15:46:11 RRSAgent has joined #dnt 15:46:11 logging to http://www.w3.org/2013/07/10-dnt-irc 15:46:13 RRSAgent, make logs world 15:46:15 Zakim, this will be 15:46:15 I don't understand 'this will be', trackbot 15:46:16 Meeting: Tracking Protection Working Group Teleconference 15:46:16 Date: 10 July 2013 15:46:21 Zakim, this will be 87225 15:46:21 ok, npdoty; I see T&S_Track(dnt)12:00PM scheduled to start in 14 minutes 15:46:37 chair: peterswire 15:53:16 WaltMichel has joined #DNT 15:53:57 CraigSpiezle-OTA has joined #dnt 15:54:45 T&S_Track(dnt)12:00PM has now started 15:54:52 +npdoty 15:55:01 +rvaneijk 15:55:13 adrianba has joined #dnt 15:55:20 efelten has joined #dnt 15:55:48 zakim, call thomas-781 15:55:48 ok, tlr; the call is being made 15:55:49 +Thomas 15:56:01 zakim, I am thomas 15:56:02 ok, tlr, I now associate you with Thomas 15:56:03 zakim, mute me 15:56:03 Thomas should now be muted 15:57:23 susanisrael has joined #dnt 15:57:42 + +1.917.934.aaaa 15:57:43 + +1.650.365.aabb 15:57:46 +[IPcaller] 15:57:54 paulohm has joined #dnt 15:57:57 mecallahan has joined #dnt 15:57:57 David_MacMillan has joined #dnt 15:57:58 peterswire has joined #dnt 15:58:02 AlisonSwift has joined #dnt 15:58:07 aaaa is susanisrael 15:58:09 ack thomas 15:58:16 johnsimpson has joined #dnt 15:58:19 + +1.202.494.aacc 15:58:22 Zakim, aaaa is susanisrael 15:58:22 +susanisrael; got it 15:58:24 zakim, IPcaller is ChrisMejia 15:58:24 +ChrisMejia; got it 15:58:36 zakim, mute me 15:58:36 Thomas should now be muted 15:58:38 Zakim, aacc is jchester 15:58:38 +jchester; got it 15:58:49 Joanne has joined #DNT 15:58:51 +rachel_n_thomas 15:58:53 +WaltMichel 15:58:54 +JeffWilson 15:59:04 + +1.202.639.aadd 15:59:07 + +1.646.827.aaee 15:59:11 +efelten 15:59:15 justin has joined #dnt 15:59:27 + +1.303.492.aaff 15:59:28 zakim, aadd is mecallahan 15:59:28 +mecallahan; got it 15:59:32 zakim, aaff is me 15:59:32 +paulohm; got it 15:59:35 zakim 650-365 is David_MacMillan 15:59:36 zakim, mute me 15:59:36 paulohm should now be muted 15:59:39 zakim, aadd is AlisonSwift 15:59:39 sorry, AlisonSwift, I do not recognize a party named 'aadd' 15:59:46 Zakim, aabb is David_MacMillan 15:59:46 +David_MacMillan; got it 15:59:57 +[CDT] 15:59:59 Ari has joined #dnt 16:00:03 moneill2 has joined #dnt 16:00:03 + +1.650.595.aagg 16:00:19 +johnsimpson 16:00:22 + +1.813.732.aahh 16:00:24 + +1.202.331.aaii 16:00:27 + +1.202.345.aajj 16:00:35 +Peter 16:00:53 Marc_ has joined #dnt 16:00:57 zakim, Peter has Yianni 16:00:58 +Yianni; got it 16:01:00 + +1.916.212.aakk 16:01:01 Yianni has joined #DNT 16:01:01 dwainberg has joined #dnt 16:01:02 robsherman has joined #dnt 16:01:07 Zakim, rachel_n_thomas has AlisonSwift 16:01:07 +AlisonSwift; got it 16:01:14 BrianH has joined #dnt 16:01:17 vinay has joined #dnt 16:01:17 zakim, aajj is brian_huseman 16:01:18 +brian_huseman; got it 16:01:21 +Craig_Spiezle 16:01:24 peter-4As has joined #dnt 16:01:26 + +1.408.836.aall 16:01:29 vincent has joined #dnt 16:01:31 +hober 16:01:33 Zakim, who is on the phone? 16:01:33 On the phone I see npdoty, rvaneijk, Thomas (muted), David_MacMillan, susanisrael, ChrisMejia, jchester, rachel_n_thomas, WaltMichel, JeffWilson, mecallahan, +1.646.827.aaee, 16:01:33 ... efelten, paulohm (muted), [CDT], +1.650.595.aagg, johnsimpson, +1.813.732.aahh, +1.202.331.aaii, brian_huseman, Peter, +1.916.212.aakk, Craig_Spiezle, +1.408.836.aall, hober 16:01:33 Peter has Yianni 16:01:33 rachel_n_thomas has AlisonSwift 16:01:35 matt has joined #dnt 16:01:37 +Amy_Colando 16:01:42 Zakim, aakk is Joanne 16:01:42 +Joanne; got it 16:01:48 +[Adobe] 16:01:51 -hober 16:02:00 +moneill2 16:02:03 zakim, [Adobe] is vinay 16:02:03 +vinay; got it 16:02:04 + +1.203.563.aamm 16:02:05 ninjamarnau has joined #dnt 16:02:12 kulick has joined #dnt 16:02:14 zakim, aaee is dwainberg 16:02:14 +dwainberg; got it 16:02:15 +ChrisPedigoOPA 16:02:19 ChrisPedigoOPA has joined #dnt 16:02:25 +hober 16:02:26 +Brooks 16:02:32 Zakim, aahh is ronan 16:02:32 +ronan; got it 16:02:37 laurengelman has joined #dnt 16:02:39 +Peder_Magee 16:02:40 408.836 16:02:42 Brooks has joined #dnt 16:02:47 +eberkower 16:02:48 Zakim, aall is kulick 16:02:48 +kulick; got it 16:02:54 + +49.431.98.aann - is perhaps ninjamarnau 16:02:59 scribenick: susanisrael 16:03:02 zakim, aall is kulick 16:03:02 sorry, tlr, I do not recognize a party named 'aall' 16:03:04 scribenick: susanisrael 16:03:07 eberkower has joined #dnt 16:03:08 robsherman1 has joined #dnt 16:03:11 +??P76 16:03:17 +BerinSzoka 16:03:17 +Jules_Polonetsky 16:03:18 + +1.202.370.aaoo 16:03:22 zakim, aaoo is robsherman 16:03:22 +robsherman; got it 16:03:32 +billscan 16:03:33 jackhobaugh has joined #dnt 16:03:37 scribenick: robsherman 16:03:46 zakim, aann is ninjamarnau 16:03:46 sorry, ninjamarnau, I do not recognize a party named 'aann' 16:03:47 http://www.w3.org/mid/CE02F665.90A6A%25peter@peterswire.net 16:03:52 jules_polonetsky has joined #DNT 16:03:55 +Wendy 16:03:58 zakim, ninjamarnau is really ninjamarnau 16:03:58 +ninjamarnau; got it 16:04:19 Zakim, ??P76 is laurengelman 16:04:19 +laurengelman; got it 16:04:20 Zakim, who is on the phone? 16:04:21 On the phone I see npdoty, rvaneijk, Thomas (muted), David_MacMillan, susanisrael, ChrisMejia, jchester, rachel_n_thomas, WaltMichel, JeffWilson, mecallahan, dwainberg, efelten, 16:04:21 ... paulohm (muted), [CDT], +1.650.595.aagg, johnsimpson, ronan, +1.202.331.aaii, brian_huseman, Peter, Joanne, Craig_Spiezle, kulick, Amy_Colando, vinay, moneill2, 16:04:25 ... +1.203.563.aamm, ChrisPedigoOPA, hober, Brooks, Peder_Magee, eberkower, ninjamarnau.a, laurengelman, BerinSzoka, Jules_Polonetsky, robsherman, billscan, Wendy 16:04:25 Peter has Yianni 16:04:25 rachel_n_thomas has AlisonSwift 16:04:30 Peterswire: will discuss email from peter swire, text for request for comments, and will be useful to have list of relevant urls which was also sent around 16:04:34 eberkower has joined #dnt 16:04:37 + +1.202.344.aapp 16:04:40 cOlsen has joined #dnt 16:04:53 +[Microsoft] 16:04:56 scribenick: susanisrael 16:05:02 202 344 4652 is Mike Z 16:05:02 +[Microsoft.a] 16:05:05 http://www.w3.org/mid/CE02F665.90A6A%25peter@peterswire.net 16:05:07 pm2023263538 has joined #dnt 16:05:10 zakim, [Microsoft.a] is me 16:05:10 +adrianba; got it 16:05:11 JC has joined #DNT 16:05:13 Zakim, aapp is MikeZ 16:05:13 +MikeZ; got it 16:05:16 + +1.646.666.aaqq 16:05:17 peterswire: to begin pls look at email "text for request for comments/call for objections" sent at 11:30.... 16:05:30 ...will walk through.... 16:05:35 Chapell has joined #DNT 16:05:57 Zakim, who is making noise? 16:05:58 ISSUE-5? 16:05:58 ISSUE-5 -- What is the definition of tracking? -- open 16:05:58 http://www.w3.org/2011/tracking-protection/track/issues/5 16:06:02 ISSUE-16? 16:06:02 ISSUE-16 -- What does it mean to collect, retain, use and share data? -- open 16:06:02 http://www.w3.org/2011/tracking-protection/track/issues/16 16:06:07 ISSUE-188? 16:06:07 ISSUE-188 -- Definition of de-identified (or previously, unlinkable) data -- open 16:06:07 http://www.w3.org/2011/tracking-protection/track/issues/188 16:06:07 npdoty, listening for 10 seconds I heard sound from the following: Peter (92%) 16:06:14 +[FTC] 16:06:14 ....issue 215 is the DAA's package proposal and the group's decision on this will affect the subsequent decisions listed., 5, 16, 188, 189 16:06:16 ISSUE-199? 16:06:16 ISSUE-199 -- Limitations on the use of unique identifiers -- raised 16:06:16 http://www.w3.org/2011/tracking-protection/track/issues/199 16:06:29 +WileyS 16:06:31 ISSUE-215? 16:06:31 ISSUE-215 -- data hygiene approach / tracking of URL data and browsing activity -- raised 16:06:31 http://www.w3.org/2011/tracking-protection/track/issues/215 16:06:44 issue 188, i think wins prize for most emails in one week, de-identification. all these issues are affected by the direction we choose. 