IRC log of dnt on 2013-02-20

Timestamps are in UTC.

16:48:23 [RRSAgent]
RRSAgent has joined #dnt
16:48:23 [RRSAgent]
logging to
16:48:27 [tlr]
trackbot, start meeting
16:48:29 [trackbot]
RRSAgent, make logs world
16:48:31 [trackbot]
Zakim, this will be
16:48:31 [Zakim]
I don't understand 'this will be', trackbot
16:48:32 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
16:48:32 [trackbot]
Date: 20 February 2013
16:48:49 [tlr]
chair: Swire
16:48:55 [tlr]
zakim, this will be TRACK
16:48:55 [Zakim]
ok, tlr; I see T&S_Track(dnt)12:00PM scheduled to start in 12 minutes
16:48:56 [eberkower]
eberkower has joined #dnt
16:49:33 [Zakim]
T&S_Track(dnt)12:00PM has now started
16:49:40 [Zakim]
16:50:23 [sidstamm]
hi all, I'm double booked today and will be on IRC for now but try to dial in later
16:50:24 [npdoty]
npdoty has joined #dnt
16:50:34 [npdoty]
Zakim, this will be 87225
16:50:34 [Zakim]
ok, npdoty; I see T&S_Track(dnt)12:00PM scheduled to start in 10 minutes
16:50:40 [npdoty]
rrsagent, make logs public
16:50:49 [npdoty]
meeting: Tracking Protection Working Group teleconference
16:50:54 [npdoty]
chair: peterswire
16:51:09 [npdoty]
16:51:54 [Yianni]
Yianni has joined #DNT
16:53:06 [Walter]
zakim, ipcaller is walter
16:53:06 [Zakim]
sorry, Walter, I do not recognize a party named 'ipcaller'
16:53:15 [tlr]
zakim, who is on the phone?
16:53:15 [Zakim]
I notice T&S_Track(dnt)12:00PM has restarted
16:53:17 [Zakim]
On the phone I see eberkower, [IPcaller]
16:53:18 [Zakim]
16:53:27 [tlr]
zakim, IPcaller is walter
16:53:27 [Zakim]
+walter; got it
16:53:27 [Walter]
zakim, IPcaller is Walter
16:53:28 [Zakim]
sorry, Walter, I do not recognize a party named 'IPcaller'
16:53:35 [Walter]
16:53:44 [tlr]
zakim, call thomas-781
16:53:44 [Zakim]
ok, tlr; the call is being made
16:53:46 [Zakim]
16:53:50 [Walter]
tlr: it has become self-aware?
16:54:01 [tlr]
that isn't novel
16:54:04 [tlr]
zakim, mute thomas
16:54:04 [Zakim]
Thomas should now be muted
16:54:17 [Walter]
it still should be open sourced
16:54:38 [peterswire]
peterswire has joined #dnt
16:55:23 [Zakim]
+ +44.772.301.aaaa
16:55:38 [tlr]
ack thomas
16:55:45 [tlr]
zakim, mute thomas
16:55:45 [Zakim]
Thomas should now be muted
16:55:51 [tlr]
ack thomas
16:56:05 [tlr]
zakim, aaaa is PhilPearce
16:56:05 [Zakim]
+PhilPearce; got it
16:56:09 [tlr]
zakim, mute thomas
16:56:09 [Zakim]
Thomas should now be muted
16:56:32 [phildpearce]
phildpearce has joined #dnt
16:56:40 [tlr]
zakim, PhilPearce is nick phildpearce
16:56:40 [Zakim]
I don't understand 'PhilPearce is nick phildpearce', tlr
16:56:41 [rigo]
rigo has joined #dnt
16:56:49 [tlr]
zakim, nick phildpearce is PhilPearce
16:56:49 [Zakim]
ok, tlr, I now associate phildpearce with PhilPearce
16:56:50 [Zakim]
16:56:55 [Zakim]
+ +1.404.385.aabb
16:56:59 [rigo]
zakim, code?
16:56:59 [Zakim]
the conference code is 87225 (tel:+1.617.761.6200, rigo
16:57:02 [peterswire]
404 number is swire
16:57:09 [tlr]
zakim, aabb is peterswire
16:57:09 [Zakim]
+peterswire; got it
16:57:17 [sidstamm]
hi all… regrets for missing the beginning of the meeting. I'll be watching IRC for now but try to dial in later.
16:57:20 [npdoty]
Zakim, who is making noise?
16:57:24 [aleecia]
aleecia has joined #dnt
16:57:32 [Zakim]
npdoty, listening for 10 seconds I could not identify any sounds
16:57:36 [hefferjr]
hefferjr has joined #dnt
16:57:39 [Zakim]
16:57:43 [Zakim]
16:57:44 [Zakim]
16:57:49 [rigo]
zakim, mute me
16:57:49 [Zakim]
Rigo should now be muted
16:57:52 [peterswire]
ok, i muted until we start. took care of background noise?
16:57:53 [Zakim]
16:57:56 [moneill2]
zakim, [ipcaller] is me
16:57:56 [Zakim]
+moneill2; got it
16:58:00 [Walter]
peterswire: yes, that was helpful
16:58:16 [Zakim]
+ +1.408.836.aacc
16:58:16 [Zakim]
16:58:20 [Walter]
peterswire: if you can get a headset at the last minute...
16:58:22 [peterswire]
the noise was the chair's effort to eat before the call; sorry on that
16:58:31 [Zakim]
+ +1.202.587.aadd
16:58:43 [kulick]
kulick has joined #dnt
16:59:01 [npdoty]
Zakim, aacc is kulick
16:59:02 [Zakim]
+kulick; got it
16:59:10 [ninjamarnau]
ninjamarnau has joined #dnt
16:59:13 [Zakim]
+ +49.431.98.aaee
16:59:20 [fielding]
fielding has joined #dnt
16:59:30 [ninjamarnau]
zakim, aaee is ninjamarnau
16:59:30 [Zakim]
+ninjamarnau; got it
16:59:40 [Yianni]
Zakim, aadd is Yianni
16:59:40 [Zakim]
+Yianni; got it
16:59:46 [Zakim]
17:00:01 [Yianni]
Zakim, mute yianni
17:00:02 [Zakim]
Yianni should now be muted
17:00:10 [npdoty]
volunteer to scribe?
17:00:26 [Walter]
sorry, it is bloody hard when you're on skype and not a native speaker
17:00:43 [vinay]
vinay has joined #dnt
17:00:54 [justin]
justin has joined #dnt
17:00:56 [Zakim]
17:01:00 [dsinger]
zakim, [apple] has dsinger
17:01:00 [Zakim]
+dsinger; got it
17:01:03 [JC]
JC has joined #DNT
17:01:07 [dsinger]
zakim, who is making nosie?
17:01:07 [Zakim]
I don't understand your question, dsinger.
17:01:12 [aleecia]
17:01:13 [Zakim]
17:01:19 [Zakim]
+ +1.202.331.aaff
17:01:22 [Zakim]
+ +1.650.704.aagg
17:01:23 [Zakim]
17:01:25 [npdoty]
scribenick: moneill2
17:01:29 [Zakim]
17:01:45 [Keith]
Keith has joined #dnt
17:01:51 [haakonfb]
haakonfb has joined #dnt
17:01:52 [Zakim]
+ +1.703.888.aahh
17:02:16 [Zakim]
17:02:18 [Zakim]
+ +1.917.934.aaii
17:02:18 [moneill2]
review Boston work plan
17:02:26 [vinay]
zakim, aaii is vinay
17:02:26 [Zakim]
+vinay; got it
17:02:28 [dsinger]
zakim, who is making noise?
