W3C

- DRAFT -

Tracking Protection Working Group Teleconference

10 Jul 2013

See also: IRC log

Attendees

Present
npdoty, rvaneijk, Thomas, +1.917.934.aaaa, +1.650.365.aabb, +1.202.494.aacc, susanisrael, ChrisMejia, jchester, WaltMichel, JeffWilson, +1.202.639.aadd, +1.646.827.aaee, efelten, +1.303.492.aaff, mecallahan, paulohm, David_MacMillan, [CDT], +1.650.595.aagg, johnsimpson, +1.813.732.aahh, +1.202.331.aaii, +1.202.345.aajj, Yianni, +1.916.212.aakk, AlisonSwift, brian_huseman, Craig_Spiezle, +1.408.836.aall, hober, Amy_Colando, Joanne, moneill2, vinay, +1.203.563.aamm, dwainberg, ChrisPedigoOPA, Brooks, ronan, Peder_Magee, eberkower, kulick, +49.431.98.aann, BerinSzoka, Jules_Polonetsky, +1.202.370.aaoo, robsherman, billscan, Wendy, ninjamarnau, laurengelman, +1.202.344.aapp, [Microsoft], adrianba, MikeZ, +1.646.666.aaqq, [FTC], WileyS, +1.650.605.aarr, sidstamm, Jonathan_Mayer, Chapell, Dan_Auerbach, Aleecia, [IPcaller], Rigo
Regrets
Chair
peterswire
Scribe
susanisrael, robsherman, susan

Contents


<trackbot> Date: 10 July 2013

<susanisrael> aaaa is susanisrael

<David_MacMillan> zakim 650-365 is David_MacMillan

<kulick> 408.836

<npdoty> scribenick: susanisrael

<scribe> scribenick: susanisrael

<robsherman1> scribenick: robsherman

<npdoty> http://www.w3.org/mid/CE02F665.90A6A%25peter@peterswire.net

<susanisrael> Peterswire: will discuss email from peter swire, text for request for comments, and will be useful to have list of relevant urls which was also sent around

<npdoty> scribenick: susanisrael

<Marc_> 202 344 4652 is Mike Z

<npdoty> http://www.w3.org/mid/CE02F665.90A6A%25peter@peterswire.net

peterswire: to begin pls look at email "text for request for comments/call for objections" sent at 11:30....
... will walk through....

<wseltzer> ISSUE-5?

<trackbot> ISSUE-5 -- What is the definition of tracking? -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/5

<wseltzer> ISSUE-16?

<trackbot> ISSUE-16 -- What does it mean to collect, retain, use and share data? -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/16

<wseltzer> ISSUE-188?

<trackbot> ISSUE-188 -- Definition of de-identified (or previously, unlinkable) data -- open

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/188

peterswire: issue 215 is the DAA's package proposal and the group's decision on this will affect the subsequent decisions listed., 5, 16, 188, 189

<wseltzer> ISSUE-199?

<trackbot> ISSUE-199 -- Limitations on the use of unique identifiers -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/199

<wseltzer> ISSUE-215?

<trackbot> ISSUE-215 -- data hygiene approach / tracking of URL data and browsing activity -- raised

<trackbot> http://www.w3.org/2011/tracking-protection/track/issues/215

issue 188, i think wins prize for most emails in one week, de-identification. all these issues are affected by the direction we choose.

<jules_polonetsky> Zakim 202 587 is jules_polonetsky

we take the daa's proposal to be as amended by jack's submission yesterday, July 9

[also now contemplate continuing past july?]the focus of this call is to determine the base text, and consideration of comments will be determined by this choice

scribe: please state views clearly on call....we are not trying to get a count here....

Option A: DAA proposal as base, Option B, editors' text as base, then will try to get chair's decision as to how to move forwar....this will be group decision as determined by chairs, but it's a group decision that ultimately controls....

<vinay> Is it just me, or is there no link to the poll where members can state their objections?

scribe: any move to last call will be determined by the group.....

<Joanne> Vinay, I wasn't able to find it either

<npdoty> vinay, I think we wanted to get clarity on the text asking for objections before I share a link to a poll

<vinay> Got it, thanks Nick!

how we will proceed today: many people have been working hard. I understand DAA has been working hard, not only as seen on list but within group, and I take that work to be in good faith.....

let's consider amendments offered by Jack Hobaugh yesterday, first shorter, then we will move to de-identification ....

then will move to friendly or perfecting amendments......if you're not included but made some please speak up.....

