IRC log of dnt on 2013-04-03

Timestamps are in UTC.

15:48:48 [RRSAgent]
RRSAgent has joined #dnt
15:48:48 [RRSAgent]
logging to http://www.w3.org/2013/04/03-dnt-irc
15:48:50 [trackbot]
RRSAgent, make logs world
15:48:50 [Zakim]
Zakim has joined #dnt
15:48:52 [trackbot]
Zakim, this will be
15:48:52 [Zakim]
I don't understand 'this will be', trackbot
15:48:53 [trackbot]
Meeting: Tracking Protection Working Group Teleconference
15:48:53 [trackbot]
Date: 03 April 2013
15:49:03 [npdoty]
Zakim, this will be 87225
15:49:03 [Zakim]
ok, npdoty; I see T&S_Track(dnt)12:00PM scheduled to start in 11 minutes
15:50:52 [WaltM_Comcast]
WaltM_Comcast has joined #dnt
15:51:36 [Zakim]
T&S_Track(dnt)12:00PM has now started
15:51:43 [Zakim]
+ +1.781.482.aaaa
15:52:05 [samsilberman]
zakim, aaaa is samsilberman
15:52:05 [Zakim]
+samsilberman; got it
15:52:19 [kulick]
kulick has joined #dnt
15:52:36 [efelten]
efelten has joined #dnt
15:54:30 [Zakim]
+npdoty
15:54:31 [eberkower]
eberkower has joined #dnt
15:54:48 [fielding]
fielding has joined #dnt
15:55:35 [Zakim]
+ +1.408.836.aabb - is perhaps kulick?
15:55:46 [kulick]
.aabb is me
15:56:10 [Zakim]
+ +1.646.654.aacc
15:56:13 [Zakim]
+ +1.215.286.aadd
15:56:24 [eberkower]
Zakim, aacc is eberkower
15:56:25 [Zakim]
+eberkower; got it
15:56:43 [WaltM_Comcast]
215-286 is Walt M from Comcats
15:57:00 [Chris_IAB]
Chris_IAB has joined #dnt
15:57:22 [Zakim]
+RichardWeaver
15:57:35 [Richard_comScore]
Richard_comScore has joined #dnt
15:57:50 [sidstamm]
sidstamm has joined #dnt
15:57:58 [Zakim]
+efelten
15:57:59 [aleecia]
aleecia has joined #dnt
15:58:29 [npdoty]
Zakim, aadd is WaltM_Comcast
15:58:29 [Zakim]
+WaltM_Comcast; got it
15:59:05 [Zakim]
+??P36
15:59:26 [Chris_IAB]
just joined the call via a private number
15:59:31 [Zakim]
+Rigo
15:59:38 [Zakim]
+MECALLAHAN
15:59:48 [rigo]
zakim, ??P36 is Chris_IAB
15:59:48 [Zakim]
+Chris_IAB; got it
15:59:58 [mecallahan]
mecallahan has joined #dnt
16:00:01 [Zakim]
+[Mozilla]
16:00:02 [phildpearce]
phildpearce has joined #dnt
16:00:06 [sidstamm]
Zakim, Mozilla has sidstamm
16:00:06 [Zakim]
+sidstamm; got it
16:00:07 [rigo]
zakim, mute me
16:00:07 [Zakim]
Rigo should now be muted
16:00:14 [Zakim]
+peterswire
16:00:16 [Zakim]
+ +1.937.215.aaee
16:00:18 [Zakim]
+[IPcaller]
16:00:26 [JC]
JC has joined #DNT
16:00:26 [jeffwilson]
jeffwilson has joined #dnt
16:00:27 [Zakim]
+Fielding
16:00:28 [Zakim]
+ChrisPedigoOPA
16:00:31 [prestia]
prestia has joined #dnt
16:00:31 [moneill2]
zakim, [IPCaller] is me
16:00:31 [Zakim]
+moneill2; got it
16:00:34 [hefferjr]
hefferjr has joined #dnt
16:00:34 [rigo]
zakim, who is making noise?
16:00:36 [npdoty]
Zakim, aaee is Yianni
16:00:36 [Zakim]
+Yianni; got it
16:00:37 [Zakim]
+JeffWilson
16:00:38 [vinay]
vinay has joined #dnt
16:00:45 [Zakim]
rigo, listening for 10 seconds I heard sound from the following: Fielding (5%), peterswire (58%)
16:00:48 [Zakim]
+Joanne
16:00:56 [adrianba]
adrianba has joined #dnt
16:00:57 [Zakim]
+[Microsoft]
16:01:05 [Zakim]
+hefferjr
16:01:11 [Joanne]
Joanne has joined #DNT
16:01:13 [David_MacMillan]
David_MacMillan has joined #dnt
16:01:13 [Zakim]
+vinay
16:01:15 [Zakim]
+ +1.202.370.aaff
16:01:18 [Zakim]
+ +1.202.331.aagg
16:01:20 [Zakim]
+ +1.202.347.aahh
16:01:23 [Suzanne]
Suzanne has joined #dnt
16:01:24 [Zakim]
+hober
16:01:24 [sidstamm]
hi all, please accept my regrets as I'll have to leave halfway through the call due to a conflict.
16:01:26 [npdoty]
updated agenda http://lists.w3.org/Archives/Public/public-tracking/2013Apr/0056.html
16:01:34 [peterswire]
peterswire has joined #dnt
16:01:35 [Zakim]
+Aleecia
16:01:41 [johnsimpson]
johnsimpson has joined #dnt
16:01:42 [prestia]
Zakim, aahh is prestia
16:01:42 [Zakim]
+prestia; got it
16:01:43 [aleecia]
zakim, mute me
16:01:44 [Zakim]
Aleecia should now be muted
16:01:49 [Zakim]
+[Microsoft.a]
16:01:51 [dsinger]
zakim, [apple] has dsinger
16:01:51 [Zakim]
sorry, dsinger, I do not recognize a party named '[apple]'
16:01:53 [adrianba]
zakim, [Microsoft.a] is me
16:01:53 [Zakim]
+adrianba; got it
16:01:54 [peterswire]
any scribe volunteer?
16:02:19 [Zakim]
+chapell
16:02:26 [rigo]
zakim, pick a victim
16:02:26 [Zakim]
Not knowing who is chairing or who scribed recently, I propose vinay
16:02:32 [Chapell]
Chapell has joined #DNT
16:02:35 [Zakim]
+johnsimpson
16:02:39 [ChrisPedigoOPA]
ChrisPedigoOPA has joined #dnt
16:02:39 [susanisrael]
susanisrael has joined #dnt
16:02:39 [vinay]
i can do the second half (I'm eating lunch right now)
16:02:52 [Zakim]
+Susan_Israel
16:02:55 [vincent]
vincent has joined #dnt
16:02:56 [Zakim]
+Craig_Spiezle
16:03:02 [npdoty]
Zakim, please choose a scribe
16:03:02 [Zakim]
Not knowing who is chairing or who scribed recently, I propose adrianba
16:03:12 [kulick]
Zakim, kulick is aabb
16:03:14 [Zakim]
+aabb; got it
16:03:22 [rigo]
ack ri
16:03:23 [Zakim]
+Chris_Pedigo
16:03:23 [npdoty]
Zakim, aabb is actually kulick
16:03:24 [Zakim]
I don't understand 'aabb is actually kulick', npdoty
16:03:25 [CraigSpiezle]
CraigSpiezle has joined #dnt
16:03:31 [npdoty]
Zakim, aabb is really kulick
16:03:31 [Zakim]
+kulick; got it
16:03:38 [rigo]
zakim, pick a victim
16:03:38 [Zakim]
Not knowing who is chairing or who scribed recently, I propose Aleecia (muted)
16:03:40 [Zakim]
+vincent
16:03:47 [kj]
kj has joined #dnt
16:03:50 [aleecia]
nope, this is my commute time, sorry
16:03:52 [Zakim]
+hwest
16:04:08 [rigo]
zakim, who is here?
