Tracking Protection Working Group Teleconference -- 01 May 2013

<trackbot> Date: 01 May 2013

<Lmastria_DAA> 212 778 aaff is me

<Chris_IAB> joining today from 661-100-xxxx

<npdoty> scribenick: susanisrael

<Mike_Zaneis> (202) 344-4259 is Mike Zaneis

peterswire: i am not going to be circulating slides but will talk off my preparation to give you my own perspective, explain some about where it came from....

<tara> Hi. This is Tara Whalen at Apple; I'm sitting in today for David Singer.

peterswire: greeting, talking as chair for compliance will try to provide context and transparency about this document. there has been a lot of good public and private conversations.....hard work and good faith
... people can be very aware of disagreements and problems, but i would like to emphasize all the good hard work...

<tara> Yes, that is right. Thanks!

will overview work since i came on, arms race, why i think something like this makes sense, and will address some criticisms of me and chair...

scribe: have tried to work off of facts, get good tine, have had outside experts, converging on reality...
... have polished compliance spec, though i have heard doubts about what adoption we would get of current draft spec
... one thing you could do is make incremental edits but it wasn't clear to me that would change the sense of consensus...

from that and talking to lots of sources that this draft framework has been pulled together......for last f2f before last call

want consensus that is workable...

one baseline is a lot of things that were in WH agreement of 2012, though there are clear departures, informed by work since then....

similar to work people spoke about in feb, which is a clue as to what may work for key stakeholders

scribe: draft framework is a DRAFT and a FRAMEWORK....not a secret deal, but helps with agenda for meeting....

these are topics that i think would be productive for group to talk about...

if pieces work might work...

topics for discussion not normative text....framework creates outside frame, not detailed word by word somethign...

where did draft framework come from? from you. Might sound silly but much of material came after discussions between folks, including browsers and advertisers.....

there have been discussions between browsers and consumer groups.....

there have been blogs, discussions, lots of discusisons i have not been in room for including between advertisers and consumer groups.....

most of words in framework not from me, and i was not even in room....represent different stakeholders and regulators have weighed in....lots of people talking to each other...

these are issues we have seen in public discussions of wg, then qu is whether you can put it in organized fashion....

for us qu is what does this look like, should we like it? "this is a baby sitting here, should we like it?"

arms race: you may have read my op ed....here is my frank view of advantanges and disadvantages to diff parties...

browsers can write a few lines of code asnd change everythign....creates reason for advertisers to come to table and talk....

advertisers have important advantage too....big industry, tens of millions of dollars, and have resources to take technical action...could wear down browser tech....

reason to create leverage for deal for both parties, both could get beat up in arms race, then both sides would lose if lots of retooling and less transparency and user choice....

now there is money to be gained....

re: consumer privacy : i have heard 2 biggest themes re: what's important: (1) dn collect, not just target, 2) unique ids

my thesis re: draft framework ("DF") : does a lot re: do not collect

<efelten> Can a DAA representative confirm that the current DAA framework limits collection?

daa code already has do not collect, but with 2 exceptions with no real limits, market research and product improvement....

if we get improvement on these exceptions, could eliminate much tracking for dnt: 1 user....

other exceptions to collection limits are similar to ones in our compliance spec.

mon afternoon there will be esomar expert re: market research change....so reason to think we can make progress

<Mike_Zaneis_> Ed, we have told you this on several occasions that, yes, the Multisite Principles cover collection, unless there is a an exception involved.

re: unique IDS--this is single biggest remaining issue

have been discussions in WG and privately, here we have industry discussions offline reflected....

unique ids not included for dnt 1, limited for permitted uses, so this is progres....

if you, industry, can be creative re what can be done here, it is my view we really could have an overall package that works....

not 7 issues, ONE issue....could be factfinding, but if people from industry can come forward and show path to answer, this is CENTER of universe for us.....

DF has one idea i am optimistic about: follow up study...but some skepticism from some people about th is....but i am issuing plea for creativity on this too.....

if we get agreement on this what does it look like?