17:02:30 [vinay]
zakim mute me
17:02:39 [Zakim]
dsinger, listening for 10 seconds I heard sound from the following: [Microsoft] (14%), vinay (7%), peterswire (88%), Keith_Scarborough (2%)
17:02:49 [peterk]
peterk has joined #dnt
17:02:58 [moneill2]
constructive meeting in boston now time for action items
17:02:59 [jeffwilson]
jeffwilson has joined #dnt
17:03:00 [vinay]
zakim, mute me
17:03:00 [Zakim]
vinay should now be muted
17:03:04 [robsherman]
robsherman has joined #dnt
17:03:09 [aleecia]
Thanks Adrian, I'm aware. It's just good to have the agenda linked in the minutes properly. It was a hint. :-)
17:03:26 [moneill2]
def of service provider 1st - do that later
17:03:35 [Zakim]
+ +47.23.69.aajj
17:03:39 [moneill2]
market research is now 1st
17:03:41 [npdoty]
Zakim, aaii is probably [Comcast]
17:03:41 [Zakim]
sorry, npdoty, I do not understand your question
17:03:48 [johnsimpson]
johnsimpson has joined #dnt
17:03:50 [Zakim]
17:03:52 [Zakim]
17:03:53 [justin]
Richard Weaver
17:03:53 [eberkower]
ComScore = Richard Weaver
17:04:17 [Zakim]
17:04:22 [moneill2]
chris pedigo now on, so back to service provider
17:04:26 [npdoty]
Topic: Service Provider
17:04:28 [Zakim]
17:04:34 [Zakim]
17:04:36 [AnnaLong]
AnnaLong has joined #dnt
17:04:36 [cOlsen]
cOlsen has joined #dnt
17:04:44 [Zakim]
17:04:51 [susanisrael]
susanisrael has joined #dnt
17:04:52 [Zakim]
17:04:53 [adrianba]
zakim, [Microsoft.a] is me
17:04:53 [moneill2]
service provider works only for you i,e is an agent
17:04:53 [Zakim]
+adrianba; got it
17:04:57 [adrianba]
zakim, mute me
17:04:57 [Zakim]
adrianba should now be muted
17:05:07 [dwainberg]
dwainberg has joined #dnt
17:05:14 [Zakim]
17:05:26 [moneill2]
controller and processor in US and in EU
17:05:31 [Zakim]
17:05:38 [amyc]
amyc has joined #dnt
17:05:39 [fielding]
17:05:40 [Zakim]
+ +1.202.344.aakk
17:05:47 [Zakim]
17:05:56 [pmagee2023263538]
pmagee2023263538 has joined #dnt
17:05:57 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
17:05:57 [vincent]
vincent has joined #dnt
17:06:00 [Zakim]
+ +1.646.825.aall
17:06:06 [dwainberg]
zakim, aall is dwainberg
17:06:07 [Zakim]
17:06:07 [Zakim]
+dwainberg; got it
17:06:08 [moneill2]
chris pedigo worked on these issues before, peter has talked to chris about taking this on
17:06:11 [Zakim]
17:06:12 [MikeZaneis]
MikeZaneis has joined #dnt
17:06:14 [jon]
jon has joined #dnt
17:06:18 [aleecia]
(note we do not have liability for controllers due to their processors in the US, a rather important change. I repeat myself, but it appears to keep getting dropped as a rather important issue.)
17:06:21 [fielding]
+1 for processors
17:06:28 [Walter]
+1 too
17:06:29 [aleecia]
17:06:31 [cOlsen]
Zakim,3263621 is cOlsen
17:06:31 [Zakim]
sorry, cOlsen, I do not recognize a party named '3263621'
17:06:37 [Zakim]
+ +1.215.286.aamm
17:06:42 [moneill2]
peter suggests using European data processor definition
17:06:45 [aleecia]
suggests a legal basis we do not have
17:06:54 [hwest]
hwest has joined #dnt
17:06:58 [peterswire]
17:07:03 [aleecia]
17:07:04 [npdoty]
Zakim, [FTC] has cOlsen
17:07:04 [Zakim]
+cOlsen; got it
17:07:06 [dsinger]
moving to a more general term might help the "processor for a third party getting consent" (minor) issue
17:07:10 [Walter]
hm, good point, another question is how it meshes with the 1st and 3rd party issues
17:07:12 [npdoty]
ack aleecia
17:07:27 [moneill2]
alleecia, EU has different legal regime than US
17:07:32 [Zakim]
17:07:47 [susanisrael]
17:07:47 [MikeZaneis]
Zakim, (202) 344-4652 is MikeZaneis
17:07:48 [Zakim]
I don't understand '(202) 344-4652 is MikeZaneis', MikeZaneis
17:07:48 [Zakim]
17:07:50 [dwainberg]
17:07:57 [rigo]
Aleecia: data controller has no liability if the data processor does something wrong
17:07:59 [npdoty]
Zakim, aakk is MikeZaneis
17:07:59 [Zakim]
+MikeZaneis; got it
17:08:01 [Zakim]
+ +1.202.478.aann
17:08:03 [haakonfb]
Agree with Aleecia's points
17:08:08 [peterswire]
17:08:14 [moneill2]
Peter, US does not have a def. of service provider
17:08:15 [KJ]
KJ has joined #dnt
17:08:22 [npdoty]
ack susanisrael
17:08:26 [rachel_thomas]
rachel_thomas has joined #dnt
17:08:32 [Walter]
rigo: that is not true everywhere in the EU, in .nl it is a classic principal-agent relationship
17:08:41 [aleecia]
we rejected data processor explicitly, Rigo
17:08:46 [moneill2]
susan israel, terms would be allocated by contract in US
17:08:48 [aleecia]
and yes, it was long ago
17:09:02 [npdoty]
Zakim, aamm is probably Bob_Ivins_Comcast
17:09:02 [Zakim]
+Bob_Ivins_Comcast?; got it
17:09:08 [johnsimpson]
17:09:15 [Walter]
17:09:28 [moneill2]
susan, we should not make a block statrement
17:09:35 [justin]
Not sure I agree with aleecia's point, but I could see objections if we picked the word "agent" for the specific reasons she articulates.
17:09:44 [Chapell]
Chapell has joined #DNT
17:09:45 [Zakim]
+ +1.650.391.aaoo
17:09:45 [npdoty]
ack dwainberg
17:09:50 [rigo]
aleecia, we agreed to name it service provider and in the definition we agreed to use the processor definition
17:09:54 [robsherman1]
robsherman1 has joined #dnt
17:09:57 [dsinger]
zakim, who is on the phone?
17:09:57 [Zakim]
On the phone I see eberkower, walter, npdoty, Thomas (muted), Aleecia, peterswire, Rigo (muted), moneill2, kulick, hefferjr, Yianni (muted), ninjamarnau, Fielding, [Apple], [CDT],
17:10:00 [Zakim]
... +1.202.331.aaff, +1.650.704.aagg, Keith_Scarborough, Peder_Magee, +1.703.888.aahh, [Microsoft], vinay (muted), +47.23.69.aajj, ChrisPedigoOPA, AnnaLong, PhilPearce, adrianba
17:10:00 [Zakim]
... (muted), SusanIsrael, [Microsoft.aa], ??P78, johnsimpson, MikeZaneis, [FTC], dwainberg, hwest, BerinSzoka, Bob_Ivins_Comcast?, Dan_Auerbach, JeffWilson, +1.202.478.aann,
17:10:00 [Zakim]
... +1.650.391.aaoo
17:10:00 [Zakim]
[FTC] has cOlsen
17:10:00 [Zakim]
[Apple] has dsinger
17:10:03 [moneill2]
dwainbewrg, shares aleecias concerns
17:10:08 [Brooks]
Brooks has joined #dnt
17:10:11 [robsherman1]
zakim, aaoo is robsherman
17:10:12 [Zakim]
+robsherman; got it
17:10:16 [peterswire]
17:10:17 [Zakim]
17:10:19 [moneill2]
dwainberg, blank slate bad idea
17:10:34 [aleecia]
ah, I thought you were discussing terms not definitions, Rigo.
