See also: IRC log
<npdoty> trackbot, start meeting
<trackbot> Date: 08 May 2013
<npdoty> in the meantime, everyone is getting coffee
<npdoty> volunteers to scribe for the morning session?
<npdoty> scribenick: amyc
<npdoty> three cheers for amyc for scribing!
<npdoty> good morning everybody!
Peter: starting now, work must come from group, goodwill to getting work done
... turning over to Thomas for process, then first session about conversations from last night
... relates that some have asked for more text, looking for right mix; others may not have spoken up and may want to surface issues today
tlr: two points about process, important to have voices heard and issues on the table, also important that we make progress and don't let ourselves be stopped
... create space to make progress and path forward, this is driving agenda
... at end of day, getting back to writing spec, moving back from conceptual to textual level, and today will be bridge
... focus on topics on which we can make progress, other areas where we recite one anothers arguments
... agenda, start with broader group about conversations last night, topics for constructive conversations, then use that conversation to extract topics for breakouts
... with quick report outs to group
... hope that we will make progress, topics up to working group
... breakout rooms on screen, each is able to connect via phone
<JC> What happens at end of day? Where are we statement?
tlr: let's colelctively find out how far we can get
<wseltzer> JC, I see plenary both before and after lunch
Peterswire: asking what were caucases last night, asking for suggestions to put on board
rvaneijk: need to breakout before we can share, lots of developments
Aleecia: agrees with breakouts first, asking about Shane's proposal from EOD yesterday
swiley: Adrian put diagram together, but have not put together text, will take 30 minutes to work through diagram with Adrian
tlr: suggests breakout session for Shane's proposal
rvaneijk: shane's proposal still on table
tlr: everyone likely to want to know more about Shane's proposal, suggests that small group to prepare diagram and presentation on Shane's proposal
rvaneijk: advocates want time, suggests meeting separately and then reconvening
rigo: is Susan ready to work on audience measurement? could work on that
Susan: fine with that, Nielsen wants to participate too
dsinger: browser companies could work together too
tlr: audience measurements in Muir Woods, advocates going to Legoland
... Sausalito for Shane, browsers in Catalina
wseltzer: offers staff assistance with scribing
tlr: good idea to have scribes in rooms for reporting back
<peterswire> big basin and wmh are also available
<moneill2> zkim, [IPCaller] is me
<jmayer> If I recall, many participants will have departed by the afternoon session.
<moneill2> cannot hear
<vinay> havent started yet
<npdoty> scribenick: ChrisPedigoOPA
Peter: for this session, we're going to have readouts of breakout sessions
with action items
follow-on discussion, then move to next breakouts
<npdoty> order -- audience measurement, browsers, advocates, Shane, Justin
Order of presentations: 1) audience measurement, 2) browsers, 3) Shane, 4) consumer groups
Susan Israel: tried to understand EU law re audience measurement
tried to narrow scope
Rigo: agreed on "to calibrate and validate"
also agreed that audience measurement is focused on content, not on the user
susan: we know there are other concerns and more work needed
Susan - will work wiht DAA
Peter - next items?
Shane - issue exists for audience measurement
<npdoty> issue-25?
<trackbot> ISSUE-25 -- Possible exemption for research purposes -- pending review
<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/25
Peter - will have concrete tasks for next two weeks
David Singer - representing the browsers now
<npdoty> we have generally used issue-25 for market research, with multiple proposals and pending review options
results from Browser breakout session
looked at DAA principles and compliance doc
users get a general improvement in collection/retention limits
principles good
details left to trade associations or regional orgs
discussed who turns on DNT
must be turned on by a user, not an ISP, router
not a default
<npdoty> explicit action, by the user herself
Puzzled over concerns about non-browser user agent
cool with "these documents are focused on general user agents and other UAs..."
what's a general UA?
<vinay> Was MSFT in the browser group? Are they okay with it not being set by default?
1 - can access the general browseable web
<inserted> 2 - has a preference interface that satisfies the requirements of the user to chose, 3 - can implement the TPE (notably the JS APIs etc.)
work on explanation page is underway
should reflect general principles
note that other trade associations have additional codes of conduct
with links to those standars
Overall, we liked the DAA document
Peter - next steps?
David - browsers would like to have Q&A with those who wrote the DAA principles
in a breakout session
David - might need a general session instead
<npdoty> breakout sessions, about what it means, talk about user agent concerns
Dan Auerbach next from consumer groups
And Aleecia MacDonald
<npdoty> ... and more detail on the Draft Framework text, a little short
Dan - looked at de-id data
explored 3-state process
<npdoty> [we will try to type what's written on the paper board]
Raw data - Red
Red, Yellow, Green states
Red = raw
Red can be used for permitted uses - security fraud, debugging
Yellow - middle state
Green = fully deidentified data
Yellow - would include retention limits
Aleecia - retention limits
Aleecia - how do we set retention limits that work for consumer and industry groups
Aleecia - proposal: diff retention limits for each state
Green = forever
Red = short and proportional
Yellow = also proportional
Would use "should"
<tlr> aleecia: should, if not, then must explain in privacy policy
Next steps?
will wait until after Shane's proposal
There's a discussion in the room about where Shane's proposal is
Shane now at the mic
waiting....
waiting...
still waiting.....