16:07:10 sidstamm has joined #dnt 16:07:25 WileyS has joined #DNT 16:07:33 Zakim, who is on? 16:07:33 I don't understand your question, WileyS. 16:07:51 Zakim, who is on the phone? 16:07:51 On the phone I see npdoty, rvaneijk, Thomas (muted), David_MacMillan, susanisrael, ChrisMejia, jchester, rachel_n_thomas, WaltMichel, JeffWilson, mecallahan, dwainberg, efelten, 16:07:52 Zakim 202 587 is jules_polonetsky 16:07:54 we take the daa's proposal to be as amended by jack's submission yesterday, July 9 16:07:55 ... paulohm (muted), [CDT], +1.650.595.aagg, johnsimpson, ronan, +1.202.331.aaii, brian_huseman, Peter, Joanne, Craig_Spiezle, kulick, Amy_Colando, vinay, moneill2, 16:07:55 ... +1.203.563.aamm, ChrisPedigoOPA, hober, Brooks, Peder_Magee, eberkower, ninjamarnau.a, laurengelman, BerinSzoka, Jules_Polonetsky, robsherman, billscan, Wendy, MikeZ, 16:07:55 ... [Microsoft], adrianba, +1.646.666.aaqq, [FTC], WileyS 16:07:56 Peter has Yianni 16:07:57 Chris_IAB has joined #dnt 16:07:58 rachel_n_thomas has AlisonSwift 16:08:48 [also now contemplate continuing past july?]the focus of this call is to determine the base text, and consideration of comments will be determined by this choice 16:09:00 Chris_IAB has joined #dnt 16:09:02 ....please state views clearly on call....we are not trying to get a count here.... 16:09:14 + +1.650.605.aarr 16:09:20 Zakim, aarr is sidstamm 16:09:20 +sidstamm; got it 16:10:04 Option A: DAA proposal as base, Option B, editors' text as base, then will try to get chair's decision as to how to move forwar....this will be group decision as determined by chairs, but it's a group decision that ultimately controls.... 16:10:15 Is it just me, or is there no link to the poll where members can state their objections? 16:10:16 ...any move to last call will be determined by the group..... 16:10:26 +Jonathan_Mayer 16:10:55 Vinay, I wasn't able to find it either 16:10:55 vinay, I think we wanted to get clarity on the text asking for objections before I share a link to a poll 16:11:12 Got it, thanks Nick! 16:11:17 how we will proceed today: many people have been working hard. I understand DAA has been working hard, not only as seen on list but within group, and I take that work to be in good faith..... 16:11:47 zakim, aaqq is Chapell 16:11:47 let's consider amendments offered by Jack Hobaugh yesterday, first shorter, then we will move to de-identification .... 16:11:47 +Chapell; got it 16:12:09 then will move to friendly or perfecting amendments......if you're not included but made some please speak up..... 16:12:34 I had one. 16:12:45 justin brookman, alan chappell, vinay goell, susan israel, david singer, Rob Sherman.... 16:12:48 q? 16:13:15 then at that point we will sum up and have discusison re procedure to get maximum clarity about how to proceed and call for objections.... 16:13:55 BerinSzoka has joined #DNT 16:13:55 ....re Audience Measurement, there have been offline calls and my sense is that there has been improved meeting of minds and polishing of language in connection with that.... 16:14:09 +Dan_Auerbach 16:14:09 ...moving now to list of questions, omitting for now those about de-identification..... 16:14:13 folks, please MUTE yourselves! someone has been typing in sporadic bursts 16:14:18 [ http://www.w3.org/wiki/Privacy/TPWG/Questions_re_DAA_proposal ] 16:14:40 kj has joined #dnt 16:15:06 Zakim, who is making noise? 16:15:10 First they'll have to explain the difference between de-identified and de-linked. 16:15:13 first is for John Simpson, second de-id so we'll hold it, 3rd is from Thomas Roessler and we may try that if easy, otherwise will handle it with De-Id (would out of scope apply to de-identification or to de-linked data..... 16:15:18 npdoty, listening for 10 seconds I heard sound from the following: Joanne (4%), Peter (56%) 16:15:20 Could you please repeat the question? 16:15:26 .....not hearing anyone answering.... 16:15:46 Zakim, mute me 16:15:46 Joanne should now be muted 16:15:49 dan_auerbach has joined #dnt 16:15:55 What are 16:16:06 question is at some point information is scrubbed hard enough that it is out of scope. Does this apply when we move from red to yellow, or from yellow to green. 16:16:14 wileys: yellow to green 16:16:20 so only green data is out of scope 16:16:21 WileyS: only out of scope in the "green" ("de-linked") state 16:16:29 Though, to be clear, derived info from urls is completely out of scope too. 16:16:30 Sid - yes, as we discussed in Sunnyvale 16:16:35 k 16:16:57 Justin - correct - as long as they cannot be reversed back to "tracking" data, they are outside of scope since they are "not tracking" 16:17:10 my understanding is that we can take up the security/fraud change proposal separately 16:17:14 Defer to current proposal 16:17:14 wileys, specific wording, then: When a third party receives a DNT:1 signal, that third party MAY nevertheless collect, retain, share or use data 16:17:15 BrianH_ has joined #dnt 16:17:16 peterswire: thanks. David singer asked for redline, which we now have, john simpson asked for list of supporters which we now have, and [.....] my understanding is that DAA has shorter version of security and fraud proposal than Chris's proposal...right? 16:17:17 related to that network interaction if the data is de-identified as defined in this specification. 16:17:22 mike zaneis: yes 16:17:26 should be: "de-identified and delinked" 16:17:51 I also wondered about this, it might be a friendly amendment to just be consistent about saying "user, user agent or device" throughout 16:17:57 peterswire: significance of use of the word "computer" .....intended to be complement to device....? 16:18:00 Mecallahan has joined #Dnt 16:18:07 What's the rationale for removing "user agent" here? 16:18:26 jeffwilson has joined #dnt 16:18:28 wileys: yes, came from daa language but look forward to friendly amendment also just to have one term, user device, 16:18:30 Shouldn't the goal be to harmonize terminology with the HTTP spec? 16:18:32 WileyS, do you intend something different by removing "user agent"? 16:18:52 Ed, the user agent is the same as the user when acting as "an agent" - when it begins to act at its own direction then it is a 3rd party. 16:19:22 peterswire: ok, next is user agent definition: john simpson asked what is significance of addition of this sentence to definition of [.....]...my understand would be that scope of do not track standard would apply to user agents that meet all 3 of thes e things... 16:19:23 User agent is not the same as user. A user might have multiple user agents --- I am using multiple user agents at the moment. 16:19:37 Ed - no - as in this context UAs are implementing policy elements and not only technical elements which would align with HTTP spec. 16:19:52 -jchester 16:19:53 User agents are not the same as users. 16:19:54 I think John is actually referring to the scope section, rather than definition of User Agent, and that this exists in the Editors' draft as well 16:19:57 I would think that any software that is not acting on behalf of its user is not a user agent 16:19:59 Ed, each UA is acting as the user when the user is using it. 16:20:02 a question 16:20:09 Sid - I agree. 16:20:19 clarifying question please? 16:20:19 general browser web, user interface meets tpe, can implement tpe spec...other kinds of user agents would be out of scope. correct? think we should alert people and i think this may be of enough importance that we should alert people.... 