17:10:42 [npdoty]
17:10:55 [rigo]
we said "service provider" and David Singer had text
17:11:05 [kulick]
did dwainberg say he believes blank slate WAS a bad idea?>
17:11:17 [amyc]
I think he said the opposite
17:11:25 [kulick]
i thot so, thx
17:11:27 [dwainberg]
no,kulick, good idea
17:11:30 [moneill2]
walter, davids concerns valid but do not share them, prefer to have conv. on email. Maybe agent better term
17:11:36 [kulick]
ok, thx
17:11:44 [Zakim]
17:11:46 [rigo]
aleecia, we said "service provider" to avoid offending US feelings, remember? :)
17:11:54 [Zakim]
+ +1.646.666.aapp
17:11:54 [moneill2]
pete, agencie law much overlap
17:12:06 [Chapell]
zakim, aapp is chapell
17:12:06 [Zakim]
+chapell; got it
17:12:11 [npdoty]
s/pete, agencie/peter: agency/
17:12:16 [moneill2]
peter, chis has agreed to work on this.
17:12:17 [fielding]
The term "service provider" is used in a hundred different contexts to mean a hundred different things; it is an awful choice for a defined term. In our context, it is normally used to refer to the either the entity providing user access to the Internet or the hosting provider for a site.
17:12:18 [aleecia]
rigo, that's not the summary I would give. :-) But we are remembering the same conversations, including David Singer
17:12:30 [Walter]
fielding: +1
17:12:39 [Zakim]
17:12:45 [vinay]
I'd like to work with chrispedigoopa on the definition
17:12:52 [moneill2]
peter, anyone else work with chris?
17:12:56 [ChrisPedigoOPA]
sorry, got dropped from the call
17:13:02 [tlr]
s/peter, /peter: /
17:13:06 [ChrisPedigoOPA]
let me know who wants to work with me
17:13:11 [tlr]
ack thomas
17:13:12 [moneill2]
peter, chris - what time frame
17:13:12 [Zakim]
17:13:15 [aleecia]
we ran into issues with different legal regimes. The trick was to find something that works in all, without implying things untrue. We had this conversation even more strongly around using "first party" or not
17:13:17 [tlr]
zakim, mute thomas
17:13:17 [Zakim]
Thomas should now be muted
17:13:17 [Walter]
17:13:30 [johnsimpson]
zakim, mute me
17:13:30 [Zakim]
johnsimpson should now be muted
17:13:31 [Zakim]
17:13:33 [Zakim]
17:13:40 [Zakim]
+ +
17:13:43 [rigo]
zakim, mute me
17:13:43 [Zakim]
Rigo should now be muted
17:13:50 [aleecia]
Near as I can tell, we were at consensus to use "service provider" and we are undoing prior work.
17:13:51 [vincent]
zakim, aaqq is vincent
17:13:51 [Zakim]
+vincent; got it
17:14:13 [moneill2]
chris, this is defining term right?
17:14:15 [fielding]
Using the term "data processor" as it is defined by the EU does not import the EU laws -- it just makes it far easier to know who fits the definition and far less likely that our arbitrary redefinition won't be wrong.
17:14:26 [moneill2]
chris, something by next week
17:14:35 [npdoty]
action: pedigo to work on updated "service provider"/"processor" definition (with vinay)
17:14:35 [trackbot]
Created ACTION-368 - Work on updated "service provider"/"processor" definition (with vinay) [on Chris Pedigo - due 2013-02-27].
17:15:03 [aleecia]
Roy, in general name space collision is a confusing thing
17:15:24 [npdoty]
17:15:29 [aleecia]
17:15:34 [rigo]
"Agent" would be also cool. And some of the trackers are then "secret agents"
17:15:34 [Zakim]
17:15:41 [aleecia]
17:15:52 [Walter]
17:15:53 [moneill2]
nick, if we cant resolve now we should hae brief turn on email
17:15:54 [johnsimpson]
are we trying to decide what to define or what are we doing?
17:15:58 [fielding]
at the W3C, agent is already a defined term
17:16:08 [aleecia]
Chris is defining a term we're not sure we should use :-)
17:16:09 [peterswire]
17:16:10 [rigo]
fielding: Party pooper
17:16:12 [rigo]
17:16:14 [npdoty]
17:16:19 [johnsimpson]
are we saying they are three different things?
17:16:35 [moneill2]
what about processor?
17:16:48 [npdoty]
peter is looking for volunteers to support: service provider, agent and processor/controller?
17:16:51 [ninjamarnau]
I think Peter meant processor instead of controller
17:16:54 [aleecia]
We might summarize existing work on the mailing list as well
17:16:55 [moneill2]
peter, continue on list
17:16:59 [Walter]
moneill2: that's what aleecia and dwainberg are uncomfortable with
17:16:59 [tlr]
+1 to aleecia
17:17:05 [peterswire]
17:17:15 [moneill2]
peter, next item Market Research
17:17:17 [Walter]
oh, drat, that was scribing, apologies
17:17:26 [aleecia]
aleecia has joined #dnt
17:17:30 [aleecia]
Rather than risk losing that to a blank slate approach
17:17:34 [npdoty]
+1 to aleecia, tlr, if someone can summarize the past history on the list, that would be great
17:17:40 [adrianba]
adrianba has joined #dnt
17:17:44 [johnsimpson]
what is Chris defining?
17:17:46 [npdoty]
Topic: Market Research
17:17:57 [Walter]
17:18:04 [moneill2]
peter, current definition too broad
17:18:06 [rigo]
johnsimpson: processor
17:18:17 [rachel_thomas]
17:18:39 [moneill2]
peter, industry say anything can be market research unless otherwise defined.
17:18:41 [Zakim]
17:18:42 [Zakim]
17:18:46 [sidstamm]
sidstamm has joined #dnt
17:18:46 [aleecia]
nick we should likely figure out who has the action here. The two of us or the editors would be good candidates. This is not an open week for me, so I'd rather either have two weeks or better yet find someone else to take it.
17:18:49 [jmayer]
jmayer has joined #dnt
17:18:52 [johnsimpson]
so are we saying that processer and service provider are the same thing?
17:18:53 [moneill2]
peter, no consensus currently on definition
17:18:55 [dsinger]
dsinger has joined #dnt
17:18:58 [Zakim]
+ +1.650.365.aarr
17:18:59 [npdoty]
s/peter, industry/peter: industry/
17:19:01 [MikeZaneis]
17:19:02 [Zakim]
17:19:08 [justin_]
justin_ has joined #dnt
17:19:25 [aleecia]
@johnsimpson we're waiting to see if Chris suggests that, we're not saying anything yet
17:19:26 [moneill2]
peter, many say DNT: 1 means no tracking of any kind
17:19:32 [David_MacMillan]
David_MacMillan has joined #dnt
17:19:44 [justin_]
justin_ has joined #dnt
17:19:59 [justin_]
17:20:13 [Richard_comScore]
Richard_comScore has joined #dnt
17:20:17 [moneill2]
peter, justin brookman has agreed to work on this with others. Action item?
17:20:22 [JC]
JC has joined #DNT
17:20:34 [tlr]
17:20:35 [Richard_comScore]
David and I are working on the MR definition
17:20:36 [rachel_thomas]
DAA definition of market research isn't "unbounded." Here is the definition - Market Research means the analysis of: market segmentation or trends; consumer preferences and behaviors; research about consumers, products, or services; or the effectiveness of marketing or advertising. A key characteristic of market research is that the data is not re-identified to market directly back to, or otherwise re-contact a specific computer or device. Thus,[CUT]
17:20:37 [peterswire]
17:20:40 [moneill2]
peter, david stark not on call
17:20:42 [Richard_comScore]
We have scheduled a call with Justin to discuss further
17:20:54 [dsinger]
I think it would help to understand what aspects of market research need personally identifiable data, and how that identifiable data can be narrowly scoped in both breadth of data and retention times
17:21:01 [aleecia]
Is there someone in {Nick, David Singer, Heather, Justin} up for summarizing where we are on service providers to the mailing list, since this is not a great week for me?