<rvaneijk> data retention must be proportiate to the use in the red-yellow-green
Shane - my proposal also has 3 states
for de-id data
diagram presented
state 1 - raw data
raw data can be stored for permitted uses
transparency required
then a "fork"
one way hash key to remove any personal info
next step - remove IP and replace with broad geo data
next - cleanse URL
cleansing user names, names or clue to reverse engineer
next - look at side facts
anything that could help reverse engineer the record
i.e. date of birth
at the end of process, data cannot be reverse engineered
Goal is to build record that can never be reidentified
Rule 2 - you can never create a map between raw and de-id data
accountability is required
3rd step - re-hash the data but destroy the key
end with truly unlinkable data set
<npd> rather than these specific means, do we intend this as an example of the principles?
Justin Brookman now coming to the mic
Justin - Build on previous comments
market research: people don't need unique users across sites
need unique visitors to sites so can use 1st party cookies
may not need market research exception
will work with Susan and Rigo on market research
on de-id data
seems that we all agree on normative language
just need to work out details
Peter - two next sesssions
1) overlap between groups
2) browser discussion with DAA - could be breakout or general session
Peter - do people feel like they want to be in both rooms
?
decision to have two groups meet separately
two groups -
1) User Agent issues with DAA principles in Catalina Island
2) everybody else remains in big room for plenary session on de-id data
time for UA/DAA breakout will last 45 mins
break from 11:45 to noon, then another plenary session at noon
Getting ready for plenary session de-id data
Peter - beginning session on de-id data
Peter - a couple of goals
some overlap between various proposals
Dan - our sense of areas of agreement/disagreement
working to get Shane's slide up
rvaneijk - this idea is a follow up on a Cambridge proposal
may be similar to consumer group proposal
Dan - would there be a separate data stream where user profiles live?
Dan - retention limit for yellow state is a question
one way hash might not be the only way
Rob - shane and I agree that going from one state to another, there has to be processing involved
Shane - open question on user profile info
company could score a user's interest, but not the URL
data would be kept in aggregate
equation is altered if DNT:1 signal cannot be trusted
if DNT:1 can be trusted, then it could serve as an opt-out from profiling
Rob - question: would data be aggregated immediately?
Dan - is there a 3rd arrow for user profile info?
If DNT:1 signal is trusted, then no user profile info
If not, then user profile would be kept in aggregate
Shane - no more arrows
Peter - one way hashes or other techniques
Shane - yes, we could use many techniques to get to unlinked data
many way to get there
Dan - devil in details, but I think we agree that strong techniques must be used to get to de-id data
John Simpson - question: data retention for yellow state?
Peter - next steps for "whta is a strong enough technique"
Dan - non-normative text satisfies?
Shane and Dan will work on text
<tlr> ACTION: shane to work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures [recorded in http://www.w3.org/2013/05/07-dnt-minutes.html#action01]
<trackbot> Created ACTION-402 - Work with Dan to follow up on defining the "yellow" to "green" transaction with strong enough measures [on Shane Wiley - due 2013-05-15].
Shane and Dan will be assigned an action item to define going from yellow to green state
David Singer - question about de-id
David - q: if de-id user revisits, can you append new data to de-id record
?
You can never create a map between raw and de-id data
David - de-id record will be added to and will grow over time
Shane - but this only happens for a short time because data will eventually move to 3rd state
Rob - de-id is not right term
Rob - data retention and purpose limitations need to be introduced
purpose limitations are permitted uses
Peter - is middle phase (yellow) pdeudonymous?
Shane - no
diff between yellow and pseudonymous is pseudonymous includes an id
red state is pseudonymous
Peter - what I heard
yellow is psuedonymous but also cannot be used for production
Rob - need to get away from using "de-identified" term
John Simpson - question: red is raw data or pseudonymous?
Justin - same
Dan - let's not worry too much about term
important for EU
Dan - I care more about green state of data
Dan - industry wants flexibilty in yellow state and Dan wants data to get to green
Heffer - question about data flow from red to yellow
is it real-time?