<robsherman1> I had one.

justin brookman, alan chappell, vinay goell, susan israel, david singer, Rob Sherman....

then at that point we will sum up and have discusison re procedure to get maximum clarity about how to proceed and call for objections....

scribe: re Audience Measurement, there have been offline calls and my sense is that there has been improved meeting of minds and polishing of language in connection with that....
... moving now to list of questions, omitting for now those about de-identification.....

<BerinSzoka> folks, please MUTE yourselves! someone has been typing in sporadic bursts

<wseltzer> [ http://www.w3.org/wiki/Privacy/TPWG/Questions_re_DAA_proposal ]

<efelten> First they'll have to explain the difference between de-identified and de-linked.

first is for John Simpson, second de-id so we'll hold it, 3rd is from Thomas Roessler and we may try that if easy, otherwise will handle it with De-Id (would out of scope apply to de-identification or to de-linked data.....

<WileyS> Could you please repeat the question?

scribe: not hearing anyone answering....

<efelten> What are

question is at some point information is scrubbed hard enough that it is out of scope. Does this apply when we move from red to yellow, or from yellow to green.

wileys: yellow to green

<sidstamm> so only green data is out of scope

<npdoty> WileyS: only out of scope in the "green" ("de-linked") state

<justin> Though, to be clear, derived info from urls is completely out of scope too.

<WileyS> Sid - yes, as we discussed in Sunnyvale

<sidstamm> k

<WileyS> Justin - correct - as long as they cannot be reversed back to "tracking" data, they are outside of scope since they are "not tracking"

<npdoty> my understanding is that we can take up the security/fraud change proposal separately

<Chris_IAB> Defer to current proposal

<tlr> wileys, specific wording, then: When a third party receives a DNT:1 signal, that third party MAY nevertheless collect, retain, share or use data

peterswire: thanks. David singer asked for redline, which we now have, john simpson asked for list of supporters which we now have, and [.....] my understanding is that DAA has shorter version of security and fraud proposal than Chris's proposal...right?

<tlr> related to that network interaction if the data is de-identified as defined in this specification.

mike zaneis: yes

<tlr> should be: "de-identified and delinked"

<npdoty> I also wondered about this, it might be a friendly amendment to just be consistent about saying "user, user agent or device" throughout

peterswire: significance of use of the word "computer" .....intended to be complement to device....?

<efelten> What's the rationale for removing "user agent" here?

wileys: yes, came from daa language but look forward to friendly amendment also just to have one term, user device,

<efelten> Shouldn't the goal be to harmonize terminology with the HTTP spec?

<npdoty> WileyS, do you intend something different by removing "user agent"?

<WileyS> Ed, the user agent is the same as the user when acting as "an agent" - when it begins to act at its own direction then it is a 3rd party.

peterswire: ok, next is user agent definition: john simpson asked what is significance of addition of this sentence to definition of [.....]...my understand would be that scope of do not track standard would apply to user agents that meet all 3 of thes e things...

<efelten> User agent is not the same as user. A user might have multiple user agents --- I am using multiple user agents at the moment.

<WileyS> Ed - no - as in this context UAs are implementing policy elements and not only technical elements which would align with HTTP spec.

<efelten> User agents are not the same as users.

<npdoty> I think John is actually referring to the scope section, rather than definition of User Agent, and that this exists in the Editors' draft as well

<sidstamm> I would think that any software that is not acting on behalf of its user is not a user agent

<WileyS> Ed, each UA is acting as the user when the user is using it.

<johnsimpson> a question

<WileyS> Sid - I agree.

<johnsimpson> clarifying question please?

general browser web, user interface meets tpe, can implement tpe spec...other kinds of user agents would be out of scope. correct? think we should alert people and i think this may be of enough importance that we should alert people....

<npdoty> in families, for example, sometimes multiple users will share a user agent

<sidstamm> I agree with ed, user agent should still be in the list

<WileyS> Ed - that is why its called the "user's agent" or "user agent" for short

<efelten> Right, but acting on behalf of the user is not the same as being the user. A user can use multiple user agents.

group previously discussed this in sunnyvale, may be an issue....

<WileyS> Correct

johnsimpson: still confused. so if user agent cannot implement exceptions it does not quallify?

peterswire: yes, that's my understanding...

<WileyS> John - correct. Only UAs that support exceptions would be deemed compliant.

johnsimpson: so right now the only browser that implements the exception mechanism is latest version of IE. So other browswers would not be in scope?

<justin> Who is talking?

