny that the service provider/ data processor is the only thing where we clearly opted for the EU model. Nowhere else we did that
20:46:45 [bryan]
... having a separate conversation about the meaning opens up revisitation of everything
20:46:56 [hefferjr]
I did not hear that companies don't know where they data before they send it, but they might not know (or update the list) in real-time to inform the user at time of collection.
20:47:01 [aleecia]
Susan if Amazon sends my home address and credit card number to FedEx, my data does go there.
20:47:03 [fielding]
IRC please
20:47:04 [bryan]
... David had put up a definition of tracking
20:47:09 [Wileys]
Aleecia, its a representation issue - as long as the 1st party takes responsibility then knowing the exact details of vendor relationships is not a required transparency element
20:47:18 [wseltzer]
[slide: "Tracking is the retention or use, after a transaction is complete, of data records that are, or can be, associated with a single user."]
20:47:19 [justin]
aleecia, I don't think that's what peterswire was suggesting. Just that you don't need to document to the user every service provider.
20:47:23 [johnsimpson]
Can we get in IRC
20:47:30 [justin]
aleecia, I don't think that's what peterswire was suggesting. Just that you don't need to document to the user every service provider.
20:47:36 [rigo]
aleecia, getting rid of that definition means that those other deliveries will become third parties according to the definitions we have currently in the specification
20:47:36 [efelten]
"Tracking is the retention or use, after a transaction is complete, of data records that are, or can be, associated with a single user."
20:47:38 [Wileys]
Aleecia, this aligns with FIPPs
20:47:40 [aleecia]
And I'm saying that secret databases are anathema to privacy protections
20:48:01 [bryan]
... there may be problems with this at a text level; but I invite any input on what may be a problem with this
20:48:04 [aleecia]
Not even asking for user control. Just transparency.
20:48:28 [rigo]
efelten: we have to define it in further detail for DNT 0 because we need clear permissions for the EU market
20:48:36 [bryan]
... now on procedures; the effort to simplify down the open issues; the bare bones is not that long, and is the normative representation
20:48:39 [susanisrael]
aleecia, too long for irc, but happy to discuss offline. If fedex has no right to retain your data, but it "passes through" their hands, it does not go (end up) there
20:48:42 [dsinger]
…notes that the definition was an attempt to 'shrink the ocean' -- if your data falls outside this, we're not interested; if inside, read on for the details.
20:48:45 [efelten]
I'm just quoting what Peter had on the slide, for those who aren't in the room.
20:48:52 [bryan]
... something that length should not take another year
20:48:54 [aleecia]
thanks, Ed
20:49:11 [susanisrael]
* Bryan, do you need me to scribe shortly?
20:49:17 [bryan]
sure
20:49:26 [rigo]
susanisrael, fedex is delivery. Can they take the data to profile the people delivered?
20:49:40 [Wileys]
Aleecia, Companies are not compelled to release their intellectual property - vendor relationships are part of the competitive landscape. There is no "secret database" there is only I'm working with company XYZ and who they decide to hire to assist them in that regard as a pure Service Provider is no different than still just working with company XYZ
20:49:43 [bryan]
... from Nov to now was a listening session, now we need to work hard on closing the issues
20:49:43 [dwainberg]
q+
20:49:45 [npdoty]
q?
20:49:45 [peterswire]
q;
20:49:48 [peterswire]
Q?
20:49:50 [fielding]
q+
20:50:09 [aleecia]
Susan happy to take you up on that, and this suggests at least some path forward: if we truly had short retention times for SPs, this would not be something I would like, but it would take me from body-on-the-tracks to being unhappy. Which would be a real upgrade.
20:50:13 [jmayer]
q+
20:50:18 [ChrisPedigoOPA]
q+
20:50:19 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/12-dnt-minutes.html wseltzer
20:50:35 [rigo]
Wileys: would you consider it harmful to have "should" of service providers in tracking status file?
20:50:40 [susanisrael]
rigo, don't think fedex is best example, but idea is a service provider cannot use or retain the data except to help the first party do something
20:50:56 [Wileys]
Rigo, I believe it should be a MAY (sorry to mix the terms in my response :-) )
20:51:02 [npdoty]
ack BerinSzoka
20:51:14 [rigo]
susanisrael, yes, this is exactly the idea I had in mind as an agreement
20:51:18 [bryan]
BerinSzoka: when you mentioned the harm question for the DAA, ... (could not summarize, help is welcome)
20:51:23 [rigo]
s/agreement/consensus/
20:51:27 [aleecia]
ouch
20:51:32 [tlr]
ouch in the room, too
20:52:00 [npdoty]
SORRY
20:52:53 [peterswire]
q?
20:53:06 [fielding]
I like the direction forward, but I think that where the charter says "This specification defines the meaning of a Do Not Track preference" it means a definition that can be adequately conveyed to a user that is making such a preference. I think that definition is the basis of all of the other definitions we have discussed, and should be understood first before attempting to decide smaller issues.
20:53:08 [rigo]
Wileys, yes, even a MAY, because if you don't, the browser MAY consider it a third party and block it
20:53:08 [wseltzer]
ack fielding
20:53:09 [npdoty]
q- dwainberg
20:53:14 [aleecia]
Berin's basic point is that he still does not agree we should do DNT, as I understood it, because he is not convinced there is harm.
20:53:19 [wseltzer]
q+ dwainberg
20:53:22 [dsinger]
roy, speak up and slowly
20:53:26 [aleecia]
Berin please tweak as needed
20:53:35 [johnsimpson]
David Singer: Does you definition apply to 1st parties?
20:53:40 [peterswire]
q?