Shane - could be real time
but need to keep for permitted uses
companies would want to move data to yellow so they can immediately begin to use for reporting/analysis
this data set would never be used to affect a real person
Peter - let's move to data retention
and next steps
Shane - two data retention periods
1 for permitted uses
solution is transparency by companies
also same transparency for moving to different states of data
Rob - need different retention periods for different permitted uses
also needs to be transparent
Shane - agree with principle of proportionately
Peter - seems to be agreement on transparency and proportionately
proportionality
Justin - the document already includes this
John - I thought Aleecia wanted normative retention limit for permitted uses
<dan_auerbach> that's right
and then she wanted transparency around diverging from retention limit
<dsinger> …rather, an 'if not otherwise justified' (should)
Aleecia advocated using "should" wrt to retention limits
Thomas - should language with specific retention limits could help with implementation
Peter - do we normative/non-normative/other?
Thomas - unclear
Peter - Ed Felten raised DAA code language
on de-id language
<johnsimpson> Q
Ed Felten thinks the DAA Multi Site definition of de-id data might work
<tlr> dan Auerbach: can live with DAA language for the green data
Dan - would prefer W3C language but not huge objection
Peter - consumer groups should look at whether they can live with it
Dan - important to have non-normative examples, which do not exist in the DAA code
<tlr> shane: DAA language going from red to yellow
DAA thinks their de-id language goes from red to yellow
David - if there is a data breach in red data, that is significant
yellow data breach is smaller risk
green data breach is insignificant
Shane - if we release yellow or green data, then there is little risk to user.
risk with yellow data is more about internal abuse
Shane - i.e. evil employee
Dan - I disagree. there is more risk with yellow data
Dan - need to focus on limits on yellow data
David - need to focus on principles
Peter - Ed Felten said something similar
would prefer to have principles in normative text with examples in non-normative
<MarkVickers> It's spec vs. best practices.
Peter - process going forward
Shane - I don't believe industry will be ok with "shoulds" on arbitrary retention limits
too many different business models
non-normative text might be ok
transparency applied to all data states is more important
Shane - only delta is the use of "shoulds" with transparency vs. always using transparency
Justin - proportionately doesn't provide an end point for use of data
there always seems to be another valid use
Peter - what do they use in the EU?
Rob - can use "legitimate business interest" test
in this case, you balance the size of the instrument vs the impact on the user
we don't say how long retention limits are
Peter - will break soon, five more minutes
Dan - really hate vagueness, want precision
Dan - favor Aleecia's approach of using shoulds
<rvaneijk> In European Union law there generally acknowledged to be four stages to a proportionality test, namely,[3] there must be a legitimate aim for a measure the measure must be suitable to achieve the aim (potentially with a requirement of evidence to show it will have that effect) the measure must be necessary to achieve the aim, that there cannot be any less onerous way of doing it the measure must be reasonable, considering the competing int[CUT]
Peter - have heard two positions here. Let's focus on next steps
<rvaneijk> https://en.wikipedia.org/wiki/Proportionality_%28law%29
Privacy advocates to look at DAA definition of de-id data
What do we need to do to outline red, yellow, green states
Justin - need normative text on this
Justin - ok with DAA definition, but need to clarify whether it applies to red-yellow or yellow-green
Justin - writing text on 3 states should be easy
Justin to draft
<tlr> ACTION: justin to write language on red / yellow / green [recorded in http://www.w3.org/2013/05/07-dnt-minutes.html#action02]
<trackbot> Created ACTION-403 - Write language on red / yellow / green [on Justin Brookman - due 2013-05-15].
Next steps on data retention?
John - are we talking about data retention for red state too?
Shane - would address retnetion for each state
Thomas - let's have a small group outline the differences or find a compromise
Thomas - 5 or 6 people precisely define open questions and/or find compromise
John, Dan, Shane, Walt, Justin, Rob, others?
5-10 minute break and then reconvene for one more session before lunch
readouts from breakout sessions after 10 minute break
<vinay> This session has two purposes: 1) get a lunch ticket from david -- take only 1; and 2) readouts from the two groups
<vinay> first is someone from the browser group
<vinay> ... but the browser group didn't delegate someone for the readout
<vinay> ... so we're going to start with hte readout from the other session
<npdoty_> scribenick: vinay
Peter: on the de-id issue, as you all saw, there was important convergence amongst the sides
... but there are still hard issues people need to work on
... dont want to overstate the convergance
... there's a group of 7 people tasked at taking a shot at next steps/work items
... one thing he's asked is for people to look at normative language in DAA code (which ed felton thought worth considering ...)
... if it turns out as good (or better), it may help since a lot of companies have already committed to complying
... there was also talk on drafting language on the 3 stages
... Justin took that action item
... the subgroup of 7-8 are meeting now
... Peter asking Wendy for a brief read out
TLR: Are we talking about a situation a bit more time is needed before we need a useful conversation in the group?
... what stage are we at?