BATNA.....

<efelten> So the "consumer control" described in the DAA Multisite Principles refers to an ability to stop collection (except for exceptions)?

if privacy groups walk away there will be pressure for legislative and regulatory action....not sure what consumer group next step would be...but compare legis/reg action and arms race to a possible deal.....

there would have to be thorough vetting of things like DAA framework......

let me talk about browser or ua perspective.....fulfills promise to wh to limit tracking....

browsers would like to limit poss competitiion on browser features.....

<Mike_Zaneis_> Ed, yes, I believe you studied the effectiveness of this mechanism while at the FTC.

have spoken personally before monday....was in redmond have also spoken to mozilla, google, apple.,....won't say what they said....

but this is similar to WH proposal so i'm hopeful....

alll browsers have also consider cookie blocking except if DNT compliance....

another issue has been raised by ed and others....

i am happy to bring as much into this round as possible, but often in w3c if you don't get more than 90% in a round, you have another round....

what is BATNA for browsers ...cld build dnt signal but if no compliance won't work.....and would face ongoing arms race and related uncertainty....

if agmt, certainty, if not, none...

advertiser perspective: advertisers made promise and they want to keep it....and meet business goals.....

what about advertisers and draft framework.....DF addresses the "Default issue".....

there ahve been discussions re: what neutral setting look like.....

for advertisers, compliance would be required for DAA members, enforced by BBB....with permitted users where needed....

would build on existing promises and improve market research etc:

BATNA for them: take heat for breaking promise, might have to explore alternatives, and this remains a strategic risk for industry, as well as cost of tech arms race, digital fingerprinting, etc.....

so agmt here might be better than not coming to something here.

<Mike_Zaneis_> Roy, can't speak for the W3C, but the DAA Multisite Principles are not limited to advertising today.

regulator perspective: in the US, subject to details, this would introduce Do Not collect....consistent with WH discusison 2012 and important consumer upgrades introduced....

for EU there are legal protections, and nothing can lower those

<johnsimpson> Mike and Ed: Looks to me lie according to IIIA of DAA principles that "Collection and use" is covered; not simply "collection."

everyone knew that it would be hard to bring non-EU participants into EU framework, but this is an option....

this DF meets key goals for all stakeholders, better than no agreement for all of them, and for alternative options that I have been able to find....

<sidstamm> Mike_Zaneis_: neat. have you seen examples of non-advertising-industry-affiliated entities subject to or sign-on for the DAA principles?

many pieces to work out...needs details, creativity, future work, critiques of problems not found, but good basis fof f2f....

i will address 2 criticisms of chair.......

1. Is peter swire desperate to make a deal? If it doesn't work out i will have a life. I have been hired to try to get a deal but if it does not work it doesn't work....

2) am i getting paid? yes, as for other working groups i am paid for travel, as if for an NSF grant, and for part time prof svcs .......

fundraising letter has gone to all w3c members.....opportunity open to all.....

<jchester2> Can you name the 8 companies please and the total amount spent on your salary?

also about half of diverse largest members of working group have agreed to fund on a fair share basis

this is a framework, not being imposed on you....if we work on it together at f2f we have a chance to get something good done......

<npdoty> If you're calling from +1.650.241.aall, +1.917.934.aakk, +1.202.331.aaoo, +1.415.999.aarr -- we need to identify your numbers, or drop you from the call.

<Zakim> fielding, you wanted to ask if we are going to limit the effect of DNT:1 to advertising

we start at noon in sunnyvale ..

royfielding: i understand effort to make progress in broad framework, but we are 3 months after starting and we don't have camera ready text to go into doc.....i am frustrated....

i have spent time on text and compliance going in circles.....i am also frustrated with focus on ad industry....

i don't care aside from employer interest.... i am interested in not breaking http with useless packets, fraud, zombie machines continuing and i don't see how agmt with daa will help....

concerns i always have are fine details: how define data collection? why do we think dnt affects targeting vs all data collection [? ] ....meaning of do not collect.....