20:53:42 [justin]
fielding, is dsinger's definition sufficient?
20:53:47 [bryan]
fielding: comment in irc; think the def of DNT is critical; we cant make reasonable statements re what the user is expecting without it
20:53:58 [Wileys]
Rigo, I'm fine with MAY and that company takes the risk their Service Providers are accidentally blocked
20:54:02 [wseltzer]
ack jmayer
20:54:18 [fielding]
dsinger, that's why I typed it in irc ;-)
20:54:26 [bryan]
jmayer: how would this approach apply to permitted uses other that those that were broader than they should have been
20:54:33 [dwainberg]
q-
20:54:37 [dsinger]
johnsimpson: it's just a definition of tracking; yes, it applies, but first parties are allowed to track
20:54:53 [bryan]
... would a site be able to set ID cookies despite a DNT 1 signal?
20:54:55 [BerinSzoka]
Aleecia, what I'm saying is that Peter (at least seemed to have) missed the important point Rachel made yesterday: the DAA opt-out was offered even because there was no demonstrated harm because the COST of doing so was so low because the adoption rate was expected to be so small, but that's completely different from a world where DNT adoption is several times higher--if not a majority of users globally
20:55:03 [susanisrael]
* Bryan, you ok? or should i scribe?
20:55:09 [bryan]
go ahead
20:55:23 [aleecia]
ah, you were giving history rather than making an argument. missed that, thank you
20:55:34 [npdoty]
scribenick: susanisrael
20:55:47 [bryan]
peter: financial reporting and audits are the longest lead time permitted uses
20:56:10 [BerinSzoka]
My broader point, Aleecia, is that, when we debate what DNT should mean, I think those who want to push DNT to limit practices that create value (that ultimately funds media) should bear the burden of establishing SOME kind of harm to justify the cost of their proposals
20:56:10 [johnsimpson]
David Singer: Thanks, that's how I understood it, though I would say that there would still be some limits on first party tracking, i.e., can't share the data...
20:56:16 [susanisrael]
peter: optimism re agreement on categories of permitted uses
20:56:38 [susanisrael]
on unique id i took this to be related to our de-identification discussion today, you all will help me understand better
20:57:03 [peterswire]
q>
20:57:03 [susanisrael]
there was discussion about what it would take to help us meet the de-id standard, and that's where we need to talk more about unique id
20:57:05 [justin]
deidentified data and permitted uses are different issues . . .
20:57:05 [npdoty]
q?
20:57:09 [peterswire]
q?
20:57:14 [wseltzer]
ack next
20:57:34 [fielding]
justin, dsinger's definition covers all data collection, not tracking across different websites (what the user means by do not track)
20:57:40 [rachel_thomas]
To clarify / correct Berin's note, my point yesterday was not an economic one. Rather that the DAA principles took into account potential harm in coming out with prohibitions for practices that had a strong potential for harm, versus an opt-out (or no permission needed) for practices that had no strong potential harm - OBA.
20:57:42 [susanisrael]
chris: thanks, peter. concerns re: data append.
20:57:42 [efelten]
I think Jonathan was asking whether Peter is suggesting that routine collection of ID cookies by third parties would be okay?
20:58:07 [susanisrael]
when first party goes to get more data re its users, there may be a service provider relationship
20:58:09 [susanisrael]
peter: i forgot to say that
20:58:24 [Zakim]
- +1.415.920.aaff
20:58:25 [BerinSzoka]
And, finally, it's worth noting that the DAA cross-site principles DO address real harm--without the need for consumers to excercise choice.
20:58:27 [dsinger]
johnsimpson: yes, if you are 'tracking', even as a 1st party, you should read the spec., it applies to you. Not very much if you are a first party, to be sure, but it does apply
20:58:37 [susanisrael]
chris: data added may be public data, or gained with some explicit consent, so don't think broad data append restriction is particularly helpful
20:58:40 [justin]
fielding, how about what I previously suggested: tracking is "the collection and retention of data across multiple parties' web domains in a form such that it can be attributed to a specific user or device."
20:58:41 [jmayer]
Yes, exactly Ed.
20:58:45 [BerinSzoka]
Peter simply dismissed those points
20:59:30 [susanisrael]
peter: factual q --need more help with this but append where data broker does not get the data is a service provider
20:59:35 [justin]
Could sub out "collection and retention" with "retention, sharing, and use" if you like . . .
20:59:53 [susanisrael]
chris: so that is transfer of data, vs broad restriction on all practices of data append
20:59:55 [fielding]
justin, I think that definition would be fine
21:00:06 [justin]
"ownership of data" . . . <shudder>
21:00:13 [susanisrael]
peter: this is an area where i want to learn more about service provider
21:00:30 [schunter]
schunter has joined #dnt
21:00:32 [susanisrael]
chrispedigo: i am frustrated on this issue, this is history on this
21:00:42 [johnsimpson]
justin, Roy: Please put full definition in IRC when you have it.
21:00:48 [npdoty]
I think we have a short thread on data append starting here: http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0002.html
21:01:00 [npdoty]
and the issue is 170: http://www.w3.org/2011/tracking-protection/track/issues/170
21:01:19 [fielding]
q+
21:01:19 [peterswire]
q?
21:01:19 [npdoty]
q?
21:01:20 [aleecia]
history is, we were waiting on a defn of data append
21:01:33 [aleecia]
which was attempted and wandered sideways
21:01:38 [wseltzer]
ack fielding
21:01:40 [susanisrael]
peter: i don't have all history, so some data append is a service provider relatioonship, but some is not and there may well be ways to draw lines, protecting against where data broker is enriching its own data base
21:01:42 [justin]
johnsimpson, my proposed definiton: the collection/retention/use/sharing of data across multiple parties' web domains in a form such that it can be attributed to a specific user or device." Which of those terms we use is dependent somewhat on how those terms are defined.
