See also: IRC log
<trackbot> Date: 26 June 2013
<npdoty> trackbot, start meeting
<trackbot> Meeting: Tracking Protection Working Group Teleconference
<trackbot> Date: 26 June 2013
<eberkower> aabb is eberkower
<Richard_comScore> Nick, Adam Phillips representing ESOMAR will be calling in from the UK - he is unsure how his number will show up, but if you see a strange/UK number, it's him
<rachel_n_thomas> thanks nick :)
<rachel_n_thomas> (i'm rusty)
<moneill2> zakim. [IPCaller] is me
<peterswire> I'm calling in now; had a glitch
<johnsimpson> OK here, no noise
<Yianni> I can scribe
<npdoty> scribenick: Yianni
Peter: cannon can you scribe
<JC> yianni is up
Peter: Rob Sherman could you scribe starting at 1:30
Peter: Yianni first, JC 12:45,
Heather at 1:30
... introductory comments, lots of hardwork from people
... goal has been to get one clear document in front of us
<susanisrael> Thank you to w3c staff for coordinating
<dan_auerbach> yes, big thanks to Nick for the incredible job he's done collecting and organizing all of these proposals!
Peter: clear to everyone what the
changes are off of that
... actual number of issues is not in the hundreds range
<wseltzer> [order of dicsussion for today: http://lists.w3.org/Archives/Public/public-tracking/2013Jun/0403.html ]
Peter: history of discussing many
of these issues
... challenge we always have is how to get some final round
... US Senate doing this with immigration, and with the EU data protection regulation
... at some point you need to slim down the issues
... we are trying to do this with maximum transparency
... Peter is recording the fact that he is meeting with people
... my goal today is a human readable version
<jchester2> It's a rush to judgement--not a "slimming" done--thats a rationalization to justify a process that doesn't serve privacy well.
Peter: give the people who
proposed changes to briefly, a minute, what the changes are and
why they should be in
... I've grouped in ways that I thought made sense, but I am sure I made mistakes
... hearing the basic reason for change of proposal
... what we are going to do is highlight presentation from people who have submitted change proposals
... we are going to start moving forward
... Thomas is there a problem on the bridge
Thomas: working on it
Peter: I am going to move through
the list as stated
... first one is that the June draft did not contain public commitment
... myself and W3C staff made a mistake in leaving this out of June Draft, we are inclined to put it back in
... if you disagree with that, putting it in as an editorial change
... an editor process tries to have spelling correct and make language consistent
... we will bullet editorial changes, if you object or want different language, please respond
... we will not make editorial changes without you seeing
<tlr> if somebody's stuck with dial-in, please retry now
Peter: that is number 1
... For geolocation many people comments
... David could you explain your proposal
David: I suggested that we delete
... I would be comfortably amending that this is a clear specific additional restriction
... okay with either deleting or amending
<npdoty> +1 to dsinger, clarifying that it's a separate additional restriction, existing agreement
Peter: if you plan on writing perfecting amendments in the spirit that David just mentioned, could you indicate by +1
<WileyS> Propose to remvoe this section completely as this information is not "tracking" as its not extracted from "cross site" data collection and use.
<sidstamm> wseltzer, thanks.
Peter: expect to be offering text +1 that is consistent with David Singer, if you expect to do language different from David Singer hit -1
<npdoty> +1 to help dsinger with the suggestion just made
<johnsimpson> we're still trying to digest all these proposals I don't know what I'll do
Peter: +1 is friendly, -1 is different from proposed change
<dwainber_> /join #dnt
<jchester2> I agree with John. Peter, I object. Ths process is confusing.
<Aleecia> Shane, we've been at consensus to address geoip for over two years
Peter: the next part is various proposals around definitions of first parties
<dan_auerbach> I don't think Lee is on the call
Peter: Lee Tien had the first suggestion
<dan_auerbach> he's on a plane
Peter: Lee is unable to make the call
<wseltzer> [Lee's email: http://lists.w3.org/Archives/Public/public-tracking/2013Jun/0407.html]
<Aleecia> The text in the WD
<susanisrael> *dsinger, peter collected names of people who want to comment. No resolution.
John Simpson: reading an email from Lee, the consumer side logic is simple, there is a lack of consensus.
<WileyS> Aleecia, I explained this in more detail on the mailing list. 2 years ago it made sense but now that we have a definition of tracking this clearly doesn't fit in -AND- considerable work is going on elsewhere to address precise geolocation in a much more thorough manner
Peter: part of today is understanding what the issues are
<npdoty> dsinger, I think the request was just to find the people who wanted to add friendly or counter amendments
John could you include the language in the minutes?
Peter: this is a debate at a big scale, rather than perfecting language
<wseltzer> Lee, via email:
<wseltzer> On first parties and affiliates, I think the consumer-side logic is obvious: expectations and data dispersion. Industry has its reasons for an expansive view, of course.
<wseltzer> My purpose is not to argue but to reiterate what I see as a lack of consensus--as distinguished from convenience or being part of a large compromise. I have heard occasional complaints about how third parties are differentially affected, or how large first parties are advantaged by an expansive definition of first parties.
<jchester2> Include me in writing text on geo-location
Peter: next one on definition of first party is Chris Pedigo
Chris: the current language requires a link on each page to a list of affiliates
<Aleecia> That's a fine discussion of additional information for the chairs to evaluate re-opening if they choose to, but that is a decision point.