Alan C: yes, a lot of progress has been made. Pretty wide consensus on what we're talking about when we say browser.
scribe: hope that there is some language in the near future to share iwth the group
... encouraged. one of the more constructive groups he's been on
Adrian: Spent bulk of time talking about a few points: 1) distinction between browsers and things that aren't browsers; 2) trying to get away from misunderstandings of what a user agent is/isn't
(we think about people browsing the web when we speak about browsers)
scribe: if we agree that a user must be involved in setting/clearing the DNT preference, those things that are not browsers that get in the way of setting DNT are automatically excluded
... as we see more devices get connected to the internet, we don't want to get bogged down with this
... more gray areas we need to think about. there's a line somewhere. We need to think clearly how we define that line
... and who decides who falls on what side of that line
... while we can agree that the device requring many steps (not sure I got this right) is out of scope, whereas FF is within scope.. There's a lot in between.
... there's some homework we need to do, but there is greater clarity
... second thing they talked about is who is responsible for ensuring that the signal sent from the browser is following the setting that the user set
... in the draft framework, point 6c
... some of what they talked about went back to the general principles (that we all agree this is something the user is involved in setting)
... from Adrian's perspective (and he thinks there is some support for this) that this is something we have to address over time
... can't tell right now how this setting may be attacked by different entities over time
... prefers not to think thru all attacks now because the attack may not be an actual attack used
Peter: here's procedurally what we anticipate
... when we break from this, the de-id group will gather
... there is an effort/task to write-up the browser meeting to accurately reflect next steps
... the idea is that the group decide the next steps
... request for the groups to report back next steps
... believe we're heading to a session at 2pm to have a short document that reflects the next steps
... to discuss how to describe it
... ex. we recommend: a) proceeding with this work; b) taking it back to x, y, and z.
... discuss how to proceed to move forward
... Yianni will be taking text (back on the room)
... susan will coordiante with yianni re: measurement; Wendy for brwosers; TLR for de-id
re-convene at 2pm
TLR: Suggest getting a large lunch table
David: we have the big tables in the back by the window reserved for us
TLR: Take the large table for de-id
... also, same question as before... are there other conversations that should be happening amongst subsets of the room between now and 2pm
Dan: We still haven't made progress on de-ids... i hope the lack of a breakout session isn't interpreted to mean it isn't important
break for lunch. start promptly at 2
<npdoty_> another 10 or 15 minutes, thanks; restart by 2:30
<npdoty_> scribenick: npdoty
<npdoty_> peterswire: apologies for the delay, slow in getting text from all these places
<npdoty_> ... while waiting on copies, I want to get a sense of the room on how today went
<moneill2> cant hear
<npdoty_> ... Dan wanted to make some comments on behalf of some privacy folks
<moneill2> I am getting no sound when I call in
<npdoty_> <interruption as ducks get into rows, and computers are found>
<welcome back>
<moneill2> I still cant hear
<moneill2> ok now
peterswire: a number of issues where progress has been made
... want to thank you for stepping up last night and working today
... appreciated, because this is work should be doing
... anybody who wants to make opening comments from the day?
Lmastria_DAA: would echo peter's comments on constructive dialog today
... my sense is that there's been a fair amount of progress made today that wasn't made at other w3c events I've been at, so I'm grateful for that
... see a path forward, using the framework as a skeletal document that's how I see it at least
... we are committed to seeing if we can put flesh on those bones, a lot of hard work, frankly
... what we are committing to here is a lot of hard work, but if there is progress to be made, we are certainly supportive of moving forward in that direction
peterswire: I'm going to walk through the term sheet, an attempt to capture the work from this morning
... I'll read through it basically, chance for edits and chance to make points
... at the top, "At the close of our meeting... " "sufficient progress ... to merit moving ahead toward the Last Call deadline"
... audience measurement, specific changes to esomar text, from Rigo and Susan, "calibrate and validate", work with Rob and Jeff and DAA as well
... second topic concerns browsers, initial versions of our spec will address general browsers for the Web
... a few principles, vendor neutral
... Do Not Track should reflect user choice, anti-tampering to be considered
<Bryan> Link to paper being described?