21:02:08 [susanisrael]
fielding: frustrated, if 1st party uses service provider to retarget data from its own site.......
21:02:21 [BerinSzoka]
gee, good thing we didn't actually dwell on those pesky harm and cost/benefit questions so we could race through this enormously long queue...
21:02:35 [susanisrael]
peter: is this the qu? if first party retargets based on surfing on own site using processer
21:02:52 [justin]
Could Amazon or Zappos use a third party ad network (in a service provider relationship) to serve ads based on its first-party data?
21:03:01 [johnsimpson]
q?
21:03:15 [susanisrael]
fielding: meant that service provider uses data from first party site to retarget user
21:03:17 [rvaneijk]
Justin: my view is no.
21:03:32 [vinay]
Is the use case to serve targeted content/ads on its own site, or on an unrelated site?
21:03:37 [susanisrael]
susan: not sure this use case exists but theoretically it could
21:03:41 [justin]
Curious what Peter's view is.
21:03:44 [justin]
q+
21:04:07 [vinay]
for example, is the question can Amazon use appended data from a service provider to serve targeted content on amazon.com; so long as the service provider cannot use any of amazon.'s data outside of this particular use cae
21:04:32 [justin]
vinay, unrelated site.
21:04:32 [dsinger]
q+
21:05:01 [susanisrael]
fielding: if dat ais being passed outside control of first party, and third party can use it then not permitted by dnt 1, but if still in 1st party control, then wouldn't that be outside dnt 1
21:05:17 [susanisrael]
peter: this is my first take on this
21:05:24 [susanisrael]
justin: follow up based on roy
21:05:31 [wseltzer]
ack justin
21:05:36 [vinay]
ah, okay -- i thought you were answering on a related site. on an unrelated site, i would consider that a company can't do that (if DNT:1 was enabled).
21:05:38 [dwainberg]
q+
21:05:43 [susanisrael]
can amazon use doubleclick as service provider
21:06:25 [susanisrael]
to retarget based on activity on its own site
21:06:41 [wseltzer]
ack next
21:06:49 [fielding]
works for me to say it is an issue going forward
21:06:50 [susanisrael]
peter: will work on that
21:07:12 [susanisrael]
davidsinger: wanted to reduce size of ocean when i wrote this definition
21:07:50 [fielding]
dsinger, I disagree -- we have been stalled for six months
21:07:52 [susanisrael]
I think we have on table a doc that has not changed much in 6 months, we have general consensus about shape of doc.
21:08:15 [susanisrael]
my feeling is we are not learning much any more, need to go ask people to go try to implement it
21:08:15 [aleecia]
+1 for getting a draft into the wider world
21:08:20 [aleecia]
and planning to revise
21:08:24 [peterswire]
q?
21:08:27 [susanisrael]
it's voluntary, need voluntary experimentation phase
21:08:50 [susanisrael]
also good that it's a global doc, so that helps implementers, it's global
21:09:20 [susanisrael]
let's just try to get something out, a last call which means it may not be right or perfect but let's get something out soon
21:09:37 [susanisrael]
peter: for other standards, is last call imperfect?
21:09:43 [susanisrael]
davidsinger, yes
21:09:55 [peterswire]
q?
21:10:15 [npdoty]
ack dwainberg
21:10:27 [susanisrael]
dwainberg: we were mixing up a lot of issues
21:10:30 [LmastriaDAA]
q+
21:10:44 [susanisrael]
peter: this is partly the chair not having worked through all the pieces before
21:11:21 [susanisrael]
peter: with your help and help form others, let's try to get issue out in next couple weeks
21:11:24 [fielding]
Can we please put Justin's definition insetad?
21:11:38 [ChrisPedigoOPA]
q+
21:11:41 [susanisrael]
peter: let's consider david singer's definition
21:11:43 [fielding]
s/insetad/instead/
21:11:43 [fielding]
q+
21:12:01 [peterswire]
q?
21:12:22 [susanisrael]
rachel: not an all inclusive concern but any customer list would be included as tracking going forward
21:12:30 [wseltzer]
[slide text: "Tracking is the retention or use, after a transaction is complete, of data records that are, or can be, associated with a single user."]
21:12:33 [susanisrael]
peter: so problem is that this is not limited to online?
21:12:34 [rvaneijk]
q+
21:12:36 [Wileys]
+q
21:12:38 [susanisrael]
rachel: even online
21:12:48 [justin]
q+
21:12:55 [susanisrael]
rachel: transaction is a broad word
21:12:58 [Joanne]
*thanks Wendy
21:13:10 [npdoty]
to be clear, we could include many things in tracking and then narrow it later (to third-party, to non-permitted uses, to retention beyond a short-term period)
21:13:23 [peterswire]
q?
21:13:29 [npdoty]
ack LMastriaDAA
21:13:36 [aleecia]
historical note: we are not limited to HTTP
21:13:36 [susanisrael]
peter: any short definition may be amplified elsewhere, but what about offline and through http header
21:13:44 [aleecia]
SPDY was the example there
21:14:00 [susanisrael]
aleecia, i was told by w3c that we were limited to http
21:14:14 [susanisrael]
lou mastria: we have a definition
21:14:18 [susanisrael]
peter: pls send language
21:14:21 [peterswire]
q?
21:14:27 [wseltzer]
ack ChrisPedigoOPA
21:14:42 [rachel_thomas]
DAA definition of multi-site data is "data collected from a particular computer or device regarding Web viewing over time and across non-Affiliate Web sites."