17:21:01 [peterswire]
17:21:14 [tlr]
justin, were you trying to queue?
17:21:40 [susanisrael]
I am also willing to help with the market research definition
17:21:51 [aleecia]
walter: market research with DNT:1 makes it a farce, particularly in EU
17:22:06 [aleecia]
walter: this was shot down in earlier F2F, in Oct, then long time of silence.
17:22:07 [justin_]
I was on the queue for the previous discussion (service provider) but that moment has passed :) I'm sending my concerns to Chris and Vinay.
17:22:10 [hefferjr]
I am also very interested in this topic, and would like to be involved.
17:22:15 [Zakim]
+ +1.202.639.aass
17:22:21 [peterswire]
17:22:29 [dsinger]
to aleecia: I am not 100% sure I understand the current state myself; I think the first_party resource plays here, but exactly how I need to understand
17:22:31 [aleecia]
… in favor of having this process so if someone wants to bring up a concept, come up with a proposal (missed rest)
17:22:35 [moneill2]
walter, dnt:0 OK for permitted use for market research. Definately not for DNT:1 - would make this a farce, thought this had already been discussed, in favour someone needs to come up with concrete proposal
17:22:38 [mecallahan]
mecallahan has joined #dnt
17:23:07 [npdoty]
ack Walter
17:23:09 [npdoty]
ack rachel_thomas
17:23:12 [dsinger]
q+ to ask about identifiable data
17:23:22 [moneill2]
susanisrael, daa definition is very valid
17:23:25 [aleecia]
@david, ok, here's where it's sold, here's where it's not in prior work is useful. If I take a first pass will you sanity check me? This will need 2 weeks on my side.
17:23:33 [fielding]
IIUC, the "unlimited" refers to the scope and amount of data collected, not the purpose to which the data is used.
17:23:37 [peterswire]
17:23:39 [npdoty]
s/susanisrael, daa/rachel_thomas: daa/
17:23:54 [vinay]
Thanks justin_.
17:23:54 [justin_]
"'market research' is . . . analysis of . . . consumer preferences and behaviors" (inter alia) . . . that's not a lot of bounds!
17:23:56 [npdoty]
ack MikeZaneis
17:24:26 [rachel_thomas]
justin, it's important to note the bounds on the definition - NO "sales, promotional, or marketing activities directed at a specific computer or device."
17:24:30 [vincent]
"research about consumers, products, or services" seems quite broad to me
17:24:39 [moneill2]
mikez, daa def. not unbounded, any permiotted use would be unlimited
17:24:48 [ninjamarnau]
to me this definition sounds fairly unbounded. Why not use just anonymized data?
17:24:52 [npdoty]
s/mikez, daa def/mikez: daa def/
17:25:12 [susanisrael]
moneill2, what I think Nick was trying to say is that it was Rachel, not me, speaking to defend the DAA definition
17:25:15 [rigo]
I think the major issue is the "identified" vs "identifiable". So pseudonyms seems to be on one or the other side
17:25:16 [aleecia]
action: aleecia to summarize texts, agreements, and uncertain bits to data around service providers (ideally with dsinger and perhaps npdoty, if willing)
17:25:16 [trackbot]
Created ACTION-369 - Summarize texts, agreements, and uncertain bits to data around service providers (ideally with dsinger and perhaps npdoty, if willing) [on Aleecia McDonald - due 2013-02-27].
17:25:24 [kulick]
rachel_thomas, could you please provide a link to the published definition?
17:25:26 [aleecia]
there's no way that's pending review :-)
17:25:49 [rachel_thomas]
published DAA definition, see page 10:
17:25:56 [moneill2]
mikez, market research necessary for internet economy, this issue is not closed, some discussion had been folded into other language, but need for market reseach remains strong
17:25:58 [kulick]
17:26:00 [rvaneijk]
rvaneijk has joined #dnt
17:26:06 [peterswire]
17:26:09 [vinay]
Kulick -- has the overview + a link to the full text
17:26:10 [npdoty]
s/mikez, market/mikez: market/
17:26:11 [justin_]
rachel_thomas, sure, but that's not really research! You could prohibit the teasing of otters too, but that wouldn't be a huge limitation :)
17:26:12 [npdoty]
ack dsinger
17:26:12 [Zakim]
dsinger, you wanted to ask about identifiable data
17:26:28 [Walter]
rachel_thomas: you're sidestepping that the collection of the data in the first place, regardless of its goal is hard to swallow, especially given a clear opting out signal
17:26:34 [moneill2]
davidsinger, if data id unidentifiable then no longer in skope
17:26:48 [moneill2]
17:26:48 [amyc]
amyc has joined #dnt
17:26:59 [Walter]
very valid question, if it is unidentifiable it is indeed out of scope anyway
17:27:10 [aleecia]
17:27:12 [rigo]
support for David
17:27:15 [moneill2]
dsinger, lets see proposal why identifiable data needed
17:27:23 [johnsimpson]
17:27:25 [dsinger]
Given that we consider un-identifiable data OK (out of scope) -- either de-identified or aggregate counts -- I think I need to understand why identifiable data is needed, and how a definition would scope what the data is, how long it will be kept, and how use
17:27:26 [rvaneijk]
(... commuting with bad wifi)
17:27:32 [moneill2]
peter, good suggestion from david
17:27:36 [aleecia]
oops, wrong issue, sorry -
17:27:57 [rvaneijk]
unlinked counts as well !
17:28:08 [Zakim]
17:28:09 [rachel_thomas]
17:28:10 [aleecia]
we were here:
17:28:11 [rachel_thomas]
17:28:24 [moneill2]
peter, thought is there is a subset of market research where who need identifiers, this could narrow the universe
17:28:25 [npdoty]
Kathy Joe from ESOMAR also presented this proposed permitted use:
17:28:28 [rigo]
17:28:31 [peterswire]
17:28:36 [npdoty]
ack rachel_thomas
17:28:40 [Zakim]
17:29:14 [moneill2]
rachel_thomas, not accurate to say self reg codes only followed by academics
17:29:27 [rachel_thomas]
that's not an accurate description of how market research self-regulation works. market researchers within companies abide by those same standards across all industries.
17:29:40 [npdoty]
proposed actio: weaver to propose narrower "market research" use (with David Stark, Justin, Susan, Ronan)
17:29:40 [tlr]
ack thomas
17:29:40 [hefferjr]
17:29:47 [moneill2]
peter, anyone else work on this?
17:29:51 [rachel_thomas]
I'm happy to participate in that group as well, please.
17:29:54 [tlr]
zakim, mute thomas
17:29:54 [Zakim]
Thomas should now be muted
17:29:54 [fielding]
There are no bounds constrained by the DAA definition. Whether it makes sense to have a market research exception or not, we have to be realistic about the implications of data collection that has no limited purpose, no limited scope, and no inherent consent. Actual market research uses consent. This collection is just to select a sample of applicable users (a focus group), which doesn't justify an exception to DNT:1.
17:30:03 [Zakim]
17:30:15 [rigo]
scribenick: rigo
17:30:18 [dsinger]
17:30:19 [Walter]
fielding: again, +1
17:30:23 [eberkower]
Please add Elise Berkower to the list
17:30:28 [johnsimpson]
Wasn't there already language proposed on this?
17:30:37 [eberkower]
thank you
17:30:37 [moneill2]
peter, david stark, richard, jbrookman, susan israel, rachel thoma, chris meija,
17:30:44 [tlr]
peter: David Stark, Richard Weaver, Justin Brookman, Susan Israel, Rachel Thomas, Chris Mejia, Ronan Heffer, Elise Berkower to work on "market reasearch" proposal
17:30:52 [susanisrael]
yes, I volunteered so that I can call upon the expertise of a colleague who could help
17:30:52 [rigo]
List: Chris Mejia + ?? from Nielssen
17:31:07 [npdoty]
proposed actio: weaver to propose narrower "market research" use (with David Stark, Justin, Susan, Ronan, Rachel, Chris_M, EBerkower)
17:31:09 [aleecia]
I am curious to know if any prior decisions are expected to carry over, and if so, how we are to know which ones.
