16:48:23 RRSAgent has joined #dnt 16:48:23 logging to http://www.w3.org/2013/02/20-dnt-irc 16:48:27 trackbot, start meeting 16:48:29 RRSAgent, make logs world 16:48:31 Zakim, this will be 16:48:31 I don't understand 'this will be', trackbot 16:48:32 Meeting: Tracking Protection Working Group Teleconference 16:48:32 Date: 20 February 2013 16:48:49 chair: Swire 16:48:55 zakim, this will be TRACK 16:48:55 ok, tlr; I see T&S_Track(dnt)12:00PM scheduled to start in 12 minutes 16:48:56 eberkower has joined #dnt 16:49:33 T&S_Track(dnt)12:00PM has now started 16:49:40 +eberkower 16:50:23 hi all, I'm double booked today and will be on IRC for now but try to dial in later 16:50:24 npdoty has joined #dnt 16:50:34 Zakim, this will be 87225 16:50:34 ok, npdoty; I see T&S_Track(dnt)12:00PM scheduled to start in 10 minutes 16:50:40 rrsagent, make logs public 16:50:49 meeting: Tracking Protection Working Group teleconference 16:50:54 chair: peterswire 16:51:09 agenda: http://www.w3.org/mid/CD4921EC.6EAAD%25peter@peterswire.net 16:51:54 Yianni has joined #DNT 16:53:06 zakim, ipcaller is walter 16:53:06 sorry, Walter, I do not recognize a party named 'ipcaller' 16:53:15 zakim, who is on the phone? 16:53:15 I notice T&S_Track(dnt)12:00PM has restarted 16:53:17 On the phone I see eberkower, [IPcaller] 16:53:18 +npdoty 16:53:27 zakim, IPcaller is walter 16:53:27 +walter; got it 16:53:27 zakim, IPcaller is Walter 16:53:28 sorry, Walter, I do not recognize a party named 'IPcaller' 16:53:35 :-) 16:53:44 zakim, call thomas-781 16:53:44 ok, tlr; the call is being made 16:53:46 +Thomas 16:53:50 tlr: it has become self-aware? 16:54:01 that isn't novel 16:54:04 zakim, mute thomas 16:54:04 Thomas should now be muted 16:54:17 it still should be open sourced 16:54:38 peterswire has joined #dnt 16:55:23 + +44.772.301.aaaa 16:55:38 ack thomas 16:55:45 zakim, mute thomas 16:55:45 Thomas should now be muted 16:55:51 ack thomas 16:56:05 zakim, aaaa is PhilPearce 16:56:05 +PhilPearce; got it 16:56:09 zakim, mute thomas 16:56:09 Thomas should now be muted 16:56:32 phildpearce has joined #dnt 16:56:40 zakim, PhilPearce is nick phildpearce 16:56:40 I don't understand 'PhilPearce is nick phildpearce', tlr 16:56:41 rigo has joined #dnt 16:56:49 zakim, nick phildpearce is PhilPearce 16:56:49 ok, tlr, I now associate phildpearce with PhilPearce 16:56:50 +Aleecia 16:56:55 + +1.404.385.aabb 16:56:59 zakim, code? 16:56:59 the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), rigo 16:57:02 404 number is swire 16:57:09 zakim, aabb is peterswire 16:57:09 +peterswire; got it 16:57:17 hi all… regrets for missing the beginning of the meeting. I'll be watching IRC for now but try to dial in later. 16:57:20 Zakim, who is making noise? 16:57:24 aleecia has joined #dnt 16:57:32 npdoty, listening for 10 seconds I could not identify any sounds 16:57:36 hefferjr has joined #dnt 16:57:39 -PhilPearce 16:57:43 +Rigo 16:57:44 +[IPcaller] 16:57:49 zakim, mute me 16:57:49 Rigo should now be muted 16:57:52 ok, i muted until we start. took care of background noise? 16:57:53 +PhilPearce 16:57:56 zakim, [ipcaller] is me 16:57:56 +moneill2; got it 16:58:00 peterswire: yes, that was helpful 16:58:16 + +1.408.836.aacc 16:58:16 +hefferjr 16:58:20 peterswire: if you can get a headset at the last minute... 16:58:22 the noise was the chair's effort to eat before the call; sorry on that 16:58:31 + +1.202.587.aadd 16:58:43 kulick has joined #dnt 16:59:01 Zakim, aacc is kulick 16:59:02 +kulick; got it 16:59:10 ninjamarnau has joined #dnt 16:59:13 + +49.431.98.aaee 16:59:20 fielding has joined #dnt 16:59:30 zakim, aaee is ninjamarnau 16:59:30 +ninjamarnau; got it 16:59:40 Zakim, aadd is Yianni 16:59:40 +Yianni; got it 16:59:46 +Fielding 17:00:01 Zakim, mute yianni 17:00:02 Yianni should now be muted 17:00:10 volunteer to scribe? 17:00:26 sorry, it is bloody hard when you're on skype and not a native speaker 17:00:43 vinay has joined #dnt 17:00:54 justin has joined #dnt 17:00:56 +[Apple] 17:01:00 zakim, [apple] has dsinger 17:01:00 +dsinger; got it 17:01:03 JC has joined #DNT 17:01:07 zakim, who is making nosie? 17:01:07 I don't understand your question, dsinger. 17:01:12 agenda? 17:01:13 +[CDT] 17:01:19 + +1.202.331.aaff 17:01:22 + +1.650.704.aagg 17:01:23 +Keith_Scarborough 17:01:25 scribenick: moneill2 17:01:29 +Peder_Magee 17:01:45 Keith has joined #dnt 17:01:51 haakonfb has joined #dnt 17:01:52 + +1.703.888.aahh 17:02:16 +[Microsoft] 17:02:18 + +1.917.934.aaii 17:02:18 review Boston work plan 17:02:26 zakim, aaii is vinay 17:02:26 +vinay; got it 17:02:28 zakim, who is making noise? 17:02:30 zakim mute me 17:02:39 dsinger, listening for 10 seconds I heard sound from the following: [Microsoft] (14%), vinay (7%), peterswire (88%), Keith_Scarborough (2%) 17:02:49 peterk has joined #dnt 17:02:58 constructive meeting in boston now time for action items 17:02:59 jeffwilson has joined #dnt 17:03:00 zakim, mute me 17:03:00 vinay should now be muted 17:03:04 robsherman has joined #dnt 17:03:09 Thanks Adrian, I'm aware. It's just good to have the agenda linked in the minutes properly. It was a hint. :-) 17:03:26 def of service provider 1st - do that later 17:03:35 + +47.23.69.aajj 17:03:39 market research is now 1st 17:03:41 Zakim, aaii is probably [Comcast] 17:03:41 sorry, npdoty, I do not understand your question 17:03:48 johnsimpson has joined #dnt 17:03:50 +ChrisPedigoOPA 17:03:52 -PhilPearce 17:03:53 Richard Weaver 17:03:53 ComScore = Richard Weaver 17:04:17 +AnnaLong 17:04:22 chris pedigo now on, so back to service provider 17:04:26 Topic: Service Provider 17:04:28 +PhilPearce 17:04:34 +[Microsoft.a] 17:04:36 AnnaLong has joined #dnt 17:04:36 cOlsen has joined #dnt 17:04:44 +SusanIsrael 17:04:51 susanisrael has joined #dnt 17:04:52 +[Microsoft.aa] 17:04:53 zakim, [Microsoft.a] is me 17:04:53 service provider works only for you i,e is an agent 17:04:53 +adrianba; got it 17:04:57 zakim, mute me 17:04:57 adrianba should