16:20:20 in families, for example, sometimes multiple users will share a user agent 16:20:24 q+ johnsimpson 16:20:30 q? 16:20:31 I agree with ed, user agent should still be in the list 16:20:34 Ed - that is why its called the "user's agent" or "user agent" for short 16:20:35 Right, but acting on behalf of the user is not the same as being the user. A user can use multiple user agents. 16:20:36 group previously discussed this in sunnyvale, may be an issue.... 16:20:37 ack johnsimpson 16:20:50 Correct 16:21:00 johnsimpson: still confused. so if user agent cannot implement exceptions it does not quallify? 16:21:09 peterswire: yes, that's my understanding... 16:21:36 John - correct. Only UAs that support exceptions would be deemed compliant. 16:21:50 johnsimpson: so right now the only browser that implements the exception mechanism is latest version of IE. So other browswers would not be in scope? 16:21:53 Who is talking? 16:22:02 hober, Ted O'Connor, Apple 16:22:19 who's speaking? 16:22:28 [speaker?] there is a difference between can and does.....so for example network router that does not have java script is not in scope..... 16:22:41 s/[speaker?]/hober/ 16:22:47 speaker was ted o'connor of apple 16:23:13 Mike_Zaneis has joined #dnt 16:23:16 -Amy_Colando 16:23:20 peterswire: so Ted says all general purpose browsers can implement spec, is there anyone who disagrees? 16:23:28 [no response] 16:23:43 peter: ...so word "CAN" turns out to be important.... 16:23:53 http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#scope-and-goals 16:23:54 ...nick says there is identical language in june draft.... 16:24:04 de-id we will do later....tracking ..... 16:24:35 -hober 16:24:36 +[Apple] 16:24:37 http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0082.html 16:24:40 Zakim, Apple has me 16:24:40 +hober; got it 16:25:05 there is a question about sending response to dnt signal from browser, why it is in first party compliance section, and related questions, john could you state briefly? is it about placement and disregarding? 16:25:29 peterswire, I think we need to take the "can" vs. "does" question under advisement and come back to the group at a later time with a definititive response. 16:25:38 Just to clarify: the recent silence means that DAA reps have confirmed on today's call that browsers can comply even if they do not implement the UGE mechanism, per Ted O'Connor. 16:25:39 understood to chris 16:26:05 Paul, that is incorrect. I responded via IRC. 16:26:06 johnsimpson: yes, why was this put here, and also later in 3rd parties.....is related to notion that if you sent a disregard message you would be compliant...elsewhere in TPE there is language that says otherwise.....so clarifying language would be needed here if that is what this means.... 16:26:27 amyc has joined #dnt 16:26:28 Thanks Shane. See it now (and Chris's comment too) 16:26:51 peterswire: so could someone from DAA explain view on when server can disregard dnt signal.....and still be compliant? 16:26:53 +[Microsoft.a] 16:27:09 q+ 16:27:49 marcgroman: no , disregarding 100 % of dnt signals is not what's contemplated, this signal means you have an exception or other basis to not follow or implement, and you respond with that.... 16:28:02 +q 16:28:21 peterswire: so implies consent? 16:28:28 C=consent, D=disregard 16:28:29 Right, OOBC DNE disregard 16:28:30 johns: but says disregard? 16:28:44 jmayer has joined #dnt 16:28:44 5.2.8 in TPE spec 16:28:47 q? 16:28:52 q- 16:28:53 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#TSV-D 16:28:55 npdoty: i have similar concern, and we have a different flag for this.... 16:29:14 -Jonathan_Mayer 16:29:22 +Jonathan_Mayer 16:29:35 to john's first question, it would still be possible for a first party to disregard a signal (not just the third party) 16:29:47 wileys: we have had this conversation on email also...I think goal here is where server is going to send disregard, it must be paired with message as to why and with link to further explanation...not just sending back "d".... 16:30:14 Clarifying question: what sorts of "justified reasons" exist for disregarding a "DNT: 1" signal? 16:30:22 q+ 16:30:37 issue with compliance is that obviously if a server did that for all signals it could not be deemed compliant....but if you did this for small number of signals, would you be noncompliant generally? for that transaction only? 16:30:40 I agree that's not the intention, but where is the textual basis for saying that sending DISREGARD to all is not allowed? (may exist, I just don't know) 16:31:15 Yes to what Peter just said 16:31:33 q? 16:31:38 this DAA proposal doesn't list justifiable reasons for disregarding and we don't have text proposals suggesting them at the moment 16:31:39 ack thomas 16:31:39 peterswire: I just heard from shane that this is a transparency requirement....just that server says what happens.... 16:31:48 -q 16:31:48 ack WileyS 16:32:16 +1 to Justin. We need to talk more about what the text says, not so much about the drafters' motivation. 16:32:40 zakim, mute me 16:32:40 Thomas should now be muted 16:32:45 it might be purely editorial, since first parties could also hypothetically disregard (though they might have fewer reasons to do so) 16:32:55 Ed - we've been asked for "why" the language is - hence the explanation. Hard to discuss text and not discuss motivations. 16:33:05 tlr: language in the june draft exists in third party compliance section, so the change in daa draft is just to place the language in first and third party sections, so I think this is an orthoganl change...real qu: is jonathan mayer's change proposal...think it should be consistent... 16:33:11 I agree with Justin and Ed. We are being asked to inform a decision between competing texts, not competing drafting histories. 16:33:28 peterswire: next qu from john simpson goes to % of users sending flag, john simpson can you summarize? 16:33:35 What I meant (and I think Justin too) is that the text should give some clarify about what is a valid reason for disregarding signals. 16:33:52 If the text does not match the drafting intent, we should take time to fix the text. 16:34:02 +Aleecia 16:34:04 Jonathan - agree 16:34:06 Well, this one is a problem in both the June and DAA drafts, I think. I don't have a concrete proposal. 16:34:24 john simpson: what mike zaneis seems to have said was that the whole question of defaults was off table and daa went down different road because of expected high numbers of dnt:1 signals, yet there is still language about disregarding signals in the draft.... 16:34:31 Justin, I submitted a change proposal on this very issue. 16:34:58 I think what makes people nervous is the talk about whether a server "feels it has a valid reason" as opposed to a reason that is based on the spec. 16:35:08 Maybe some sort of requirement that you have a good faith belief that the signal does not represent the preference of the user? Not sure that's perfect . . . 16:35:23 mike zaneis: the concept was that rather than continuing down path of trying to distinguish valid vs. invalid dnt signals, where we knew we would have high rate of error about user's intent, our proposal is meant to have ... 16:35:28 I think Mike's point was that while they would propose something that would allow for accepting invalid signals, there might still be some services that would choose to distinguish 16:35:40 So this could be open to a friendly amendment. 16:36:25 as a baseline honoring all dnt signals unless we can clearly tell that a signal is noncompliant....but I see no reason why we should not try to see if UA's like others are compliant but our assumption is we will try to honor most if not all dnt signals as an industry... 16:36:26 Justin - that would be great. 