16:04:08 [Zakim]
On the phone I see Chris_Pedigo, vincent, hwest, samsilberman, npdoty, kulick, eberkower, WaltM_Comcast, RichardWeaver, efelten, Chris_IAB, Rigo (muted), MECALLAHAN, [Mozilla],
16:04:12 [Zakim]
... peterswire, Yianni, moneill2, Fielding, ChrisPedigoOPA, JeffWilson, Joanne, [Microsoft], hefferjr, +1.202.370.aaff, vinay, +1.202.331.aagg, prestia, hober, Aleecia (muted),
16:04:12 [Zakim]
... adrianba, chapell, johnsimpson, Susan_Israel, Craig_Spiezle
16:04:12 [Zakim]
[Mozilla] has sidstamm
16:04:16 [Zakim]
On IRC I see kj, CraigSpiezle, vincent, susanisrael, ChrisPedigoOPA, Chapell, johnsimpson, peterswire, Suzanne, David_MacMillan, Joanne, adrianba, vinay, hefferjr, JC, phildpearce,
16:04:16 [Zakim]
... mecallahan, aleecia, sidstamm, Richard_comScore, Chris_IAB
16:04:16 [Zakim]
+BerinSzoka
16:04:17 [Joanne]
I can take th efirst 30 minutes
16:04:19 [aleecia]
(which is why I volunteered so quickly in Berlin :-)
16:04:24 [hwest]
hwest has joined #dnt
16:04:30 [npdoty]
scribenick: Joanne
16:04:38 [npdoty]
with vinay to take over (just let us know)
16:04:46 [prestia]
prestia has joined #dnt
16:04:48 [npdoty]
thank you Joanne for filling in in the gap!
16:04:50 [BerinSzoka]
BerinSzoka has joined #DNT
16:04:54 [Wileys]
Wileys has joined #dnt
16:04:58 [Zakim]
+Amy_Colando
16:05:25 [Joanne]
Peterswire: things aboutupdated text. Alan submitted test on user eductation topic. on agenda for next week. please review and respond to email
16:05:29 [robsherman]
robsherman has joined #dnt
16:05:34 [Zakim]
+ +1.650.365.aaii - is perhaps david_macmillan?
16:05:38 [rigo]
Agenda: http://www.w3.org/mid/CD81C69A.74DB0%25peter@peterswire.net
16:06:05 [Brooks]
Brooks has joined #dnt
16:06:16 [jmayer]
jmayer has joined #dnt
16:06:22 [aleecia]
shane, took me 3 tried
16:06:29 [Zakim]
+Dan_Auerbach
16:06:40 [Joanne]
...lots of activity on list noted on de-eidentification. critical mass of people from diff perspecitves. propsoe conference or other forum to work thorugh topic. FPF willing to host. may be useful to get short submissions for those on list
16:06:48 [jmayer]
Can't dial in.
16:07:09 [Yianni]
Yianni has joined #DNT
16:07:14 [Joanne]
...get submissions to help spolicy makers, etc to learn from group's work.
16:07:20 [Brooks]
ditto on the no dialin
16:07:21 [Joanne]
...lets work through agenda
16:07:26 [BillScannell]
BillScannell has joined #dnt
16:07:40 [Joanne]
..Chris to explain changes to service provider and why
16:07:48 [Wileys]
Aleecia, 6 tries and still no luck... :-(
16:07:58 [BillScannell]
Same here.
16:08:07 [jmayer]
I'm at 5 redials.
16:08:19 [aleecia]
Unclear: did Peter propose "let's use the wisdom in this group to hold a discussion others can benefit from" or did Peter propose "let's all travel some place to solve this issue"? I think it was the former and yay. If not, please someone let me know
16:08:24 [Wileys]
Up to 9...
16:08:34 [Joanne]
ChrisP: agreement servicer provider should act on behalf of client. question arouns tems we use (e.g. service provider, data processor)
16:08:36 [aleecia]
Ooooof. Zakim is harsh.
16:08:42 [tedleung]
tedleung has joined #dnt
16:09:03 [jmayer]
Ringing indefinitely.
16:09:06 [tedleung]
i can't join the call either. It's just a busy signal
16:09:14 [Joanne]
...issue with term data processor - carries EU legal implications. wants to pick term.
16:09:16 [peterswire]
I was saying let's use the wisdom of the group to inform others about de=identification
16:09:36 [aleecia]
I'd get Ralph's voice, then not get the code accepted. But it sounds like I had different issues.
16:09:53 [Joanne]
...difference here is remved word "only" becasue it implies service provider has one client which is not the intenet
16:09:54 [aleecia]
thanks, peterswire. Cool idea.
16:09:57 [jmayer]
Now at over 10 redials. I give up.
16:09:57 [jchester2]
jchester2 has joined #dnt
16:09:57 [cOlsen]
cOlsen has joined #dnt
16:10:08 [Brooks]
I just got "number no longer in service"
16:10:17 [vincent]
I dialed only once but had to type the code a couple of times and then it worked for me
16:10:32 [Joanne]
...discussion to silo the data and Roy pointed out siloing doesn't happen right away. Put data is only accessed used by that one party
16:10:33 [jchester2]
I cant get through the voice line.
16:10:38 [rigo]
Brooks: that's curious, you burned zakim
16:10:40 [dsinger]
"only" was modifying "acts" not the primary site. It means that they can't act in some other way as well with the data (which may be already covered)
16:10:49 [Wileys]
Jeff, many of us are having the same issue...
16:10:54 [jmayer]
Here's the question I would have asked the authors of the "append" text: What's the meaning of the language about identifiability? Could a third party hand a browsing history to a first party?
16:11:13 [Joanne]
...no independent right to data. added text to end around no other right to use of that data
16:11:36 [jchester2]
Thanks. I though my phone had been data appended!
16:11:39 [Zakim]
+Brooks
16:11:45 [Zakim]
- +1.202.370.aaff
16:11:56 [Joanne]
Peterswire: shifting towards outsourced service provider versus just service provider
16:11:57 [rigo]
q+
16:11:59 [Zakim]
+[FTC]
16:12:02 [Zakim]
+Jonathan_Mayer
16:12:06 [peterswire]
q?
16:12:11 [rigo]
ack ri
16:12:16 [johnsimpson]
q?
16:12:17 [Joanne]
ChrisP: on same page as what a service provider can do but hpow to describe it
16:12:18 [Zakim]
+bills
16:12:18 [Wileys]
Jonathan - looks like you got through?
16:12:27 [rigo]
zakim, unmute me
16:12:27 [Zakim]
Rigo should no longer be muted
16:12:31 [BillScannell]
I'm in.
16:12:40 [johnsimpson]
q+
16:12:44 [Joanne]
Peterswire: this looks to be easy. Rigo question?