17:31:10 [hefferjr]
Ronan Heffernan and Elise Berkower are from Nielsen
17:31:12 [moneill2]
tlr, thanks
17:31:14 [eberkower]
Ronan Heffernan and Elise Berkower from Nielsen
17:31:19 [susanisrael]
rigo, I think Ronan and Elise were from nielsen
17:31:21 [rigo]
PS: how is the difference between market research and not just gathering data
17:31:35 [moneill2]
peter, lets get that in 2 weeks
17:31:36 [rigo]
... will follow up by email with the group
17:31:47 [johnsimpson]
17:32:01 [rigo]
... slightly change the agenda because of speaker available
17:32:05 [moneill2]
peter, talk about security matters then return to de-id
17:32:07 [susanisrael]
npdoty, I think 2 people are trying to scribe at the same time
17:32:36 [npdoty]
action: weaver to propose narrower "market research" use (with David Stark, Justin, Susan, Ronan, Rachel, Chris_M, EBerkower)
17:32:36 [trackbot]
Created ACTION-370 - Propose narrower "market research" use (with David Stark, Justin, Susan, Ronan, Rachel, Chris_M, EBerkower) [on Richard Weaver - due 2013-02-27].
17:32:45 [npdoty]
Topic: Security
17:33:02 [rigo]
PS: Guest Speaker is John Callas, Security expert. CTO of PGP, later at Apple, security for OS, CTO of intrust, this year new venture
17:33:02 [moneill2]
peter, introduces john callas
17:33:30 [rigo]
17:33:32 [johnsimpson]
What is the status of this text???
17:33:36 [moneill2]
peter, permitted use is essential are, people disagree about duration
17:33:49 [johnsimpson]
Issue 25
17:33:49 [johnsimpson]
17:33:50 [johnsimpson]
Aggregated data
17:33:50 [johnsimpson] Short Term Collection and Use for market research
17:33:51 [johnsimpson]
17:33:51 [johnsimpson]
17:33:52 [johnsimpson]
Information may be collected and used for market research and research
17:33:52 [johnsimpson]
analytics, so long as the information is only retained for the time
17:33:53 [johnsimpson]
necessary to complete the research study. This is providing that the raw
17:33:53 [johnsimpson]
information is not transmitted to a third party, the information is not used
17:33:53 [johnsimpson]
to build a commercial profile about individual users or alter any
17:33:54 [johnsimpson]
individual's user experience, and there is no return path to an individual.
17:33:54 [johnsimpson]
17:33:54 [moneill2]
petr, need sense of whats needed in real world
17:33:55 [johnsimpson]
A key method for ensuring privacy while collecting and processing large
17:33:55 [johnsimpson]
amounts of data is removing any link to a device identifier. Raw data for
17:33:55 [johnsimpson]
market research may contain for example an IP address or a marker for a
17:33:55 [johnsimpson]
cookie, which may be temporarily retained for sample and quality control as
17:33:56 [johnsimpson]
well as auditing purposes. No individual can be identified in the subsequent
17:33:56 [johnsimpson]
aggregated statistical report.
17:33:56 [johnsimpson]
17:34:20 [aleecia]
Nick - jsyk - updated action-369 (new on this call against me) for three weeks out, since I will not have time in the next two weeks. I still suggest someone else take this one.
17:34:51 [johnsimpson]
did phone go dead?
17:34:52 [moneill2]
peter, discussion with Rina Mears about auding, will come back in 3 weeks
17:35:02 [rachel_thomas]
lost peter...?
17:35:03 [npdoty]
aleecia, I don't feel particularly informed about the history of that issue, or would take it
17:35:03 [hefferjr]
audio is still good for me
17:35:08 [johnsimpson]
lost peter
17:35:08 [moneill2]
peter, john callas?
17:35:21 [jon]
I am here, too.
17:35:25 [johnsimpson]
will call back in
17:35:42 [Zakim]
+ +1.202.478.aatt
17:35:49 [rachel_thomas]
calling back in
17:35:58 [aleecia]
thanks Nick, I appreciate that - just a busy time here
17:36:04 [moneill2]
peter, john give us a sense of service attacks, length time needed to reatin datra
17:36:15 [npdoty]
Zakim, aatt is probably rachel_thomas
17:36:15 [Zakim]
+rachel_thomas?; got it
17:36:16 [susanisrael]
*Nick, do you want me to scribe?
17:36:26 [Zakim]
17:37:04 [susanisrael]
+npdoty, ok, good
17:37:09 [moneill2]
john callas, been on both sides, you need both marketing f=data and security data, they should be different,
17:37:18 [johnsimpson]
zamik. mute me
17:37:28 [johnsimpson]
zakim, muteme
17:37:28 [Zakim]
I don't understand 'muteme', johnsimpson
17:37:35 [aleecia]
confused. what time outs on data?
17:37:38 [npdoty]
Zakim, mute johnsimpson
17:37:38 [Zakim]
johnsimpson was already muted, npdoty
17:37:39 [johnsimpson]
zakim, mute me
17:37:39 [Zakim]
johnsimpson was already muted, johnsimpson
17:38:04 [moneill2]
john callas, way to look at timeouts - time from incident also time you are doing investigation + time after to retain data
17:38:20 [moneill2]
jon callas, when does timeout start
17:38:35 [aleecia]
ah. speaker is assuming a fixed and short retention period. missed that.
17:38:37 [npdoty]
aleecia, I believe Jon is referring to time-based retention limits
17:38:42 [aleecia]
thanks nick
17:38:54 [moneill2]
john callas, hard to de-identify ip address
17:39:16 [moneill2]
peter, how long to people retain ip addresses
17:39:52 [aleecia]
solving the problem -> dealing with security threats? or protecting privacy?
17:40:13 [moneill2]
johncallas, we are more interested in solving problem, not go on for weeks or months, need to collarte them between attacks, how do you manage that?
17:40:14 [vincent]
I'd say, it's the first
17:40:39 [moneill2]
peter, clickfraud how to manage?
17:40:43 [ninjamarnau]
data retention and data sharing are two issues. We should keep these seperate.
17:41:17 [moneill2]
johncallas, something of a longer time period needed -
17:41:34 [dwainberg]
there's impression fraud, as well
17:41:41 [moneill2]
peter, 60,90 days, years?
17:41:54 [moneill2]
johncallas, midpoint
17:42:13 [moneill2]
johncallas, rule of thumb - bno standard
17:42:33 [Walter]
zakim, who is making noise?
17:42:38 [moneill2]
johncallas, depends
17:42:44 [Zakim]
Walter, listening for 10 seconds I heard sound from the following: johnsimpson.a (13%), peterswire (68%)
17:42:54 [dwainberg]
17:43:06 [moneill2]
peter, how long to resolve incident
17:43:14 [peterswire]
david -- I see you, and will look for a break
17:43:15 [Zakim]
17:43:51 [moneill2]
johncallas, cant resolve on same computer - need to do it on network, holding data that is active is reasonable
17:44:01 [Zakim]
17:44:09 [moneill2]
peter, how long second period
17:44:21 [Zakim]
17:44:38 [rvaneijk]
(... off to bike home, will try to catch the last part of the call)
17:44:42 [dwainberg]
here's my question, if you want to pass it on: what about the problem of identifying and learning to detect problems. In the ad biz you may not understand there is a problem until retrospetive pattern analysis on months worth of data.