<npdoty> hober, Ted O'Connor, Apple

<Chris_IAB> who's speaking?

hober there is a difference between can and does.....so for example network router that does not have java script is not in scope.....

speaker was ted o'connor of apple

peterswire: so Ted says all general purpose browsers can implement spec, is there anyone who disagrees?

[no response]

peter: ...so word "CAN" turns out to be important....

<npdoty> http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#scope-and-goals

peter: nick says there is identical language in june draft....

de-id we will do later....tracking .....

<npdoty> http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0082.html

there is a question about sending response to dnt signal from browser, why it is in first party compliance section, and related questions, john could you state briefly? is it about placement and disregarding?

<Chris_IAB> peterswire, I think we need to take the "can" vs. "does" question under advisement and come back to the group at a later time with a definititive response.

<paulohm> Just to clarify: the recent silence means that DAA reps have confirmed on today's call that browsers can comply even if they do not implement the UGE mechanism, per Ted O'Connor.

<peterswire> understood to chris

<WileyS> Paul, that is incorrect. I responded via IRC.

johnsimpson: yes, why was this put here, and also later in 3rd parties.....is related to notion that if you sent a disregard message you would be compliant...elsewhere in TPE there is language that says otherwise.....so clarifying language would be needed here if that is what this means....

<paulohm> Thanks Shane. See it now (and Chris's comment too)

peterswire: so could someone from DAA explain view on when server can disregard dnt signal.....and still be compliant?

marcgroman: no , disregarding 100 % of dnt signals is not what's contemplated, this signal means you have an exception or other basis to not follow or implement, and you respond with that....

<WileyS> +q

peterswire: so implies consent?

<WileyS> C=consent, D=disregard

<justin> Right, OOBC DNE disregard

johns: but says disregard?

<tlr> 5.2.8 in TPE spec

<tlr> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#TSV-D

npdoty: i have similar concern, and we have a different flag for this....

<npdoty> to john's first question, it would still be possible for a first party to disregard a signal (not just the third party)

wileys: we have had this conversation on email also...I think goal here is where server is going to send disregard, it must be paired with message as to why and with link to further explanation...not just sending back "d"....

<jmayer> Clarifying question: what sorts of "justified reasons" exist for disregarding a "DNT: 1" signal?

issue with compliance is that obviously if a server did that for all signals it could not be deemed compliant....but if you did this for small number of signals, would you be noncompliant generally? for that transaction only?

<justin> I agree that's not the intention, but where is the textual basis for saying that sending DISREGARD to all is not allowed? (may exist, I just don't know)

<WileyS> Yes to what Peter just said

<npdoty> this DAA proposal doesn't list justifiable reasons for disregarding and we don't have text proposals suggesting them at the moment

peterswire: I just heard from shane that this is a transparency requirement....just that server says what happens....

<WileyS> -q

<efelten> +1 to Justin. We need to talk more about what the text says, not so much about the drafters' motivation.

<npdoty> it might be purely editorial, since first parties could also hypothetically disregard (though they might have fewer reasons to do so)

<WileyS> Ed - we've been asked for "why" the language is - hence the explanation. Hard to discuss text and not discuss motivations.

tlr: language in the june draft exists in third party compliance section, so the change in daa draft is just to place the language in first and third party sections, so I think this is an orthoganl change...real qu: is jonathan mayer's change proposal...think it should be consistent...

<jmayer> I agree with Justin and Ed. We are being asked to inform a decision between competing texts, not competing drafting histories.

peterswire: next qu from john simpson goes to % of users sending flag, john simpson can you summarize?

<efelten> What I meant (and I think Justin too) is that the text should give some clarify about what is a valid reason for disregarding signals.

<jmayer> If the text does not match the drafting intent, we should take time to fix the text.

<WileyS> Jonathan - agree

<justin> Well, this one is a problem in both the June and DAA drafts, I think. I don't have a concrete proposal.

john simpson: what mike zaneis seems to have said was that the whole question of defaults was off table and daa went down different road because of expected high numbers of dnt:1 signals, yet there is still language about disregarding signals in the draft....

<jmayer> Justin, I submitted a change proposal on this very issue.

<efelten> I think what makes people nervous is the talk about whether a server "feels it has a valid reason" as opposed to a reason that is based on the spec.

<justin> Maybe some sort of requirement that you have a good faith belief that the signal does not represent the preference of the user? Not sure that's perfect . . .

mike zaneis: the concept was that rather than continuing down path of trying to distinguish valid vs. invalid dnt signals, where we knew we would have high rate of error about user's intent, our proposal is meant to have ...