now be muted 17:05:07 dwainberg has joined #dnt 17:05:14 +??P78 17:05:26 controller and processor in US and in EU 17:05:31 +johnsimpson 17:05:38 amyc has joined #dnt 17:05:39 http://www.w3.org/2011/tracking-protection/drafts/CambridgeBareBones.html#def-service-providers 17:05:40 + +1.202.344.aakk 17:05:47 +[FTC] 17:05:56 pmagee2023263538 has joined #dnt 17:05:57 ChrisPedigoOPA has joined #dnt 17:05:57 vincent has joined #dnt 17:06:00 + +1.646.825.aall 17:06:06 zakim, aall is dwainberg 17:06:07 +hwest 17:06:07 +dwainberg; got it 17:06:08 chris pedigo worked on these issues before, peter has talked to chris about taking this on 17:06:11 +BerinSzoka 17:06:12 MikeZaneis has joined #dnt 17:06:14 jon has joined #dnt 17:06:18 (note we do not have liability for controllers due to their processors in the US, a rather important change. I repeat myself, but it appears to keep getting dropped as a rather important issue.) 17:06:21 +1 for processors 17:06:28 +1 too 17:06:29 -1 17:06:31 Zakim,3263621 is cOlsen 17:06:31 sorry, cOlsen, I do not recognize a party named '3263621' 17:06:37 + +1.215.286.aamm 17:06:42 peter suggests using European data processor definition 17:06:45 suggests a legal basis we do not have 17:06:54 hwest has joined #dnt 17:06:58 Q? 17:07:03 q+ 17:07:04 Zakim, [FTC] has cOlsen 17:07:04 +cOlsen; got it 17:07:06 moving to a more general term might help the "processor for a third party getting consent" (minor) issue 17:07:10 hm, good point, another question is how it meshes with the 1st and 3rd party issues 17:07:12 ack aleecia 17:07:27 alleecia, EU has different legal regime than US 17:07:32 +Dan_Auerbach 17:07:47 q+ 17:07:47 Zakim, (202) 344-4652 is MikeZaneis 17:07:48 I don't understand '(202) 344-4652 is MikeZaneis', MikeZaneis 17:07:48 +JeffWilson 17:07:50 q+ 17:07:57 Aleecia: data controller has no liability if the data processor does something wrong 17:07:59 Zakim, aakk is MikeZaneis 17:07:59 +MikeZaneis; got it 17:08:01 + +1.202.478.aann 17:08:03 Agree with Aleecia's points 17:08:08 q? 17:08:14 Peter, US does not have a def. of service provider 17:08:15 KJ has joined #dnt 17:08:22 ack susanisrael 17:08:26 rachel_thomas has joined #dnt 17:08:32 rigo: that is not true everywhere in the EU, in .nl it is a classic principal-agent relationship 17:08:41 we rejected data processor explicitly, Rigo 17:08:46 susan israel, terms would be allocated by contract in US 17:08:48 and yes, it was long ago 17:09:02 Zakim, aamm is probably Bob_Ivins_Comcast 17:09:02 +Bob_Ivins_Comcast?; got it 17:09:08 q? 17:09:15 q+ 17:09:28 susan, we should not make a block statrement 17:09:35 Not sure I agree with aleecia's point, but I could see objections if we picked the word "agent" for the specific reasons she articulates. 17:09:44 Chapell has joined #DNT 17:09:45 + +1.650.391.aaoo 17:09:45 ack dwainberg 17:09:50 aleecia, we agreed to name it service provider and in the definition we agreed to use the processor definition 17:09:54 robsherman1 has joined #dnt 17:09:57 zakim, who is on the phone? 17:09:57 On the phone I see eberkower, walter, npdoty, Thomas (muted), Aleecia, peterswire, Rigo (muted), moneill2, kulick, hefferjr, Yianni (muted), ninjamarnau, Fielding, [Apple], [CDT], 17:10:00 ... +1.202.331.aaff, +1.650.704.aagg, Keith_Scarborough, Peder_Magee, +1.703.888.aahh, [Microsoft], vinay (muted), +47.23.69.aajj, ChrisPedigoOPA, AnnaLong, PhilPearce, adrianba 17:10:00 ... (muted), SusanIsrael, [Microsoft.aa], ??P78, johnsimpson, MikeZaneis, [FTC], dwainberg, hwest, BerinSzoka, Bob_Ivins_Comcast?, Dan_Auerbach, JeffWilson, +1.202.478.aann, 17:10:00 ... +1.650.391.aaoo 17:10:00 [FTC] has cOlsen 17:10:00 [Apple] has dsinger 17:10:03 dwainbewrg, shares aleecias concerns 17:10:08 Brooks has joined #dnt 17:10:11 zakim, aaoo is robsherman 17:10:12 +robsherman; got it 17:10:16 q? 17:10:17 +Brooks 17:10:19 dwainberg, blank slate bad idea 17:10:34 ah, I thought you were discussing terms not definitions, Rigo. 17:10:42 s/dwainberg,/dwainberg:/ 17:10:55 we said "service provider" and David Singer had text 17:11:05 did dwainberg say he believes blank slate WAS a bad idea?> 17:11:17 I think he said the opposite 17:11:25 i thot so, thx 17:11:27 no,kulick, good idea 17:11:30 walter, davids concerns valid but do not share them, prefer to have conv. on email. Maybe agent better term 17:11:36 ok, thx 17:11:44 -??P78 17:11:46 aleecia, we said "service provider" to avoid offending US feelings, remember? :) 17:11:54 + +1.646.666.aapp 17:11:54 pete, agencie law much overlap 17:12:06 zakim, aapp is chapell 17:12:06 +chapell; got it 17:12:11 s/pete, agencie/peter: agency/ 17:12:16 peter, chis has agreed to work on this. 17:12:17 The term "service provider" is used in a hundred different contexts to mean a hundred different things; it is an awful choice for a defined term. In our context, it is normally used to refer to the either the entity providing user access to the Internet or the hosting provider for a site. 17:12:18 rigo, that's not the summary I would give. :-) But we are remembering the same conversations, including David Singer 17:12:30 fielding: +1 17:12:39 -Rigo 17:12:45 I'd like to work with chrispedigoopa on the definition 17:12:52 peter, anyone else work with chris? 17:12:56 sorry, got dropped from the call 17:13:02 s/peter, /peter: / 17:13:06 let me know who wants to work with me 17:13:11 ack thomas 17:13:12 peter, chris - what time frame 17:13:12 +??P62 17:13:15 we ran into issues with different legal regimes. The trick was to find something that works in all, without implying things untrue. We had this conversation even more strongly around using "first party" or not 17:13:17 zakim, mute thomas 17:13:17 Thomas should now be muted 17:13:17 q- 17:13:30 zakim, mute me 17:13:30 johnsimpson should now be muted 17:13:31 +Chris_Pedigo 17:13:33 +Rigo 17:13:40 + +33.6.50.34.aaqq 17:13:43 zakim, mute me 17:13:43 Rigo should now be muted 17:13:50 Near as I can tell, we were at consensus to use "service provider" and we are undoing prior work. 17:13:51 zakim, aaqq is vincent 17:13:51 +vincent; got it 17:14:13 chris, this is defining term right? 