16:13:06 [tedleung]
still getting the busy signal
16:13:10 [Joanne]
Rigo: likes Chris' text and not concerned with eEU implications and encourages us to conclude on this
16:13:13 [Zakim]
+ +1.202.370.aajj
16:13:16 [robsherman]
zakim, aajj is robsherman
16:13:17 [Zakim]
+robsherman; got it
16:13:29 [Joanne]
peterswire: consensus to move to pendning review stable
16:13:29 [peterswire]
q?
16:13:35 [rigo]
ack johnsimpson
16:13:40 [Zakim]
+WileyS
16:13:45 [Joanne]
JohnS: doesn't understand why siloing was taken out
16:13:52 [peterswire]
q?
16:14:04 [jmayer]
For those who recently joined... what's the language under discussion, and what's the proposal?
16:14:17 [Zakim]
+ +1.202.494.aakk
16:14:20 [npdoty]
service provider text, http://lists.w3.org/Archives/Public/public-tracking/2013Mar/0057.html
16:14:22 [susanisrael]
jmayer, we are discussing chris pedigo's service provider language
16:14:25 [rigo]
I wonder about siloing if one has no own right for processing anyway
16:14:33 [jmayer]
q+
16:14:37 [peterswire]
we are on service provider, with the text as re-circulated late this morning in the agenda/updated email
16:14:46 [peterswire]
q?
16:14:55 [fielding]
q+
16:15:04 [Joanne]
ChrisP; based upon Roy comments on list. when a service privder is collectiong data on behalf of an entity - data is collected in one big stream then separated by client. Concern is that want data mingled across multiple clients.
16:15:05 [susanisrael]
rigo, i think the idea was to silo while processing the data
16:15:19 [npdoty]
is johnsimpson's question about "separated" vs. "siloed"? normative text still has "separated"
16:15:28 [Joanne]
...can't use one client data along with other client data.
16:16:02 [rigo]
q?
16:16:02 [peterswire]
q?
16:16:09 [Joanne]
JohnMayer: has same consern as John S. Meeting at Santa Clara - group at logger heads. no agreemnet on whether siloing would be required
16:16:09 [rigo]
ack jmayer
16:16:13 [npdoty]
"separated by both technical means and organizational process" -- doesn't that match what we agreed on in Santa Clara?
16:16:16 [Wileys]
I agree with technical siloing but not prescriptive requirements (for example, logical vs. physical separation)
16:16:23 [susanisrael]
does it matter what we discussed in the past if we are agreeing now?
16:16:38 [rigo]
+1 to fielding
16:17:17 [Joanne]
Fiedlding: that change didn't come from me but outside this group no one would understand it. Siloing would be explained in the text. Sepearted by customer is silo'd. Siloing not common technical term
16:17:28 [peterswire]
q?
16:17:29 [jmayer]
qa+
16:17:33 [jmayer]
q+
16:17:38 [fielding]
q-
16:17:40 [Joanne]
...no issue with stating access as directed by the client
16:17:45 [dsinger]
s/Fiedlding/Fielding/
16:18:04 [rigo]
Agenda: http://lists.w3.org/Archives/Public/public-tracking/2013Apr/0056.html
16:18:15 [fielding]
we discussed it at first F2F and DC
16:18:18 [Zakim]
-Amy_Colando
16:18:44 [peterswire]
q?
16:18:59 [rigo]
ack jmayer
16:19:03 [rigo]
q+
16:19:11 [Joanne]
Mayer: mozilla proposal - do something like analytics companies do now.. fundamental disagreement on the same orgin policy on service providers. appreciate chair wanting to move forward but we disagree
16:19:18 [fielding]
SOP has never been mentioned with regard to service providers, so I have no idea what jmayer is talking about.
16:19:32 [npdoty]
jmayer, is your concern just that data be silo'd immediately, or that it be silo'd at all?
16:19:52 [Joanne]
Peterswire: as data comes in there is an additional requirement. Trying to get clarity from Jonthan.
16:20:18 [npdoty]
fielding, we discussed the same-origin policy at Santa Clara in describing siloing of data by service providers, with the conclusion that there must be technical means and should use same-origin policy siloing
16:20:22 [Wileys]
Technical, administrative, and operational controls
16:20:27 [Joanne]
Mayer: two sep issues. 1. are there access restrictions procedural silos 2. technically - is it silo'd
16:20:40 [aleecia]
+1
16:20:44 [npdoty]
I think that's the current text "technical means and organizational process"
16:20:53 [efelten]
Would need to review the text.
16:20:55 [johnsimpson]
+1
16:20:57 [jchester2]
+1
16:21:00 [moneill2]
+1
16:21:07 [Joanne]
Peterswire: are there folks in the group that support Jonthan on having add'l text on this matter? do a +1 if agree
16:21:13 [rigo]
q?
16:21:19 [npdoty]
(I'm +1 for that requirement, but think it's covered in the existing text)
16:21:21 [fielding]
right, technical means and operatinal controls, but per party not per SOP
16:21:30 [aleecia]
q+
16:21:53 [aleecia]
have specific procedural suggestion
16:22:07 [Joanne]
...there is disagreement from several folks and stop discussion on this now and not put in final language for now
16:22:20 [Joanne]
...moving to append. Written by John S
16:22:26 [rigo]
q-
16:22:34 [Joanne]
Alan will explain
16:22:35 [npdoty]
fielding, I think the example was using clienta.example.com and clientb.example.com in order to use the same-origin policy on cookies to silo data by client
16:22:47 [npdoty]
Topic: Append
16:23:07 [aleecia]
that being: contrast the new text with the existing two texts. If there is no support for one or more texts, great, drop them as overtaken by new proposals or new understanding.
16:23:26 [Joanne]
Alan: when user enacts DNT something needs to happen with online data. gap with req around offline data. if not addressed - incentive for market pllace to build around this
16:23:39 [aleecia]
But just starting from scratch when there were two fully formed proposals seems inefficient.
16:23:47 [aleecia]
q-
16:23:49 [jmayer]
I'm once again very frustrated with the apparent need to continuously reiterated objections.
16:23:57 [fielding]
To clarify, "same origin policy" is per origin server domain, whereas per "party" means per first party contract (or third party contract if they happen to be a third party).
16:24:00 [jmayer]
s/reiterated/reiterate/
16:24:02 [Joanne]
...when data is gathered outside first party context and DNT is on then that data can't be used
16:24:09 [Joanne]
(hope I got that right)
16:24:20 [ChrisPedigoOPA]
q+
16:24:21 [Joanne]
Peterswire: any others want to add comments
16:24:26 [jchester2]
Q+
16:24:35 [ChrisPedigoOPA]
q-
16:24:47 [jmayer]
My point is not that the same-origin policy will always be required. But it's the sort of collection-time siloing that would be required.
16:24:50 [rigo]
q+
16:24:50 [jchester2]
q-
16:24:55 [ChrisPedigoOPA]
q+
16:25:07 [Joanne]
...question - I am first party with employees but dont'have an address but a phone number. Can I look up the address
16:25:30 [Joanne]
Alan: first party can coll offline data for legitmate purposes
16:25:43 [robsherman]
+q
16:25:48 [Zakim]
+Ted_Leung
16:26:07 [aleecia]
q+
16:26:10 [aleecia]
q-
16:26:20 [aleecia]
(John is correct)
16:26:22 [Wileys]
Disagree with attempts to move the DNT signal to the offline world. This is an online context - let's keep it there. Consumers have other options to block the offline world.
16:26:23 [Joanne]
...challenge to work around the question Peter raised.