peterswire: third part on de-identification, three-state as proposed by Shane, proportionality requirements and transparency and retention for those different states
... homework assigned to review the DAA language that may be helpful
... 4. retention periods remain an important issue: proportionality, transparency, no precise MUST limits
... 5. ongoing discussions of unique identifiers as a critical issue for advocates, inviting proposals to solve this problem
... super importance of this issue to many members of the working group, so may continue even beyond Last Call
... I've heard it a bunch of times, said it on Monday Tuesday Wednesday, that the ability to say that Do Not Track will mean in a simple thing to say to users is that no identifier cookies
... a couple minutes for Dan to give perspective
dan_auerbach: big thanks to the chairs, an incredible amount of work you've put in
<large applause>
<jchester> +q
dan_auerbach: appreciating that some progress was made today, but wanted to note that we punted on unique identifiers today, pushing harder issues further down
... can't do that indefinitely, and that's what you see here in bullet point 5
... without that, I think we should come to some agreement to disagree -- without a path forward, don't want to continue spinning our wheels indefinitely
... shouldn't signal that at Last Call we still have a shouting match, wouldn't want to have all these major issues undecided
peterswire: want to repeat, this has to come from you all, not from chairs and w3c staff
... when there's hard things, w3c process works best when we have people go off to hard issues and come back with smart proposals
johnsimpson: want to echo congratulations for chair and staff, I think possibly there's been incremental progress
... but what I have sensed is that we have stepped back to deal with high-level principles, sense of agreement may be because of high-level principles, as we all agree about transparency
... devil is in the details
... as was documented by the list of many still open issues
... may just be as a pessimist, I'm always being positively surprised
... not sure about reaching agreement by the end of July
... I've been committed to this and also been party to some outside talks that may or may not have made progress
... just might not happen, doesn't mean that we're bad people or that W3C is a bad place, just couldn't
jmayer: echo thanks to peter, thomas, nick and matthias remotely
... feeling of cooperation, glad to work with all of you, has genuinely been a pleasure
... but it's very difficult to see consensus or a path to consensus at this point
... have this parking lot over here (UAs and UIs, unique IDs, deidentification, )
... may have made some progress, but if we were this far apart before, we are this far apart now [with arms, showing only slightly closer]
... very imprudent if we got to Last Call deadline and then just pushed again
jchester: reiterate thanks to staff, chairs and colleagues
... have to address the issues in the parking lot
... I know for us we cannot go forward postponing the unique ID decision before the last call, it has to be a part and can be a part of the framework we address in the next few weeks
... without it I don't think we can make the progress
fielding: progress on this depends on the definition of tracking, willing to turn off anything if it's part of the definition of tracking, but not willing to turn off user identifiers for reasons that are not following a user across multiple sites
... reason is not that we want to track you, just don't want to inhibit innovation for non-privacy-concerns
<jmayer> My concern: there is a very high probability that we get to Last Call without consensus on the major issues, nor even a viable path to consensus on those issues.
fielding: if there are actual privacy concerns we'll address them
<Bryan> Can't hear the speakers well
susanisrael: if we define the scope of what we're trying to achieve in the Last Call is narrower than the list of tracking-related issues, can we address those in later versions?
dsinger: simple text change, remove "preference" before "interface"
... don't want to have an apparent preference for existing browsers
peterswire: serious heartache? -- no.
dsinger: ask the chairs and staff to go through issues and actions and orphan the ones that are no longer relevant.
peterswire: the chair welcomes that, now will do that now that we have some clarity
paulohm: thank you for welcoming in a stranger
... wanted to put a marker down rather than specific text
<jmayer> +q
paulohm: the room I think I had a lot of consensus about the general browsing interface, that was a big issue for Ed (and wasn't in the room)
... suggest brackets around the first sentence
dsinger: tried to put a word for the general principles, the name is just the definition of the general principles, not an additional requirement
<Zakim> dsinger, you wanted to suggest that the chairs and staff do a pass on the Compliance Issues and Action Items and propose a clean-up (many are 6 months old and might not be
<Zakim> johnsimpson, you wanted to address text
johnsimpson: appreciate your highlighting the issue of unique identifiers all week long
... my concrete proposal for the text, would remove "potentially structuring ongoing work past last call"
peterswire: see no strong objections to that?
lmastria: just want to point out for today, we can evaluate the problem and see what solutions there might be
... to commit ourselves to solve the problem period may be a step too far between now and Last Call
... don't want to prejudice one way or another, just be transparent about it
peterswire: is the problem "solve"?
<jchester> +q
<dsinger> …um, the working group decides whether to go to last call, not any individual participant. we may decide to get that industry review knowing we have a question open.
johnsimpson: if we can't find a way to solve that issue, I don't think we can go to Last Call
... I hope we can solve it, I've seen some hints in this room and other places, but I don't see how you go to Last Call with a major issue hanging out there
peterswire: I've heard caution from Lou about saying that this can be done by then
... the language of ongoing discussions doesn't define a certain outcome
johnsimpson: agree, the point I'm trying to make is that this is so important we can't go to Last Call without addressing it
jmayer: to PaulOhm, "general user agents" might rule out Operating Systems, which I don't think we want to
peterswire: can't speak to that particular meeting
jmayer: suggest that we account for user agents other than general purpose web browsers, stuff that we know about already
... in the interest of future proofing it would be a mistake to scope that down
paulohm: principle 1 about "general" Web, reserving the possibility that that might be an issue for Ed and the agency
dsinger: maybe I should explain why this is relevant ...