17:14:15 Using the term "data processor" as it is defined by the EU does not import the EU laws -- it just makes it far easier to know who fits the definition and far less likely that our arbitrary redefinition won't be wrong. 17:14:26 chris, something by next week 17:14:35 action: pedigo to work on updated "service provider"/"processor" definition (with vinay) 17:14:35 Created ACTION-368 - Work on updated "service provider"/"processor" definition (with vinay) [on Chris Pedigo - due 2013-02-27]. 17:15:03 Roy, in general name space collision is a confusing thing 17:15:24 q+ 17:15:29 sure 17:15:34 "Agent" would be also cool. And some of the trackers are then "secret agents" 17:15:34 +RichardWeaver 17:15:41 rigo++ 17:15:52 :-) 17:15:53 nick, if we cant resolve now we should hae brief turn on email 17:15:54 are we trying to decide what to define or what are we doing? 17:15:58 at the W3C, agent is already a defined term 17:16:08 Chris is defining a term we're not sure we should use :-) 17:16:09 Q? 17:16:10 fielding: Party pooper 17:16:12 :) 17:16:14 q- 17:16:19 are we saying they are three different things? 17:16:35 what about processor? 17:16:48 peter is looking for volunteers to support: service provider, agent and processor/controller? 17:16:51 I think Peter meant processor instead of controller 17:16:54 We might summarize existing work on the mailing list as well 17:16:55 peter, continue on list 17:16:59 moneill2: that's what aleecia and dwainberg are uncomfortable with 17:16:59 +1 to aleecia 17:17:05 Q? 17:17:15 peter, next item Market Research 17:17:17 oh, drat, that was scribing, apologies 17:17:26 aleecia has joined #dnt 17:17:30 Rather than risk losing that to a blank slate approach 17:17:34 +1 to aleecia, tlr, if someone can summarize the past history on the list, that would be great 17:17:40 adrianba has joined #dnt 17:17:44 what is Chris defining? 17:17:46 Topic: Market Research 17:17:57 q+ 17:18:04 peter, current definition too broad 17:18:06 johnsimpson: processor 17:18:17 q+ 17:18:39 peter, industry say anything can be market research unless otherwise defined. 17:18:41 +ChrisPedigoOPA.a 17:18:42 -Chris_Pedigo 17:18:46 sidstamm has joined #dnt 17:18:46 nick we should likely figure out who has the action here. The two of us or the editors would be good candidates. This is not an open week for me, so I'd rather either have two weeks or better yet find someone else to take it. 17:18:49 jmayer has joined #dnt 17:18:52 so are we saying that processer and service provider are the same thing? 17:18:53 peter, no consensus currently on definition 17:18:55 dsinger has joined #dnt 17:18:58 + +1.650.365.aarr 17:18:59 s/peter, industry/peter: industry/ 17:19:01 q+ 17:19:02 +Jonathan_Mayer 17:19:08 justin_ has joined #dnt 17:19:25 @johnsimpson we're waiting to see if Chris suggests that, we're not saying anything yet 17:19:26 peter, many say DNT: 1 means no tracking of any kind 17:19:32 David_MacMillan has joined #dnt 17:19:44 justin_ has joined #dnt 17:19:59 q? 17:20:13 Richard_comScore has joined #dnt 17:20:17 peter, justin brookman has agreed to work on this with others. Action item? 17:20:22 JC has joined #DNT 17:20:34 q? 17:20:35 David and I are working on the MR definition 17:20:36 DAA definition of market research isn't "unbounded." Here is the definition - Market Research means the analysis of: market segmentation or trends; consumer preferences and behaviors; research about consumers, products, or services; or the effectiveness of marketing or advertising. A key characteristic of market research is that the data is not re-identified to market directly back to, or otherwise re-contact a specific computer or device. Thus,[CUT] 17:20:37 q? 17:20:40 peter, david stark not on call 17:20:42 We have scheduled a call with Justin to discuss further 17:20:54 I think it would help to understand what aspects of market research need personally identifiable data, and how that identifiable data can be narrowly scoped in both breadth of data and retention times 17:21:01 Is there someone in {Nick, David Singer, Heather, Justin} up for summarizing where we are on service providers to the mailing list, since this is not a great week for me? 17:21:01 q? 17:21:14 justin, were you trying to queue? 17:21:40 I am also willing to help with the market research definition 17:21:51 walter: market research with DNT:1 makes it a farce, particularly in EU 17:22:06 walter: this was shot down in earlier F2F, in Oct, then long time of silence. 17:22:07 I was on the queue for the previous discussion (service provider) but that moment has passed :) I'm sending my concerns to Chris and Vinay. 17:22:10 I am also very interested in this topic, and would like to be involved. 17:22:15 + +1.202.639.aass 17:22:21 q? 17:22:29 to aleecia: I am not 100% sure I understand the current state myself; I think the first_party resource plays here, but exactly how I need to understand 17:22:31 … in favor of having this process so if someone wants to bring up a concept, come up with a proposal (missed rest) 17:22:35 walter, dnt:0 OK for permitted use for market research. Definately not for DNT:1 - would make this a farce, thought this had already been discussed, in favour someone needs to come up with concrete proposal 17:22:38 mecallahan has joined #dnt 17:23:07 ack Walter 17:23:09 ack rachel_thomas 17:23:12 q+ to ask about identifiable data 17:23:22 susanisrael, daa definition is very valid 17:23:25 @david, ok, here's where it's sold, here's where it's not in prior work is useful. If I take a first pass will you sanity check me? This will need 2 weeks on my side. 17:23:33 IIUC, the "unlimited" refers to the scope and amount of data collected, not the purpose to which the data is used. 17:23:37 q? 17:23:39 s/susanisrael, daa/rachel_thomas: daa/ 17:23:54 Thanks justin_. 