21:14:43 [aleecia]
that is incorrect
21:14:50 [susanisrael]
chris pedigo: echoing lou: "over time and across sites"
21:14:53 [aleecia]
that = limited to HTTP
21:15:05 [fielding]
tracking should be about user activity across sites
21:15:12 [wseltzer]
ack fielding
21:15:13 [justin]
rachel_thomas, that's very similar to my proposed definition
21:15:13 [susanisrael]
peter: so across unaffiliated sites over time
21:15:17 [dsinger]
by 'transaction' I meant 'HTTP transaction' i.e. a request and response
21:15:23 [jmayer]
q+
21:15:25 [susanisrael]
fielding: [can't hear roy]
21:15:41 [rachel_thomas]
justin, can you repost your definition - missed it.
21:15:41 [justin]
My definition: the retention, use, or sharing of data across multiple parties' web domains in a form such that it can be attributed to a specific user or device." Which of those terms we use is dependent somewhat on how those terms are defined.
21:15:42 [rachel_thomas]
thx!
21:16:01 [susanisrael]
[add daa language to ds language
21:16:16 [peterswire]
q?
21:16:20 [wseltzer]
ack rachel_thomas
21:16:24 [wseltzer]
ack rvaneijk
21:16:28 [npdoty]
fielding: would prefer to refer to tracking across sites, which is closer to [what I think of as] tracking
21:16:28 [npdoty]
ack rvaneijk
21:17:01 [justin]
q_
21:17:03 [justin]
q-
21:17:15 [johnsimpson]
q+
21:17:17 [efelten]
Would like to understand how, if at all, "web viewing" differs from "HTTP transactions".
21:17:22 [rigo]
I think that DNT:0 is sometimes needed beyond only cross site permissions. So reducing the scope may backfire here
21:17:30 [susanisrael]
rob van eijk: 2 issues. I would like to append "by a party or other person" to reflect data controller unable to do it
21:17:36 [fielding]
npdoty, to what we are trying to define under do not track (and hence would want to explain to a user)
21:17:52 [robsherman]
+q
21:18:01 [aleecia]
Cross-site only doesn't at all seem a reasonable defn of tracking (though we may or may not limit what we care about that way)
21:18:14 [susanisrael]
rob van eijk : scope still limited to one who is processing, account for possible risk associated with abilities of others
21:18:22 [johnsimpson]
Do we have DAA definition
21:18:43 [tlr]
"Data Collected from a particular comuter or device regarding Web viewing over time and across non-Affiliate Web Sites"
21:18:45 [justin]
aleecia, sure we could define "tracking" as knowing more than one fact about a particular individual. But I'm not sure why that helps us (for the record, I'm not sure how any of this helps us).
21:18:52 [efelten]
DAA definition (on slide): "data collected from a particular computer or device regarding Web viewing over time and across non-Affiliate Web Sites."
21:18:54 [susanisrael]
[yanni can you copy the definitions into irc]
21:18:56 [justin]
Issue 5!
21:19:09 [fielding]
issue-5?
21:19:09 [trackbot]
ISSUE-5 -- What is the definition of tracking? -- raised
21:19:09 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/5
21:19:10 [npdoty]
q+ to discuss editors' handling
21:19:23 [susanisrael]
peter: need an issue on this, there has been a big appetite for it
21:19:53 [susanisrael]
rob van eijk: 2nd issue, we somehow need to include something about unlinkable state as well as de-id state
21:20:02 [aleecia]
We're going to set scope in many, many places
21:20:04 [peterswire]
q?
21:20:07 [johnsimpson]
q?
21:20:08 [susanisrael]
peter: my own take is that it's out of scope by de-id
21:20:09 [rachel_thomas]
q+
21:20:12 [npdoty]
ack Wileys
21:20:12 [wseltzer]
ack Wileys
21:20:19 [aleecia]
I'd do an intellectually honest defn of tracking and then limit scope as applicable
21:20:34 [johnsimpson]
Do we have DAA in IRC, I've not seen it?
21:20:43 [rachel_thomas]
i put it in earlier john
21:20:44 [npdoty]
DAA definition (on slide): "data collected from a particular computer or device regarding Web viewing over time and across non-Affiliate Web Sites."
21:20:51 [rachel_thomas]
thanks nick.
21:20:55 [johnsimpson]
sorry see it now
21:21:10 [susanisrael]
wileys: both daa and justin's defnition use terms particular or specific, whereas in your definition you say a single, but de-identification schemes often resolve to something single, but not particular and specific
21:21:21 [rigo]
efelten: and across non-Affiliate Web Sites should be tight to DNT:1 and not to entire DNT. Otherwise it kills DNT:0 meaning as it would only mean agreement to cross site collection and no permission for first party collection...
21:21:37 [jmayer]
q+ later
21:21:44 [rigo]
s/entire DNT/entire specification/
21:21:46 [jmayer]
q-
21:21:47 [susanisrael]
peter: david is that ok?
21:21:50 [susanisrael]
david: yes
21:21:52 [peterswire]
q?
21:22:04 [justin]
ack johnsimpson
21:22:16 [tlr]
john, please restart
21:22:31 [wseltzer]
johnsimpson: What concerns me about both definitions, is that they elide a number of activities traditionally considered tracking
21:22:39 [Zakim]
-BerinSzoka.a
21:22:42 [aleecia]
+1
21:22:43 [fielding]
yes, but what does the user want when they check that DNT box?
21:23:01 [aleecia]
to be treated as if they were brand new each time
21:23:15 [fielding]
by first parties?