16:36:31 peterswire john? 16:36:36 johnsimpson: ok? 16:36:41 http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0146.html 16:37:02 So, as written, a website could disregard every current production implementation of Do Not Track? 16:37:08 peterswire: now to tracking, will go to Jack Hobaugh email from 11:51 yesterday, and we'll take amendments 2 and 3 first..... 16:37:19 -Aleecia 16:37:22 peterswire: will ask someone to talk about tracking..... 16:37:38 (Given the language around browser UI and exception API.) 16:37:52 "Tracking is the collection and retention, or use of a user’s browsing activity – the domains or URLs visited across non-affiliated websites -- linked to a specific user, computer, or device." 16:37:55 http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0146.html 16:38:20 wileys: trying to find the document.... 16:38:54 peterswire: previous definition was similar to daa code version, different from editor's draft version, which i think came from dsinger.... 16:39:37 dan_auerbach has joined #dnt 16:39:51 wileys: if you look at doc sent to me...I don't see any notation in version of what specifically changed..... 16:39:53 the amendment changes from "activity" to "browsing activity -- the domains or URLs visited" 16:39:57 I think the new text is underlined in Jack's email. 16:39:59 ack thomas 16:40:08 zakim, mute me 16:40:08 Thomas should now be muted 16:40:18 the amendment changes from "activity" to "browsing activity -- the domains or URLs visited" 16:40:25 wileys: can't see change: 16:41:04 npdoty: link with plain text shows underlined pieces.....amdmt clarified that this is colleciton retention of use of user's browsing activity..... 16:41:25 wileys: was intended to provide clarity of what was being discussed.... 16:41:31 Per our email discussion, there is browsing activity information other than in URLs. Is that meant to included? 16:41:41 [previous note amdment included "across urls" 16:41:46 I think that's a big difference (or clarification) that has come out on the list in greater detail today -- that tracking is collecting a list of sites that you've seen, not just general inferred data about your interests 16:42:37 wileys:...domains or urls visited across non affiliated websites...open to friendly amendments, ed, industry attempting to clarify browsing, but there are edge cases where other things are included in browsing ... 16:42:39 What can be done under the DAA proposal that cannot be done under the June draft? 16:42:39 What is over broad about "activity" alone? Example? 16:42:46 I think Shane intends for inferred characteristics to not count as browsing activity (and therefore tracking) 16:42:56 because "activity" alone can be too broadly interpreted..... 16:43:06 I found this discussion useful to understand what is in and out of scope under the new tracking definition: http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0280.html 16:43:08 What matters is the text, not the drafters' intent. 16:43:23 peterswire: so i think that clarifies intention of drafters, and that they're open to friendly amendments if we get to that level of polish.... 16:43:25 The amended text does not match the stated intent of the drafters. 16:43:43 -ChrisMejia 16:43:50 I think the use of "browsing activity" followed by a dash and "the domains or URLs visited" implies that inferred characteristics are not part of browsing activity 16:43:51 (Or rather, at least understanding the intent. Agree with efelten that the language does not match.) 16:43:51 The drafters should amend their text to match their intentions, rather than asking others to guess what they would want. 16:43:59 ....jonathan mayer's question....what prompted this change from june draft, which had some other language that was taken out..... 16:44:24 [ http://www.w3.org/wiki/Privacy/TPWG/Questions_re_DAA_proposal ] 16:44:35 http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0080.html 16:44:59 peterswire: language was deleted from june draft.... 16:45:07 q? 16:45:40 I think the broader language would make compliance easier. Prevent rules lawyering as new technologies develop to track 16:45:57 wileys: we felt this was clarifying..."data records: is very broad and we are trying to be consistent and tight on language.....but as ed brought up....but we tried to further define activity....to tighten up by using URLs.... 16:46:15 Again, current text does not match stated intent of the drafters. 16:46:30 peterswire: so that was amendment 2 to Jack's proposal.... 16:46:35 to efelten's point, maybe we should add a friendly amendment that defines "browsing activity" as "the domains or URLs contained in a network interaction" 16:46:39 Chris_IAB has joined #dnt 16:47:12 Agree with Ed Felten. I don't see how much if DAA text implements what they say their intent is... 16:47:13 npdoty, that would still be inconsistent with the drafters' stated intentions, which are to include more than just the URLs and domains. 16:47:14 amendment no. 3 was about first parties not passing on information to third parties , but passing on to third parties..... 16:47:22 Lmastria_DAA has joined #dnt 16:47:32 q? 16:47:48 *rob sherman: scribe?* 16:48:02 scribenick: robsherman 16:48:02 peterswire: other questions? 16:48:10 q? 16:48:13 q 16:48:17 +[IPcaller] 16:48:32 q+ 16:48:35 Wait! There are still unanswered questions you skipped over from the web page. 16:48:46 Ed and John, as stated in the mailing list today, the language did match the intent but Ed was able to call out a corner case that we agree could be clarified and are open to a friendly amendment from Ed on this point. 16:48:51 peterswire: Moving now to friendly amendments, going alphabetically. Once the proposed amendment has been offered, DAA people should indicate whether they're generally favorably inclined or not. 16:49:23 justin: I submitted something in the context of trying to understand what data could be used for. 16:49:35 The deadline for friendly amendments passed nine minutes after Jack sent out the text. 16:49:43 … Jack's revised definition of "tracking" helps clarify what the proposal is, though I think the language could be made more explicit. 16:49:53 A basic question: What can be done under the DAA proposal that cannot be done under the June draft? 16:50:08 q? 16:50:19 q+ 16:50:20 Not clear when amendments would have been possible under the current process. 16:50:37 q- 16:50:37 Chapell: Two amendments. 16:50:44 q+ 16:51:14 johnsimpson: two biggest things: (1) use of yellow state data for analytics/research and (2) use of website characteristics for OBA (and anything else) http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0280.html 16:51:20 … First, on first party compliance. The goal was not to impact first party experience but to clearly state that information outside that context is subject to third-party rules. This amendment is not entirely in line with robsherman's. 16:51:26 I would like to propose an amendment. 16:51:33 efelten, did you want to ask about de-id? I think Peter might have just missed that, and we could add you to the queue 16:51:40 scribenick: susan 16:51:48 +Rigo 16:51:49 John - industry proposal is crisper on language, allows for the intermediary state of de-identified but not de-linked (Yellow) and for Aggregate Scoring as a non-normative example for "not tracking" which the revised "Tracking" definition makes clearer. 16:51:52 peterswire: rob, could you explain your amendment? 