17:23:54 "'market research' is . . . analysis of . . . consumer preferences and behaviors" (inter alia) . . . that's not a lot of bounds! 17:23:56 ack MikeZaneis 17:24:26 justin, it's important to note the bounds on the definition - NO "sales, promotional, or marketing activities directed at a specific computer or device." 17:24:30 "research about consumers, products, or services" seems quite broad to me 17:24:39 mikez, daa def. not unbounded, any permiotted use would be unlimited 17:24:48 to me this definition sounds fairly unbounded. Why not use just anonymized data? 17:24:52 s/mikez, daa def/mikez: daa def/ 17:25:12 moneill2, what I think Nick was trying to say is that it was Rachel, not me, speaking to defend the DAA definition 17:25:15 I think the major issue is the "identified" vs "identifiable". So pseudonyms seems to be on one or the other side 17:25:16 action: aleecia to summarize texts, agreements, and uncertain bits to data around service providers (ideally with dsinger and perhaps npdoty, if willing) 17:25:16 Created ACTION-369 - Summarize texts, agreements, and uncertain bits to data around service providers (ideally with dsinger and perhaps npdoty, if willing) [on Aleecia McDonald - due 2013-02-27]. 17:25:24 rachel_thomas, could you please provide a link to the published definition? 17:25:26 there's no way that's pending review :-) 17:25:49 published DAA definition, see page 10: https://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf 17:25:56 mikez, market research necessary for internet economy, this issue is not closed, some discussion had been folded into other language, but need for market reseach remains strong 17:25:58 thx 17:26:00 rvaneijk has joined #dnt 17:26:06 q? 17:26:09 Kulick -- http://www.aboutads.info/msdprinciples has the overview + a link to the full text 17:26:10 s/mikez, market/mikez: market/ 17:26:11 rachel_thomas, sure, but that's not really research! You could prohibit the teasing of otters too, but that wouldn't be a huge limitation :) 17:26:12 ack dsinger 17:26:12 dsinger, you wanted to ask about identifiable data 17:26:28 rachel_thomas: you're sidestepping that the collection of the data in the first place, regardless of its goal is hard to swallow, especially given a clear opting out signal 17:26:34 davidsinger, if data id unidentifiable then no longer in skope 17:26:48 s/skope/scope 17:26:48 amyc has joined #dnt 17:26:59 very valid question, if it is unidentifiable it is indeed out of scope anyway 17:27:10 http://www.w3.org/2011/tracking-protection/track/issues/178 17:27:12 support for David 17:27:15 dsinger, lets see proposal why identifiable data needed 17:27:23 q? 17:27:25 Given that we consider un-identifiable data OK (out of scope) -- either de-identified or aggregate counts -- I think I need to understand why identifiable data is needed, and how a definition would scope what the data is, how long it will be kept, and how use 17:27:26 (... commuting with bad wifi) 17:27:32 peter, good suggestion from david 17:27:36 oops, wrong issue, sorry - 17:27:57 unlinked counts as well ! 17:28:08 -Jonathan_Mayer 17:28:09 q_ 17:28:10 we were here: http://www.w3.org/2011/tracking-protection/track/issues/25 17:28:11 q+ 17:28:24 peter, thought is there is a subset of market research where who need identifiers, this could narrow the universe 17:28:25 Kathy Joe from ESOMAR also presented this proposed permitted use: http://www.w3.org/mid/CC930464.12322%25kathy@esomar.org 17:28:28 scribenick:rigo 17:28:31 q? 17:28:36 ack rachel_thomas 17:28:40 -Rigo 17:29:14 rachel_thomas, not accurate to say self reg codes only followed by academics 17:29:27 that's not an accurate description of how market research self-regulation works. market researchers within companies abide by those same standards across all industries. 17:29:40 proposed actio: weaver to propose narrower "market research" use (with David Stark, Justin, Susan, Ronan) 17:29:40 ack thomas 17:29:40 hefferjr 17:29:47 peter, anyone else work on this? 17:29:51 I'm happy to participate in that group as well, please. 17:29:54 zakim, mute thomas 17:29:54 Thomas should now be muted 17:29:54 There are no bounds constrained by the DAA definition. Whether it makes sense to have a market research exception or not, we have to be realistic about the implications of data collection that has no limited purpose, no limited scope, and no inherent consent. Actual market research uses consent. This collection is just to select a sample of applicable users (a focus group), which doesn't justify an exception to DNT:1. 17:30:03 +Rigo 17:30:15 scribenick: rigo 17:30:18 fielding++ 17:30:19 fielding: again, +1 17:30:23 Please add Elise Berkower to the list 17:30:28 Wasn't there already language proposed on this? http://lists.w3.org/Archives/Public/public-tracking/2012Oct/0089.html 17:30:37 thank you 17:30:37 peter, david stark, richard, jbrookman, susan israel, rachel thoma, chris meija, 17:30:44 peter: David Stark, Richard Weaver, Justin Brookman, Susan Israel, Rachel Thomas, Chris Mejia, Ronan Heffer, Elise Berkower to work on "market reasearch" proposal 17:30:52 yes, I volunteered so that I can call upon the expertise of a colleague who could help 17:30:52 List: Chris Mejia + ?? from Nielssen 17:31:07 proposed actio: weaver to propose narrower "market research" use (with David Stark, Justin, Susan, Ronan, Rachel, Chris_M, EBerkower) 17:31:09 I am curious to know if any prior decisions are expected to carry over, and if so, how we are to know which ones. 17:31:10 Ronan Heffernan and Elise Berkower are from Nielsen 17:31:12 tlr, thanks 17:31:14 Ronan Heffernan and Elise Berkower from Nielsen 17:31:19 rigo, I think Ronan and Elise were from nielsen 17:31:21 PS: how is the difference between market research and not just gathering data 17:31:35 peter, lets get that in 2 weeks 17:31:36 ... will follow up by email with the group 17:31:47 WHAT ABOUT THE TEXT THAT WAS ALREADY PROPOSED????? 