21:23:19 [susanisrael]
johnsimpson: there are whole sets of experiences that should be intuitively considered tracking, including one that is first party, so if you go with david singer's idea that it applies to all, should apply to third parties
21:23:19 [justin]
aleecia, I could certainly live with a broader definition of tracking to note that first party tracking is a thing. But limiting to third-party tracking is a closer approximation of what we're doing here. And even that we're not totally stopping.
21:23:54 [rigo]
justin, but it creates a logic gap for varies things we do
21:24:07 [aleecia]
That's fine, Justin, but the idea that first parties don't track is absurd on its face. That we ask less of first parties is deeply established, I'm not attacking that. But first parties do track.
21:24:09 [rigo]
so it is bad drafting IMHO
21:24:17 [aleecia]
If we're defining tracking, let's do it honestly.
21:24:18 [rachel_thomas]
the DAA definition is from https://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf. Note that the full doc includes permitted uses, prohibitions (against use for eligibility purposes), responsibilities for first, third and service providers, etc.
21:24:22 [ChrisPedigoOPA]
q+
21:24:29 [aleecia]
And cross-site is not required for tracking either.
21:24:46 [efelten]
Rachel, does it contain any limitations on collection or retention?
21:24:50 [rachel_thomas]
yes.
21:24:52 [aleecia]
We're defining a term. We should be able to have another group copy & paste our defn and use it.
21:24:55 [efelten]
What limitations?
21:25:02 [fielding]
aleecia, the traditional meaning of tracking does not involve activity at a single site -- it is following someone as they travel across some distance (not the same site)
21:25:05 [susanisrael]
peter: so if there are 43 clicks on first party sites is that tracking, is that the issue?
21:25:22 [justin]
aleecia, you want a definition that Field and Stream could cut and paste to use?
21:25:45 [aleecia]
"traditional"? <grin>
21:26:03 [rigo]
rachel_thomas: you're right, the DAA definition was taken out of context
21:26:13 [fielding]
aleecia, when a user says "tracking is bad", what do you think they mean?
21:26:13 [susanisrael]
chris pedigo: we have agreed to carve out first parties, my belief is that first parties should be completely exempt, and we should be allowed to share datas, but agreed to limit on sharing data to avoid a loophole
21:26:21 [aleecia]
justin if any other W3C WG later grabs the defn and says "here's what tracking is" they shouldn't need to edit it
21:26:38 [rachel_thomas]
Ed, The Data Security Principle requires entities to provide reasonable security for, and limited retention of, data collected and used for OBA/MSD purposes. http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf
21:26:47 [susanisrael]
chrispedigo: concerned about unintended consequences, and having it be deemed to apply to first parties
21:26:49 [Chris_IAB]
Chris_IAB has joined #dnt
21:26:55 [peterswire]
q?
21:27:19 [justin]
aleecia, to be clear, I think this discussion is more about coming up with a definition of what we're trying to address in a scope section rather than an operational definition. Because, you know, "tracking" is not an operational term in the document.
21:27:28 [susanisrael]
john simpson: i thought purpose of working group was to provide choice about what data collected and for average user collection of data is an issue regardless
21:27:56 [rigo]
rachel_thomas: nice definition for what "cross-site" means. I think defining first parties away is a mistake. We can talk about permissions or only limited requirements for first parties, but ruling them out of scope is unwise IMHO
21:27:56 [aleecia]
then let's have a section that specifically says "if X isn't you, ignore this doc" rather than trying to shoehorn it into a defn that doesn't actually work out
21:28:11 [vincent]
rachel_thomas, so it's just focusing on data used for OBA right? ohter collection is not considered as tracking?
21:28:13 [rachel_thomas]
Ed, limits on collection are included on page 2 - https://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf
21:28:21 [aleecia]
agree with David Singer that there's a whole world who can ignore or just read a very tiny portion, and we should help them out
21:28:21 [susanisrael]
in a trade off we decided fewer limits on 1st party sites, but we got around this by avoiding definition, but since so much demand for one i think we need to acknowledge all kinds of tracking
21:28:22 [justin]
aleecia, I think there are a lot of people in the group who would prefer this discussion just to go into SCOPE.
21:28:32 [aleecia]
so do a scope section
21:28:44 [Chris_IAB]
How about:  "Tracking is the retention of a user's Web browsing history over time, across unaffiliated sites, that is linked or may be reasonably linkable to a unique device." 
21:28:46 [jmayer]
Rachel, could you provide a few concrete examples of collection or retention practices that would be prohibited by the DAA principles?
21:28:50 [aleecia]
we've intertwined defn and scope. not sure that's a great idea.
21:28:55 [rachel_thomas]
vincent, good question. NO. The multi-site data principles (https://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf) expand upon the OBA principles (http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf) to cover all multi-site data, not just OBA.
21:29:01 [npdoty]
(in fact, the title of the document is "Tracking Compliance and Scope")
21:29:05 [Chris_IAB]
q+
21:29:06 [susanisrael]
peter: we are having this conversation and including idea of no defintion, "null" which is still on table, but here we are exploring language we could use if we have a definition
21:29:12 [efelten]
Rachel, I see a limitation of retention to "as long as needed …" Thanks for that. Is there a limit on collection somewhere?
21:29:18 [dwainberg]
q?
21:29:41 [rachel_thomas]
jmayer, i believe i answered your question in my two posts directed at ed felten.
21:29:42 [susanisrael]
rob sherman: wanted to respond briefly to exchange between chris and john, and i think there is less defintiion than is apparent, about what goes into defintion of tracking
21:30:06 [susanisrael]
generally i think this group has been on same page.....think this is about framing defintion not about what we actually do
21:30:21 [jmayer]
Rachel, you pointed to language. Many have objected that the language does not actually limit practices. I'd like to understand, through examples.