17:44:50 [moneill2]
johncallas, 60-90 days a long period but always exceptions, but often just a few weeks
17:45:11 [peterswire]
17:45:18 [aleecia]
are we expecting retention limits for first parties as well?
17:45:26 [moneill2]
john callas, you would keep summary for to help with next attack
17:45:41 [rigo]
if an investigation is ongoing, nobody disputes that you could keep data, rather after end of incident and protocol chatter without default storage without incident
17:45:41 [johnsimpson]
zakim, mute me
17:45:41 [Zakim]
johnsimpson was already muted, johnsimpson
17:45:58 [moneill2]
johncallas, relatively long perios for some attacks, otherwise not needed
17:46:06 [rigo]
17:46:56 [moneill2]
johncallas, need to separate security data from marketing data
17:47:12 [moneill2]
peter, how to separate
17:47:25 [moneill2]
johncallas, admin controls only
17:47:42 [moneill2]
peter, logging., auditing
17:47:58 [johnsimpson]
17:48:39 [moneill2]
dwainberg, ad biz has problems other than clickfraud, need to do retrospective pattern analysis
17:48:50 [npdoty]
ack dwainberg
17:49:15 [moneill2]
dwainberg, hard to put timeframe on that
17:49:15 [fielding]
I cannot underemphasize this … No changes will be made to security data collection or analysis based on the presence of DNT:1. Security is not subject to opt-out (not even in the EU). It is sufficient to ensure that such data is only retained when (and as long as) necessary for the security purpose and not used for any other purpose.
17:49:18 [rigo]
but if the user is not tracked, the ad network gets less money, so no real incentive for click-fraud with DNT:1
17:49:26 [peterswire]
17:50:08 [johnsimpson]
Roy makes an interesting point in IRC
17:50:13 [moneill2]
johncallas, needs for security to have much data
17:50:38 [moneill2]
cookie UIDs or just IP addresses
17:50:38 [rigo]
17:50:42 [moneill2]
17:50:49 [amyc]
rigo, that is not correct
17:50:51 [aleecia]
if your customers think they are overpaying, Rigo, they are less likely to use your business
17:51:14 [Brooks]
there is also an aspect of seasonality to data. sees very different traffic behavior in March (march madness) than it will the other 11 months of the year
17:51:17 [vincent]
for those interested, a pretty neat paper on various kind of frauds:
17:51:18 [Zakim]
+ +1.650.787.aauu
17:51:37 [moneill2]
dwainberg, some activity is just strange, not fraud but you cant pin it doen, bots, spiders
17:51:49 [aleecia]
for seasonality, presumably has ample non-DNT:1 traffic to get a handle on that
17:51:58 [moneill2]
dwainberg, have yet to identify some
17:51:58 [aleecia]
(in response to Brooks)
17:52:11 [moneill2]
peter, why not keep data for ever?
17:52:37 [peterswire]
17:52:44 [npdoty]
Zakim, who is making noise?
17:52:55 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: +1.202.639.aass (4%), johnsimpson.a (14%), +1.650.704.aagg (14%)
17:52:59 [hefferjr]
but all of the fraudulent bots might turn-on DNT:1 to try to slip through undetected. only analyzing DNT:0 (or other non-DNT:1 traffic) could be very counter productive
17:53:14 [npdoty]
Zakim, please mute johnsimpson.a
17:53:14 [Zakim]
johnsimpson.a should now be muted
17:53:16 [moneill2]
johncallas, not forever - breach disclosures a problem, so data deleted when upgrades, new tech etc,
17:53:29 [justin_]
john callas: risk of data breach can be a forcing function to limit retention. But many in the field believe that Big Data can solve all the problems. Also, the data is less valuable over time.
17:53:31 [Brooks]
Aleecia, so if I want to behave badly, I just need to issue DNT:1?
17:53:33 [moneill2]
johncallas, mobiles very common now
17:53:47 [hefferjr]
17:53:55 [moneill2]
johncallas, 5 yrs too long for mobile
17:54:05 [Zakim]
- +47.23.69.aajj
17:54:16 [aleecia]
it appears we are having different conversations, Brooks. If you are talking about security, that is a different set of issues.
17:54:19 [haakonfb]
haakonfb has left #dnt
17:54:23 [moneill2]
peter, supoena (cannot spell taht)
17:54:41 [rachel_thomas]
subpoena :)
17:54:42 [aleecia]
it seemed you were talking about seasonality which does not seem like the sort of thing you need lots of DNT:1 data for
17:54:45 [BillScannell]
BillScannell has joined #dnt
17:54:54 [npdoty]
s/supoena (cannot spell taht)/sub poena/
17:55:01 [justin_]
john callas: having to deal with subpoenas/e-discovery is a cost. A deletion policy is one way to mitigate those costs (or aggregation/anonymization)
17:55:04 [moneill2]
john callas, ediscovery need policy when to delet, deononymise data
17:55:29 [Walter]
rigo: yes, I'm noticing it as well
17:55:34 [moneill2]
johncallas, nothing is immune to ediscovery request
17:55:40 [justin_]
john callas: Security logs are not immune from discovery requests.
17:55:46 [Zakim]
17:55:53 [Brooks]
not an easy place to have a discussion of the differences between "security" and "quality" and "fraud"
17:56:12 [moneill2]
peter, tagging purposes of data - how does that work
17:56:32 [aleecia]
fair enough. and my brain is in fog from being sick (again) so if I do not follow, odds are good it is at least primarily my failing
17:56:33 [peterswire]
17:56:51 [moneill2]
johncallas, simple admin controls can do that, we dont share security data for marketing purposes
17:56:55 [dsinger]
q+ to ask about the text we have
17:57:02 [moneill2]
peter, segregation in databases
17:57:23 [moneill2]
johncallas, meningless these days - adminb controls enough
17:57:30 [npdoty]
q+ ChrisM
17:57:31 [dsinger]
"Information may be collected, retained and used to the extent reasonably necessary for detecting security risks and fraudulent or malicious activity. This includes data reasonably necessary for enabling authentication/verification, detecting hostile and invalid transactions and attacks, providing fraud prevention, and maintaining system integrity. In this example specifically, this information may be used to alter the user's experience in order to reasonabl[CUT]
17:57:31 [dsinger]
a service secure or prevent fraud. Graduated response is preferred when feasible.
17:57:32 [dsinger]
There has been an unresolved discussion on whether "graduated response" should be in the normative text, defined, addressed through non-normative examples, or not included at all."
17:57:55 [moneill2]
dsinger, already have definition - have you read it?
17:58:04 [aleecia]
David, could you read it?
17:58:11 [aleecia]
I think that might help the discussion.
17:58:25 [npdoty]
17:58:29 [aleecia]
ooh, speaker reading on IRC, cool
17:58:31 [moneill2]
johncallas, not yest - reading now - np problem with that,
17:58:53 [Zakim]
- +1.703.888.aahh
17:59:01 [aleecia]
17:59:13 [aleecia]
ack dsinger
17:59:13 [Zakim]
dsinger, you wanted to ask about the text we have
17:59:16 [Zakim]
17:59:22 [moneill2]
johncallas, i am willing to accept that
17:59:25 [Zakim]
17:59:29 [peterswire]
17:59:34 [moneill2]
dsinger, limoited purpose is key
17:59:39 [npdoty]
I think we separately note in a section above "no secondary uses" and "data minimization"
17:59:45 [Chris_IAB]
Chris_IAB has joined #dnt
17:59:51 [aleecia]
Yes, that's a global for permitted uses
17:59:51 [johnsimpson]
17:59:53 [fielding]
Note that first party sites often use third parties to estimate security risk based on pattern recognition, which would fall under the general category of "sharing" for a limited purpose.
18:00:19 [moneill2]
johncallas, logs kept 7-10 yrs would raise eyebroes but 60 dayta or so no problem with that
18:00:20 [justin_]
fielding, wouldn't service provider/data processor exception apply in that case?