Chris: I do not know if that
address questions of how data is used, restrictions are in
... it also does not capture how a use might be best educated
... instead of listing companies in corporate unbrella, and instead list brands
... in FTC report, common branding was also allowed
... totally agree to have transparency, but what more user friendly transparency
... amendment to do it better
Amy: very similar concerns to Chris
<Aleecia> Unless and u til the chairs agree to reopen, geoip is closed at consensus
The language in specification did not get at heart of debate, think one click at all time is unworkable
scribe: can work with Chris on language
<rigo> conference is full, no more parties can be added at this time.
scribe: very impressed you could organize, we are not in a position to make substantive suggestions to these proposals
<WileyS> Aleecia - I'll submit a formal objection and provide the required "material and new" arguments to consider to stay within the appropriate process.
scribe: more work to review and feedback in the future
Peter: that is exactly right,
much of it will be on list
... we will have more details of order of things discussed on list and on the calls
Peter: ask if others would want to work with CHris and Amy, please list
scribe: we would see if we could consensus that way
<Aleecia> Shane, thanks; formal objection isn't needed. But this is something for the co-chairs to choose to reopen or not
Peter: ALan could you speak first about use of 1st party data in a 3rd party context
<npdoty> to help with Chris/Amy on affiliates language: WileyS robsherman susanisrael vinay Yianni johnsimpson jchester2
Alan: sent something in at 11:30 this morning that gets to it
<WileyS> Aleecia - formal objection can force the issue open outside of co-chair agreement so I'm ready to go that route if necessary
Alan: current context suggests that a 1st party cannot use information in the 3rd party experience
<npdoty> help on geolocation, friendly: npdoty, counter: ari, jeff, alan, shane
John: Yes you may while you are in a relationship with first party, there is a certain level of trust
<Aleecia> That's fine, and if denied reopening, that's appropriate. I'm trying to save you some work is all.
John: no expectation that it
would carry over when functioning as a third party
... glad to work with Alan on language
<robsherman> +1 to participate in the discussion, not to agree on substance
Peter: gues is that people in first party context that would like to be engaged in discussion. please list a +1
Peter: I think we understand that concept
<justin> Peter, I have a question about this one.
Peter: to the extent Alan and John can work with others, please include Yianni
<npdoty> help alan and john on first party restrictions: ChrisPedigoOPA, vinay, jchester2 dwainber_ ; counter: wileys, robsherman
Justin: in previous versions we
parked this issue, some thought it was okay to use first party
data in this context
... Alan seems to think its prohibited under the June Draft. Peter do you have an oppinion
Peter: no language that
explicitly says that, comfortable saying that
... I am not sure I agree with Alan that it explicitly bars
John: we are adding that makes it
clear and that it was left out
... i think it is implicit that a first party can use information they get from a third party
... why we need language on data append
... it is the same we discussed some time back, all the same language
... it has been extensively discussed, I answered all the questions in the list
Peter: if people have language around John's proposal. A lot of people are not in favor of it
<amyc> I think that there is substantive disagreement on append proposal
John: David Singer suggested use of the workd tracking data, so John may adjust proposal to incorporate tracking data in data append section
<Aleecia> 0 to rejoin does not work; conference is full
<tlr> aleecia, *0
Peter: anyone who would want to work with John to work on append language, please hit +1
<rigo> John, we should also encourage first parties to submit themselves under 3rd party restrictions voluntarily
<dsinger> Yes, I suggested that if we call the spec "Do not track", and we define "track(ing)" we should connect the dots and say that what you don't do is 'track' (as defined) (in general, modulo consent and permitted uses)
<susanisrael> agree with amy that there is substantial disagreement
<Aleecia> Thank you
Peter: I understand that there is disagreement with proposal
Susan: language that agrees with them or has a response to proposal
Peter: on this one, I am asking for +1 language for people who would like to work with John on language
Peter: I am guessing people who oppose will oppose the whole package
THomas: if there are people that
wish to work on counter proposal, something else that responds
to the same issue
... want to work on counter proposal, then click -1
... could be as simple as no change or a paragraph of text
<johnsimpson> clarifying question??
Peter: Thomas, right now the base
text is the June draft and does not contain language
... that is there unless we accept a change
... leaving June Draft in place is not a counter proposal
Peter: counter proposal would be
to address the issue in a different way
... staying silent would keep June Draft in place
<Aleecia> When you say "unless we accept a change," does that mean the TPWG, or does that mean leadership?
Thomas: a no change proposal does not require thought to complete
<Aleecia> That is, who is "we"?
Thomas: as we look at proposals,
we may be in a situation that everyone agrees on a change
... June draft was bad and we all agree on that
... that is called consensus
... it would be useful to explicitly say that we prefer no change to the June Draft
... if no change is on the proposal, you do not need to say anything
... if there is no change proposal, then we stick to June draft
<jmayer> I think the June Draft shouldn't have special weight as against an alternative proposal.
<wseltzer> [no-change proposal]
<susanisrael> *sorry to have been dense about the +1/-1. I felt like it wasn't consistent. didn't mean to create a distraction.
Thomas: if there is one change proposal, and they want to stick to June draft, please write a statement keep June Draft
<rigo> jmayer, doesn't work.
Thomas: if anyone gets confused,
we will be able to fix
... this is a point that is best explained in writing
... for purposes of this call, focus on people who want to help people with a change proposal because they are on the same page or come up with a compromise, or people with a counter proposal
<jmayer> In taking up the June Draft, we used a default decision making process (i.e. no consensus alternative, so go to a default). That posed substantial legitimacy problems, and at minimum, certainly didn't reflect a group decision.
Peter: as chair, I will simplify
... +1 means you will help with change proposal
Peter: if you want to keep June Draft you do not have to say anything
Peter: if you have a counter proposal, please do -1
Thomas: consistent with what I said
John: we are talking about adding text that does not exist in the draft
<rigo> as good as it gets, assessment is on chairs
John: what happens that we get to the point that we think this text is as good as it gets, but we have debate in the group how do we deal with
Peter: goal is to work through the list, second goal is to get people to draft text
Peter: we are not having the
conversation on how this comes together at the end of July, we
need to get through the list of issues first
... Issue 6, Roy had a proposal on service providers
<jmayer> This seems to me entirely backwards. We've just done a fire drill... without thinking through how it would bring us closer to consensus.