... in a closed garden, just a piece of software that loads its own help pages, we're just not concerned about you
... point 2, you have the ability for a user to express his choice, if you can't do that, we're not sure how to work with you because it's important that you can express a choice
... point 3, that you actually implement the protocol as designed, use the confirmation (in JavaScript), ask for and receive an exception
... all about how to scope to how to make the thing work, rather than limiting innovation
... the other concern was simply that we haven't spent a lot of time discussing different user agents in this room, and they might raise interesting questions
peterswire: there was a productive meeting around the things in Item 2, but don't have specific normative language
... would be having the normal process, proposing and objecting to and discussing normative text
paulohm: agree that we should discuss; I just think ed will want to say something about this and don't want him to give up any chance
peterswire: we make consensus on this text based on who we have in the room
<rigo> Edited wording from Susan & Rigo on point 1:
<rigo> http://lists.w3.org/Archives/Public/public-tracking/2013May/0048.html
paulohm: then I think we should talk now and I can try to represent him
tlr: jmayer expressed concern about future proofing, would it help to note an opening and interest in looking future-ward to other user agents
paulohm: if this has to be language we all agree on
... "can access the Web" would be principle 1
... 2 and 3 are still pretty limitative
<Chapell> "Can access the web" is extremely broad and cuts away at the spirit of what was discussed in today's one-off session
tlr: I think "Web" is something we all know what we mean by it
jmayer: how about just things that speak HTTP?
... there are things that speak HTTP, are Web APIs
<jmayer> +q
jmayer: I have additional points
<Chapell> I would suggest we wait to discuss #1 until Ed is in the room (also me)
aleecia: I could not support the document exactly as is, have to leave, can get there from here but maybe adopt on the next phone call
<dan_auerbach> +1 to aleecia on #1
aleecia: for example, on #1, we could after we have text determine whether audience measurement is a permitted use
... on #2, fine to have priorities on the agenda, I would have a problem to punt non-browser UAs beyond Last Call
... 4, wouldn't want to guarantee that we don't have MUSTs on time limits
<jmayer> another +1 that we still need to decide whether there's a permitted use for audience measurement for #1
aleecia: 5, just want a resolution on unique identifiers
... don't think Last Call in July, but I agree that it's worth continuing
adrianba_: if worst came to worst, I can live with Section 2, but I had a couple points to make:
... re "meaningful information" minor concern that we were being too restrictive about "settings and help" screens, I thought it was rather all of the user interface
... instead "provide meaningful interface to users
... but a minor point
... going back to the Web, general web, world wide web, "general browsable web" was my term which came from a past w3c meeting to distinguish between Web pages and services that are on the Web, browsed to by a browser
... my explanation of what I meant
<susanisrael> susan and rigo have put a link to a shorter version of point 1, more appropriate to the term sheet, above in irc http://lists.w3.org/Archives/Public/public-tracking/2013May/0048.html
<aleecia> reminder: DNT applies to more than HTTP
peterswire: suggest put back "general browseable web" for that meaning
<aleecia> SPDY is long since agreed to
paulohm: not services, but other things that might matter but don't count as "general browseable web"
adrianba_: fine with that, my comments are in the minutes
peterswire: you also said meaningful information to users, that was a text proposal change? adrianba: yes.
Lmastria_DAA: the way we began the week was the framework, the framework that it would be uniform inside settings as we think of them today, that's the origin
adrianba_: I understand that that's there for that reason, but I don't think that's what we came out of with agreement to
... we did not talk about scoping down the places in which this might be displayed
... if we're all saying is that we're only interested in pursuing conversation about text that's displayed in settings and helps screens
peterswire: what about "such as, settings and help screens" to give a familiar example, are you okay with that?
room: some yeses. lmastria: let me think about it, I'd to have to reconsider how it flows
<BerinSzoka> we can't read the screen. could we please increase the screen size and maximize the window?
<BerinSzoka> er, text size
peterswire: "with reference to user agents that can"
<aleecia> historically untrue
Lmastria_DAA: we've spent 14 18 more months on browser-based mechanisms, browsers as we thought of them about the desktop web
... a lot has changed since then, sure, there should be work done on mobile browsers and refridgerators
... let's scope to what we've really been thinking about
<aleecia> From very very early on we have talked about apps, mobile, SPDY.