17:32:01 ... slightly change the agenda because of speaker available 17:32:05 peter, talk about security matters then return to de-id 17:32:07 npdoty, I think 2 people are trying to scribe at the same time 17:32:36 action: weaver to propose narrower "market research" use (with David Stark, Justin, Susan, Ronan, Rachel, Chris_M, EBerkower) 17:32:36 Created ACTION-370 - Propose narrower "market research" use (with David Stark, Justin, Susan, Ronan, Rachel, Chris_M, EBerkower) [on Richard Weaver - due 2013-02-27]. 17:32:45 Topic: Security 17:33:02 PS: Guest Speaker is John Callas, Security expert. CTO of PGP, later at Apple, security for OS, CTO of intrust, this year new venture 17:33:02 peter, introduces john callas 17:33:30 scribenick:moneill2 17:33:32 What is the status of this text??? 17:33:36 peter, permitted use is essential are, people disagree about duration 17:33:49 Issue 25 17:33:49 17:33:50 Aggregated data 17:33:50 6.1.1.1 Short Term Collection and Use for market research 17:33:51 Note 17:33:51 17:33:52 Information may be collected and used for market research and research 17:33:52 analytics, so long as the information is only retained for the time 17:33:53 necessary to complete the research study. This is providing that the raw 17:33:53 information is not transmitted to a third party, the information is not used 17:33:53 to build a commercial profile about individual users or alter any 17:33:54 individual's user experience, and there is no return path to an individual. 17:33:54 17:33:54 petr, need sense of whats needed in real world 17:33:55 A key method for ensuring privacy while collecting and processing large 17:33:55 amounts of data is removing any link to a device identifier. Raw data for 17:33:55 market research may contain for example an IP address or a marker for a 17:33:55 cookie, which may be temporarily retained for sample and quality control as 17:33:56 well as auditing purposes. No individual can be identified in the subsequent 17:33:56 aggregated statistical report. 17:33:56 17:34:20 Nick - jsyk - updated action-369 (new on this call against me) for three weeks out, since I will not have time in the next two weeks. I still suggest someone else take this one. 17:34:51 did phone go dead? 17:34:52 peter, discussion with Rina Mears about auding, will come back in 3 weeks 17:35:02 lost peter...? 17:35:03 aleecia, I don't feel particularly informed about the history of that issue, or would take it 17:35:03 audio is still good for me 17:35:08 lost peter 17:35:08 peter, john callas? 17:35:21 I am here, too. 17:35:25 will call back in 17:35:42 + +1.202.478.aatt 17:35:49 calling back in 17:35:58 thanks Nick, I appreciate that - just a busy time here 17:36:04 peter, john give us a sense of service attacks, length time needed to reatin datra 17:36:15 Zakim, aatt is probably rachel_thomas 17:36:15 +rachel_thomas?; got it 17:36:16 *Nick, do you want me to scribe? 17:36:26 +johnsimpson.a 17:37:04 +npdoty, ok, good 17:37:09 john callas, been on both sides, you need both marketing f=data and security data, they should be different, 17:37:18 zamik. mute me 17:37:28 zakim, muteme 17:37:28 I don't understand 'muteme', johnsimpson 17:37:35 confused. what time outs on data? 17:37:38 Zakim, mute johnsimpson 17:37:38 johnsimpson was already muted, npdoty 17:37:39 zakim, mute me 17:37:39 johnsimpson was already muted, johnsimpson 17:38:04 john callas, way to look at timeouts - time from incident also time you are doing investigation + time after to retain data 17:38:20 jon callas, when does timeout start 17:38:35 ah. speaker is assuming a fixed and short retention period. missed that. 17:38:37 aleecia, I believe Jon is referring to time-based retention limits 17:38:42 thanks nick 17:38:54 john callas, hard to de-identify ip address 17:39:16 peter, how long to people retain ip addresses 17:39:52 solving the problem -> dealing with security threats? or protecting privacy? 17:40:13 johncallas, we are more interested in solving problem, not go on for weeks or months, need to collarte them between attacks, how do you manage that? 17:40:14 I'd say, it's the first 17:40:39 peter, clickfraud how to manage? 17:40:43 data retention and data sharing are two issues. We should keep these seperate. 17:41:17 johncallas, something of a longer time period needed - 17:41:34 there's impression fraud, as well 17:41:41 peter, 60,90 days, years? 17:41:54 johncallas, midpoint 17:42:13 johncallas, rule of thumb - bno standard 17:42:33 zakim, who is making noise? 17:42:38 johncallas, depends 17:42:44 Walter, listening for 10 seconds I heard sound from the following: johnsimpson.a (13%), peterswire (68%) 17:42:54 q+ 17:43:06 peter, how long to resolve incident 17:43:14 david -- I see you, and will look for a break 17:43:15 -npdoty 17:43:51 johncallas, cant resolve on same computer - need to do it on network, holding data that is active is reasonable 17:44:01 +npdoty 17:44:09 peter, how long second period 17:44:21 -BerinSzoka 17:44:38 (... off to bike home, will try to catch the last part of the call) 17:44:42 here's my question, if you want to pass it on: what about the problem of identifying and learning to detect problems. In the ad biz you may not understand there is a problem until retrospetive pattern analysis on months worth of data. 17:44:50 johncallas, 60-90 days a long period but always exceptions, but often just a few weeks 17:45:11 q? 17:45:18 are we expecting retention limits for first parties as well? 17:45:26 john callas, you would keep summary for to help with next attack 17:45:41 if an investigation is ongoing, nobody disputes that you could keep data, rather after end of incident and protocol chatter without default storage without incident 17:45:41 zakim, mute me 17:45:41 johnsimpson was already muted, johnsimpson 17:45:58 johncallas, relatively long perios for some attacks, otherwise not needed 17:46:06 s/without// 17:46:56 johncallas, need to separate security data from marketing data 17:47:12 peter, how to separate 17:47:25 johncallas, admin controls only 17:47:42 peter, logging., auditing 17:47:58 q? 17:48:39 dwainberg, ad biz has problems other than clickfraud, need to do retrospective pattern analysis 17:48:50 ack dwainberg 17:49:15 dwainberg, hard to put timeframe on that 17:49:15 I cannot underemphasize this … No changes will be made to security data collection or analysis based on the presence of DNT:1. Security is not subject to opt-out (not even in the EU). It is sufficient to ensure that such data is only retained when (and as long as) necessary for the security purpose and not used for any other purpose. 