Peter: went back to previous
discussion on service providers, parties other than first party
owner that would have access to data who would not be
considered another party
... want to change from service provider to implementation provider
... does not make a normative difference, that is editorial
<tlr> on process, here's Nick's previous write-up of the process we will follow: http://www.w3.org/mid/4199CC86-BA3F-40BB-8C12-676ED0061320@w3.org
<schunter> "paint on the bike shed"
Peter: the definition is
... both substantive and label change
<npdoty> the bikeshed/name is a detail we could debate but does not make a substantive difference
Dan: I basically haven't been
tracking the service provider issue as closely as others
... wanted to make sure some previous text was not dropped on the floor because no one presented objections
... we have two different proposals, if they both got support we would need to fit them together
Peter: if you would want to work with Roy, please hit +1
<rigo> +1 as we had 5 times already agreement on this service provider /implmentation partner issue
Peter: a -1, if you have a counter proposal to what Roy is doing, different substantive direction
<amyc> +1 to rigo
<ninjamarnau> +1 for Dan's draft
Peter: Second, Dan brought language from Mozilla/EFF/Standord proposal, +1 would be to work with Dan to perfect
<Aleecia> Riffs and I've objected every bloody time, and for you to claim this is agreement is as frustrating as possible.
Peter: a -1 would be to work on a counter proposal that is different from Dan's proposal and different from June Draft
<rigo> where is Dan's proposal?
<amyc> I think we have two +1 polls going on
Peter: next thing is third party compliance, Amy had some text on
<npdoty> helping roy: rigo; helping dan: jmayer, ninja, maybe moneill2
<dan_auerbach> I haven't read Roy's service provider email yet so can't comment -- apologies
Amy: For both sections, signal to implementers, regarding the use of identifiers
<jmayer> npdoty, aleecia too?
Amy: add technically feasible,
using no identifiers at scale
... discussion about requiring third party auditors, I thought that it was about being internally verifiable
Peter: two distinct issues
... first, adding technically feasible when it comes to not using unique identifiers
<npdoty> on service providers, helping roy: rigo; helping dan: jmayer, ninja, maybe moneill2, Aleecia
Peter: if you want to perfect that language +1, a -1 would be a counter proposal
<npdoty> (unless moneill2 or Aleecia intended to work on a third proposal on service provider)
Peter: second, on audits,
internally verifiable rather than third party audits
... please hit +1 if you want to work on internally verifiable language
<jmayer> -1, -1
Peter: hit -1 for any counter proposals
<Aleecia> No doty, I suspect I will, but if I can merge with Dan's so much the better. Not optimistic about that, but I'm happy to try
Peter: David Singer first on definition of tracking
<Aleecia> Auto correct for the lose today, sorry
David: Did I make change proposal
to the current document
... Different agenda item on collection and retain
Peter: Roy you had language on tracking
Roy: yet another iteration to
find a definition of tracking that fits the requirements
... it would be nice to agree on what we are agreeing to standardize
... the existing language describes tracking as data collection, it covers anything you might receive
<npdoty> friendly amendments to amyc: dwainberg, counter-proposals to amyc on audits: jmayer, dan_auerbach, moneill2
<JC> I'm ready to scribe
<rigo> -1 to this one
<dsinger> We are talking about "Tracking is the retention or use, after a network interaction is complete, of data records that are, or can be, associated with a specific user, user agent, or device.", right?
Roy: my definitino is about
following a specific persons accross distinct contexts
... the retention, use, or sharing of data used outside the current context, covers profile building or anything like it
<dsinger> to Roy: that's nothing like all the data you might log.
<amyc> yes to dsinger
<rigo> because it doubles the first party/third party distinction
Peter: DAA definition uses accross multiple sites
<moneill2> npdoty, i was referring to "technical feasilbility"
Peter: getting clarification about how multiple contexts and multiple sites is probably useful
Amy: notice same issues as Roy
Yes, JC you can take over
<npdoty> scribenick: JC
<npdoty> amyc: suggested a change to the Scope piece, rather than a broad view of tracking, focus on third parties
<tlr> Amy's change proposal: http://www.w3.org/mid/81152EDFE766CB4692EA39AECD2AA5B61EB0AC4C@TK5EX14MBXC295.redmond.corp.microsoft.com
<laurengelman> (is the call line full? my call will not go through)
<dsinger> that we allow first parties to 'track' doesn't mean its definition is wrong, by the way.
<tlr> lauren, please call the bridge and dial *0.
<tlr> (instead of entering the code)
Peter: I think calling it tracking data may be editorial
<tlr> operator will patch you in
Peter: it may be worth commented on by peoplej
Peter: +1 if the term tracking data should be used
<dsinger> …and yes, I did have a CP to use 'tracking' in the document more
<dan_auerbach> I am neutral on using the term "tracking data", but the substance of what that term entails is important to me, so not sure if I am neutral or -1
Peter: -1 is stating that it is
moving in the wrong substantive direction
... Johnsimpson you have an imput
<npdoty> work with amy on changing data to tracking data: dsinger, justin, ChrisPedigoOPA; counter: johnsimpson
<tlr> simpson's proposal: http://www.w3.org/mid/9755A9FB-5EFD-4B5A-B4B7-630125EB9B57@consumerwatchdog.org
Johnsimpson: As the standard develops some tracking will be allowed under permitted uses
<npdoty> work with amy on changing data to tracking data: Brooks, dsinger, justin, ChrisPedigoOPA; counter: johnsimpson, jchester
Johnsimpson: some servers won't participate in permitted uses
Johnsimpson: there should be some compliance language that indicates how this works
<trackbot> ISSUE-119 -- Specify "absolutely not tracking" -- pending review
Johnsimpson: compliance language should clarify what is said in TPI
Peter: Add +1 if you want to work with johnsimpson
<npdoty> +1 (I think we already have agreed text, and may not need more)
Peter: -1 if you have conflicting proposal
<jmayer> phone trouble
Peter: jmayer could you address tracking definition
<jmayer> workng on fixing mute thingy
Peter: we will go to jmayer later
<WileyS> + 1 to work with Amy on her definition of Tracking
Jmayer: I propose a change indicating collection in the defintion
Peter: Jmayer lets go to defintion of protocol and transient data
<npdoty> working with john simpson on "not tracking": npdoty, ninjamarnau
Jmayer: I 'm concerned by transient data definition
<dsinger> -1 to jmayer's http://www.w3.org/mid/BC9995A702CF4B5BA0594DB9129D7C14@gmail.com
<tlr> mayer's proposal on "tracking": http://www.w3.org/mid/BC9995A702CF4B5BA0594DB9129D7C14@gmail.com
Jmayer: the line I try to draw is between protocol information and info the website solicits
<tlr> mayer's proposal on "transient": http://www.w3.org/mid/66CEC8712A44493FAB861745B971E520@gmail.com
Jmayer: they may have different privacy requirement vs. saying everything goes during a transient period
Peter: I have not lived through these discussions
<Aleecia> (has been discussed)
Peter: Lee wrote something similar, any comments?