Lmastria_DAA: 1.1 can be for other things
... we're trying to scope appropriately to what our expectations have been all throughout
<aleecia> We agreed to put in terms of HTTP but not limit to, to make it easier to talk about
Lmastria_DAA: making that change, we are in effect trying to boil the ocean here
peterswire: strikes me as an important discussion, heard it expressed strongly by Paul Ohm and Lou, in different directions
... we're going to need to figure out what -- this paragraph could disappear or be shortened
PaulGlist: to not the lose good consensus building from the breakout session on this point, I suggest restoring "general browseable" before "Web" and pointing people to "other user agents warrant future study"
... there was an intention to scope the work to everything we know as current browser base
paulohm: [no longer channeling ed] I heard that we'll take those three bullets back and study what they mean
... felt like it was an incomplete agreement, not sure general browseable was the main thing that we're working on
aleecia: we have been talking from the very beginning about this, not just HTTP, yes this is mobile, yes this is apps, agreement from the beginning
... talk about it in terms of browsing the web, from the very beginning of this group, the consensus we had arrived at before some people in the room arrived, just want to make the history of that clears
peterswire: when there was an event with the FTC Chairman and the White House last year, there was an announcement of a browser-based choice mechanism
... we have real history that points both ways here, in good faith, those different histories are coming together here
... an effort to move to functional criteria, but there's an important part of work from people who are comfortable using browsers
... I had thought we had some agreement on that this morning
jchester: we did go beyond, lou said we do go back and talk to colleagues, talked about apps with browsers, acknowledged a broad range of browser use, talking about mobile app capabilities and you folks are very comfortable with and a norm with which people will interact
<justin> ?
adrianba_: what aleecia said about the text of the draft specs including things beyond the browsers is true
... the goal of the session today was to see where would we find agreement
... let's start right now by scoping the impact of things that we now are well-understood
... not limit the future implication
... scope this narrower than what we've talked about in the past
... of course there's the future, but we're trying to work on the current document right now
jchester: have a problem with 5, don't want to call it a "problem", rather "an issue we must address now"
... suggest: "We acknowledge we must address this now."
... a serious way that this be addressed in the next few weeks
<debate about consensus>
problem / issue / challenge ?
<amyc_> i think that there are limits to benefits of real-time editing term sheet when we are going to need to review normative spec text later
peterswire: I understood this as "we agree to work on these issues, not a final statement of answers"
... when we are scoping work, I would think we have a lot more room to say that we are going to work in this direction and at that point work out particular words
... I have a concern, partly about time that we won't have everyone in the room for all of this
<BerinSzoka> I can't live with this document as written. I need to see more Oxford commas before I can support it.
peterswire: shows a resurgence of some positional things that I don't think are @@@ productive
... underscore "the following specific tasks have emerged from this face-to-face", the task for this paper is to note that we have work to do and note that there's work to do, not agreement on final text
... it could be there are people who don't want to have text today
... we could discuss whether we should have text today
... I had hoped talking to many of you before that we had a close idea that this is what we're going to work on, that's what I saw our exercise as
<susanisrael> on point 5, can you say you invite proposals to address this issue, without then saying going forward, thus not determining whether we do it in the near or long term (as that is to be determined)
peterswire: there may be reasons why some of you don't want to have a position "we are going to work on"
... saying "we agree that this will be solved" seems different from "serious list of things we're going to talk about"
... "critical" is a quite strong word
tlr: what I heard is that jchester is fine with 5 now
fielding: we're talking about things out of this meeting
<BerinSzoka> could someone point out that the IRC screen isn't updating because the scroll bar isn't at bottom?
peterswire: you have not waived your ability to say that there are other issues in the spec
... we had a good conversation on browser stuff, everyone told me it was a good conversation and we can move forward
... we had a discussion on retention limits, green-yellow-red
... highlight a critical issue for advocates that advocates wanted to be highlighted
... is the group able to live with the document?
tlr: we have about five points here that are summaries of discussions today, by their nature imperfect
... an attempt to summarize the conversations we had; if the summary is inaccurate or if there are things we can't live with
... go through the individual paragraphs, and then talk about the top paragraph
peterswire: didn't post it online because we didn't want it to be attributed to people in the room without getting agreement
tlr: fine on 5? room: yes.
susan: rigo and I posted a link in IRC to a shorter version
http://lists.w3.org/Archives/Public/public-tracking/2013May/0048.html
<rigo> http://lists.w3.org/Archives/Public/public-tracking/2013May/0048.html
justin: whatever language we go with, we don't have agreement that a permitted use is necessary, I remain convince that we won't need this
rigo: you have an alternative suggestion, we have to figure out whether this address their issue
justin: Shane's proposal too, just want to make clear that not consensus that a permitted use will be needed
amyc: I think what Peter is saying is that for a lot of this stuff is something being discussed today, all of this end up as normative text where we can tweak and discuss normative text
... maybe have something in the first paragraph that everything is subject to our discussion and approval as a group
justin: fix spelling.
Wileys: many side conversations about living in the yellow vs. the red state
peterswire: substantive requirement in the current proposed text that it be pseudonymous
tlr: important point, we have it in the minutes, can live without it being in the document
<BerinSzoka> oxford commas!
tlr: other pieces in 1 that need to be in the document?