<Mike_Zaneis> Sid, sorry fell off irc. What types of companies are you thinking of? We've had companies like credit bureaus sign up. Most everyone is either a marketer, publisher, data provider, or network/platform that is part of the ad industry.

peterswire: DF uses term in first sentence of tracking data....to the extent it points to DAA code there is tracking definition there, can someone supply?

<npdoty> from the editors' draft: "Tracking" is understood by this standard as the collection and retention of data across multiple parties' domains or services in a form such that it can be attributed to a specific user, user agent, or device.

<sidstamm> Mike_Zaneis, I was just curious who you've seen agree to the principles (since you mentioned they're not limited to just advertising industry)

<justin> The DAA definition of tracking is similar to what's in the compliance standard.

lou: collection of data across unaffiliated sites over time, is the short version.....we already have this working across 100s or 1000s of co's....

peterswire: Nick has posted def into IRC....

<npdoty> (as justin points out, it seems roughly similar to DAA text.)

how similar is this definition to DAA definition? (this is from editor's draft)...but we don't have to do this now....

<fielding> my desire is to have time to discuss the definition at the F2F

so to roy there is language in daa code and i am open to having some discussion about this....

<justin> Multi-Site Data is data collected from a particular computer or device regarding Web viewing over time and across non-Affiliate Web sites

<fielding> … so that the group as a whole agrees on one definition moving forward.

mikezaneis: i think these 2 defs are close substantively, but the daa one is not as technical, though it is very broad....

justin: agree with mike zaneis that daa def is broad and similar....

<Mike_Zaneis> Sid, we have over 3,000 companies signed up, so participation is extremely broad.

justin: how do we deal with these little issues we have been working on such as multiple first parties, all of tpe or what....how do these issues fit with new framework....

<Aleecia> Roy, you told me to put comments on the mailing list (re: defn tracking.) I did. It was /dev/null'ed by all group members. What would you have me do instead?

peterswire: i have some thoughts, have not gone throught hese things with people working on daa....there is learning process here, have asked yanni and others to do delta (or side by side) of daa code/compliance spe....

will have comparisons, and there will places with similar topics, direction, but sometimes exact wording = similar but not identical....sometimes daa code seems stronger.....

<fielding> Aleecia, not sure what thread that was, but you could have declared consensus at that point and written it into the draft.

a very useful thing on particular issues is to look at those comparisons....

<Aleecia> If I were an evil weasel :-)

if there is enough progress so that it seems DF makes sense, there will be work streams coming out of that.....

<Aleecia> But I'm not

we may ask DAA to do some work on this....and w3c spec may also exist in some form for NON-DAA participants, for whom compliance spec may be precisely the applicable language.....

how to interweave 2 regimes is a common lawyer task, and there are different ways to do it.....

<fielding> it isn't evil for a WG to make progress by inserting/editing text until there is a common agreement

<npdoty> Reminder: if you're calling from +1.650.241.aall, +1.917.934.aakk, +1.202.331.aaoo, +1.415.999.aarr, +1.202.587.aatt -- we need to identify your numbers, or drop you from the call.

this is a piece of homework to identify where these 2 things fit, and where they don't people will work on it....

list of issues is similar, but language is not the same....

<Aleecia> I'm not an editor nor a cochair -- if I still have write access it's a bug

jonathan mayer: thanks to peter for laying out ...

MY CALL DROPPED SOMEONE ELSE SCRIBE WHILE I CALL BACK IN PLEASE....

<npdoty> scribenick: npdoty

<Chapell> yes - i'll

<Chapell> scribe

<scribe> scribenick: Chapell

<tlr> who just rejoined?

<justin> susanisrael, is 202.587.xxxx you?

jmayer: with regard to framework, some may see it as a path forward, others may see it as similar to previous proposals - not clear if this offers a path forward...
... we should work through triggering steps that would constitute 'failure' by the group
... we may be going in circles --- at some point, we need to recognize that it may be time to move on

<tlr> susan, is that you?