<dsinger> I also wrote something http://www.w3.org/mid/D55D460B-6E05-4AE7-86FB-2CE29CF7F4DE@apple.com
<npdoty> jmayer, that sounds like Lee's proposal on short-term
Dan: I haven't looked through Lee's proposals
<fielding> that was Dan
Peter: +1 for work on protocol and trnasient data definitions
<susanisrael> *jc, i think that was dan auerbach not roy speaking
Peter: -1 for a counter proposal
<efelten> This is a poll on substantive views, or on willingness to work on language?
<tlr> willingness to work on language
<fielding> -1 (cookie are obviously protocol data, so use a different name if you want to make that distinction)
Peter: jmayer do you have a definition of collection
Jmayer: I believe i sent one to the list
Peter: Amyc do you have language around collection and share?
<susanisrael> i think this is a poll re: willingness to work on language consistent with vs. opposed to a given proposal
<tlr> Amy's language on collect / retain / share: http://www.w3.org/mid/81152EDFE766CB4692EA39AECD2AA5B61344A1C9@TK5EX14MBXC295.redmond.corp.microsoft.com
Amyc: I submitted language on
share to address concerns that current language is quite
... I proposed language that more directly addresses concerns
<tlr> Pedigo on "share": http://www.w3.org/mid/CEED5B1AC4405240B53E0330753999D320643B3A@mbx023-e1-nj-4.exch023.domain.local
Amyc: other is editorial. Pass is used but not defined. We should fix that.
<ChrisPedigoOPA> happy to work with Amy to merge our proposals
Peter: I have not looked at issue, but it makes sense
Amyc: Concern is about first
party being held responsible for data sharing
... this is not about appending but sharing
Peter: The term share is broader than some may like
<dsinger> my language on collect/retain: http://www.w3.org/mid/9CEF4EC1-C051-4AE4-B986-8F107C103217@apple.com
Peter: Dsinger do you have language on sharing
<rigo> I have a clarification question
Dsinger: The first talks about transient which is not defined. What does it have to do with sharing?
<rigo> retaining == collection IMHO
<Aleecia> I have a lot of background noise here, but the notes I sent from walking through the doc included a text suggestion from JC on this area
Dsinger: We should look at retain and not focus on transient period
Peter: Dsinger is this similar to Amy?
Peter: +1 work with Amy et. al.
... -1 for a counter proposal
<susanisrael> possible +1, need to read more carefully
Peter: Number 11 defintion of user agent from Chris Pedigo
<dan_auerbach> if we prefer no change, we don't write -1 right ? I think that's where I am
<tlr> Pedigo on user agent: http://www.w3.org/mid/CEED5B1AC4405240B53E0330753999D320643B97@mbx023-e1-nj-4.exch023.domain.local
<jmayer> dan, -1 = would contribute to a proposal in a different direction.
<tlr> dan, if you prefer no change, you can just say that later -- not much of a point putting it out now
<dsinger> ah, we need to improve the section title and do some editorial cleanup
<jmayer> I'm -1 on this direction for sharing.
ChrisPedigo: The defintion meshes
what a UA must be included and there are three statemtents that
don't make since
... I would like to add a separate section for websites
Peter: Were there others that made UA defintions?
<amyc> My apologies to all, I have to drop off, so won't be able to walk through the CP to section 7 on existing privacy controls, but tried to include explanation as part of CP, please feel free to contact me directly with qs
Peter: UA compliance is next
Chapell: my proposal was
contained in industry proposal so look there
... the idea is similar to what I have mentioned for a while
... the UA must indicate clearly what it states
<npdoty> Chapell, is that a change from the editors' draft?
Tlr: I'm confused on what is stated
<dsinger> this document? http://www.w3.org/mid/DCCF036E573F0142BD90964789F720E3140E17A7@GQ1-MB01-02.y.corp.yahoo.com
Dan: I was mentioning disclosure requirements
Tlr: can you help me find it?
Peter: Let's figure out how to work with text that came in before noon
<tlr> alan's language is supposedly in here: http://www.w3.org/mid/170A573B-41D3-4645-B4A0-5226B14E9AE3@networkadvertising.org
Peter: Justin you have input
Justin: If the user uses private mode it is obvious the user does not want to be tracked
<npdoty> is there any marking in the PDF that notes what the edits are?
Justin: clear and prominent
language can be controversial, but we need to be
... the June draft is prescriptive on UA side but not the user side
<tlr> +1 to Nick -- a version that has changes tracked would be very useful.
Justin: I suggest what we have had in the TPE for a while
<dsinger> +1 to Justin; we previously agreed to rough parity
Peter: Amy you have input on privacy controls
Amyc is there
<rigo> I think the UA side and the UGE must be the same, as they both claim to collect consent
<npdoty> Chapell, could you summarize the changes for us on UA Compliance that are represented in this PDF? (I can't see offhand what is different from the editors' draft)
<tlr> Amy's proposal on existing privacy controls: http://www.w3.org/mid/81152EDFE766CB4692EA39AECD2AA5B61EB0AC76@TK5EX14MBXC295.redmond.corp.microsoft.com
<wseltzer> JC: concern, how do we reconcile opt-out and DNT; multiple devices, user-granted exceptions depend on timing
<wseltzer> ... how do we provide something that's not confusing users or providers
<Chapell> npdoty, will do on list later
<wseltzer> ... slight changes to the tables
Peter: jamayer you have input
<tlr> Jonathan on user agent: http://www.w3.org/mid/4E18BDC5E23E4992A1C66CEEA9430E89@gmail.com
Jmayer: Yes, I provided language on the standard language to use
<Chapell> dsinger and justin - i agree re: parity on disclosure standards for UA and UGE
Peter: on user agent compliance
there are three things
... +1 to work with Chapell and advertisers approach
<Chapell> ... however, the language in the current draft was unclear, IMHO
Peter: +2 if you want to work with Justin on TPE direction
Peter: +3 if you want to work with Amy and JC on tables to reconcile DNT vs. other standards
<dan_auerbach> +4 (sort of) I proposed my own language
Peter: +4 to work with Jonathan
Peter: Let's go to security and fraud
<npdoty> work with Justin on TPE direction for UA compliance: johnsimpson ninjamarnau dsinger Aleecia jmayer
<sidstamm> npdoty, +2 add me to the list
Peter: can someone explain Chris M proposal?