<justin> We could add the phrase ", as well as whether data must be deidentified for this use." to the last sentence.
Lmastria_DAA: I don't know if this helps, "term sheet" means a lot of stuff, perhaps a different phrasing might help
room: "work plan"?
<johnsimpson> Document title: "Consensus Statement."
Lmastria_DAA: the second piece, maybe walking backwards a little, if we are as a group having some issues about putting too much language in one place or another, could we just bullet point rather than being so descriptive / detailed?
tlr: I think we are close to agreement on 2 out of the 5, then starting text and the title / then the entire thing
peterswire: any changes to 3? not live with?
Wileys: I think something a little clearer would be that two new action items were created
... 1) state the three-state in a principled way (tied to proportionality and retention limits)
<dsinger__> ...wants to get important people's input but notes the agenda runs to 5pm...
Wileys: Yahoo diagram stuff would be non-normative text and Dan's non-normative text of examples that would satisfy those principles
... Dan has agreed to build the transparency template
jmayer: on 3, use "three-state", a reference to Shane's proposal with one-way hashing -- three states in general, not just Yahoo! specific?
... not agreement that Shane's example would be sufficient
tlr: one approach would be that we take that model, alternatively, abstract one level up to principles and separate principles and implementation
... might just be an issue with non-grammatical rough version
... "possible approach"
jmayer: is this just agreement to a possible approach that many people disagree with?
<cross-talk>
wileys: just intended as a proposal
Lmastria_DAA: on #4, suggest we pull out the stuff about a template, not something I've heard about
<BerinSzoka> Anyone driving up to San Francisco? I'm looking for a ride
tlr: idea was that Dan would write down what he thought would be important pieces about transparency
... a work item rather than an agreement
peterswire: add "for consideration, by the group"
<dsinger__> ...would really appreciate it if people could express their own concerns and leave the chairs to do their job of determining consensus
Lmastria_DAA: the whole idea of a template is a little troubling, partly because of the surprise
<vinay> Berin - I wonder if you can ride one of Apple's shuttles up to SF. Might be a question to David
wileys: fine to remove it, but the work item will still happen
tlr: is the problem the word "template"? lou: yes.
peterswire: on 3 and 4, any other significant changes needed?
justin: suggest we take out the "not include MUST level limits", both incorrect given the current state, and aleecia's concern, and I suggest that we remove it
danauer: this is all part of a proposal, a new idea that we're exploring
justin: "agreement to examine" rather than just "agreement"
[resolved by moving up to 3, instead of 4.]
justin: just remove the clause, doesn't match other things
peterswire: is there anyone with major heartburn if we don't have it? we know in the minutes that it's a thought and we'll study it
... no other changes on 3
jmayer: there were two three-state proposals, Shane and Dan
danauer: "a three-state" and drop attribution room: general agreement.
paulohm: minutes reflect my understanding of what general browseable web
... general browseable web is a term used by w3c in other contexts
... to exclude devices that use http as a service
... and exclude things like dog collars.
tlr: web services in the WS* meaning
paulohm: jmayer also had objections
jmayer: if the only limitation is about dog collars, I don't care... but if it doesn't encompass Firefox OS, or iOS which have pervasive implementations, then I'm not on board
hober: we even used examples like embededd UI WebView
jmayer: in firefox os, you could have an app that received DNT
tlr: have a broad sense of view of the priorities is
jmayer: my understanding is that platforms like ffx os and ios would access the general web
<BerinSzoka> AMEN. Also, note, rush hour...
npdoty: I wouldn't be comfortable just based on a breakout discussion foreclosing work that we've already done in the documents and ruling out clients that don't have JavaScript, use screen readers, etc.
... fine with priorities, but wouldn't want to foreclose those technologies in the current version without having that full discussion
dwainberg: isn't this just a not-commitment-to-particular-text agreement towards what we'd be doing
<loud applause>
agreement that it's not specific restriction to terms, but general priority
<BerinSzoka> finally, I agree with John on something!
title of the document
johnsimpson: title should include "consensus"
<BerinSzoka> I don't mean to be rude, but why are we still talking?
jmayer: agree with Lou on revising title, noting "agreements" rather than "actions", suggest: "consensus conversation summary"
<susanisrael> General agreement on work plan?
"Consensus Action Summary", no one too bothered by that
no corrections/objections to the intro? none.
any objections to sending out the document?
johnsimpson: refer to people by full names.
dsinger: destroy bits of paper of the early versions
justin: "sufficient progress" -- is the progress really "sufficient"?
npd: sufficient just modulo to "merit moving ahead" not a general normative term
peterswire: thanks to David Singer for wonderful hosting