16:51:59 Peter said we would come back to the questions he deferred from the web page. 16:52:11 Nick and Ed, I believe Peter is coming back to de-id/de-link 16:52:11 I assumed that we would do that. 16:52:18 johnsimpson: Other things too (got rid of Peter's language on unique IDs unless strictly necessary) but those are the two biggest deltas (deltae?) for me. 16:53:03 +1, that is generally what I have meant by "orthogonal" 16:53:04 zakim, mute me 16:53:04 Rigo should now be muted 16:53:04 robsherman: my amendment was just drafted in a way that wasn't clear, but as i read the june draft and the daa proposal i think neither would limit subsequent use of data by first party...wanted to clarify that and we can have substantive discussion about that later... 16:53:22 s/my amendment/the DAA proposal 16:53:37 scribenick: robsherman 16:53:42 peterswire: I think this issue could be discussed in relation to either draft and I think it's orthogonal and should not be considered now....alan, 2nd amendment? 16:53:51 q? 16:53:54 +1 to tabling 16:53:57 +1, we can handle that question separately 16:53:58 Chapell: Propose to table my second proposal as well. 16:54:00 chappell: ua amendment is similar, should possibly also be tabled.... 16:54:07 ack johnsimpson 16:54:07 ack johnsimpson 16:54:10 peterswire: going in queu.... 16:54:31 scribenick: robsherman 16:54:45 John - this was provided to you in IRC 16:54:48 johnsimpson: I would like DAA to clarify how its proposal differs from June draft. What does June draft restrict that DAA proposal allows? 16:55:03 ALLOWING OBA. 16:55:24 Justin, if that's true, it would be useful to have a DAA person confirm it. 16:55:40 http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0280.html 16:55:43 Ed, that is already on the list 16:55:51 And Mike_Zaneis confirmed on the call last week. 16:56:11 peterswire: A number of people believe that the text doesn't achieve the stated intent. May be able to address some of this through the editing process. Shane, can you give the delta between the two? 16:56:44 Just so my first proposal is recorded here -- my text is an iteration of the text provided by Yianna and is not intended to impact a first parties use of data within the first party context. That said, use of data ouside of first party context (as outlined in the 1st parties PP) is tracking and subject to third party rules. 16:56:46 Would like to hear justification for the specific text that is being proposed. 16:57:01 WileyS: The industry proposal was intending to be crisper on language; allows for "yellow" zone for data that's still within DNT scope but that allows permitetd uses that couldn't be used in the "raw" state; allows for aggregate scoring, which will be addressed in non-normative text. 16:57:14 agegate scoring == profiling 16:57:21 … Justin also noted some other points — eliminating Peter's language on use of unique IDs. 16:57:32 R-Y-G is a good thing, narrow scopint definition of tracking is a concern, out of scope of aggregate scoring is a concern 16:58:10 peterswire: There's a red/yellow/green branch of how things work and an aggregate scoring branch, which could be done before data gets to yellow. 16:58:18 "Aggregate scoring" means recording information about the user that is linkable to the user? 16:58:19 one would need an opt-out cookie to stop the OBA 16:58:30 My second proposal - a.k.a. no UA tracking without consent -- has been discussed via the list in a productive manner and I hope we'll reach consensus shortly. Neither proposal is essential to the question before the group today re: June Draft vs DAA Proposal. 16:58:40 WileyS: Sequencing could be parallel or sequential - we don't address that - but the concept peterswire describes is correct. 16:58:46 q? 16:58:57 isn't aggregate scoring linking unique IDs to characteristics? 16:59:02 johnsimpson: We keep talking about red/yellow/green, but those terms aren't described except in Shane's slides. 16:59:07 Shane's slides are dicta. 16:59:10 John, it is not a permitted use....!!!!! 16:59:27 WileyS: That would be non-normative. We've been focusing on normative text, and in normative text we said that to use raw data for a permitted use it would have to be "necessary." 16:59:41 it is going to be part of non-rmatieve text to the definition of NOT TRACKING 17:00:01 please talk about "yellow" because it is not de-identified 17:00:02 ... which is a concern to me 17:00:08 Yes, aggregate scoring would allow tying behavioral (and other) characteristics to a unique ID. 17:00:10 … In non-normative text, we would specify that "yellow" is the preferred place for certain permitted uses. 17:00:24 … The process we're following now is around normative text only so we haven't written it into the draft. 17:00:28 so how can that be a permitted use? 17:00:38 Rob - yes, industry has invested a considerable amount of time and energy on OBA opt-outs and the AdChoices program 17:00:42 but the normative text doesn't indicate that red text isn't allowed for any of the permitted uses 17:00:48 peterswire: If the DAA proposal becomes the base text, I heard Shane to say that there would be additional text on this. 17:00:49 q? 17:00:50 WileyS: Correct. 17:00:54 ack jmayer 17:00:59 did we have other de-id questions listed in the wiki that we skipped over? 17:01:06 yes 17:01:22 jmayer: One option would be to include a link to Shane's presentation in non-normative text. 17:01:27 amyc has joined #dnt 17:01:28 efelten, did johnsimpson's question get to your de-id questions? 17:01:35 … Could also describe aggregate scoring as a permitted use. 17:01:51 No, I still don't understand the different between the DAA's "de-id" versus "de-linked" text. 17:01:59 peterswire: Could DAA address jmayer's first proposal? 17:02:13 ed, queue up? This sounds like a good opportunity for that question. 17:02:15 I would want to turn them into text since they're slides - would be easier to link to as non-normative text. 17:02:30 I would suggest we link to it as an external reference rather dropping the entire slides into an appendix 17:02:33 Mike_Zaneis: I think this was raised last week. We're happy to consider this and will take it back. 17:02:40 q? 17:02:45 Conceptually, I like Jonathan's idea. However, I think that the text offered should probably edited for clarity 17:03:03 Agree with Alan 17:03:05 WileyS: Because these were slides and were meant for a presentation format, we should probably just turn them into text to make a more natural linking. Then, when the time is right, we could do a cut-and-paste. 17:03:43 JC has joined #DNT 17:03:45 peterswire: Shane's slides are already in the public record, and they reflect a lot of work that Shane and the group have done. So I think the expectation is that that is the direction of non-normative text, if we use the DAA text as base, though there might be some adjustments. 17:03:47 Aggregate scoreing is ONE oba method, not THE oba method. I think while we include that oba is permitted, we should not just include one method. 17:03:49 My two proposals: 1) Link to Shane's slides as a non-normative implementation of the "de-identified" and "unlinked" language. 2) For clarity and transparency, we should make "Aggregate Scoring" (i.e. behavioral advertising) a "Permitted Use," just like frequency capping etc. 17:03:54 i think that if you tell a company that aggregate scoring is a permitted use (or out-of scope) under DNT:1 they wil think this is crazy. 17:04:06 … Regarding adding aggregate scoring to the normative text, does DAA have a view? 17:04:18 I just included something in IRC on this 17:04:20 Does the June Draft allow the approach outlined in shane's slides? If not, how not? 17:04:20 To be clear, I'm suggesting simple copy + pastes here, not any block of new text. 17:04:23 jmayer, does it need to be a Permitted Use? I think the suggestion was that that would be part of the "browsing activity"/"tracking" definition 17:04:37 Other examples, please. 