<npdoty> work with Justin on TPE direction for UA compliance: johnsimpson ninjamarnau dsinger Aleecia jmayer sidstamm
Tlr: can someone point to the draft?
Johnsimpson: It should be on the Wiki
Peter: I think there was substantial writing on the list John can you exaplain your approach
Johnsimpson: I looked at thread and liked proposal, but was concerned about the lack of graduated response
<dan_auerbach> I suggested text on security and fraud too, along with all permitted uses
Johnsimpson: I wanted to make sure it got it, supporting Roy's input
<WileyS> Note - as discussed in Sunnyvale, a graduated response is not a workable solution and would lead to notfifying attackers that you suspect them.
Peter: I haven't reviewed this, was there language Roy?
Johnsimpson: it was the original language
Roy: There are changes to June draft and addtion of graduated response
<npdoty> dan_auerbach, Lee had proposed text from the earlier EFF proposal, that also referenced a concept of graduated response, do you think those could be combined?
<jmayer_> There's been language on graduated response for over a year.
Peter: one subissue is around graduated response, is there new language
Johnsimpson: that original language came from April public draft
<npdoty> I believe the original definition of graduated response came from Ian Fette, several months ago
<dan_auerbach> npdoty, yes, we can work on combining those
Johnsimpson: I believe Ian
... it all mad sense to me
Peter: There is a proposal from
Chris on this
... +1 to work with Chris on this
... +2 to work on graduated response with Roy or Ian's language as base
<WileyS> -1 (remove graduated response)
Peter: beyond that the issues are explained well in language
Peter: -2 is you are against graduated response
<efelten> Still confused if these polls are asking for volunteers for drafting, or asking for positions on issues.
Peter: Jonathat you have other issues to raise?
<jchester2> I agree with Ed, the process is still confusing.
Jmayer: Yes, text around partial compliance
<johnsimpson> Ed Felten: I agree. I have no idea what we are doing.
<npdoty> work with John/Roy: dan_auerbach jmayer jchester2 dsinger; counter: WileyS JC hefferjr
Jmayer: if a website once to honor do not track it must say so
<WileyS> Audio is going in and out on Jonathan - could everyone other than Jonathan hit mute?
Jmayer: [breaking up for me]
<ninjamarnau> when in doubt, it is always volunteering
<npdoty> efelten, the polls are intended to volunteer working on drafting (friendly amendments or counter proposals), not support
<tlr> partial compliance: http://www.w3.org/mid/B8AD71B8D9BB415B82AFB6749AE945CD@gmail.com
Jmayer: discussion around personalization, collecting user's browsing history
<efelten> Confusion is because they're phrased as calls for positions. "If you're opposed …"
Jmayer: I would be in favor of getting rid of personalization
<tlr> Mayer on personalization: http://www.w3.org/mid/CFFE63269F3147C1A8F3FF7F069F9FFF@gmail.com
<jchester2> Nick--But in essence, agreeing to help write is expressing support. Which is what's happening in my view.
<WileyS> +1 to Jonathan on this one
<tlr> Mayer on unknowing collection: http://www.w3.org/mid/012674A466274F50BAD76DBCF7AE6BB9@gmail.com
Jmayer: there was an attempt to clarify June text to indicate when a website is in violation or what to do when determined in violation
<npdoty> jchester2, yes, but there might be lots of things you support that you aren't going to help write, since, for example, we all have limited time
<tlr> jchester, there's a piece of support / opposition implied in whether you're volunteering to help with a proposal or write a counterproposal
Jmayer: it could post it to website, but must tell someone
<Marc> That's Marc
Peter: +1 if you want to work
with Jonathan on any of the issues
... clarify area with +1
<WileyS> +1 to remove Personalization language
<Marc> 212 835 - marc
Peter: Aleecia is next
<tlr> but -- the point really is to organize the work
Aleecia: I felt that there were a
number of issues that were dropped and were not in
... the June draft is a wonderful addtion, but should not be a replacement
... the June draft is very readable, but there are a number of issues that have been dropped on the florr.
<jchester2> I think this is very important, coming from the former co-chair.
Aleecia: I have heard that from others
Peter: which draft
Aleecia: date is in email and I don't remember
Peter: We are at 122 and we need to extend our time
<npdoty> the last public working draft of the Compliance doc is April 30th: http://www.w3.org/TR/2013/WD-tracking-compliance-20130430/
<dan_auerbach_> apologies, I have to drop off
Peter: for audience measurement is cathy there?
<npdoty> (Aleecia's email includes the pointer to the latest draft, which currently redirects to April 30th)
Could someone send his name
<tlr> ESOMAR proposal: http://www.w3.org/mid/CDEA2BDE.24D56email@example.com
Adam_Phillips: what we have done
is tightened up on the defintion of the data which is held and
that profiles cannot be created or used for other
... we want to limit this purpose as far as we can to prevent AM data from being used for anything but AM
<Aleecia> To be very, very clear: the coincidence that I once was a co-chair is not relevant. I am just a simple villager. That said, I think my point still stands.