16:26:32 [npdoty]
but on peter's example, you wouldn't be able to match a user's phone number that they gave you to the address in the white pages?
16:26:37 [jchester2]
+q
16:27:20 [npdoty]
ack ChrisPedigoOPA
16:27:24 [Joanne]
Peterswire: companies have some info on a cust and would get info from other sources. If 1st party combined offline with DNT:1 wouldn't be allowed (?)
16:27:27 [aleecia]
Chris' examples: http://www.w3.org/2011/tracking-protection/track/actions/229
16:28:04 [npdoty]
is the second paragraph (a first party must not share) already covered by the first party requirements?
16:28:24 [peterswire]
q?
16:28:29 [Joanne]
(missed what ChrisP said)
16:28:47 [npdoty]
ChrisPedigoOPA: would prohibit append even when data was collected with consent
16:28:56 [npdoty]
... even when the data is public
16:29:11 [Joanne]
ChrisP: in first party context - user has relationship with 1st party. lang is overly restrictive. restriction should lie with who is coll
16:29:11 [npdoty]
... third parties are already prevented from collecting information and first parties from sharing
16:29:28 [Joanne]
peterswire: any view on third paragraph
16:30:10 [Joanne]
JohnS: not seieing how its diff
16:30:19 [susanisrael]
isn't part of the idea of dnt that it applies to third parties because users do not have an easy way to opt out from their activities, while they can easily opt out from a first party's activities? also chappell, if your main concern is the use of appended information for targeting, rather than simply the appending, are you suggesting that the standard is mainly about ad targeting and not other activities?
16:30:24 [peterswire]
q?
16:30:39 [Joanne]
ChrisP: it is diff. you are talking about how you can use first party data. discussion on what you can do in a third party context
16:31:05 [Joanne]
...whether you can add data to what you coll as 1st party is diff
16:31:22 [aleecia]
q?
16:31:24 [aleecia]
q+
16:31:31 [npdoty]
ack rigo
16:31:34 [Joanne]
peterswire: there are diff between what 1st party can do vs what third parties can draw upon
16:31:37 [susanisrael]
my understanding of append is as peter just described it.
16:31:38 [jmayer]
q+
16:31:41 [rigo]
zakim, unmute me
16:31:41 [Zakim]
Rigo was not muted, rigo
16:33:25 [npdoty]
Zakim, aakk is jchester
16:33:25 [Zakim]
+jchester; got it
16:33:29 [Joanne]
Rigo: 2 points. entire discussion shows what came from global considerations discussion and that 1st parties only do permitted uses is needed. overstating data ppend thing. if data is in hands of first party - they have database and can look up data. if you use an outside service like whitepages
16:34:16 [npdoty]
I understand that john and alan are proposing *new* requirements beyond the example of the first party sharing IDs when reaching out to append data to their users' records
16:34:18 [Joanne]
..if share a unique id - that shouldn't be allowed. rule around not sharing using a unique data.
16:34:39 [Joanne]
Peterswire: is data coming out of 1st party with a unique id
16:34:42 [npdoty]
while I think ChrisPedigoOPA's text already accepts prohibiting first parties' sharing user IDs during the data append process
16:35:07 [jchester2]
+Rigo
16:35:08 [Joanne]
Rigo: yes. if 1st party uses id to draw data from 4rd party then 1st party shared the data
16:35:11 [npdoty]
rigo, except in the white pages example, right? or some cryptographic matching algorithms?
16:35:20 [Joanne]
...problem is data geoes to the 3rd party
16:35:39 [peterswire]
q?
16:35:49 [susanisrael]
Rigo, if you use offline data added to first party, how is that going cross site?
16:36:21 [Joanne]
Peterswire: concern there is leakage from 1st party to a third party.
16:36:24 [npdoty]
ack robsherman
16:36:44 [vinay]
Joanne - I'm done now. Do you want me to take over after this topic is done?
16:36:54 [Joanne]
please Vinay
16:37:09 [Joanne]
scribenick Vinay
16:37:16 [npdoty]
scribenick: vinay
16:37:43 [npdoty]
robsherman: distinguishing between using information a first party already has to customize content in a third-party context
16:38:00 [Zakim]
+[Microsoft.a]
16:38:01 [vinay]
robsherman - think you can distinguish between using information a first party already has on a 3rd party site versus collecting data in a third-party context
16:38:16 [amyc]
amyc has joined #dnt
16:38:17 [Zakim]
+[IPcaller]
16:38:23 [Walter]
zakim, ipcaller is Walter
16:38:23 [Zakim]
+Walter; got it
16:38:30 [vinay]
... append is not about what first parties are getting, or third parties are getting. Instead, its when a party is trying to get additional information (and as part of that is passing identifiable information to another party)
16:38:41 [johnsimpson]
+q
16:38:46 [vinay]
... text is making the solution more complicated then it needs to be
16:39:27 [vinay]
... instead, make the solution about limiting how the data provider cannot use the ID/information in other ways than for fulfilling the service
16:39:30 [Zakim]
-[Mozilla]
16:39:48 [peterswire]
q?
16:39:59 [Chapell]
q+
16:40:24 [vinay]
... don't want to re-hash the conversation from the mailing list
16:40:30 [npdoty]
ack jchester2
16:40:35 [npdoty]
ack jchester
16:40:43 [aleecia]
zakim unmute me please
16:40:54 [aleecia]
zakim unmute me
16:40:59 [npdoty]
Zakim, unmute aleecia
16:40:59 [Zakim]
Aleecia should no longer be muted
16:41:01 [vinay]
jchester: wants to echo what rigo said, and supports achapell's proposal
16:41:18 [aleecia]
eats shoots and leaves?
16:41:30 [vinay]
... if the user has expressed a DNT preference, it has to be permanent (and not done at a transactional level)
16:41:46 [vinay]
... first party cannot use online products to target that user outside of a 1st party context
16:41:46 [rigo]
I think "offline" is not really "offline" It is looking up data real time over another network.
16:42:03 [vinay]
Aleecia: wants to talk about the crux of why this is an issue (entering academic world)
16:42:15 [vinay]
... context class. what you told a first party, and what you understand that first party doing
16:42:25 [vinay]
... data append is about adding 3rd party data to some other party
16:42:30 [vinay]
... what i paid for my house is public data
16:42:54 [vinay]
... but the idea that facebook (as an example) can use that data (for a DNT:1 user) to profile me and serve me an ad in the context of FB breaks the idea of DNT
16:43:10 [npdoty]
that seems like a good reason to be very concerned about social networks that use a real-name policy, rather than a DNT issue
16:43:13 [vinay]
... If we can start with something smaller and work up, maybe that is a better approach.
16:43:16 [Wileys]
Aleecia, I agree with the concern but don't believe DNT is the right place to solve for that.
16:43:18 [ChrisPedigoOPA]
q+
16:43:29 [vinay]
... for example, do we all agree that non-public data is not okay to append for 1st parties
16:43:34 [vinay]
(Did I get that right?)