<susanisrael> *chappell ok scribing now or should i?

peterswire: trying to give his best sense of the universe, others assess facts differently... we have a last call through july with no additional f2f. if we do it in sunnyvale, that's great
... however, we may realize that consensus and progress is not happening... one option is to have the compliance spec published
... 1. successs, 2. mid-ground (compliance spec publishing) 3. failure --- three potential options

<jmayer> Would it be OK if I responded here, Aleecia?

<Aleecia> Sure, I can wait

<jmayer> Thanks!

<Aleecia> Thanks

<jpolonet4> Zakim 202 587 is jules

peterswire: failure should be last option --- do we want to build a contingency plan for failure... not clear

<rvaneijk> here is the link to the posting Peter referred to: http://lists.w3.org/Archives/Public/public-tracking/2013Apr/0167.html

Jmayer: clarifying --- we should have a check in after the meeting to see if we should move forward.... but also...
... iterating on work streams is the path of least reistence... hard part is determining when iterating on those streams isn't productive. Can we say that if XXX doesn't happen by YYYYY date, that's it?
... otherwise, its too easy to keep on keeping in

PeterSwire: Welcome's Jmayers input, but doesn't have an opinion on this right now. He believes that "just more of the same" won't be an effective answer for people on the wg

<npdoty> If you're calling from +1.650.241.aauu

<npdoty> +1.415.999.aaww

<npdoty> +1.202.331.aayy

PeterSwire: we need to finish this by next week

<npdoty> we still need to identify your numbers.

Aleecia: To respond to Roy -- echo's Roy's comments. The proposal is a step forward
... we've done the multi-proposal idea before... gone from 5 to 2

<jmayer> Glad to hear Peter will have a presumption against the utility of further meetings unless there is significant progress at the face-to-face next week.

Aleecia: but have been stuck since... the recent proposals allows us to refine one of the two proposals we've beeen discussing.

<Chris_IAB> Aleecia, to clarify, this is NOT the "DAA proposal"

<ChrisPedigoOPA> bbaa is ChrisPedigoOPA

Aleecia: Aleecia recommends working on the new proposal and updating the draft... if there are updates coming from the privacy side, now would be a good time.

<Chris_IAB> Aleecia, its a framework that Peter Swire put together, in consultations with many parties

<Mike_Zaneis> We have ~90 days left until Last Call, after 20 months of working in this group why would we pull the plug before the end of July?

Aleecia: she wants to start with concepts and moving to standards language --- but needs to happen quickly or this doesn't move forward.
... recognizes some work and advancement

<Mike_Zaneis> Seems worth the last push for 3 months to try to get to a productive product.

RobvE: when will there be a DAA proposal? is one forthcoming?

Zaneis: we haven't been asked to put together a proposal, but we're happy to discuss the latest framework. DAA looks forward to participating next week and this framework has alot from both side.

<Aleecia> Does DAA not support the proposal?

<Aleecia> Because lets not joke -- this was a proposal

LouMastria: DAA contributed to the proposal but did not draft. It changes how the DAA operates... they are willing to do that, but there is no plan to any proposing at this time.

<justin> This is getting a bit meta.

Zaneis: people may see the recent proposal as "DAA" because Stu went through it -- it is not a DAA proposal.

PeterSwire: Always a question re: when to be at a high level and when to be at a more granular level. Its not real until its at normative language level

<Chris_IAB> Aleecia, DAA supports working through the framework that peterswire has laid out.

<Aleecia> You guys are hilarious

<Aleecia> Does, or does not, the DAA support the proposal?

PeterSwire: we've tried to work on normative language --- had concrete proposal. My own view --- with all the interdependencies --- until folks see the whole thing, its difficult to evaluate individual parts.

<Aleecia> If no one supports it, it's DOA.

PeterSwire: relucatance to say something is closed as a result

<Aleecia> We should not discuss a proposal with zero supporters

PeterSwire: given this, is there a strategy that could lead to something that the wg ciould support

<Chris_IAB> Aleecia, I'm failing to see the humor? But in any case, we support working through the framework laid out by peterswire.