17:49:18 but if the user is not tracked, the ad network gets less money, so no real incentive for click-fraud with DNT:1 17:49:26 q? 17:50:08 Roy makes an interesting point in IRC 17:50:13 johncallas, needs for security to have much data 17:50:38 cookie UIDs or just IP addresses 17:50:38 fielding++ 17:50:42 ? 17:50:49 rigo, that is not correct 17:50:51 if your customers think they are overpaying, Rigo, they are less likely to use your business 17:51:14 there is also an aspect of seasonality to data. ESPN.com sees very different traffic behavior in March (march madness) than it will the other 11 months of the year 17:51:17 for those interested, a pretty neat paper on various kind of frauds: conferences.sigcomm.org/imc/2011/docs/p279.pdf 17:51:18 + +1.650.787.aauu 17:51:37 dwainberg, some activity is just strange, not fraud but you cant pin it doen, bots, spiders 17:51:49 for seasonality, presumably espn.com has ample non-DNT:1 traffic to get a handle on that 17:51:58 dwainberg, have yet to identify some 17:51:58 (in response to Brooks) 17:52:11 peter, why not keep data for ever? 17:52:37 q? 17:52:44 Zakim, who is making noise? 17:52:55 npdoty, listening for 10 seconds I heard sound from the following: +1.202.639.aass (4%), johnsimpson.a (14%), +1.650.704.aagg (14%) 17:52:59 but all of the fraudulent bots might turn-on DNT:1 to try to slip through undetected. only analyzing DNT:0 (or other non-DNT:1 traffic) could be very counter productive 17:53:14 Zakim, please mute johnsimpson.a 17:53:14 johnsimpson.a should now be muted 17:53:16 johncallas, not forever - breach disclosures a problem, so data deleted when upgrades, new tech etc, 17:53:29 john callas: risk of data breach can be a forcing function to limit retention. But many in the field believe that Big Data can solve all the problems. Also, the data is less valuable over time. 17:53:31 Aleecia, so if I want to behave badly, I just need to issue DNT:1? 17:53:33 johncallas, mobiles very common now 17:53:47 +Brooks 17:53:55 johncallas, 5 yrs too long for mobile 17:54:05 - +47.23.69.aajj 17:54:16 it appears we are having different conversations, Brooks. If you are talking about security, that is a different set of issues. 17:54:19 haakonfb has left #dnt 17:54:23 peter, supoena (cannot spell taht) 17:54:41 subpoena :) 17:54:42 it seemed you were talking about seasonality which does not seem like the sort of thing you need lots of DNT:1 data for 17:54:45 BillScannell has joined #dnt 17:54:54 s/supoena (cannot spell taht)/sub poena/ 17:55:01 john callas: having to deal with subpoenas/e-discovery is a cost. A deletion policy is one way to mitigate those costs (or aggregation/anonymization) 17:55:04 john callas, ediscovery need policy when to delet, deononymise data 17:55:29 rigo: yes, I'm noticing it as well 17:55:34 johncallas, nothing is immune to ediscovery request 17:55:40 john callas: Security logs are not immune from discovery requests. 17:55:46 +johnsimpson.aa 17:55:53 not an easy place to have a discussion of the differences between "security" and "quality" and "fraud" 17:56:12 peter, tagging purposes of data - how does that work 17:56:32 fair enough. and my brain is in fog from being sick (again) so if I do not follow, odds are good it is at least primarily my failing 17:56:33 q? 17:56:51 johncallas, simple admin controls can do that, we dont share security data for marketing purposes 17:56:55 q+ to ask about the text we have 17:57:02 peter, segregation in databases 17:57:23 johncallas, meningless these days - adminb controls enough 17:57:30 q+ ChrisM 17:57:31 "Information may be collected, retained and used to the extent reasonably necessary for detecting security risks and fraudulent or malicious activity. This includes data reasonably necessary for enabling authentication/verification, detecting hostile and invalid transactions and attacks, providing fraud prevention, and maintaining system integrity. In this example specifically, this information may be used to alter the user's experience in order to reasonabl[CUT] 17:57:31 a service secure or prevent fraud. Graduated response is preferred when feasible. 17:57:32 There has been an unresolved discussion on whether "graduated response" should be in the normative text, defined, addressed through non-normative examples, or not included at all." 17:57:55 dsinger, already have definition - have you read it? 17:58:04 David, could you read it? 17:58:11 I think that might help the discussion. 17:58:25 great! 17:58:29 ooh, speaker reading on IRC, cool 17:58:31 johncallas, not yest - reading now - np problem with that, 17:58:53 - +1.703.888.aahh 17:59:01 q+ 17:59:13 ack dsinger 17:59:13 dsinger, you wanted to ask about the text we have 17:59:16 -[FTC] 17:59:22 johncallas, i am willing to accept that 17:59:25 -rachel_thomas? 17:59:29 q? 17:59:34 dsinger, limoited purpose is key 17:59:39 I think we separately note in a section above "no secondary uses" and "data minimization" 17:59:45 Chris_IAB has joined #dnt 17:59:51 Yes, that's a global for permitted uses 17:59:51 Q? 17:59:53 Note that first party sites often use third parties to estimate security risk based on pattern recognition, which would fall under the general category of "sharing" for a limited purpose. 