Peter: To clarify changes, this data is used to callibrate, validate panel data
<Aleecia> Thanks, nick
Peter: why was validate or calcualte through added
Adam_Phillips: Essentially you
start with a panel of people and use count to reflect what is
happening in the real world, callibration
... you need to have some idea of who is in panel to know who has seen content
<npdoty> Adam_Phillips, calling in from ESOMAR, Kathy Joe is off
Adam_Phillips: so if 50% out of 1000 have seen content then there are 500 without knowing who they are
<moneill2> simpler just have dnt:0 for the panel
<jchester2> This needs further review. Because it appears new data sets are implicated
Adam_Phillips: we are coming up with a set of numbers that in the end will not be based on the actual numbers in panel but projected on the group
<susanisrael> Adam and Richard: would it be accurate to say that what is intended is that you extrapolate from the panel and apply the insights to the general data?
<jmayer_> Why are consent and de-identified data not sufficient here?
Peter: how small can the number in the categories be?
<Richard_comScore> Susan, you are correct
<npdoty> moneill2, I think the proposed permitted use is about collecting data from non-panel members
Adam_Phillips: Let suppose you have a group of people who live in the Chicago area that are female and shop at Neiman Marcus
<npdoty> moneill2, in order to calibrate a panel with a larger statistical sample
Adam_Phillips: maybe 5% of people saw the ad.
<moneill2> yes I know, thats why I dont agreethis should be a permitted use
Adam_Phillips: we don't know who they are. we would have to go on the street to ask people.
<jchester2> But you create personnas that in essence is the same.
<efelten> If you can't link the data to an individual, then your data in unlinkable / de-identified.
Adam_Phillips: there should not be a concern to single out individuals unless that have agreed so
Peter: Rigo do you have input?
Adam_Phillips: We have not had time to connec with Rigo
Tlr: the buckets used in this
contact should be larger than 800, based on Rigo's email
... small addtion to Cathy's note
<jchester2> unmute me
Adam_Phillips: I don't see what that limit does. Even if there were only 800 people you still wouldn't know who they are
Tlr: Rigo is willing to work with you to refine the text. You two should chat about this
Adam_Philllips: I am happy to talk to talk to Rigo, but want to maintain our position
<scribe> New scribe?
<susanisrael> I was supposed to help facilitate discussion so I can do that.
Peter: +1 to work with to work with Cathy
<johnsimpson> not a permitted use
<moneill2> should not be a permitted use
Peter: those against this as permitted use will be heard
<jchester2> let people express if they don't want to see a permitted use
Peter: Rigo has concerns
<tlr> john, jeff -- the place to express that will be a "no change" proposal
<hwest> Yep, can take over here
<WileyS> Rob V.
<ninjamarnau> don't want to see a permitted use
<fielding> Thomas Schauf
<WileyS> And then text from industry groups
<npdoty> +1 for working with ESOMAR on friendly amendments; -1 on different approach to audience measurement permitted use
<npdoty> working with ESOMAR on friendly amendments: susanisrael; different approach to audience measurement permitted use: rigo
<hwest> Peter Swire: Language from Dan Aurbach, Roy, Rob V, Shane next.
<tlr> Scribe: hwest
<npdoty> scribenick: hwest
<johnsimpson> cannot hear
Peter Swire: We lost Dan, I realize we went over scheduled time
scribe: Summarizing, had language similar to two stage language that we had previously, added in non-norm text.
scribe: Rob, can you update?
robv: When do you consider data
to be de-ident? What is missing is the actual answers, in my
view, you include knowledge of the hashing. Because if de-ident
is the end state and outside of DNT, need [lost this
... Should include that data quality is no longer linkable. Stage approach. Tried to identify some arguments that a three-stage approach makes more sense.
<kulick> hard to hear the speaker
<npdoty> people who don't want a permitted use on audience measurement: johnsimpson moneill2 jchester2? ninjamarnau -- we should talk offline about whether your preferences are represented in an alternate proposal or whether we need a "silence" proposal, etc.
robv: Shane and I seem to share some views on that. Three state would allow for discussion on those states.
<tlr> I believe this to be Rob's proposal: http://lists.w3.org/Archives/Public/public-tracking/2013Jun/0279.html
<rvaneijk> lost phone conn
Peter: From before, language from David Singer and [who]
<tlr> Auerbach's language: http://www.w3.org/mid/51C7E6CF.firstname.lastname@example.org
dsinger: Felt that the definition lacked strength in "reasonable level of justified confidence", but I think it was verbal in Sunnyvale
<WileyS> David - I like the current language - what more are you looking for here?
dsinger: hold data not to identiify user or device, etc
<fielding> another version of de-identified was posted after the deadline: http://www.w3.org/mid/EF36F5EBBFF0634BBAA37CF2B2DB2A42687A3A3B@BVDWDC1.dmmv.local
dsinger: If de-ident, then should be in a state that we're no longer worried about. Propose the second statement.
<WileyS> 3 States: raw -> deidentified but linkable -> deidentified and unlinkable
Roy: Proposal to define deident in terms of the data and the process of deident, tried to make it as short as possible.
<dsinger> I also agree with Roy: the definition should be results-based, not process-based
<WileyS> Only in the final state is data finally out of scope
Peter: Some folks have argued for process. Why better to do it with state of the data?
Roy: The way the term is used in the draft is talking about the state of data. Doesn't make sense to define as a process when the goal is to reach a certain state.
<npdoty> both the current text and Dan A's proposal included the "reasonable level of justified confidence" -- does anyone from EFF want to argue for the existing level of reasonableness?
<dsinger> I am somewhat concerned that my (early) CP on raw data (it should be a permitted use) seems to have dropped away? http://www.w3.org/mid/AF17E9C5-E7C4-442A-B796-80B073F41C0C@apple.com
<fielding> BTW, I would also be fine with removing the definition and simply replacing its use with specific text applicable to that section.
Shane: We can go through a PDF sent out earlier, five slides, to help guide people through the conversation and giv context on this approach. Rob and I reached consensus on terms.
<tlr> dsinger, ooops.
Shane: Add a few definitions and
tie specific Permitted Uses to specific data states
... Can run folks through that.
Peter: Is the doc in IRC?
<johnsimpson> didn't hit list.