<jmayer> +q

PeterSwire: Given interdependencies, this gives us a change in a short period of time to have a conversation that says we really have something.

<Aleecia> It's not a framework. And Peter tells us he wrote very little of it: it's not Peter's

<Aleecia> This is no more a framework than the five prior proposals were

<Aleecia> And if it has no backers, we're done

Jmayer: concerned that whatever the sourcing is, that this seems to substantively an iterations of one of the two previous proposals....

<justin> I have to run. I don't care what we call this or from where precisely it came.

Jmayer: why seize upon one of the proposals rather than the other proposal (as someone who worked on the other proposal)....

<npdoty> I thought it was clear that DAA representatives supported the Draft Framework (and the changes it implied), but wanted to distinguish that it was not their proposal alone. (just trying to help us not talk past one another)

<Aleecia> And they said slapstick is dead :-)

Jmayer: the two proposals were not in alignment. This feels like picking winners and losers at a high level.

<Aleecia> Which is why I refered to it as "DAA and friends, including Peter"

<Chris_IAB> Aleecia, Peter laid it out himself on today's call, as a "framework". Semantics aside, I personally support a good DNT solution from W3C

PeterSwire: agenda for next week

<Aleecia> I was muted, but thanks Thomas

<hwest> Eek, sorry guys

PeterSwire: the words that are here have emerged in this proposal that came from multiple sources... this framework represents a diverse set of opinions with input from many

<npdoty> Reminder: if you're calling from -- +1.650.241.aauu +1.415.999.aaww +1.202.331.aayy -- we need to identify your numbers, or drop you from the call.

<jchester2> Whatever was presented in the doc yesterday, in my opinon, did not represent any agreement/consensus from the NGO community

<jmayer> Peter, claiming this reflects advocate input is an unacceptable dodge. DAA is supportive of the direction. Advocates are not. This is taking sides.

PeterSwire: next week agenda: begin monday at noon with intro session.... mid afternoon, the mkt research folks are brining over a tech expert and we will have a discussion on mkt research exception

<jchester2> +q

PeterSwire: some discussion on product improvement is likely on monday

<Peter-4As> 202-331 is Peter Kosmala

PeterSwire: tuesday morning: TPE will be the focus. TPE related aspects to the draft framework. Matthias not available, but David Singer will help
... no detailed agenda for Tues afternoon and Wed.... agenda will come from specific proposals re: convergence

<Aleecia> Sounds to me like the first order in discussing this is to find out if there's more support for the new proposal than the old proposal on the ad side.

PeterSwire: for example, we need brainstorming on how to address the UID issue. This is the most challenging single issue for us to work out
... If we address UID, we have a shot... if not, it will be uphill battle to say this least.

<Aleecia> If not, if it's not seen as improvement over what's there, we're done. That would surprise me -- I think there's a lot of work here. But that's the first question

<Aleecia> If no one supports, we're done

JChester: document doesn't reflect agreement from the NGO's that he knows... But appreciates the effort....

<BerinSzoka> Gary Shteyngart would be proud: "Together We'll Surprise the World!"

<Aleecia> If privacy doesn't support, no surprise, that's fine: there's a competing proposal on the table

JChester: can we bring in outside experts?
... we want to know all the facts... hard to agree until we know. We need more outside experts

<Chris_IAB> expert right here on the working group :)

<Chris_IAB> Chris Mejia raises hand...

PeterSwire: open to get additional experts... if some of them can help with permitted uses or UID's that would be great. We welcome an informed discussion.

<tlr> zakizakim, zakim, q?

<tlr> argh, network funkiness

PeterSwire: open to additional input, discussion.

<npdoty> If you haven't heard back from me yet about registration issues, you should do so today.

- DRAFT -

Tracking Protection Working Group Teleconference

01 May 2013

Attendees

Contents

Summary of Action Items

Scribe.perl diagnostic output