16:43:44 [aleecia]
zakim, please mute me
16:43:44 [Zakim]
Aleecia should now be muted
16:43:48 [vinay]
jmayer: three different questions/concerns
16:44:01 [ChrisPedigoOPA]
q-
16:44:05 [aleecia]
ack aleecia
16:44:09 [aleecia]
heh
16:44:12 [aleecia]
zakim, please mute me
16:44:12 [Zakim]
Aleecia should now be muted
16:44:26 [rigo]
ack jmayer
16:44:33 [vinay]
... 1) not sure what the word identifiable is meant to mean. is it meant to mean linkability, is it meant to be de-identified, or okay to use user names but just not using it
16:44:46 [robsherman]
robsherman has joined #dnt
16:44:56 [vinay]
... until we get an idea of what identifiable means, we can't go that far
16:45:14 [vinay]
... 2) wasn't entirely clear to jmayer whether/how this operates bi-directionally
16:45:36 [Zakim]
+ +1.415.821.aall
16:45:42 [vinay]
... Peter agrees and will ask this later
16:45:50 [Zakim]
-Dan_Auerbach
16:45:53 [robsherman]
robsherman has joined #dnt
16:46:05 [robsherman]
robsherman has joined #dnt
16:46:09 [vinay]
... 3) alternate proposal (both more and less expansive than this one). its the proposal that pre-dates this one from the EFF one. No special rules around appending
16:46:14 [robsherman]
robsherman has joined #dnt
16:46:18 [vinay]
... instead, go by general guidance of no collection/sharing of linkable data
16:46:23 [dan_auerbach]
dan_auerbach has joined #dnt
16:46:26 [robsherman]
robsherman has joined #dnt
16:46:30 [peterswire]
q?
16:46:56 [robsherman]
robsherman has joined #dnt
16:46:58 [vinay]
... would actually allow a party to use data collected in a first party context in a 3rd party context
16:47:09 [vinay]
... and allow some sharing of data if the 3rd party could have collected it themselves
16:47:51 [fielding]
Aleecia, I am not sure why your concern would differ whether the user had DNT:1 or DNT:0 in that scenario -- the user has an account with the first party and if they don't want that first party to obtain more public information about them then they should insist on a control interface specific to that first party (not specific to tracking or DNT). Any other solution would require that first parties change their function per DNT (i.e., change the service
16:47:52 [fielding]
intentionally requested by the user, as far as we know) which is something we are deliberately trying to avoid.
16:48:15 [npdoty]
jmayer is saying he would prefer an alternative that is actually more permissive in terms of use of data by first parties
16:48:23 [vinay]
johnsimpson: wanted to take a step back and say that i'm trying to accomplish this - hopefully we can arrive at text that gets us there
16:48:43 [vinay]
... agrees that in a first party transaction/interaction, johnsimpson is reasonably comfortable with that 1st party gathering data
16:48:45 [Zakim]
-jchester
16:49:06 [vinay]
... but if im sending DNT:1, I do not expect that first party to use/take/bring in anything to that transaction
16:49:10 [Zakim]
+jchester
16:49:20 [vinay]
achapell: responding to a number of comments
16:49:27 [npdoty]
johnsimpson, do you think that's specific to a DNT preference, or are you concerned about combining data in general?
16:49:48 [vinay]
... to jmayer - re: identifiable, alan's thoughts were unique IDs. tried clarifying that in non-normative text. Intention was to be bi-directional
16:50:30 [vinay]
... w/r/t robsherman, i agree we're not worreid about 1st party usage; the challenge is that in most data append use cases the use is not clear
16:50:43 [vinay]
...w/r/t Chris, we're clear that consent trumps DNT
16:50:46 [jmayer]
If the intent is unlinkability and non unidentifiability, then the proposal should use different language.
16:51:09 [vinay]
peterswire: thinks the conversation was useful. shows different views and several different data flows
16:51:40 [vinay]
... what peter's going to try to do is write up a list of structured questions and send it to the group (and perhaps a smaller group)
16:51:47 [Zakim]
-Craig_Spiezle
16:51:53 [jchester2]
we should incude examples of what's being done today, Peter
16:51:59 [vinay]
... hopefully find out where there's agreement on some points and disagreements on others
16:52:10 [npdoty]
to be clear, ChrisPedigoOPA and jmayer, both of you would prefer to be silent on requirements around data append?
16:52:11 [johnsimpson]
sounds like a good way forward, Peter.
16:52:17 [vinay]
... next item on the agenda is multiple first parties
16:52:18 [npdoty]
Topic: Multiple First Parties
16:52:42 [vinay]
robsherman: on last call, bothh im and justin had some text.
16:52:42 [jmayer]
npdoty, in normative text, I think silence would be adequate. In non-normative text, I think an explanation would be worthwhile.
16:52:50 [vinay]
... since then, they;ve spent time trying to bring them closer together
16:53:01 [npdoty]
jmayer, understood, thanks.
16:53:03 [Zakim]
-Jonathan_Mayer
16:53:03 [vinay]
... understands there are times when two companies are coming together to provide a website
16:53:27 [vinay]
... couple takeaways from last call: 1) make clear its not a common situation; 2) carve back the ways this could happen in unintended ways
16:54:03 [vinay]
... new proposed text tries to capture whether the user would expect to reasonably communicate with both/all companies
16:54:23 [vinay]
... includes example (language may change, but intent is there)
16:54:32 [vinay]
... "powered by..." won't be enough
16:54:38 [peterswire]
q?
16:54:47 [vinay]
... had discussions between 1st/3rd party in platform context
16:54:53 [peterswire]
are john and alan on the Q for multiple first parties?
16:55:01 [johnsimpson]
q-
16:55:04 [vinay]
... needs more work, but will want to make clear that in the context of a platform the person operating the page will still get actions on the page
16:55:10 [npdoty]
q- Chapell
16:55:13 [vinay]
... still needs to formalize it
16:55:35 [peterswire]
q?
16:55:36 [npdoty]
I think this is looking good, thanks for putting so much work into it, robsherman, justin
16:56:06 [jchester2]
+q
16:56:06 [vinay]
Peterswire: questions/comments/any consensus?
16:56:13 [vinay]
... can we move this to pending review/stable
16:56:17 [npdoty]
ack jchester
16:56:21 [vinay]
jchester2: has some concerns about this
16:56:28 [vinay]
... may see a loophole in it
16:56:34 [vinay]
... can we get an example of this
16:56:40 [vinay]
... including at the platform level
16:56:58 [johnsimpson]
q+
16:57:00 [rigo]
jeff, look at facebook corporate pages, this is IMHO what Rob is talking about
16:57:01 [npdoty]
jchester2, they include a negative example ("powered by Example Analytics" does not suffice); are you looking for a positive example as well?
16:57:03 [Yianni]
Yianni has joined #DNT
16:57:06 [vinay]
robsherman: let me talk with justin about this
16:57:48 [vinay]
peterswire: one example of a co-branded site is a delta + american express joint promotion re: its credit card
16:57:54 [ChrisPedigoOPA]
q+
16:58:00 [vinay]
jchester: can we do an informal poll on this?
16:58:06 [vinay]
peterswire: lets try it
16:58:08 [npdoty]
satisfied with latest proposal +1, unsatisfied -1
16:58:22 [npdoty]
+1
16:58:23 [hefferjr]
+1
16:58:23 [Wileys]
+1
16:58:23 [robsherman]
+1 :)
16:58:25 [ChrisPedigoOPA]
+1
16:58:25 [amyc]
+1
16:58:25 [vinay]
(thanks npdoty -- you type faster than me!)
16:58:29 [tedleung]
+1
16:58:30 [JC]
+1
16:58:33 [Joanne]
+1
16:58:33 [kulick]
+1
16:58:33 [moneill2]
+1
16:58:35 [susanisrael]
+1
16:58:35 [rigo]
+1
16:58:39 [phildpearce]
-1 As need more examples of "powered by..."