18:00:27 [npdoty]
ack ChrisM
18:00:30 [npdoty]
Zakim, who is making noise?
18:00:41 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: Rigo (54%), [Microsoft] (48%)
18:00:49 [dsinger]
to fielding: but they do this under a contract, such that results on their data only come back to them? i.e. they are an 'agent'? or is the data merged into a pool that all get benefit from?
18:00:54 [fielding]
justin_, no because they don't silo the data -- it is based on multiple site patters
18:01:03 [npdoty]
present+ Chris_Mejia
18:01:41 [npdoty]
justin, do we need to clarify in "No Secondary Uses" that data can't be re-used for a different purpose, even if that purpose is permitted?
18:01:49 [moneill2]
chrism, new use case -c consumer protection taskforce - privy to top security experts - one case is threqt discovered last 6 mo
18:02:05 [Zakim]
18:02:10 [justin_]
fielding, Hrm. But can individual users or devices be correlated across those databases if they're really just pattern recognition evaluators?
18:02:15 [moneill2]
chrism, prosecuter asked how long back attack was happening
18:02:39 [npdoty]
justin, so that data retained for a long time for security can't be re-used later for some other purpose?
18:02:59 [moneill2]
chrism, so far can go back 5 yrs, prosecuter wants it not only to determine harm but how to punish crims
18:03:19 [justin_]
npdoty, Well, if there's an independent and separate exception . . . so what? What's the threat you're worried about?
18:03:29 [Zakim]
18:03:30 [moneill2]
chrism, over 5 yesrs - law enforcement needs historical info
18:03:30 [rigo]
zakim, mute me
18:03:30 [Zakim]
Rigo should now be muted
18:03:40 [Zakim]
18:03:42 [rigo]
nick, strange, I'm locally muted
18:03:42 [peterswire]
18:03:53 [moneill2]
chrism, are you familiar?
18:04:16 [Zakim]
- +1.202.639.aass
18:04:30 [moneill2]
johncallas, yes good to putting bad guys away
18:04:37 [peterswire]
18:04:43 [moneill2]
chrism, retribution also imp.
18:05:04 [fielding]
justin_, I wouldn't say they are "just" using patterns (this is an extraordinarily NDA'd subject area) -- the purpose is definitely to distinguish bad individuals (or zombies) from good individuals and I am not completely familiar with the techniques used.
18:05:15 [moneill2]
johncallas, payback imp - but data being held on innocents also important. needs balance
18:05:31 [moneill2]
johncallas, privacy very important to people]
18:05:54 [peterswire]
18:06:03 [npdoty]
justin, using years of security logs for frequency capping, market research, anonymizing longitudinal data after years for other purposes...
18:06:09 [moneill2]
chrism, some place reasonable - but hard to say where it is
18:06:40 [moneill2]
chrism, balanvce - control rather retention
18:06:42 [npdoty]
ack aleecia
18:07:13 [fielding]
… and unlike the ad case, first parties are typically looking for purchase fraud or ineligible buyers (like concert ticket vendors have to prevent market resellers from purchasing all tickets in the first 3 seconds they go on sale)
18:07:20 [BillScannell]
BillScannell has joined #dnt
18:07:31 [moneill2]
aleecia, happy with text applied to 3rd parties - is there a distinction betwwen clickfraud and viewfraud
18:07:38 [justin_]
fielding, So are you proposing to add "share" to the security permitted use?
18:07:42 [peterswire]
18:08:10 [Zakim]
- +1.202.478.aann
18:08:11 [Zakim]
18:08:11 [moneill2]
johncallas, no differenece from security pov, but clicks & views shouold not be kept forever
18:08:23 [Zakim]
18:08:27 [Chris_IAB]
respectfully, that's a personal opinion for John as a consumer.
18:08:33 [fielding]
justin_, yes, though in very limited form "share for the exclusive purpose of security" or something
18:08:37 [moneill2]
johncallas, retention limited but lock up bad guys
18:08:45 [Chris_IAB]
18:08:59 [fielding]
… and under NDA
18:09:15 [johnsimpson]
18:09:27 [moneill2]
peter, john is committed to privacy and security so useful input,
18:09:53 [Chris_IAB]
18:10:05 [Chris_IAB]
18:10:09 [moneill2]
johncallas, dnt important to eveybody security need not diminish privacy
18:10:26 [npdoty]
justin, or a dis-incentive to developing any more privacy-preserving techniques for frequency capping, ad reporting, etc. if they can just re-use security data
18:10:37 [Zakim]
- +1.650.704.aagg
18:11:17 [moneill2]
peter, helpful some commentary on retention versus ?
18:11:31 [moneill2]
peter, de-id issue
18:11:33 [npdoty]
Topic: De-identification
18:11:43 [Chris_IAB]
security issue - retention vs. control
18:11:47 [fielding]
s/johncallas/Jon Callas/g
18:11:47 [aleecia]
truncated uri does not have an issue, either, so far as I know
18:12:06 [npdoty]
Zakim, who is making noise?
18:12:16 [Zakim]
npdoty, listening for 10 seconds I could not identify any sounds
18:12:17 [aleecia]
cannot understand Dan
18:12:18 [moneill2]
cannot hear
18:12:22 [npdoty]
Zakim, who is making noise?
18:12:22 [justin_]
npdoty, Well, that presumes market research as a permitted use! Otherwise, hard to imagine a scenario where the data wasn't required for a while, and then suddenly became required . . .
18:12:26 [Chris_IAB]
18:12:32 [Zakim]
npdoty, listening for 10 seconds I heard sound from the following: peterswire (61%)
18:12:37 [johnsimpson]
zakim, mute me
18:12:37 [Zakim]
'johnsimpson' is ambiguous, johnsimpson
18:12:38 [aleecia]
18:12:39 [npdoty]
Zakim, who is making noise?
18:12:49 [peterswire]
+1 on justin
18:12:52 [Zakim]
npdoty, listening for 12 seconds I could not identify any sounds
18:12:54 [Chris_IAB]
justin_ that's funny :)
18:12:56 [aleecia]
18:12:58 [moneill2]
dn, have yet to sync up with ed, later this week
18:13:25 [johnsimpson]
zakim, mute johnsimpson.a
18:13:25 [Zakim]
johnsimpson.a was already muted, johnsimpson
18:13:40 [npdoty]
action: auerbach to propose text on de-identification (with Ed)
18:13:40 [moneill2]
peter, ed interested in tech steps to de-identify
18:13:40 [trackbot]
Created ACTION-371 - Propose text on de-identification (with Ed) [on Dan Auerbach - due 2013-02-27].
18:14:11 [moneill2]
peter, rob v eijk and shane wiley had interesting conv.
18:14:16 [rvaneijk]
rvaneijk has joined #dnt
18:14:29 [npdoty]
rvaneijk, are you back?
18:14:34 [peterswire]
18:14:39 [rvaneijk]
yep, but not on the phone..
18:14:55 [rigo]
rvaneijk: can you come to the phoneconf?
18:15:00 [Zakim]
+ +1.917.318.aavv
18:15:03 [Zakim]
18:15:07 [npdoty]
rvaneijk, we were just trying to get an update on your conversations with Shane
18:15:09 [Chris_IAB]
18:15:10 [rvaneijk]
no, Peter has my notes.
18:15:28 [tlr]
zakim, aavv is probably chapell
18:15:28 [Zakim]
+chapell?; got it
18:15:52 [dsinger]
q+ to ask about de-id: people or the data?
18:15:52 [moneill2]
peter, any other items?
18:16:03 [npdoty]
ack dsinger
18:16:03 [Zakim]
dsinger, you wanted to ask about de-id: people or the data?
18:16:25 [moneill2]
dsinger, de-id means cant identify person
18:16:41 [Zakim]
- +1.202.331.aaff
18:16:50 [johnsimpson]
Was there an action item on market research?