<npdoty> I think Mike's point was that while they would propose something that would allow for accepting invalid signals, there might still be some services that would choose to distinguish

<justin> So this could be open to a friendly amendment.

as a baseline honoring all dnt signals unless we can clearly tell that a signal is noncompliant....but I see no reason why we should not try to see if UA's like others are compliant but our assumption is we will try to honor most if not all dnt signals as an industry...

<WileyS> Justin - that would be great.

peterswire john?

johnsimpson: ok?

<npdoty> http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0146.html

<jmayer> So, as written, a website could disregard every current production implementation of Do Not Track?

peterswire: now to tracking, will go to Jack Hobaugh email from 11:51 yesterday, and we'll take amendments 2 and 3 first.....
... will ask someone to talk about tracking.....

<jmayer> (Given the language around browser UI and exception API.)

<efelten> "Tracking is the collection and retention, or use of a user’s browsing activity – the domains or URLs visited across non-affiliated websites -- linked to a specific user, computer, or device."

<npdoty> http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0146.html

wileys: trying to find the document....

peterswire: previous definition was similar to daa code version, different from editor's draft version, which i think came from dsinger....

wileys: if you look at doc sent to me...I don't see any notation in version of what specifically changed.....

<npdoty> the amendment changes from "activity" to "browsing activity -- the domains or URLs visited"

<efelten> I think the new text is underlined in Jack's email.

<laurengelman> <npdoty> the amendment changes from "activity" to "browsing activity -- the domains or URLs visited"

wileys: can't see change:

npdoty: link with plain text shows underlined pieces.....amdmt clarified that this is colleciton retention of use of user's browsing activity.....

wileys: was intended to provide clarity of what was being discussed....

<efelten> Per our email discussion, there is browsing activity information other than in URLs. Is that meant to included?

[previous note amdment included "across urls"

<npdoty> I think that's a big difference (or clarification) that has come out on the list in greater detail today -- that tracking is collecting a list of sites that you've seen, not just general inferred data about your interests

wileys: ...domains or urls visited across non affiliated websites...open to friendly amendments, ed, industry attempting to clarify browsing, but there are edge cases where other things are included in browsing ...

<johnsimpson> What can be done under the DAA proposal that cannot be done under the June draft?

<efelten> What is over broad about "activity" alone? Example?

<npdoty> I think Shane intends for inferred characteristics to not count as browsing activity (and therefore tracking)

because "activity" alone can be too broadly interpreted.....

<justin> I found this discussion useful to understand what is in and out of scope under the new tracking definition: http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0280.html

<efelten> What matters is the text, not the drafters' intent.

peterswire: so i think that clarifies intention of drafters, and that they're open to friendly amendments if we get to that level of polish....

<efelten> The amended text does not match the stated intent of the drafters.

<npdoty> I think the use of "browsing activity" followed by a dash and "the domains or URLs visited" implies that inferred characteristics are not part of browsing activity

<justin> (Or rather, at least understanding the intent. Agree with efelten that the language does not match.)

<efelten> The drafters should amend their text to match their intentions, rather than asking others to guess what they would want.

peterswire: jonathan mayer's question....what prompted this change from june draft, which had some other language that was taken out.....

<wseltzer> [ http://www.w3.org/wiki/Privacy/TPWG/Questions_re_DAA_proposal ]

<tlr> http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0080.html

peterswire: language was deleted from june draft....

<laurengelman> I think the broader language would make compliance easier. Prevent rules lawyering as new technologies develop to track

wileys: we felt this was clarifying..."data records: is very broad and we are trying to be consistent and tight on language.....but as ed brought up....but we tried to further define activity....to tighten up by using URLs....

<efelten> Again, current text does not match stated intent of the drafters.

peterswire: so that was amendment 2 to Jack's proposal....

<npdoty> to efelten's point, maybe we should add a friendly amendment that defines "browsing activity" as "the domains or URLs contained in a network interaction"

<johnsimpson> Agree with Ed Felten. I don't see how much if DAA text implements what they say their intent is...

<efelten> npdoty, that would still be inconsistent with the drafters' stated intentions, which are to include more than just the URLs and domains.

amendment no. 3 was about first parties not passing on information to third parties , but passing on to third parties.....

*rob sherman: scribe?*

<npdoty> scribenick: robsherman

<susanisrael> peterswire: other questions?

<johnsimpson> q

<efelten> Wait! There are still unanswered questions you skipped over from the web page.