Shane: I sent it to the mailing list, it at 9:04am PT, Subjec tis W3C De-ID presentation
<fielding> Shane's presentation pdf made it to the list, but buried in another thread instead of properly subject
Shane: Rob and I submitted text
to the public mailing list earlier in the week, then industry
draft came through and supports some of this language, can be
... This is to give more context and explain the thought process here.
... To give illustration.
Peter: Do you have a proposal that this would be non-norm example that would somehow show what the three stage means?
<rvaneijk> the concepts are the same, we need further discussion on permitted uses, and whether to use the word de-identified
Peter: we can reduce this to language.
<efelten> The prepared presentation does not appear to discuss the proposed standards text.
Shane: This is one possible implementation within the construct. Helps folks understand the concepts.
<jchester2> We need to discuss the slides
tlr: Fundamental concept discussed in Sunnyvale, suggest that we focus on the things that are new since Sunnyvale and on very concrete proposals for tri-state environment. Also, can you explain how this relates to the text proposal?
Peter: Go ahead to the PUs and the tri-state.
<dsinger> This seems like a major change of direction; even the definitions are very different. For example, 'Tracking' seems similar to the 'do not cross-site track' that I derived from Roy's suggestion, and that was firmly rejected by the group.
<efelten> Would like to hear an explanation of the proposed text.
<fielding> dsinger, no it was not firmly rejected by the group
Shane: So PUs in the tri-state. This is the conceptual framework of why you have three, WG has struggled with certain PUs. Holding in the raw state causes discomfort. This creates an additional state that is more protective than raw.
<fielding> … it has never even been discussed by the group
<npdoty> [slide 5 of 7, on permitted uses in the tri-state]
Shane: So a middle state. In the
raw/psuedonymous data, there would only be three and a half PUs
... Raw data, where an operational ID is necessary. Reality is we need operational ID for some things.
... Today's operational reality needs security/fraud, frequency capping, [which?], and some financial and audit - only where required for the last one.
... Goal here within raw is shorter retention timeframes where possible, these PUs are there, but shouldn't be there for very long. I'm against arbitrary time frame, so comparatively to other states, should be shorter.
<scribe> ... New middle state. Between raw and unlinked. Individual has been deident internally, but still linkable across device but not linkable to device in the real world. One approach is a hash and administrative controls.
UNKNOWN_SPEAKER: Should not be able to use it for production in any way, should not alter user experience.
<efelten> This concept of "not altering experience" is not in the proposed text.
<npdoty> I understand the slides to be suggesting that DNT:1 should allow interest-based advertising based on browsing activity, but only after the browsing activity has been aggregated enough that it doesn't identify the visited sites
<dsinger> to fielding: I proposed a change to 'do not cross-site track', and what that meant, and at best, the group decided not to follow that direction, and stay with the 1st/3rd/do-not-track model
UNKNOWN_SPEAKER: Gets us to the
rest of financial audits, and PUs like product improvement and
... You're not done, you're still within the scope of DNT. ONly once you unlink the data do you move out of the scope of DNT. Many different ways to do that.
<jchester2> Shane: If state 2, are you saying that the info in any way cannot be used to subsequently target the user of someone who shares the qualities of the user?
UNKNOWN_SPEAKER: Data should be able to be shared without risk of reident in the data set.
<justin> jchester2, yes, that's the goal
<WileyS> Jeff - yes
<jchester2> Thanks. Thats a goal--but also a requirement?
Peter: I encourage folks to read the slides. Are there other provisions in the recent doc to highlight?
<justin> jchester2, yes.
Shane: Delinked/deidentified, and added language around PUs being pushed into using only deid data where possible.
<jchester2> We need to discuss the product improvement paradigm in the mid-state
Shane: I think those were the core edits to this proposal around deident as a midstate.
<justin> jchester2, but data can still be stored in a potentially reversible form, though operational controls are supposed to prevent that. It's designed to allow longitudinal reearch to be used in aggregate.
Shane: There are other changes throughout, redline to help group see the changes.
<efelten> Jeff, product improvement doesn't seem to appear elsewhere in the document, so that seems like an inconsistency.
Peter: We've tried to highlight change proposals today. Are there other change proposals that we have not addressed?
<dsinger> yes, mine on raw data
<efelten> i.e., there isn't a product improvement permitted use in the document.
<johnsimpson> seem to be inconsistencies between slides and the new industry document!
dsinger: The June draft, retaining raw data should be a PU for the purpose of working it into data that you can retain for some reason.
Peter: Missed that one.
<jchester2> Slide 6 is very important, given the growing use of invisible scoring on users. this requires a full discussion.
dsinger: Raw data is tracking data, certainly. By putting in a PU, constrained for retention and use.
<Brooks> I proposed a change to Section 1 - scope
Peter: +1 means you want to work
with DavidSinger on this
... -1 means a different approach is better for this kind of raw data
<tlr> Brooks Dobbs: http://www.w3.org/mid/CDF08782.DD37Eemail@example.com
Peter: Any other change proposals?
<npdoty> work with dsinger on raw: justin; counter:
Brooks: Changed scope, first sentence currently is not consistent with what we actually do in the document.
<peterswire> moneil is next
<justin> But OOBC . . .
Brooks: [reads existing language] - not consistent with the spec. We've gone out of our way in the UA requirements to not have UGEs or DNT0 be a compulsory requirement. Either change requrements or chang ethe scope.
<mecallahan> bbee mecallahan
Peter: +1 to work with Brooks on this change of scope language, -1 if substantively different approach
<fielding> dsinger, what you recall is the rejection of a specific proposal that limited first-party tracking as well as third-party tracking … the definition I provided last night is significantly different
moneill2: Two proposals,
compliance spec changes on Thursday, some of the changes have
been covered by others. Main thing is the deident issue, put in
some persistent identifier. Maybe not unique, maybe just unique
... Tied to the idea that there's a duration on how long the identifier lasts
<tlr> I believe Mike is talking about this one: http://firstname.lastname@example.org
moneill2: Yellow tate for different PUs, different durations.
<npdoty> work with brooks on change of scope: Chapell, marc, dwainberg, dsinger, robsherman
Peter: Overlaps with rvaneijk and others?
moneill2: Yes, some overlap.