17:04:43 Retargeting. 17:04:43 npdoty, then why is frequency capping a permitted use? 17:05:04 I do not understand what the scope of "tracking" is in the DAA proposal. 17:05:05 what is tracking? 17:05:15 my regrets, I have to drop off briefly to move (severe weather alert where I am) I will try to dial back in shortly. 17:05:20 Under the definition of Shane, Re-targeting is not tracking. 17:05:21 WileyS: There are many examples of not-tracking, not just aggregate scoring. We wanted to bring this to the center of the conversation because we knew people would want to talk about it, and the goal was always to raise this in non-normative text. But I don't want it to be the ONLY example of not-tracking in the normative text, since that doesn't make sense. 17:05:22 Shane just said there are many examples of activity info that is not tracking, but we don't know what they are. 17:05:22 -sidstamm 17:05:25 jmayer, because implementing frequency capping would require "tracking" as defined (keeping URLs to remember how often an ad is shown in a particular place) 17:05:30 q? 17:05:33 ack thomas 17:05:42 And we know the current text doesn't match the drafter's intentions. 17:05:48 npdoty, what about frequency capping that's just based on an ad and not domain or URL? 17:05:50 ... where Shane suggests that aggregate-scoring-style behavioral advertising is not even tracking 17:06:02 zakim, mute me 17:06:02 Thomas should now be muted 17:06:05 efelton, there are multiple methods to do oba; aggregate scoring is one such example 17:06:18 vinay: My first amendment - change the definition of service provider - might be orthogonal. 17:06:20 npdoty, that has, in fact, always been the canonical example for frequency capping. 17:06:25 peterswire: Agree - we should table this. 17:06:53 Chris_IAB, my question is not about what is OBA, it is about what is "tracking" under the DAA's proposed definition. 17:06:58 agree that there are definitional amendments that were offered to June draft that would also apply to DAA draft, especially verbs 17:07:08 vinay: Amendment 2 — I'm not going to speak to the substance of de-identified data, but in reading the text it looks like some of the terminology is inconsistent across the document. 17:07:17 I believe the intent of the draft is that retaining/using *anything* that's not a specific domain or url is not tracking and therefore out of scope. 17:07:20 jmayer, there might be some (many?) cases where a use listed in permitted uses could be accomplished without "tracking" as defined (like some types of anti-fraud), but that permitted uses are listed where a use would be allowed even when it required tracking 17:07:29 efelton, tracking is not 1-1 with oba, per our definition. 17:07:35 … Example — in subclause 2, the draft uses the term "non-affiliates," where I think in fact it should say "third parties." 17:07:41 Justin, I think Shane said otherwise on email this morning. 17:07:47 … The phrase also ends with "entity" but I think it means "original party." 17:07:50 Ed - perhaps "many" was a bit of an overstatement. I can think of ways to collect and use information that would be deemed "not tracking" - such as Aggregate Scoring, de-identification + de-linking, are the core two. 17:08:03 Chris_IAB, I agree that tracking does not equal OBA. 17:08:04 … And in the fourth subclause, I think "this data publicly" means "raw data" or "pre-delinked data." 17:08:29 what's the question again? 17:08:53 peterswire: These are editorial changes and subject to polishing later. It would be helpful if DAA could respond on the list to Vinay's questions under Amendment 2. 17:08:57 so DAA is suggesting that DNT:1 can't opt out, only adchoices: http://www.w3.org/mid/DCCF036E573F0142BD90964789F720E3140EAA91@GQ1-MB01-02.y.corp.yahoo.com 17:09:04 q? 17:09:27 vinay: Amendment 3 — "internally linked" is a new term. I've tried new language to capture the same point as the proposal. 17:09:38 I would also like to know what "internally linked" means. 17:09:46 npdoty, that's certainly not the way the conversation has gone before, and at any rate, it wouldn't be at all clear to a reader. 17:09:47 peterswire: If we go down the DAA path, this seems like something that the group could take up as editorial work. 17:09:56 Rigo, yes, do not profile = ad choices 17:10:11 @rigo, DNT:1 = do not track, per our definition of tracking previously stated; you could ALSO opt out of OBA via adchoices 17:10:14 ninjamarnau has joined #dnt 17:10:40 q+ clarifying question 17:10:47 queue=rvaneijk 17:11:05 Ed, internally linked means activity that can be linked within itself (internal) but is not linked to a specific, actual user/device (Yellow Zone). 17:11:08 q? 17:11:18 susanisrael: My amendments, like Vinay's, were editorial. 17:11:32 … To avoid some debate about what some terms mean elsewhere, I suggested that we say we're defining terms only for purpose of this spec. 17:11:33 What is "itself"? 17:11:49 … I also attempted to state the de-identification definition in a way that helped me understand it. I didn't intend to change the substance. 17:11:53 Ed, within the de-identified data set 17:12:03 … But I think we're really saying that the yellow/de-identified state can rely on operational+technical controls. 17:12:14 … This also doesn't affect the choice of draft. 17:12:24 But the text refers to "internally linked to a specific user computer or device". 17:12:29 q? 17:12:31 ack rvan 17:12:35 ack thomas 17:12:43 That doesn't make sense if "internally linked" implied it can't be linked to a user or device. 17:12:48 dwainber_ has joined #dnt 17:12:57 jmayer, I thought permitted uses had always been: you can do what is prohibited above, which is defined there 17:13:00 q+ tlr 17:13:21 rvaneijk: Clarifying question. It looks like we are going to have two systems — a de-identification process and an AdChoices system based on opt-out cookies. 17:13:28 … If we end up with two systems, will one trump the other? 17:13:47 … Or do they co-exist? 17:13:48 Rob - co-exist 17:13:55 they will co-exist Rob 17:14:08 npdoy, yes... and what had been prohibited above was drafted broadly, so that permitted uses had to be very clear. This approach is orthogonal, and frontloads permitted uses into the definition of "tracking." 17:14:10 q+ 17:14:12 Mike_Zaneis: We've tried to address this. They are two different standards, two programs, and two distinct consumer choices. We would honor them independently and neither would trump the other. 17:14:22 Activate the profiling opt-out (available via industry opt-out pages, AdChoices icon, Chrome "Keep My Opt-Outs", industry persistency tools, TACO, etc.). 17:14:23 rvaneijk: Is the DAA opt-out a collection limitation? 17:14:46 Rob, the DAA opt-out would halt aggregate scoring 17:14:47 ack t 17:14:47 How would those two systems differ? 17:14:48 Mike_Zaneis: DAA has a whole set of principles around what would be honored, and the goal of this discussion is to develop new principles for DNT. 17:14:54 rvaneijk: Would it stop aggregated scoring? 17:14:57 Mike_Zaneis: Yes. 17:14:58 John - this was answered to you via the public email list 17:15:06 http://lists.w3.org/Archives/Public/public-tracking/2013Jun/0513.html 17:15:10 http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0079.html 17:15:21 Thomas: I wanted to go back to de-identification — questions from efelten and johnsimpson. 17:15:24 so we need a permitted use to ignore DNT and make only adchoice work? http://www.w3.org/mid/DCCF036E573F0142BD90964789F720E3140EAC4E@GQ1-MB01-02.y.corp.yahoo.com 17:15:35 I don't have an easy way to talk, but I can type on IRC 17:15:51 please type away, and thomas will also read the question 17:16:05 Thomas: Ed's question was about the difference between "deidentified" and "delinked." 