<WileyS> Ed and John, as stated in the mailing list today, the language did match the intent but Ed was able to call out a corner case that we agree could be clarified and are open to a friendly amendment from Ed on this point.

peterswire: Moving now to friendly amendments, going alphabetically. Once the proposed amendment has been offered, DAA people should indicate whether they're generally favorably inclined or not.

justin: I submitted something in the context of trying to understand what data could be used for.

<efelten> The deadline for friendly amendments passed nine minutes after Jack sent out the text.

… Jack's revised definition of "tracking" helps clarify what the proposal is, though I think the language could be made more explicit.

<johnsimpson> A basic question: What can be done under the DAA proposal that cannot be done under the June draft?

<efelten> Not clear when amendments would have been possible under the current process.

Chapell: Two amendments.

<justin> johnsimpson: two biggest things: (1) use of yellow state data for analytics/research and (2) use of website characteristics for OBA (and anything else) http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0280.html

… First, on first party compliance. The goal was not to impact first party experience but to clearly state that information outside that context is subject to third-party rules. This amendment is not entirely in line with robsherman's.

<jmayer> I would like to propose an amendment.

<npdoty> efelten, did you want to ask about de-id? I think Peter might have just missed that, and we could add you to the queue

<susanisrael> scribenick: susan

<WileyS> John - industry proposal is crisper on language, allows for the intermediary state of de-identified but not de-linked (Yellow) and for Aggregate Scoring as a non-normative example for "not tracking" which the revised "Tracking" definition makes clearer.

<susanisrael> peterswire: rob, could you explain your amendment?

<efelten> Peter said we would come back to the questions he deferred from the web page.

<WileyS> Nick and Ed, I believe Peter is coming back to de-id/de-link

<efelten> I assumed that we would do that.

<justin> johnsimpson: Other things too (got rid of Peter's language on unique IDs unless strictly necessary) but those are the two biggest deltas (deltae?) for me.

<npdoty> +1, that is generally what I have meant by "orthogonal"

<susanisrael> robsherman: the DAA proposal was just drafted in a way that wasn't clear, but as i read the june draft and the daa proposal i think neither would limit subsequent use of data by first party...wanted to clarify that and we can have substantive discussion about that later...

<robsherman> scribenick: robsherman

<susanisrael> peterswire: I think this issue could be discussed in relation to either draft and I think it's orthogonal and should not be considered now....alan, 2nd amendment?

<sidstamm> +1 to tabling

<npdoty> +1, we can handle that question separately

Chapell: Propose to table my second proposal as well.

<susanisrael> chappell: ua amendment is similar, should possibly also be tabled....

<susanisrael> peterswire: going in queu....

<npdoty> scribenick: robsherman

<WileyS> John - this was provided to you in IRC

johnsimpson: I would like DAA to clarify how its proposal differs from June draft. What does June draft restrict that DAA proposal allows?

<justin> ALLOWING OBA.

<efelten> Justin, if that's true, it would be useful to have a DAA person confirm it.

<justin> http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0280.html

<rvaneijk> Ed, that is already on the list

<justin> And Mike_Zaneis confirmed on the call last week.

peterswire: A number of people believe that the text doesn't achieve the stated intent. May be able to address some of this through the editing process. Shane, can you give the delta between the two?

<Chapell> Just so my first proposal is recorded here -- my text is an iteration of the text provided by Yianna and is not intended to impact a first parties use of data within the first party context. That said, use of data ouside of first party context (as outlined in the 1st parties PP) is tracking and subject to third party rules.

<efelten> Would like to hear justification for the specific text that is being proposed.

WileyS: The industry proposal was intending to be crisper on language; allows for "yellow" zone for data that's still within DNT scope but that allows permitetd uses that couldn't be used in the "raw" state; allows for aggregate scoring, which will be addressed in non-normative text.

<moneill2> agegate scoring == profiling

… Justin also noted some other points — eliminating Peter's language on use of unique IDs.

<rvaneijk> R-Y-G is a good thing, narrow scopint definition of tracking is a concern, out of scope of aggregate scoring is a concern

peterswire: There's a red/yellow/green branch of how things work and an aggregate scoring branch, which could be done before data gets to yellow.

<efelten> "Aggregate scoring" means recording information about the user that is linkable to the user?

<rvaneijk> one would need an opt-out cookie to stop the OBA

<Chapell> My second proposal - a.k.a. no UA tracking without consent -- has been discussed via the list in a productive manner and I hope we'll reach consensus shortly. Neither proposal is essential to the question before the group today re: June Draft vs DAA Proposal.

WileyS: Sequencing could be parallel or sequential - we don't address that - but the concept peterswire describes is correct.