16:58:40 [Chris_IAB]
+1
16:58:41 [fielding]
-1 for reasons not discussed yet (SP provisions)
16:58:45 [jchester2]
-1
16:59:06 [vinay]
peterswire: if you have concerns, i suggest contacting rob and/or justin
16:59:09 [johnsimpson]
q?
16:59:13 [dan_auerbach]
+1 on text, -1 have some related concerns
16:59:16 [npdoty]
or contact on-list, I'm not sure what the service provider concern is, for example
16:59:19 [phildpearce]
ok
16:59:21 [ChrisPedigoOPA]
q-
16:59:26 [johnsimpson]
q_
16:59:31 [johnsimpson]
q-
16:59:32 [npdoty]
Topic: Deidentification
16:59:34 [vinay]
next topic: should be easy (riight?) -- de identification
17:00:24 [vinay]
Peterswire: thinks the issues we're discussing will come up in many other processes
17:00:35 [Zakim]
-Ted_Leung
17:00:42 [tedleung]
tedleung has left #dnt
17:00:59 [vinay]
... have a proposal from Dan with some edits by Roy
17:00:59 [Zakim]
-WaltM_Comcast
17:01:11 [vinay]
... but thinks we may have bigger disagreements on non-normative text
17:01:36 [vinay]
dan: don't see too much disagreement between him/Roy on the normative text
17:01:46 [vinay]
... okay to accept roy's edits to his normative text
17:01:55 [Wileys]
+q
17:02:19 [npdoty]
"actions of" vs "infer information about", dan could accept either one
17:02:28 [vinay]
peterswire: can you clarify what you meant by being okay with Roy's email?
17:02:37 [efelten]
Echoing earlier discussion, we don't have a definition of "identify"
17:02:46 [Wileys]
By "particular" I want to be sure your goal is to isolate the "actual" user or device - and not suggesting that a unique record replacement does not meet the definition of de-identified.
17:02:47 [vinay]
dan: okay with roy's suggestion about the inferring action (did I get that right?)
17:02:48 [fielding]
yes, I provided two choices and the summary only had the first … either is okay with me.
17:02:57 [vinay]
... the language from Roy was to 'identify a user'
17:03:04 [peterswire]
q?
17:03:11 [vinay]
Dan: I'm suggesting the other one Roy suggested was better
17:03:17 [vinay]
... identify an action
17:03:23 [npdoty]
(if we can infer your name and address and gender and medical status, that wouldn't infer any actions of that user, right?)
17:03:34 [vinay]
wileys: one recommended amendment -- use the term actual instead of the word particular
17:03:53 [vinay]
... belief that there is a way that a unique record can exist (but it is de-identified)
17:03:55 [rigo]
unique => red zone
17:04:03 [vinay]
... the term particular can be interpreted in either direction
17:04:08 [dsinger]
is the word 'specific'?
17:04:10 [peterswire]
q?
17:04:20 [Wileys]
ack wileys
17:04:35 [rigo]
q+
17:04:39 [vinay]
Dan: quick response is that his interpretation of the normative text is different htan how shane would interpret it
17:04:42 [Wileys]
Thank you Dan!
17:04:47 [vinay]
... but at a glance, it should be fine with him
17:04:49 [dsinger]
i.e. the question is whether a singular, specific, particular user can be identified from the data, not whether the user is virtual or real...
17:05:02 [vinay]
rigo: question to wileys. in your situation, can you single out a particualr device?
17:05:03 [dan_auerbach]
q?
17:05:11 [efelten]
+q
17:05:17 [npdoty]
ack rigo
17:05:19 [vinay]
wileys: when you say that, assuming you mean ________ ( missed it), the answer is no
17:05:28 [vinay]
... we can still de-identify a record for non-real time use
17:05:36 [vinay]
... but none of that would link back to a user in the real world
17:05:36 [dan_auerbach]
q+
17:05:38 [fielding]
“Data can be considered sufficiently de-identified if there exists a reasonable level of confidence that the data cannot be used to identify the actions of a particular user, user agent, or device.”
17:05:54 [efelten]
-q
17:05:54 [peterswire]
Q?
17:06:03 [vinay]
... thats why terms like specific or particular may muddy up the language.. where actual goes after the intent
17:06:17 [npdoty]
we could just go without an adjective "cannot reasonably be linked to a user, user agent or device"
17:06:27 [vinay]
Rigo: what you're saying is -- we stream in a lot of data, change the IDs, then store it, do analytics/etc.
17:06:36 [vinay]
... but you still have unique traces that are connected to a unique ID
17:06:43 [aleecia]
aleecia has joined #dnt
17:06:47 [vinay]
... so you don't aggregate so you don't get 1 of 500
17:06:54 [aleecia]
swapping one GUID for another is not a privacy solution
17:07:02 [moneill2]
q+
17:07:05 [jchester2]
leaving IRC to go to meeting but listening on phone
17:07:31 [Zakim]
-MECALLAHAN
17:07:37 [efelten]
+q
17:07:40 [vinay]
wileys: for de-identification to work, the important element is that once de-identified, the information is never used to modify a particular user's experience.
17:07:57 [vincent]
so as soon as I update my user agent you can link all my request to my previous UA and that'd be ok because it's no longer my *actual* UA?
17:07:57 [npdoty]
I don't think the de-identified property of the data is dependent on whether the data is going to be used to modify the user's experience
17:07:57 [vinay]
... your goal of 'single out' is looking at singling out a user in the real-world
17:07:58 [Zakim]
-BerinSzoka
17:08:05 [efelten]
+1 npdoty
17:08:13 [vinay]
... wileys goal is to not allow that, but at the same time allow flexibility in analytics
17:08:33 [vinay]
Rigo: singling otu is a compelling topic that is addressing the particular topic they're trying to address
17:09:12 [peterswire]
Q?
17:09:26 [dsinger]
q+ to say that modifying experience is not the (only) privacy issue
17:09:54 [efelten]
De-identification should depend on the data, not on the server company's state of mind.
17:09:56 [vinay]
...wileys: thinks we can acheive an outcome that the connection to the real-world that makes them identified is removed; but we still maintain value in the data for analytics purposes
17:10:02 [Zakim]
+MECALLAHAN
17:10:03 [npdoty]
so the AOL data set would be "de-identified"?
17:10:16 [fielding]
The goal of this definition is to avoid "linked" and "unlinkable" -- I know that word is used in other privacy contexts, but it is very confusing for the Web (the entire point of which is to enable linking of information).
17:10:23 [aleecia]
+1
17:10:27 [vinay]
dan: wants to emphasize that even though we;re coming to some agreement on normative text, we have a fundamental disagreement on what de-identification details
17:10:41 [aleecia]
(+1 to Dan's point we're worlds apart)
17:10:41 [vinay]
... don't think using pseudonyms or scrubbing log files is adequate de-id
17:10:47 [vincent]
npdoty, according to Wileys definition, I think it would be
17:11:01 [vinay]
... until we hammer out the non-normative examples, dan believes we're at an impasse
17:11:20 [npdoty]
WileyS, do you think the AOL search data set would satisfy your interpretation of "de-identified"?
17:11:25 [vinay]
moneill2: should be both de-identified and unlinked
17:11:43 [vinay]
... DNT means do not track me over time
17:11:46 [Wileys]
Nick, NO - as they left markers that allowed re-identification (~4 people out of 600K). URL scrubbing should included in any de-identification process.