17:16:28 If two locations are linked to one another-- my home address and work address-- they can be linked to an actual user (me) without any personal information. 17:16:35 Please answer with respect to the proposed text. 17:16:38 WileyS, can you take this one? 17:16:42 +q 17:16:48 q- 17:16:54 ack wil 17:16:54 ack WileyS 17:17:17 @rvaneijk...DNT (headers signals) and AdChoices would be complementary 17:17:25 Either version is okay. 17:17:37 Changes from version to version are orthogonal. 17:17:59 WileyS: The most recent draft has two definitions — "data is deidentified when a party…" and "data is delinked when a party...." 17:18:10 ack thomas 17:18:16 "De-linked" means "de-identified" plus something. What is the something? 17:18:35 … [reads efelten's question] 17:18:39 Lmastria_DAA, could AdChoices Opt-out include an OOB consent to tracking? 17:19:02 Lmastria_DAA: they aren't as Shane suggests that a DNT signal is ignored via a permitted use and opt-out would only be possible with adchoices. See the cited link above. This is not parallel... 17:19:11 Please answer with respect to the proposed text. 17:19:13 sidstamm has joined #dnt 17:19:28 … We need more non-normative text here. In the presentations that rvaneijk and I gave about the three states, we gave examples where when an organization moves from yellow to green, it may be transformed across a given timeset. 17:19:45 +sidstamm 17:19:52 … If the move from deidentified to delinked occurs on an hourly basis, the resulting records may be internally linkable within that short timeframe. 17:20:03 Shane, data retention may be your golden key 17:20:07 … In this case the data is deemed to be "delinked" as long as data can't be linked across those time boundaries. 17:20:14 +q 17:20:19 What is the difference between de-identified and de-linked? 17:20:37 … The question here is about the cycle of delinking. 17:20:37 With reference to the text you proposed. 17:20:49 I'm not asking about your intention. I 17:20:54 I'm asking about your text. 17:21:08 If data "cannot be linked across time boundaries," then mustn't it not be linkable to a particular user? 17:21:13 tlr: Looking at the text, I think efelten is trying to ask what impact the "level of justified confidence" has. 17:22:29 There's nothing in the text about operational or administrative controls. 17:22:43 Shane, please give up the term de-identified and use Yellow [friendly ammendment] 17:22:45 WileyS: The key difference is that organizations won't reidentify information or allow entities that receive the data to reidentify. This is the concept of operational/administrative controls. Then the next category is the situation in which the organization no longer has the need for operational/administrative controls. 17:22:48 This isn't in the text. 17:22:54 Where? 17:23:04 Operational and administrative controls are in the text where? 17:23:06 … I read this directly from the text. 17:23:13 Data is delinked when a party: 17:23:13 1. has achieved a reasonable level of justified confidence that data has been de-identified and cannot be 17:23:14 Ed - In delinked 17:23:16 internally linked to a specific user, computer, or other device within a reasonable timeframe; 17:23:19 2. has taken reasonable steps to ensure that data cannot be reverse engineered back to identifiable data 17:23:22 without the need for operational or administrative controls. 17:23:45 http://lists.w3.org/Archives/Public/public-tracking/2013Jun/att-0466/NAI-DAA-DMA_June_26_draft_compared_to_June_22_Tracking_Compliance_and_Scope_copy.pdf 17:23:47 this is in the redline doc 17:24:18 q? 17:24:30 ack jmayer 17:24:33 zakim, mute me 17:24:33 Thomas should now be muted 17:24:34 tlr: johnsimpson had a parallel question, which may have been answered by the discussion we just had. 17:24:35 4-min left on today's call? 17:24:45 chris, we've reserved the bridge to go up to 2h 17:25:05 ok, thanks @tlr 17:25:11 jmayer: Deidentified is defined as breaking the connection between identifiers, and delinking is defined as breaking the connection to an identity. 17:25:27 Jonathan - are you reading from the current draft? http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Data_Hygiene_Tracking_of_URL_Data 17:25:31 … If you can connect something to a user's identity, can't you also reconnect identifiers? 17:25:43 Apologies, unlikely to be able stay on much past 1:30 ET (10:30 PT) 17:25:54 … Should there be definitions along the lines of what Shane just described instead? 17:26:06 peterswire: Looking at the DAA draft, I don't see the concept you're describing. 17:26:31 jmayer: [reads from definitions from text] 17:26:33 -efelten 17:26:57 +efelten 17:27:07 … I think the text is getting at the idea that deidentification is about breaking the link between unique IDs, and delinking is about removing identifiability in terms of the data set itself. 17:27:26 De-identified is about breaking the link with real users/devices. De-linking is about breaking the link between specific events as well. 17:27:43 Shane, can you please explain how your de-ident definition differs from the June draft and the significance of the differences. In other words in what ways would a data set considered as de-identified by your definition not count as de-identified by the definition in the June draft? 17:27:48 … Looking at the text, the definition of "deidentified" may not map to that intent, since the text. The definition assumes that in the deidentified state it could be reassociated or reidentified. 17:28:27 peterswire: I think I heard that "delinked" includes the language about reverse engineering — technical measures have been taken so that, within an organization, they take reasonable steps to ensure that reverse engineering cannot be done. This technical step is not required for deidentified. 17:28:35 Does "de-identified" require any technical measures? 17:28:38 dan_auerbach has joined #dnt 17:28:46 John - 3rd time - the industry proposal introduces the concept of a middle-state (Yellow) by breaking apart the definitions of de-identification and de-linking. 17:28:50 Ed - yes 17:28:57 zakim, who is muted? 17:28:57 I see Thomas, paulohm, Joanne, Rigo muted 17:29:00 So we're supposed to infer by negative implication that "deidentification" doesn't require technical steps? 17:29:06 efelten, do you mean beyond changing UIDs by other UIDs? 17:29:21 I don't see why it would require even that, as explained by Shane. 17:29:29 WileyS: In the slide deck, we described that there are technical measures that are taken even in the deidentified state. 17:29:56 … In the delinked state, you take a PURELY technical final step, so that you're no longer relying on operational/administrative controls to ensure that reidentification doesn't occur. 17:30:04 Technical + Operational + Administrative = De-Identified 17:30:09 jmayer: I understand Shane's proposal but am confused about the text. 17:30:12 jmayer: perhaps my friendly amendment will help 17:30:21 I think we need a LOT more clarification around "yellow" -- apologies that i couldn't speak up or be on IRC earlier 17:30:21 Agree that it doesn't map to the text. But that's been a point of dispute for a long time. 17:30:24 but i'll follow up over email 17:30:33 What is the minimum requirement for technical measures required by de-identified? If any. 17:30:33 jmayer, because Shane has maintained that (as would be described in non-normative text), "cannot reasonably be re-associated" could be accomplished through administrative controls in part 17:30:40 agree with Jonathan. don't see how text implements red yellow green 17:30:46 peterswire: Sounds like there is some normal polishing/editing process that should happen here, plus the possibility of non-normative language to add clarity. 