21:30:29 [susanisrael]
peter: trying to understand, let me proble: do you see any defintions between what is permitted?
21:30:51 [susanisrael]
rob sherman: i actually don't fully understand john simpson's approach
21:30:55 [rachel_thomas]
the language outlines buckets - clearer than one-off examples.
21:31:10 [susanisrael]
what is the effort we are making with defintions on screen, which they are debating?
21:31:24 [justin]
q?
21:31:26 [aleecia]
Limiting to across sites (affiliated or not) doesn't make sense for a defn of tracking. It may make perfect sense for scope.
21:31:27 [ChrisPedigoOPA]
q+
21:31:33 [justin]
q+
21:31:57 [susanisrael]
peter: one reason to have defintion of tracking is that it sets defintion of what is in scope.....put people on alert, hey you are inside scope of spec
21:32:32 [susanisrael]
this definition would be an alert of who is covered....another possibility, would be to say here is a guide to what we think is tracking but this is not binding part of spec
21:32:33 [jmayer]
Rachel, I have difficulty understanding to contours of the permitted use buckets. Peter has testified on the Hill that they're practically unlimited. If you can't give examples, it seems fair to assume the permitted uses are so broad as to swallow the collection rules.
21:32:51 [susanisrael]
another way to go is this is normative part of spec
21:32:55 [peterswire]
q?
21:32:59 [susanisrael]
this is why this is important discussion
21:33:11 [bryan]
scribenick: bryan
21:33:18 [susanisrael]
scribenick: bryan
21:33:27 [fielding]
TPE requires a definition of tracking
21:33:42 [dwainberg]
q+
21:33:51 [fielding]
or at least what DNT: 1 conveys
21:34:07 [npdoty]
ack npdoty
21:34:07 [Zakim]
npdoty, you wanted to discuss editors' handling
21:34:08 [bryan]
nick: the editors could put a def in and rewrite the rules so they address that term, it wouldn't change the substance; as a question for the editors...
21:34:10 [npdoty]
ack robsherman
21:34:21 [bryan]
peter: is it just a rewriting matter?
21:34:39 [susanisrael]
justin and roy, thinking about the retargeting using only first party data i think the issue there is really a first party turning around and acting as a third party, not really a service provider issue
21:35:00 [fielding]
q+
21:35:04 [justin]
q-
21:35:11 [bryan]
justin: instead of making a def for a word that does not matter in the document, we could address this in the scope so it does not affect normative text
21:35:23 [bryan]
peter: is the scope normative?
21:35:56 [fielding]
it would be odd for scope to be normative
21:35:56 [bryan]
tlr: it can be, or not. depends upon how the scope is written
21:36:21 [peterswire]
q?
21:36:28 [npdoty]
ack rachel_thomas
21:36:28 [rachel_thomas]
q-
21:36:30 [justin]
I am not proposing that we write the Scope discussion of "tracking" (why are we here?) to be normative.
21:36:30 [npdoty]
ack jmayer
21:36:33 [bryan]
peter: the binding about the def of tracking would need to follow with a decision on the normative impact of that def
21:36:54 [bryan]
jmayer: suggest that the group should move onto another topic
21:37:11 [npdoty]
agree with fielding that it might be unusual for Scope to be normative; in HTML5 for example: http://www.w3.org/TR/html5/introduction.html#scope
21:37:17 [fielding]
actually, no, we have been procedurally prevented from talking about tracking definition in any meaningful way
21:37:21 [bryan]
... if we are to agreement, it will be thru competing text proposals
21:37:30 [peterswire]
q?
21:37:39 [bryan]
... urge that we not define tracking, even moreso that we don't talk about it
21:38:04 [Zakim]
+Alan
21:38:11 [peterswire]
q?
21:38:17 [npdoty]
ack ChrisPedigoOPA
21:38:23 [bryan]
peter: as co-chair I have not understood these issues, and this helps; also ecosystem stakeholders have asked for this discussion; but it will end soon
21:38:47 [npdoty]
is the concern actually issue-6 rather than issue-5?
21:38:53 [npdoty]
issue-6?
21:38:53 [trackbot]
ISSUE-6 -- What are the underlying concerns? Why are we doing this / what are people afraid of? -- closed
21:38:53 [trackbot]
http://www.w3.org/2011/tracking-protection/track/issues/6
21:39:03 [bryan]
chrispedigoOPA: this def does help identify the problem we are trying to solve, and it includes over time and cross-site
21:39:37 [npdoty]
"capture the lens through which we're looking"
21:39:42 [bryan]
... as this doc evolves, it's important for future users that we capture the lens through which we are looking
21:39:54 [peterswire]
q?
21:40:09 [bryan]
peter: i need to understand the current things that 1st parties re not passing on
21:40:14 [npdoty]
justin and heather, we have "2. Scope and Goals" empty now with a link to issue-6
21:40:30 [npdoty]
... with the note that we would come back to it later
21:40:47 [peterswire]
q?
21:40:50 [npdoty]
ack Chris_IAB
21:40:56 [bryan]
chrismejia: I have 3rd party tracking as the retention of user's web behavior over time that may be linked to a particular user or device (chris please correct as needed)
21:41:05 [rvaneijk]
rvaneijk has joined #dnt
21:41:07 [npdoty]
Chris_IAB, can you drop that definition into IRC in case we didn't get the language correctly in scribing?
21:41:11 [npdoty]
ack dwainberg
21:41:36 [bryan]
dawinberg: there is I think consensus that use of 1st party data in that context is definitely out of scope
21:41:56 [robsherman]
q?