<WileyS> Peter and W3C Staff: Many people are out next week on vacation - is there a call next week?
moneill2: I will have a discussion, OOBC non-norm description of consent with cookies. Link from TPC to mention it.
Peter: We have three minutes. Will switch to talking about next steps.
<Chapell> Re: my proposal for User Agent compliance. we did not get to that
<jmayer_> Could I ask a clarifying question about Shane's proposal?
<Chapell> ... so I would refer the WG to the discussion between myself and Alex Fowler on the list
Peter: Lots of folks who have volunteered to work on language. Wiki will stay updated (thanks Nick!) and can help you find each other and work with each other. Over next day, will get info out on that.
<WileyS> Jonathan - feel free to ask on the public list. I'm dropping in 2 mins so probably won't be able to reply here.
Peter: Also working on schedule for consideration on the merits of proposals. Need to get that out to you in the next day or so. Action will happen on the lists, since we're running out of calls. Will be clear about proposals.
<Chapell> .... I'm hopeful that it won't be controversial for reasons I've laid out on the list
<jchester2> We need a seperate discussion on Shane's proposal, inc on permitted uses. This deserves a session.
<npdoty> jmayer, I think we're running out of time, can you ask on the mailing list?
<WileyS> Peter and W3C Staff: Many people are out next week on vacation - is there a call next week?
<susanisrael> Might there be extra calls?
<rvaneijk> shane, you will need to drop the aggregated scoring :) !
Peter: Will use dates and if necessary go to a chairs' decision. There will continue to be a process, spend more time on most important issues, but will discuss all of them.
<Marc> To follow up on Shane's comment, many many people are out next week.
<WileyS> Rob - disagree - as that is de-linked from history so should be permitted.
Peter: It's 2pm, I'm sure we could have lots of comments. Thank you for your hard work, will be working hard on our end.
This is scribe.perl Revision: 1.138 of Date: 2013-04-25 13:59:11 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: s/sidstamm and any others with connection challenges, dial *0// Succeeded: s/TPI/TPE/ Succeeded: s/transcient/transient/ Succeeded: s/Roy: /Dan: / Succeeded: s/since/sense/ Succeeded: s/Name:/Adam_Phillips:/g Succeeded: s/unsinkable/unlinkable/ Succeeded: s/understand/hear/ Succeeded: s/it did, just/Shane's presentation pdf made it to the list, but/ Succeeded: s/drup/drop/ Found ScribeNick: Yianni Found ScribeNick: JC Found Scribe: hwest Found ScribeNick: hwest ScribeNicks: Yianni, JC, hwest WARNING: No "Topic:" lines found. Default Present: +1.609.258.aaaa, Thomas, RichardWeaver, efelten, +1.646.654.aabb, npdoty, eberkower, +1.202.973.aacc, +1.202.478.aadd, Brooks, rachel_n_thomas, +1.202.587.aaee, yianni, +49.431.98.aaff, +1.215.480.aagg, ninjamarnau, +1.202.326.aahh, +1.917.934.aaii, paulohm, +1.202.331.aajj, +1.323.253.aakk, paul_glist?, [Microsoft], hefferjr, +1.408.836.aall, jchester2, WileyS, JeffWilson, +31.65.141.aamm, rvaneijk, vinay, dsinger, hwest, +1.650.391.aann, +1.202.629.aaoo, robsherman, +1.212.844.aapp, susanisrael, johnsimpson, [CDT], Joanne, schunter?, +1.301.365.aaqq, +1.347.272.aarr, [FTC], +1.647.274.aass, Chris_Pedigo, +1.202.347.aatt, +1.650.365.aauu, peterswire, +49.211.600.4.aavv, jackhobaugh, +1.646.666.aaww, +1.202.787.aaxx, chapell, jay_jin, Dan_Auerbach, dstark, +1.646.827.aayy, BerinSzoka, Fielding, Jonathan_Mayer, moneill2, BillScannell, Aleecia, sidstamm, +1.650.595.aazz, Rigo, BillScannell?, +1.650.787.bbaa, +1.202.331.bbbb, +49.173.259.bbcc, +1.202.835.bbdd, Marc, +1.312.923.bbee, mecallahan Present: +1.609.258.aaaa Thomas RichardWeaver efelten +1.646.654.aabb npdoty eberkower +1.202.973.aacc +1.202.478.aadd Brooks rachel_n_thomas +1.202.587.aaee yianni +49.431.98.aaff +1.215.480.aagg ninjamarnau +1.202.326.aahh +1.917.934.aaii paulohm +1.202.331.aajj +1.323.253.aakk paul_glist? [Microsoft] hefferjr +1.408.836.aall jchester2 WileyS JeffWilson +31.65.141.aamm rvaneijk vinay dsinger hwest +1.650.391.aann +1.202.629.aaoo robsherman +1.212.844.aapp susanisrael johnsimpson [CDT] Joanne schunter? +1.301.365.aaqq +1.347.272.aarr [FTC] +1.647.274.aass Chris_Pedigo +1.202.347.aatt +1.650.365.aauu peterswire +49.211.600.4.aavv jackhobaugh +1.646.666.aaww +1.202.787.aaxx chapell jay_jin Dan_Auerbach dstark +1.646.827.aayy BerinSzoka Fielding Jonathan_Mayer moneill2 BillScannell Aleecia sidstamm +1.650.595.aazz Rigo BillScannell? +1.650.787.bbaa +1.202.331.bbbb +49.173.259.bbcc +1.202.835.bbdd Marc +1.312.923.bbee mecallahan WARNING: No meeting chair found! You should specify the meeting chair like this: <dbooth> Chair: dbooth Found Date: 26 Jun 2013 Guessing minutes URL: http://www.w3.org/2013/06/26-dnt-minutes.html People with action items: WARNING: No "Topic: ..." lines found! Resulting HTML may have an empty (invalid) <ol>...</ol>. Explanation: "Topic: ..." lines are used to indicate the start of new discussion topics or agenda items, such as: <dbooth> Topic: Review of Amy's report[End of scribe.perl diagnostic output]