17:12:17 [Zakim]
-[Microsoft]
17:12:18 [vinay]
efelten: don't think its workable to have a definition of de-identified when looking at what someone can/cannot do (not sure if i got that right)
17:12:31 [vinay]
... that kind of definition is not sustainable (certainly not testable or actionable)
17:12:33 [rigo]
+1 to edfelten
17:12:37 [peterswire]
q?
17:12:42 [dan_auerbach]
-q?
17:12:46 [dan_auerbach]
q-?
17:12:48 [Zakim]
+[Microsoft]
17:12:53 [rigo]
ack moneill
17:12:55 [npdoty]
ack dan_auerbach
17:12:56 [rigo]
ack dan_auerbach
17:12:58 [npdoty]
ack moneill
17:12:59 [npdoty]
ack efelten
17:13:00 [rigo]
ack efelten
17:13:03 [vinay]
... tends toa gree with dan that the discussion on non-normative text will focus the conversation
17:13:06 [rigo]
ack dsinger
17:13:06 [Zakim]
dsinger, you wanted to say that modifying experience is not the (only) privacy issue
17:13:17 [vinay]
dsinger: the concern is not youre going to use this data to target me, its that you have this data
17:13:23 [fielding]
I agree with Ed -- what is important is that the data cannot be used to identify
17:13:45 [dsinger]
q-
17:13:50 [npdoty]
Wileys, so you agree that data that could be linked back to (even if it operationally wouldn't generally be) a user or device isn't de-identified?
17:14:04 [efelten]
+q
17:14:30 [rigo]
I think the disagreement is on what "identification" means. Whether it is name or "single out"
17:14:38 [vinay]
peterswire: we have this puzzle for the group of how to proceed (how much of a standards process is it to resolve non-normative text)
17:14:43 [Wileys]
Nick, If I can pass you a record, and you can leverage that record in isolation to re-identify a user then it has not be de-identified.
17:14:54 [vinay]
... suppose for discussion that we're close to consensus on normative text but far apart on non-normative text
17:15:02 [vinay]
... whats happened in the past for other standards processes
17:15:07 [rigo]
q?
17:15:10 [efelten]
Why "in isolation"? Why pretend that Nick doesn't have access to side information? (Because he does.)
17:15:17 [vinay]
... david, roy, andrian -- any previous experience in this?
17:15:18 [rigo]
ack efelten
17:15:26 [Wileys]
Nick, If I pass you group of records, and those records in concert can be used to identify a user, then the group of data has not been deidentified.
17:15:35 [rigo]
q+
17:15:40 [vinay]
efelten: echoing what dan said in the maling list, it would be helpful for an example of a specific administrative control that meets this
17:15:59 [Wileys]
Ed - agree on "Side Data" as you presented in Cambridge - this includes that concept.
17:16:15 [Zakim]
-jchester
17:16:16 [peterswire]
q?
17:16:16 [adrianba]
q+
17:16:23 [dan_auerbach]
I strongly believe that we don't have agreement until we have agreement on the non-normative examples
17:16:26 [npdoty]
Wileys, thanks, that seems like maybe you agree more with dan and ed (and the examples in the proposed text) than we might have thought
17:16:33 [dan_auerbach]
to go back to Peter's question
17:16:44 [vinay]
rigo: personal data is much weaker than unlinkable data
17:17:05 [peterswire]
q?>
17:17:36 [susanisrael]
rigo, i think the idea of "split" keys, for example, means split between 2 different entities or at least different people.
17:17:49 [vinay]
... you may have identifiable data, but if you need the help of many other people to identify an indidivual, then that posses a harder problem
17:18:08 [vinay]
... can maybe address this by saying that the entity cannot re-connect/re-combine the IDs
17:18:22 [npdoty]
ack rigo
17:18:26 [npdoty]
ack adrianba
17:18:30 [vincent]
Wileys, so if you can "neither infer information about an *actual user agent* nor *a specific use or devicer*" would that be ok?
17:18:43 [Wileys]
Rigo, agree with the grouping concept. IP Address is a unique identifier and should be de-identified.
17:18:44 [efelten]
Just *saying* that something will not happen is not an administrative control.
17:18:48 [vinay]
adrian: to address the process question, typically we haven't really tried to differentiate text between nornamtive and non-normative text
17:19:12 [vinay]
.. but generally if we have this type of disagreement, I would think peoople have different interpretatiosn of the normative text
17:19:16 [dan_auerbach]
+1 to Adrian
17:19:18 [aleecia]
agree with adrian that this is a sign of ambiguity rather than agreement
17:19:20 [vinay]
... and would suggest we make sure the normative text is clear
17:19:24 [rigo]
+1 to adrianba
17:19:25 [fielding]
peterswire, I would suggest using the WG decision process -- narrow the options to a relatively few specific texts, use the polling tool to identify objections, and then make a decision that tries to thread the needle. We can then move on, at least until more information is provided to make re-discussing it worthwhile.
17:19:40 [aleecia]
but, the non-norm may help people learn where those issues are, if there is any lack of clarity still
17:19:49 [Wileys]
Vincent, I would go with Roy's definition and simply replace "particular" with "actual"
17:19:57 [Wileys]
I think that gets to what you want.
17:20:09 [vinay]
peterswire: in the discussion last week re: financial/auditing, the Deloitte people said that advertising is becoming more important to make sure nobody is cooking the books
17:20:23 [vinay]
... so a bunch of advertising data may be likely to come under the rules for retention for 7 years
17:20:33 [vinay]
... that's what Peter took from last week's call
17:20:42 [vinay]
... so wondering to put that claim, if true, against what we're discussing here
17:20:44 [efelten]
+q
17:21:10 [dan_auerbach]
+q
17:21:12 [vincent]
Wileys, not really, if I stop using a service or if you service is discontinuated I'm no longer covered by the term "actual"
17:21:14 [peterswire]
q?
17:21:19 [rigo]
ack efelten
17:21:29 [vinay]
... how is what we're doing here affected by possibly having a separate process for auditing?
17:21:40 [moneill2]
+q
17:21:49 [vinay]
efelten: to the extent that something may be required by law, there's no cover/need to provide specifics in the standard to discuss it
17:21:50 [rigo]
ack dan_auerbach
17:22:07 [vinay]
Dan: couple things: 1) better to keep the discussions separate
17:22:21 [Wileys]
Vincent, by actual I mean any identifier that connects to the "actual" person, system, device, or user agent. How does the starting or stopping of a service affect that test?
17:22:24 [aleecia]
+1 to keeping these very different discussions
17:22:33 [rigo]
if you still have financial data in that granularity, you can't claim de-identification
17:22:42 [Wileys]
Disagree - raw log data is needed
17:22:45 [vinay]
... as an aside, my interpretation of the experts last week was a bit different than yours. dan heard that raw log files are rarely, if ever, needed
17:22:57 [vinay]
... thinks a lot may be able to get done in a de-identified manner
17:22:58 [peterswire]
q?
17:23:29 [rigo]
Wileys: as long as you have raw logs, you can't claim "de-identification" without attracting remarks
17:23:46 [vinay]
moneill: if we say what we mean by unlinkability, how long do we need to link the data sets?
17:23:49 [rigo]
ack moneill
17:24:27 [vinay]
peterswire: as I've summarized already, we have quite significant disagreement on non-normative text
17:24:32 [vincent]
Wileys, sorry the normative text said "actual" user (not person) but I get your point
17:24:50 [vinay]
... im inclined to go directly to those most involved to share tenative thoughts to discuss how to proceed
17:24:53 [Wileys]
Rigo, as I explained on the email list - you would need to keep these datasets separate
17:25:01 [Wileys]
Thank you Vincent.