21:42:03 [bryan]
... it would thus be more precise not to talk about the party, but the data in the context of collection and use
21:42:05 [npdoty]
s/dawinberg/dwainberg/
21:42:38 [rigo]
if you want to define tracking, please help with the definition of DNT:0 in the global considerations
21:42:40 [Chris_IAB]
Here ya go: "3rd Party Tracking is, for the purpose of this spec, the retention of a user's Web browsing history over time, across unaffiliated sites, that is linked or may be reasonably linkable to a unique device."
21:42:44 [npdoty]
would it put less burden on the permitted uses? incorporating a permitted use into a one sentence definition of tracking seems like a great challenge
21:42:47 [bryan]
... on the def of tracking, we put less of a burden on permitted uses when we define it; enable more innovation and flexibility in the spec to accomodate it
21:43:17 [bryan]
... what is lacking in David's def is more explanation of the type of data that is included in tracking
21:43:39 [bryan]
... e.g. browsing history is in, similar to data on web viewing over time
21:43:45 [peterswire]
q?
21:43:52 [npdoty]
ack fielding
21:44:06 [bryan]
fielding: scope def is important but defining user preference is more important
21:44:08 [Chris_IAB]
q+
21:44:12 [efelten]
We should be talking in terms of HTTP (which the server sees, and which is the protocol carrying the headers) vs. "web browsing" which is a user-interface notion.
21:44:14 [aleecia]
New topic - can we do one at a time, please?
21:44:25 [bryan]
... we need a simple way for users to define their preference
21:44:35 [npdoty]
"need to have a simple way of informing the user"
21:44:51 [peterswire]
q?
21:44:59 [bryan]
... reason we are here is to adhere to user preference; that's why we are focusing on a def of user tracking
21:45:04 [wseltzer]
ack Chris_IAB
21:45:13 [aleecia]
for what it's worth, I disagree with Roy still. Not a surprise to anyone so I'll keep out of the queue.
21:45:33 [aleecia]
But in case we're doing the "sustained objection" model. Users are not asking for cross-site only.
21:45:44 [rigo]
web-history sounds compelling, but what about the combination with data from other sources?
21:45:54 [bryan]
Chris_IAB: it's easier to solve for n, when we know what n is. Offering a narrow def for this spec and purpose creates an n that is solvable
21:45:54 [npdoty]
do we have a separate issue for user presentation / education? if Roy's concern is less scoping and more user presentation, that might be something we can take up separately
21:46:37 [bryan]
... disagree with the assertion that it would be a waste of time to revisit when n included everything. it would be worthwhile to reconsider
21:46:45 [aleecia]
Agree that's a distinct issue. Not sure there's much we can say there (see discussion Alan and I had yesterday) but we might at least get some good "shoulds" there, which would make me happier.
21:46:53 [johnsimpson]
This is from the charter: "The Working Group will produce Recommendation-track specifications for a simple machine-readable preference expression mechanism ("Do Not Track") and technologies for selectively allowing or blocking tracking elements." Does not say only third party tracking.
21:47:10 [fielding]
aleecia, until we define what users are actually asking, I don't see how you can make any assumptions about what they are asking
21:47:17 [aleecia]
Users would like DNT to stop first party tracking
21:47:19 [bryan]
peter: a path for compliance, from here; we have worked on compliance, and a def of tracking; some of the fault lines are clearer
21:47:29 [npdoty]
I think we've lost Chapell for the afternoon, but he might be interested in working with fielding on the importance of user presentation.
21:47:50 [aleecia]
Nick that sounds like a constructive approach forward.
21:48:06 [Chris_IAB]
johnsimpson, respectfully, it depends on how you define the word "track" in the context of "do-not-track"
21:48:32 [bryan]
... the remaining pieces are permitted uses, service provider de-id, market research, and provisioninally the def of tracking
21:48:41 [bryan]
... that is not a huge # of things
21:48:44 [Chris_IAB]
my point is that we have to agree on the definitions of the words we use in a scope to understand the scope itself
21:48:51 [fielding]
npdoty, please don't try to relegate this to an out of scope discussion on UI. What I want is a required deliverable of the WG.
21:49:06 [rigo]
fielding: part of the issue is really that aleecia's research created evidence that users want that "off" button and that the industry fears that this is too much in the current eco-system. A dilemma IMHO
21:49:07 [Wileys]
Aleecia, could you please reference the source of data you are referring to in your assertions of what all users want? It would be helpful to review the integrity of the research your relying upon in your declarations.
21:49:07 [bryan]
... a reasonable list that can be addressed; I intend to work directly to get specific text to close the issues
21:49:23 [npdoty]
fielding, I was hoping to divert discussions on UI into a more helpful discussion on what we need for effective communication to the user
21:49:26 [bryan]
... I will push, and you have your chance to let me know what you think
21:49:50 [bryan]
... that's it for the agenda for today
21:49:51 [rigo]
Wileys: I've seen aleecia's research presented on several occasions. see above, it is a dilemma, somewhat.
21:49:52 [justin]
+q
21:49:56 [aleecia]
Shane, your implicit point that users want different things is correct.
21:50:02 [rigo]
how to get out: more communication
21:50:08 [wseltzer]
[Mead Hall]
21:50:17 [Mark_Vic_]
Mark_Vic_ has joined #dnt
21:50:25 [npdoty]
http://www.themeadhall.com/
21:50:26 [rigo]
backside of legal seafood
21:50:37 [aleecia]
There's work from Berkeley as well
21:51:09 [bryan]
mschunter: there a re minor changes to the agenda, just reshuffling; we can maybe take less time
21:51:25 [aleecia]
Some of what I reference was not published; we did a large study at Mozilla of Mozilla users on the geek side. More representative than I would have expected, but assuredly not a random sample.