<laurengelman> isn't aggregate scoring linking unique IDs to characteristics?

johnsimpson: We keep talking about red/yellow/green, but those terms aren't described except in Shane's slides.

<justin> Shane's slides are dicta.

<rvaneijk> John, it is not a permitted use....!!!!!

WileyS: That would be non-normative. We've been focusing on normative text, and in normative text we said that to use raw data for a permitted use it would have to be "necessary."

<rvaneijk> it is going to be part of non-rmatieve text to the definition of NOT TRACKING

<rigo> please talk about "yellow" because it is not de-identified

<rvaneijk> ... which is a concern to me

<justin> Yes, aggregate scoring would allow tying behavioral (and other) characteristics to a unique ID.

… In non-normative text, we would specify that "yellow" is the preferred place for certain permitted uses.

… The process we're following now is around normative text only so we haven't written it into the draft.

<laurengelman> so how can that be a permitted use?

<WileyS> Rob - yes, industry has invested a considerable amount of time and energy on OBA opt-outs and the AdChoices program

<npdoty> but the normative text doesn't indicate that red text isn't allowed for any of the permitted uses

peterswire: If the DAA proposal becomes the base text, I heard Shane to say that there would be additional text on this.

WileyS: Correct.

<tlr> did we have other de-id questions listed in the wiki that we skipped over?

<efelten> yes

jmayer: One option would be to include a link to Shane's presentation in non-normative text.

<npdoty> efelten, did johnsimpson's question get to your de-id questions?

… Could also describe aggregate scoring as a permitted use.

<efelten> No, I still don't understand the different between the DAA's "de-id" versus "de-linked" text.

peterswire: Could DAA address jmayer's first proposal?

<tlr> ed, queue up? This sounds like a good opportunity for that question.

<WileyS> I would want to turn them into text since they're slides - would be easier to link to as non-normative text.

<npdoty> I would suggest we link to it as an external reference rather dropping the entire slides into an appendix

Mike_Zaneis: I think this was raised last week. We're happy to consider this and will take it back.

<Chapell> Conceptually, I like Jonathan's idea. However, I think that the text offered should probably edited for clarity

<WileyS> Agree with Alan

WileyS: Because these were slides and were meant for a presentation format, we should probably just turn them into text to make a more natural linking. Then, when the time is right, we could do a cut-and-paste.

peterswire: Shane's slides are already in the public record, and they reflect a lot of work that Shane and the group have done. So I think the expectation is that that is the direction of non-normative text, if we use the DAA text as base, though there might be some adjustments.

<Chris_IAB> Aggregate scoreing is ONE oba method, not THE oba method. I think while we include that oba is permitted, we should not just include one method.

<jmayer> My two proposals: 1) Link to Shane's slides as a non-normative implementation of the "de-identified" and "unlinked" language. 2) For clarity and transparency, we should make "Aggregate Scoring" (i.e. behavioral advertising) a "Permitted Use," just like frequency capping etc.

<laurengelman> i think that if you tell a company that aggregate scoring is a permitted use (or out-of scope) under DNT:1 they wil think this is crazy.

… Regarding adding aggregate scoring to the normative text, does DAA have a view?

<Chris_IAB> I just included something in IRC on this

<johnsimpson> Does the June Draft allow the approach outlined in shane's slides? If not, how not?

<jmayer> To be clear, I'm suggesting simple copy + pastes here, not any block of new text.

<npdoty> jmayer, does it need to be a Permitted Use? I think the suggestion was that that would be part of the "browsing activity"/"tracking" definition

<efelten> Other examples, please.

<justin> Retargeting.

<jmayer> npdoty, then why is frequency capping a permitted use?

<efelten> I do not understand what the scope of "tracking" is in the DAA proposal.

<laurengelman> what is tracking?

<sidstamm> my regrets, I have to drop off briefly to move (severe weather alert where I am) I will try to dial back in shortly.

<rvaneijk> Under the definition of Shane, Re-targeting is not tracking.

WileyS: There are many examples of not-tracking, not just aggregate scoring. We wanted to bring this to the center of the conversation because we knew people would want to talk about it, and the goal was always to raise this in non-normative text. But I don't want it to be the ONLY example of not-tracking in the normative text, since that doesn't make sense.

<efelten> Shane just said there are many examples of activity info that is not tracking, but we don't know what they are.

<npdoty> jmayer, because implementing frequency capping would require "tracking" as defined (keeping URLs to remember how often an ad is shown in a particular place)

<efelten> And we know the current text doesn't match the drafter's intentions.