18:00:19 johncallas, logs kept 7-10 yrs would raise eyebroes but 60 dayta or so no problem with that 18:00:20 fielding, wouldn't service provider/data processor exception apply in that case? 18:00:27 ack ChrisM 18:00:30 Zakim, who is making noise? 18:00:41 npdoty, listening for 10 seconds I heard sound from the following: Rigo (54%), [Microsoft] (48%) 18:00:49 to fielding: but they do this under a contract, such that results on their data only come back to them? i.e. they are an 'agent'? or is the data merged into a pool that all get benefit from? 18:00:54 justin_, no because they don't silo the data -- it is based on multiple site patters 18:01:03 present+ Chris_Mejia 18:01:41 justin, do we need to clarify in "No Secondary Uses" that data can't be re-used for a different purpose, even if that purpose is permitted? 18:01:49 chrism, new use case -c consumer protection taskforce - privy to top security experts - one case is threqt discovered last 6 mo 18:02:05 -MikeZaneis 18:02:10 fielding, Hrm. But can individual users or devices be correlated across those databases if they're really just pattern recognition evaluators? 18:02:15 chrism, prosecuter asked how long back attack was happening 18:02:39 justin, so that data retained for a long time for security can't be re-used later for some other purpose? 18:02:59 chrism, so far can go back 5 yrs, prosecuter wants it not only to determine harm but how to punish crims 18:03:19 npdoty, Well, if there's an independent and separate exception . . . so what? What's the threat you're worried about? 18:03:29 -[Microsoft.aa] 18:03:30 chrism, over 5 yesrs - law enforcement needs historical info 18:03:30 zakim, mute me 18:03:30 Rigo should now be muted 18:03:40 -walter 18:03:42 nick, strange, I'm locally muted 18:03:42 q? 18:03:53 chrism, are you familiar? 18:04:16 - +1.202.639.aass 18:04:30 johncallas, yes good to putting bad guys away 18:04:37 restitution 18:04:43 chrism, retribution also imp. 18:05:04 justin_, I wouldn't say they are "just" using patterns (this is an extraordinarily NDA'd subject area) -- the purpose is definitely to distinguish bad individuals (or zombies) from good individuals and I am not completely familiar with the techniques used. 18:05:15 johncallas, payback imp - but data being held on innocents also important. needs balance 18:05:31 johncallas, privacy very important to people] 18:05:54 q? 18:06:03 justin, using years of security logs for frequency capping, market research, anonymizing longitudinal data after years for other purposes... 18:06:09 chrism, some place reasonable - but hard to say where it is 18:06:40 chrism, balanvce - control rather retention 18:06:42 ack aleecia 18:07:13 … and unlike the ad case, first parties are typically looking for purchase fraud or ineligible buyers (like concert ticket vendors have to prevent market resellers from purchasing all tickets in the first 3 seconds they go on sale) 18:07:20 BillScannell has joined #dnt 18:07:31 aleecia, happy with text applied to 3rd parties - is there a distinction betwwen clickfraud and viewfraud 18:07:38 fielding, So are you proposing to add "share" to the security permitted use? 18:07:42 q? 18:08:10 - +1.202.478.aann 18:08:11 -johnsimpson 18:08:11 johncallas, no differenece from security pov, but clicks & views shouold not be kept forever 18:08:23 -robsherman 18:08:27 respectfully, that's a personal opinion for John as a consumer. 18:08:33 justin_, yes, though in very limited form "share for the exclusive purpose of security" or something 18:08:37 johncallas, retention limited but lock up bad guys 18:08:45 q+ 18:08:59 … and under NDA 18:09:15 q? 18:09:27 peter, john is committed to privacy and security so useful input, 18:09:53 q- 18:10:05 q+ 18:10:09 johncallas, dnt important to eveybody security need not diminish privacy 18:10:26 justin, or a dis-incentive to developing any more privacy-preserving techniques for frequency capping, ad reporting, etc. if they can just re-use security data 18:10:37 - +1.650.704.aagg 18:11:17 peter, helpful some commentary on retention versus ? 18:11:31 peter, de-id issue 18:11:33 Topic: De-identification 18:11:43 security issue - retention vs. control 18:11:47 s/johncallas/Jon Callas/g 18:11:47 truncated uri does not have an issue, either, so far as I know 18:12:06 Zakim, who is making noise? 18:12:16 npdoty, listening for 10 seconds I could not identify any sounds 18:12:17 cannot understand Dan 18:12:18 cannot hear 18:12:22 Zakim, who is making noise? 18:12:22 npdoty, Well, that presumes market research as a permitted use! Otherwise, hard to imagine a scenario where the data wasn't required for a while, and then suddenly became required . . . 18:12:26 inaudible 18:12:32 npdoty, listening for 10 seconds I heard sound from the following: peterswire (61%) 18:12:37 zakim, mute me 18:12:37 'johnsimpson' is ambiguous, johnsimpson 18:12:38 better! 18:12:39 Zakim, who is making noise? 18:12:49 +1 on justin 18:12:52 npdoty, listening for 12 seconds I could not identify any sounds 18:12:54 justin_ that's funny :) 18:12:56 18:12:58 dn, have yet to sync up with ed, later this week 18:13:25 zakim, mute johnsimpson.a 18:13:25 johnsimpson.a was already muted, johnsimpson 18:13:40 action: auerbach to propose text on de-identification (with Ed) 18:13:40 peter, ed interested in tech steps to de-identify 18:13:40 Created ACTION-371 - Propose text on de-identification (with Ed) [on Dan Auerbach - due 2013-02-27]. 18:14:11 peter, rob v eijk and shane wiley had interesting conv. 18:14:16 rvaneijk has joined #dnt 18:14:29 rvaneijk, are you back? 18:14:34 q? 18:14:39 yep, but not on the phone.. 18:14:55 rvaneijk: can you come to the phoneconf? 18:15:00 + +1.917.318.aavv 18:15:03 -chapell 18:15:07 rvaneijk, we were just trying to get an update on your conversations with Shane 18:15:09 q- 18:15:10 no, Peter has my notes. 