21:51:38 [aleecia]
And Microsoft has done their own research as well
21:51:44 [johnsimpson]
where do we subscribe to the list
21:51:50 [bryan]
... we have a special public tracking annc list, enabling only chairs to post issues, sort of a warning function
21:51:52 [npdoty]
http://lists.w3.org/Archives/Public/public-tracking-announce/
21:51:56 [Wileys]
John - you are already subscribed
21:51:59 [npdoty]
members of the working group are already subscribed
21:52:13 [aleecia]
As for tradeoffs, once again I point you to the Annenberg work that's been replicated many times
21:52:24 [bryan]
... will send a message to the list to let those know who are on it
21:52:26 [Wileys]
thank you Aleecia - I'll take the weight of your assertions with the transparency their supporting representation is provided.
21:53:05 [bryan]
peter: one method to warn you of issue closing
21:53:05 [jmayer]
+q
21:53:09 [aleecia]
parse failure. I mean, I get there's snark, but I'm not sure what you were trying to say since the grammar there failed
21:53:12 [bryan]
... you will have a chance to object
21:53:27 [Zakim]
-BrianHuseman
21:53:47 [npdoty]
ack justin
21:54:12 [bryan]
justin: you said we would reintro market research and permitted use; what is the plan?
21:54:23 [bryan]
... eg work up permitted use language?
21:54:32 [bryan]
peter: will work offline on that
21:54:42 [npdoty]
David Stark, Richard Weaver, Justin Brookman -- all good people to talk together on the market research issue
21:55:19 [Wileys]
Aleecia, apologies, I see the grammar miss now. I mean to say it'll be difficult to put much weight behind your assertions without supporting evidence (aka - lack of transparency). So feel free to continue to share your beliefs of what "all users want" but please understand if many of us don't place as much confidence in those assertions as we could if there was reliable, well-thought out research
21:55:19 [Wileys]
approaches behind it. That rarely exists in this space unfortunately.
21:55:24 [bryan]
jmayer: concern that there are some interdependencies on issues; we might get more work done up front with a constelllation of options rather than tackling each issue
21:55:49 [bryan]
... e.g. browser-based API for exceptions; some have suggested a linkage with the consent standard
21:56:02 [bryan]
... knowing that linkage in advance would help
21:56:04 [aleecia]
Shane - I've just given you pointers to research from multiple organizations. You've likely read all of them already.
21:56:40 [aleecia]
You're right that I short cut "the majority of users" to "users" and did not in any way mean to imply "all users." If you seriously mistook that, sorry for the short hand. That was not my intent.
21:56:42 [bryan]
peter: sympathy for that proposal; we may get to options for issues and note that solutions are related to other issues, with provisional closure
21:57:05 [aleecia]
Users are absolutely not a monolithic block, which is a point you'll find I make frequently
21:57:10 [bryan]
... until the related discussions are done we will not have final closure; would that help?
21:57:17 [bryan]
jmayer: entirely reasonable
21:57:19 [Zakim]
-Joanne
21:57:22 [Zakim]
-hefferjr
21:57:26 [npdoty]
Zakim, list attendees
21:57:26 [Zakim]
As of this point the attendees have been BrianHuseman, tlr, kulick, MIT-Star, johnsimpson, vincent, yianni, Aleecia, vinay, +1.202.656.aaaa, Jonathan_Mayer, Joanne, BerinSzoka,
21:57:29 [Zakim]
... Dan_Auerbach, walter, +1.202.639.aabb, hefferjr, +1.206.658.aacc, +1.646.654.aadd, MIT346, +1.202.656.aaee, Fielding, Mark_Vickers, +1.415.920.aaff, Alan
21:57:29 [Zakim]
-Aleecia
21:57:29 [Zakim]
-Alan
21:57:30 [npdoty]
rrsagent, please draft minutes
21:57:30 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/02/12-dnt-minutes.html npdoty
21:57:32 [Zakim]
-BerinSzoka
21:57:32 [Zakim]
-vincent
21:57:35 [wseltzer]
[Today's meeting concluded]
21:57:37 [Zakim]
-Mark_Vickers
21:57:43 [Zakim]
-vinay
21:57:44 [Zakim]
-johnsimpson
21:57:46 [johnsimpson]
johnsimpson has left #dnt
21:57:50 [npdoty]
Zakim, drop MIT-Star
21:57:50 [Zakim]
MIT-Star is being disconnected
21:57:51 [Zakim]
-MIT-Star
21:57:56 [Zakim]
-Jonathan_Mayer
21:59:23 [Zakim]
-kulick
21:59:26 [Zakim]
-Fielding
21:59:27 [Zakim]
Team_(dnt)13:55Z has ended
21:59:27 [Zakim]
Attendees were BrianHuseman, tlr, kulick, MIT-Star, johnsimpson, vincent, yianni, Aleecia, vinay, +1.202.656.aaaa, Jonathan_Mayer, Joanne, BerinSzoka, Dan_Auerbach, walter,
21:59:27 [Zakim]
... +1.202.639.aabb, hefferjr, +1.206.658.aacc, +1.646.654.aadd, MIT346, +1.202.656.aaee, Fielding, Mark_Vickers, +1.415.920.aaff, Alan
22:35:27 [BillScannell]
BillScannell has joined #dnt
22:42:20 [dsinger]
dsinger has joined #dnt
22:58:20 [npdoty]
npdoty has joined #dnt