<jmayer> npdoty, what about frequency capping that's just based on an ad and not domain or URL?

<npdoty> ... where Shane suggests that aggregate-scoring-style behavioral advertising is not even tracking

<Chris_IAB> efelton, there are multiple methods to do oba; aggregate scoring is one such example

vinay: My first amendment - change the definition of service provider - might be orthogonal.

<jmayer> npdoty, that has, in fact, always been the canonical example for frequency capping.

peterswire: Agree - we should table this.

<efelten> Chris_IAB, my question is not about what is OBA, it is about what is "tracking" under the DAA's proposed definition.

<amyc> agree that there are definitional amendments that were offered to June draft that would also apply to DAA draft, especially verbs

vinay: Amendment 2 — I'm not going to speak to the substance of de-identified data, but in reading the text it looks like some of the terminology is inconsistent across the document.

<justin> I believe the intent of the draft is that retaining/using *anything* that's not a specific domain or url is not tracking and therefore out of scope.

<npdoty> jmayer, there might be some (many?) cases where a use listed in permitted uses could be accomplished without "tracking" as defined (like some types of anti-fraud), but that permitted uses are listed where a use would be allowed even when it required tracking

<Chris_IAB> efelton, tracking is not 1-1 with oba, per our definition.

… Example — in subclause 2, the draft uses the term "non-affiliates," where I think in fact it should say "third parties."

<efelten> Justin, I think Shane said otherwise on email this morning.

… The phrase also ends with "entity" but I think it means "original party."

<WileyS> Ed - perhaps "many" was a bit of an overstatement. I can think of ways to collect and use information that would be deemed "not tracking" - such as Aggregate Scoring, de-identification + de-linking, are the core two.

<efelten> Chris_IAB, I agree that tracking does not equal OBA.

… And in the fourth subclause, I think "this data publicly" means "raw data" or "pre-delinked data."

<Chris_IAB> what's the question again?

peterswire: These are editorial changes and subject to polishing later. It would be helpful if DAA could respond on the list to Vinay's questions under Amendment 2.

<rigo> so DAA is suggesting that DNT:1 can't opt out, only adchoices: http://www.w3.org/mid/DCCF036E573F0142BD90964789F720E3140EAA91@GQ1-MB01-02.y.corp.yahoo.com

vinay: Amendment 3 — "internally linked" is a new term. I've tried new language to capture the same point as the proposal.

<efelten> I would also like to know what "internally linked" means.

<jmayer> npdoty, that's certainly not the way the conversation has gone before, and at any rate, it wouldn't be at all clear to a reader.

peterswire: If we go down the DAA path, this seems like something that the group could take up as editorial work.

<rvaneijk> Rigo, yes, do not profile = ad choices

<Chris_IAB> @rigo, DNT:1 = do not track, per our definition of tracking previously stated; you could ALSO opt out of OBA via adchoices

<WileyS> Ed, internally linked means activity that can be linked within itself (internal) but is not linked to a specific, actual user/device (Yellow Zone).

susanisrael: My amendments, like Vinay's, were editorial.

… To avoid some debate about what some terms mean elsewhere, I suggested that we say we're defining terms only for purpose of this spec.

<efelten> What is "itself"?

… I also attempted to state the de-identification definition in a way that helped me understand it. I didn't intend to change the substance.

<WileyS> Ed, within the de-identified data set

… But I think we're really saying that the yellow/de-identified state can rely on operational+technical controls.

… This also doesn't affect the choice of draft.

<efelten> But the text refers to "internally linked to a specific user computer or device".

<efelten> That doesn't make sense if "internally linked" implied it can't be linked to a user or device.

<npdoty> jmayer, I thought permitted uses had always been: you can do what is prohibited above, which is defined there

rvaneijk: Clarifying question. It looks like we are going to have two systems — a de-identification process and an AdChoices system based on opt-out cookies.

… If we end up with two systems, will one trump the other?

… Or do they co-exist?

<WileyS> Rob - co-exist

<Chris_IAB> they will co-exist Rob

<jmayer> npdoy, yes... and what had been prohibited above was drafted broadly, so that permitted uses had to be very clear. This approach is orthogonal, and frontloads permitted uses into the definition of "tracking."

Mike_Zaneis: We've tried to address this. They are two different standards, two programs, and two distinct consumer choices. We would honor them independently and neither would trump the other.

<rigo> Activate the profiling opt-out (available via industry opt-out pages, AdChoices icon, Chrome "Keep My Opt-Outs", industry persistency tools, TACO, etc.).

rvaneijk: Is the DAA opt-out a collection limitation?