18:15:28 zakim, aavv is probably chapell 18:15:28 +chapell?; got it 18:15:52 q+ to ask about de-id: people or the data? 18:15:52 peter, any other items? 18:16:03 ack dsinger 18:16:03 dsinger, you wanted to ask about de-id: people or the data? 18:16:25 dsinger, de-id means cant identify person 18:16:41 - +1.202.331.aaff 18:16:50 Was there an action item on market research? 18:16:53 dsinger, how dos shortening urls deidentify people 18:17:13 johnsimpson, we have an action item on Richard Weaver on that topic 18:17:20 action-370? 18:17:20 ACTION-370 -- Richard Weaver to propose narrower "market research" use (with David Stark, Justin, Susan, Ronan, Rachel, Chris_M, EBerkower) -- due 2013-02-27 -- OPEN 18:17:20 http://www.w3.org/2011/tracking-protection/track/actions/370 18:17:48 ok, so you saying that even when de-identified, it's prudent to do data reduction as well? 18:17:52 peter, if you had smallish bucket then urls may idenytify smaller group and therefore uidentify person 18:18:25 peter, url reduction may ne enough 18:18:31 david++ 18:18:46 q? 18:19:00 dsinger, pattern of use if only hostnames 18:19:00 q+ 18:19:01 sounds like a typical MIT student 18:19:09 q+ 18:19:18 those aren't marketing collection categories 18:19:20 ack aleecia 18:19:31 "stem" = host name? 18:19:46 aleecia, you can fingerprint based on hostames (url stems) 18:19:47 it's not enough but it may help, also depends if you have the timestamp 18:20:00 aleecia, needs to be kept as issue 18:20:13 one concern has been that the URL data might *itself* be identifying (even if it's not attached to a real-world device or cookie id) 18:20:25 q? 18:20:42 ack dwainberg 18:20:49 aleecia, when combined with activity over time, dont know how much but we need to kepp it in mind 18:21:00 aleecia, would that be akin to a "partial print"? 18:21:19 interesting paper on that topic: "Why Johnny Can’t Browse in Peace: On the Uniqueness of Web Browsing History Patterns" (http://petsymposium.org/2012/papers/hotpets12-4-johnny.pdf) 18:21:31 dwainberg, primary concerns is what people are reading online - this needs to be pursued 18:21:36 q? 18:21:54 at the moment I am merely puzzled, neither opposing nor supporting, but wanting to understand what's being suggested 18:21:54 -Bob_Ivins_Comcast? 18:21:58 Roy - yes! at CMU we researched a hypothetical anthrax attack on the Super Bowl. The FBI must've learned that every two years, there was a week of activity with this homework assignment… it was one of those "why didn't I use Tor?" moments for me. 18:21:59 q? 18:22:10 -dwainberg 18:22:11 -peterswire 18:22:12 -ChrisPedigoOPA.a 18:22:12 -adrianba 18:22:13 peter, thanks 18:22:13 -RichardWeaver 18:22:13 -hwest 18:22:13 -AnnaLong 18:22:14 -[Apple] 18:22:14 -JeffWilson 18:22:15 thanks all 18:22:15 -SusanIsrael 18:22:15 -kulick 18:22:15 -ninjamarnau 18:22:17 -[CDT] 18:22:17 - +1.650.787.aauu 18:22:18 -??P62 18:22:18 -johnsimpson.aa 18:22:20 Zakim, list attendees 18:22:20 -Aleecia 18:22:20 -Keith_Scarborough 18:22:20 -Rigo 18:22:20 As of this point the attendees have been eberkower, npdoty, walter, Thomas, +44.772.301.aaaa, PhilPearce, Aleecia, +1.404.385.aabb, peterswire, Rigo, moneill2, +1.408.836.aacc, 18:22:20 ... hefferjr, +1.202.587.aadd, kulick, +49.431.98.aaee, ninjamarnau, Yianni, Fielding, dsinger, [CDT], +1.202.331.aaff, +1.650.704.aagg, Keith_Scarborough, Peder_Magee, 18:22:21 ... +1.703.888.aahh, [Microsoft], +1.917.934.aaii, vinay, +47.23.69.aajj, ChrisPedigoOPA, AnnaLong, SusanIsrael, adrianba, johnsimpson, +1.202.344.aakk, +1.646.825.aall, hwest, 18:22:21 ... dwainberg, BerinSzoka, +1.215.286.aamm, cOlsen, Dan_Auerbach, JeffWilson, MikeZaneis, +1.202.478.aann, Bob_Ivins_Comcast?, +1.650.391.aaoo, robsherman, Brooks, +1.646.666.aapp, 18:22:25 ... chapell, Chris_Pedigo, +33.6.50.34.aaqq, vincent, RichardWeaver, +1.650.365.aarr, Jonathan_Mayer, +1.202.639.aass, +1.202.478.aatt, rachel_thomas?, +1.650.787.aauu, 18:22:25 ... +1.917.318.aavv, chapell? 18:22:25 -Peder_Magee 18:22:25 -Fielding 18:22:25 - +1.650.365.aarr 18:22:25 -Yianni 18:22:25 -Thomas 18:22:25 -hefferjr 18:22:25 -Brooks 18:22:25 -chapell? 18:22:28 -vinay 18:22:29 peterswire has left #dnt 18:22:31 johnsimpson has left #dnt 18:22:39 -vincent 18:22:40 -npdoty 18:22:44 -moneill2 18:22:47 rrsagent, please draft the minutes 18:22:47 I have made the request to generate http://www.w3.org/2013/02/20-dnt-minutes.html npdoty 18:23:27 Useful link: Robust De-anonymization of Large Datasets https://www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf 18:23:31 -johnsimpson.a 18:23:35 "conversion fraud" is also a potential problem, especially when this is used for accounting and optimisation (e.g. affiliate fees & CPA based performance marketing) 18:23:37 -eberkower 18:23:37 Thanks 18:24:36 -Dan_Auerbach 18:26:34 -PhilPearce 18:34:19 afowler has joined #dnt 18:35:08 afowler has left #dnt 20:34:53 -[Microsoft] 20:39:54 disconnecting the lone participant, ChrisPedigoOPA, in T&S_Track(dnt)12:00PM 20:39:56 T&S_Track(dnt)12:00PM has ended 20:39:56 Attendees were eberkower, npdoty, walter, Thomas, +44.772.301.aaaa, PhilPearce, Aleecia, +1.404.385.aabb, peterswire, Rigo, moneill2, +1.408.836.aacc, hefferjr, +1.202.587.aadd, 20:39:56 ... kulick, +49.431.98.aaee, ninjamarnau, Yianni, Fielding, dsinger, [CDT], +1.202.331.aaff, +1.650.704.aagg, Keith_Scarborough, Peder_Magee, +1.703.888.aahh, [Microsoft], 20:39:58 ... +1.917.934.aaii, vinay, +47.23.69.aajj, ChrisPedigoOPA, AnnaLong, SusanIsrael, adrianba, johnsimpson, +1.202.344.aakk, +1.646.825.aall, hwest, dwainberg, BerinSzoka, 20:39:58 ... +1.215.286.aamm, cOlsen, Dan_Auerbach, JeffWilson, MikeZaneis, +1.202.478.aann, Bob_Ivins_Comcast?, +1.650.391.aaoo, robsherman, Brooks, +1.646.666.aapp, chapell, Chris_Pedigo, 20:40:02 ... +33.6.50.34.aaqq, vincent, RichardWeaver, +1.650.365.aarr, Jonathan_Mayer, +1.202.639.aass, +1.202.478.aatt, rachel_thomas?, +1.650.787.aauu, +1.917.318.aavv, chapell? 20:58:09 Zakim has left #dnt 21:13:18 rigo has left #dnt