17:25:23 [vinay]
... tempted to try to have a conference/meeting to clearly explain why we have different views; and have well-reasoned explanations of the views
17:25:33 [vinay]
... don't see a way to bridge the divide on non-normative text right now
17:25:55 [peterswire]
q?
17:26:16 [vinay]
peterswire: highlight for next week...
17:26:21 [npdoty]
Topic: Wrap-up
17:26:33 [vinay]
achapell has a proposal that he asks people to consider for next week re: user education/interface
17:26:38 [vinay]
... peter to work on appends
17:26:53 [peterswire]
Q?
17:26:56 [johnsimpson]
if you can't agree on non-normative text, I don't see how you can claim agreement on the normative. It means different things to different people and that implies a fundamental problem with the normative text.
17:27:02 [Zakim]
-efelten
17:27:03 [Zakim]
-[FTC]
17:27:03 [Zakim]
-RichardWeaver
17:27:04 [aleecia]
+1 john
17:27:04 [Zakim]
-peterswire
17:27:04 [Zakim]
- +1.202.331.aagg
17:27:06 [Zakim]
-samsilberman
17:27:07 [Zakim]
-[Microsoft.a]
17:27:07 [Zakim]
-Chris_Pedigo
17:27:08 [Zakim]
-robsherman
17:27:08 [Zakim]
-Brooks
17:27:09 [Zakim]
-Aleecia
17:27:09 [Zakim]
-Rigo
17:27:09 [Zakim]
-adrianba
17:27:09 [Zakim]
- +1.415.821.aall
17:27:10 [Zakim]
-chapell
17:27:10 [Zakim]
-Joanne
17:27:10 [Zakim]
-hwest
17:27:10 [Zakim]
-david_macmillan?
17:27:10 [Zakim]
-prestia
17:27:11 [Zakim]
-bills
17:27:11 [Zakim]
-JeffWilson
17:27:12 [phildpearce]
Re: moneill2 on using de-identified and unlinkable if this was via a temporary 30min or time dependant sessionID rather than permanent sessionID... this would cause significant changes in data analytics reports for example for new and returning visitor counts would skew.
17:27:12 [Zakim]
-kulick
17:27:13 [Zakim]
-Chris_IAB
17:27:13 [dsinger]
zakim, who is on the phone?
17:27:13 [npdoty]
thanks peter, and vinay and Joanne for scribing
17:27:14 [Zakim]
On the phone I see vincent, WileyS, Walter, MECALLAHAN, [Microsoft], npdoty, eberkower, Yianni, moneill2, Fielding, ChrisPedigoOPA, hefferjr, vinay, hober, johnsimpson,
17:27:14 [Zakim]
... Susan_Israel
17:27:14 [Zakim]
-vinay
17:27:16 [Zakim]
-Yianni
17:27:16 [Zakim]
-WileyS
17:27:18 [Zakim]
-johnsimpson
17:27:20 [Zakim]
-vincent
17:27:22 [npdoty]
present+ dsinger
17:27:23 [Zakim]
-moneill2
17:27:24 [Zakim]
-[Microsoft]
17:27:26 [dsinger]
zakim, you are a dolt
17:27:26 [Zakim]
I don't understand 'you are a dolt', dsinger
17:27:28 [npdoty]
Zakim, list attendees
17:27:28 [Zakim]
As of this point the attendees have been +1.781.482.aaaa, samsilberman, npdoty, +1.408.836.aabb, +1.646.654.aacc, +1.215.286.aadd, eberkower, RichardWeaver, efelten, WaltM_Comcast,
17:27:31 [Zakim]
... Rigo, MECALLAHAN, Chris_IAB, sidstamm, peterswire, +1.937.215.aaee, Fielding, ChrisPedigoOPA, moneill2, Yianni, JeffWilson, Joanne, [Microsoft], hefferjr, vinay,
17:27:31 [Zakim]
... +1.202.370.aaff, +1.202.331.aagg, +1.202.347.aahh, hober, Aleecia, prestia, adrianba, chapell, johnsimpson, Susan_Israel, Craig_Spiezle, Chris_Pedigo, kulick, vincent, hwest,
17:27:35 [Zakim]
... BerinSzoka, Amy_Colando, +1.650.365.aaii, Dan_Auerbach, Brooks, [FTC], Jonathan_Mayer, bills, +1.202.370.aajj, robsherman, WileyS, +1.202.494.aakk, Ted_Leung, jchester, Walter,
17:27:35 [Zakim]
... +1.415.821.aall
17:27:35 [Zakim]
-hober
17:27:37 [Zakim]
-ChrisPedigoOPA
17:27:42 [npdoty]
rrsagent, please draft the minutes
17:27:42 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/04/03-dnt-minutes.html npdoty
17:27:55 [dsinger]
whoa, lotsa 202 area codes
17:28:06 [Zakim]
-Susan_Israel
17:28:12 [Zakim]
-Walter
17:28:33 [npdoty]
dsinger, most of those were subsequently identified in IRC
17:28:36 [Zakim]
-eberkower
17:28:58 [npdoty]
(when Zakim lists the attendees, he doesn't remember the ones identified inline)
17:29:04 [Zakim]
-npdoty
17:30:26 [Zakim]
-hefferjr
17:33:43 [dsinger]
hm, Zakim thought hober was here; he wasn't, he was on CSS
17:34:18 [npdoty]
that might have been you
17:34:56 [hober]
yes, i was on the css call, not dnt
17:38:52 [dsinger]
did hober appear for zakim also in CSS?
17:40:44 [hober]
yes
17:41:26 [npdoty]
Zakim thinks all of Apple is hober
17:41:55 [hober]
muhahahahhaha.
17:58:12 [Zakim]
-Fielding
17:58:14 [Zakim]
-MECALLAHAN
17:58:17 [Zakim]
T&S_Track(dnt)12:00PM has ended
17:58:18 [Zakim]
Attendees were +1.781.482.aaaa, samsilberman, npdoty, +1.408.836.aabb, +1.646.654.aacc, +1.215.286.aadd, eberkower, RichardWeaver, efelten, WaltM_Comcast, Rigo, MECALLAHAN,
17:58:18 [Zakim]
... Chris_IAB, sidstamm, peterswire, +1.937.215.aaee, Fielding, ChrisPedigoOPA, moneill2, Yianni, JeffWilson, Joanne, [Microsoft], hefferjr, vinay, +1.202.370.aaff,
17:58:22 [Zakim]
... +1.202.331.aagg, +1.202.347.aahh, hober, Aleecia, prestia, adrianba, chapell, johnsimpson, Susan_Israel, Craig_Spiezle, Chris_Pedigo, kulick, vincent, hwest, BerinSzoka,
17:58:22 [Zakim]
... Amy_Colando, +1.650.365.aaii, Dan_Auerbach, Brooks, [FTC], Jonathan_Mayer, bills, +1.202.370.aajj, robsherman, WileyS, +1.202.494.aakk, Ted_Leung, jchester, Walter,
17:58:22 [Zakim]
... +1.415.821.aall
17:58:33 [npdoty]
Zakim, bye
17:58:33 [Zakim]
Zakim has left #dnt
17:58:35 [npdoty]
rrsagent, bye
17:58:35 [RRSAgent]
I see no action items