17:31:06 … Now move to the procedural part of our discussion. 17:31:23 -eberkower 17:31:31 In particular: If we define "deidentified" as breaking link between IDs, then Shane's proposal doesn't satisfy the definition. If we define "deidentified" in the stronger terms of the present proposal, Shane's proposal doesn't satisfy the definition. 17:31:32 +q 17:31:33 https://www.w3.org/2002/09/wbs/49311/datahygiene/ 17:31:37 I did not have an opportunity to discuss my proposed friendly amendment with shane, as he was on vacation, but perhaps my proposed friendly amendment re: "de-identified" helps with the language. 17:31:40 … The call for objections/comments link is live on the W3C website. The core of the question for Friday is which base text to use. 17:32:05 I also think it is a problem that it's limited to "cannot be **internally** linked " n the first clause 17:32:14 … The call for objections lists the basic issues about which we are seeking a decision. There would be subsequent polishing and other issues that we've decided today or before we're orthogonal that would be addressed later under either path. 17:32:36 And it's not clear what "internally linked" means in practice. Internal to what? A company's entire data vault? A particular user's record? 17:32:37 … What I've said before is that we need an affirmative decision by the group about whether to continue after July, and the way to do that is to have input on this fork in the road. 17:32:45 q? 17:32:46 … All of the comments will be part of the record that the chairs will consider. 17:32:47 Where is the link? 17:32:51 https://www.w3.org/2002/09/wbs/49311/datahygiene/ 17:33:04 ack jma 17:33:18 jmayer: What sorts of amendments would be permitted after the fact to either of these base texts? 17:33:30 q+ 17:33:47 Marc has joined #dnt 17:34:10 issues 215, 5,16,188,199 17:34:29 A perfecting amendment is not a friendly amendment. 17:34:38 peterswire: We've identified a specific package of issues in the June draft — four issues. For those, after this process we would accept only perfecting or friendly amendments. 17:34:44 For the record, the final DAA text was submitted nine minutes before the deadline for submitting amendments to it. 17:34:58 … We have a lot of notice about what the substance is, and we would have to address in each case whether a particular amendment is in order. 17:35:08 If a perfecting amendment is not a friendly amendment, then does perfecting have any meaning? :) 17:35:19 npdoty: We would be closing ISSUE-213 and still need to go through other issues we have on the Compliance June product. 17:35:23 q? 17:35:24 -[Microsoft] 17:35:26 q- 17:35:32 the definition of tracking is apparently not open for amendments ASAIK 17:35:33 s/ISSUE-213/ISSUE-215 17:35:38 -Craig_Spiezle 17:35:40 q+ 17:35:52 peterswire: We'll be avidly reading the list and looking for comments by Friday at 5 pm PT. 17:36:01 Will the link to objections be on WG web page? 17:36:12 John - its already there 17:36:20 jmayer: We've had discussions about whether the DAA text is consistent with the drafters' intent. 17:36:34 John - click on the Decision Policy link in the left rail 17:36:39 … It's difficult to know how to write an informed opinion if we don't know what the text means. 17:36:48 … Presumably some proposed amendments will clarify what this means. 17:37:12 Shane, sorry don't see it... 17:37:15 q+ 17:37:26 peterswire: We've now talked through these issues for more than three hours with the people involved in writing the text, as well as a lot of emails. I believe that this group has a developed sense of what the two paths are, and we are asking for your comments. 17:37:36 can you please post the link again? 17:37:38 … You can observe where it is vague or doesn't give enough information on whether we can come to a decision. 17:37:40 https://www.w3.org/2002/09/wbs/49311/datahygiene/ 17:37:52 So the only firm point of procedure is that having made this decision, we will close the ISSUE on making this decision? 17:38:10 … But the goal of this week is to close ISSUE-215, and we have given you notice of the specific issues that will be considered. 17:38:18 npdoty, user name and password required? 17:38:27 q? 17:38:34 to answer the questionnaire, yes 17:38:54 -Jules_Polonetsky 17:38:54 q- 17:38:54 Don't see how can decide on text that doesn't reflect in ten... 17:38:56 -MikeZ 17:38:57 -ronan 17:38:57 -Jonathan_Mayer 17:38:58 -vinay 17:38:58 - +1.202.331.aaii 17:38:59 -mecallahan 17:38:59 -Thomas 17:38:59 -Rigo 17:38:59 -paulohm 17:38:59 -rvaneijk 17:38:59 -JeffWilson 17:39:00 -[Microsoft.a] 17:39:01 -Peder_Magee 17:39:02 -susanisrael 17:39:02 -brian_huseman 17:39:02 -Wendy 17:39:02 - +1.203.563.aamm 17:39:02 -WaltMichel 17:39:03 -kulick 17:39:03 -dwainberg 17:39:05 -Peter 17:39:05 -robsherman 17:39:06 -ninjamarnau.a 17:39:06 - +1.650.595.aagg 17:39:06 -[Apple] 17:39:07 -ChrisPedigoOPA 17:39:07 -Joanne 17:39:08 -sidstamm 17:39:08 -[CDT] 17:39:10 -Brooks 17:39:10 -Chapell 17:39:10 -David_MacMillan 17:39:11 Zakim, list attendees 17:39:11 As of this point the attendees have been npdoty, rvaneijk, Thomas, +1.917.934.aaaa, +1.650.365.aabb, +1.202.494.aacc, susanisrael, ChrisMejia, jchester, WaltMichel, JeffWilson, 17:39:14 ... +1.202.639.aadd, +1.646.827.aaee, efelten, +1.303.492.aaff, mecallahan, paulohm, David_MacMillan, [CDT], +1.650.595.aagg, johnsimpson, +1.813.732.aahh, +1.202.331.aaii, 17:39:14 ... +1.202.345.aajj, Yianni, +1.916.212.aakk, AlisonSwift, brian_huseman, Craig_Spiezle, +1.408.836.aall, hober, Amy_Colando, Joanne, moneill2, vinay, +1.203.563.aamm, dwainberg, 17:39:19 ... ChrisPedigoOPA, Brooks, ronan, Peder_Magee, eberkower, kulick, +49.431.98.aann, BerinSzoka, Jules_Polonetsky, +1.202.370.aaoo, robsherman, billscan, Wendy, ninjamarnau, 17:39:19 ... laurengelman, +1.202.344.aapp, [Microsoft], adrianba, MikeZ, +1.646.666.aaqq, [FTC], WileyS, +1.650.605.aarr, sidstamm, Jonathan_Mayer, Chapell, Dan_Auerbach, Aleecia, 17:39:19 ... [IPcaller], Rigo 17:39:19 -moneill2 17:39:19 -adrianba 17:39:20 -Dan_Auerbach 17:39:20 -[IPcaller] 17:39:20 -johnsimpson 17:39:22 rrsagent, please draft the minutes 17:39:22 I have made the request to generate http://www.w3.org/2013/07/10-dnt-minutes.html npdoty 17:39:22 - 17:39:23 -WileyS 17:39:31 -billscan 17:39:35 -npdoty 17:39:37 -BerinSzoka 17:39:49 -efelten 17:39:51 npdoty, 917 934 aaaa was me. so i am included twice 17:39:56 -[FTC] 17:45:55 kulick has left #dnt 18:25:27 -laurengelman 18:28:53 -rachel_n_thomas 18:28:54 T&S_Track(dnt)12:00PM has ended 18:28:54 Attendees were npdoty, rvaneijk, Thomas, +1.917.934.aaaa, +1.650.365.aabb, +1.202.494.aacc, susanisrael, ChrisMejia, jchester, WaltMichel, JeffWilson, +1.202.639.aadd, 18:28:54 ... +1.646.827.aaee, efelten, +1.303.492.aaff, mecallahan, paulohm, David_MacMillan, [CDT], +1.650.595.aagg, johnsimpson, +1.813.732.aahh, +1.202.331.aaii, +1.202.345.aajj, Yianni, 18:28:55 ... +1.916.212.aakk, AlisonSwift, brian_huseman, Craig_Spiezle, +1.408.836.aall, hober, Amy_Colando, Joanne, moneill2, vinay, +1.203.563.aamm, dwainberg, ChrisPedigoOPA, Brooks, 18:28:55 ... ronan, Peder_Magee, eberkower, kulick, +49.431.98.aann, BerinSzoka, Jules_Polonetsky, +1.202.370.aaoo, robsherman, billscan, Wendy, ninjamarnau, laurengelman, +1.202.344.aapp, 18:29:00 ... [Microsoft], adrianba, MikeZ, +1.646.666.aaqq, [FTC], WileyS, +1.650.605.aarr, sidstamm, Jonathan_Mayer, Chapell, Dan_Auerbach, Aleecia, [IPcaller], Rigo 20:00:48 Zakim has left #dnt 20:29:15 hober has joined #dnt