18:16:53 [moneill2]
dsinger, how dos shortening urls deidentify people
18:17:13 [npdoty]
johnsimpson, we have an action item on Richard Weaver on that topic
18:17:20 [aleecia]
18:17:20 [trackbot]
ACTION-370 -- Richard Weaver to propose narrower "market research" use (with David Stark, Justin, Susan, Ronan, Rachel, Chris_M, EBerkower) -- due 2013-02-27 -- OPEN
18:17:20 [trackbot]
18:17:48 [dsinger]
ok, so you saying that even when de-identified, it's prudent to do data reduction as well?
18:17:52 [moneill2]
peter, if you had smallish bucket then urls may idenytify smaller group and therefore uidentify person
18:18:25 [moneill2]
peter, url reduction may ne enough
18:18:31 [aleecia]
18:18:46 [peterswire]
18:19:00 [moneill2]
dsinger, pattern of use if only hostnames
18:19:00 [aleecia]
18:19:01 [fielding]
sounds like a typical MIT student
18:19:09 [dwainberg]
18:19:18 [Chris_IAB]
those aren't marketing collection categories
18:19:20 [npdoty]
ack aleecia
18:19:31 [tlr]
"stem" = host name?
18:19:46 [moneill2]
aleecia, you can fingerprint based on hostames (url stems)
18:19:47 [vincent]
it's not enough but it may help, also depends if you have the timestamp
18:20:00 [moneill2]
aleecia, needs to be kept as issue
18:20:13 [npdoty]
one concern has been that the URL data might *itself* be identifying (even if it's not attached to a real-world device or cookie id)
18:20:25 [peterswire]
18:20:42 [npdoty]
ack dwainberg
18:20:49 [moneill2]
aleecia, when combined with activity over time, dont know how much but we need to kepp it in mind
18:21:00 [Chris_IAB]
aleecia, would that be akin to a "partial print"?
18:21:19 [vincent]
interesting paper on that topic: "Why Johnny Can’t Browse in Peace: On the Uniqueness of Web Browsing History Patterns" (
18:21:31 [moneill2]
dwainberg, primary concerns is what people are reading online - this needs to be pursued
18:21:36 [peterswire]
18:21:54 [dsinger]
at the moment I am merely puzzled, neither opposing nor supporting, but wanting to understand what's being suggested
18:21:54 [Zakim]
18:21:58 [aleecia]
Roy - yes! at CMU we researched a hypothetical anthrax attack on the Super Bowl. The FBI must've learned that every two years, there was a week of activity with this homework assignment… it was one of those "why didn't I use Tor?" moments for me.
18:21:59 [peterswire]
18:22:10 [Zakim]
18:22:11 [Zakim]
18:22:12 [Zakim]
18:22:12 [Zakim]
18:22:13 [moneill2]
peter, thanks
18:22:13 [Zakim]
18:22:13 [Zakim]
18:22:13 [Zakim]
18:22:14 [Zakim]
18:22:14 [Zakim]
18:22:15 [npdoty]
thanks all
18:22:15 [Zakim]
18:22:15 [Zakim]
18:22:15 [Zakim]
18:22:17 [Zakim]
18:22:17 [Zakim]
- +1.650.787.aauu
18:22:18 [Zakim]
18:22:18 [Zakim]
18:22:20 [npdoty]
Zakim, list attendees
18:22:20 [Zakim]
18:22:20 [Zakim]
18:22:20 [Zakim]
18:22:20 [Zakim]
As of this point the attendees have been eberkower, npdoty, walter, Thomas, +44.772.301.aaaa, PhilPearce, Aleecia, +1.404.385.aabb, peterswire, Rigo, moneill2, +1.408.836.aacc,
18:22:20 [Zakim]
... hefferjr, +1.202.587.aadd, kulick, +49.431.98.aaee, ninjamarnau, Yianni, Fielding, dsinger, [CDT], +1.202.331.aaff, +1.650.704.aagg, Keith_Scarborough, Peder_Magee,
18:22:21 [Zakim]
... +1.703.888.aahh, [Microsoft], +1.917.934.aaii, vinay, +47.23.69.aajj, ChrisPedigoOPA, AnnaLong, SusanIsrael, adrianba, johnsimpson, +1.202.344.aakk, +1.646.825.aall, hwest,
18:22:21 [Zakim]
... dwainberg, BerinSzoka, +1.215.286.aamm, cOlsen, Dan_Auerbach, JeffWilson, MikeZaneis, +1.202.478.aann, Bob_Ivins_Comcast?, +1.650.391.aaoo, robsherman, Brooks, +1.646.666.aapp,
18:22:25 [Zakim]
... chapell, Chris_Pedigo, +, vincent, RichardWeaver, +1.650.365.aarr, Jonathan_Mayer, +1.202.639.aass, +1.202.478.aatt, rachel_thomas?, +1.650.787.aauu,
18:22:25 [Zakim]
... +1.917.318.aavv, chapell?
18:22:25 [Zakim]
18:22:25 [Zakim]
18:22:25 [Zakim]
- +1.650.365.aarr
18:22:25 [Zakim]
18:22:25 [Zakim]
18:22:25 [Zakim]
18:22:25 [Zakim]
18:22:25 [Zakim]
18:22:28 [Zakim]
18:22:29 [peterswire]
peterswire has left #dnt
18:22:31 [johnsimpson]
johnsimpson has left #dnt
18:22:39 [Zakim]
18:22:40 [Zakim]
18:22:44 [Zakim]
18:22:47 [npdoty]
rrsagent, please draft the minutes
18:22:47 [RRSAgent]
I have made the request to generate npdoty
18:23:27 [phildpearce]
Useful link: Robust De-anonymization of Large Datasets
18:23:31 [Zakim]
18:23:35 [phildpearce]
"conversion fraud" is also a potential problem, especially when this is used for accounting and optimisation (e.g. affiliate fees & CPA based performance marketing)
18:23:37 [Zakim]
18:23:37 [phildpearce]
18:24:36 [Zakim]
18:26:34 [Zakim]
18:34:19 [afowler]
afowler has joined #dnt
18:35:08 [afowler]
afowler has left #dnt
20:34:53 [Zakim]
20:39:54 [Zakim]
disconnecting the lone participant, ChrisPedigoOPA, in T&S_Track(dnt)12:00PM
20:39:56 [Zakim]
T&S_Track(dnt)12:00PM has ended
20:39:56 [Zakim]
Attendees were eberkower, npdoty, walter, Thomas, +44.772.301.aaaa, PhilPearce, Aleecia, +1.404.385.aabb, peterswire, Rigo, moneill2, +1.408.836.aacc, hefferjr, +1.202.587.aadd,
20:39:56 [Zakim]
... kulick, +49.431.98.aaee, ninjamarnau, Yianni, Fielding, dsinger, [CDT], +1.202.331.aaff, +1.650.704.aagg, Keith_Scarborough, Peder_Magee, +1.703.888.aahh, [Microsoft],
20:39:58 [Zakim]
... +1.917.934.aaii, vinay, +47.23.69.aajj, ChrisPedigoOPA, AnnaLong, SusanIsrael, adrianba, johnsimpson, +1.202.344.aakk, +1.646.825.aall, hwest, dwainberg, BerinSzoka,
20:39:58 [Zakim]
... +1.215.286.aamm, cOlsen, Dan_Auerbach, JeffWilson, MikeZaneis, +1.202.478.aann, Bob_Ivins_Comcast?, +1.650.391.aaoo, robsherman, Brooks, +1.646.666.aapp, chapell, Chris_Pedigo,
20:40:02 [Zakim]
... +, vincent, RichardWeaver, +1.650.365.aarr, Jonathan_Mayer, +1.202.639.aass, +1.202.478.aatt, rachel_thomas?, +1.650.787.aauu, +1.917.318.aavv, chapell?
20:58:09 [Zakim]
Zakim has left #dnt
21:13:18 [rigo]
rigo has left #dnt