<WileyS> Rob, the DAA opt-out would halt aggregate scoring

<johnsimpson> How would those two systems differ?

Mike_Zaneis: DAA has a whole set of principles around what would be honored, and the goal of this discussion is to develop new principles for DNT.

rvaneijk: Would it stop aggregated scoring?

Mike_Zaneis: Yes.

<WileyS> John - this was answered to you via the public email list

<tlr> http://lists.w3.org/Archives/Public/public-tracking/2013Jun/0513.html

<tlr> http://lists.w3.org/Archives/Public/public-tracking/2013Jul/0079.html

Thomas: I wanted to go back to de-identification — questions from efelten and johnsimpson.

<rigo> so we need a permitted use to ignore DNT and make only adchoice work? http://www.w3.org/mid/DCCF036E573F0142BD90964789F720E3140EAC4E@GQ1-MB01-02.y.corp.yahoo.com

<efelten> I don't have an easy way to talk, but I can type on IRC

<peterswire> please type away, and thomas will also read the question

Thomas: Ed's question was about the difference between "deidentified" and "delinked."

<laurengelman> If two locations are linked to one another-- my home address and work address-- they can be linked to an actual user (me) without any personal information.

<efelten> Please answer with respect to the proposed text.

<Chris_IAB> WileyS, can you take this one?

<WileyS> +q

<Lmastria_DAA> @rvaneijk...DNT (headers signals) and AdChoices would be complementary

<efelten> Either version is okay.

<efelten> Changes from version to version are orthogonal.

WileyS: The most recent draft has two definitions — "data is deidentified when a party…" and "data is delinked when a party...."

<efelten> "De-linked" means "de-identified" plus something. What is the something?

… [reads efelten's question]

<vincent> Lmastria_DAA, could AdChoices Opt-out include an OOB consent to tracking?

<rigo> Lmastria_DAA: they aren't as Shane suggests that a DNT signal is ignored via a permitted use and opt-out would only be possible with adchoices. See the cited link above. This is not parallel...

<efelten> Please answer with respect to the proposed text.

… We need more non-normative text here. In the presentations that rvaneijk and I gave about the three states, we gave examples where when an organization moves from yellow to green, it may be transformed across a given timeset.

… If the move from deidentified to delinked occurs on an hourly basis, the resulting records may be internally linkable within that short timeframe.

<rvaneijk> Shane, data retention may be your golden key

… In this case the data is deemed to be "delinked" as long as data can't be linked across those time boundaries.

<jmayer> +q

<efelten> What is the difference between de-identified and de-linked?

… The question here is about the cycle of delinking.

<efelten> With reference to the text you proposed.

<efelten> I'm not asking about your intention. I

<efelten> I'm asking about your text.

<jmayer> If data "cannot be linked across time boundaries," then mustn't it not be linkable to a particular user?

tlr: Looking at the text, I think efelten is trying to ask what impact the "level of justified confidence" has.

<efelten> There's nothing in the text about operational or administrative controls.

<rvaneijk> Shane, please give up the term de-identified and use Yellow [friendly ammendment]

WileyS: The key difference is that organizations won't reidentify information or allow entities that receive the data to reidentify. This is the concept of operational/administrative controls. Then the next category is the situation in which the organization no longer has the need for operational/administrative controls.

<efelten> This isn't in the text.

<efelten> Where?

<efelten> Operational and administrative controls are in the text where?

… I read this directly from the text.

<tlr> Data is delinked when a party:

<tlr> 1. has achieved a reasonable level of justified confidence that data has been de-identified and cannot be

<WileyS> Ed - In delinked

<tlr> internally linked to a specific user, computer, or other device within a reasonable timeframe;

<tlr> 2. has taken reasonable steps to ensure that data cannot be reverse engineered back to identifiable data

<tlr> without the need for operational or administrative controls.

<tlr> http://lists.w3.org/Archives/Public/public-tracking/2013Jun/att-0466/NAI-DAA-DMA_June_26_draft_compared_to_June_22_Tracking_Compliance_and_Scope_copy.pdf

<sidstamm> this is in the redline doc

tlr: johnsimpson had a parallel question, which may have been answered by the discussion we just had.

<Chris_IAB> 4-min left on today's call?

<tlr> chris, we've reserved the bridge to go up to 2h

<Chris_IAB> ok, thanks @tlr

jmayer: Deidentified is defined as breaking the connection between identifiers, and delinking is defined as breaking the connection to an identity.

<WileyS> Jonathan - are you reading from the current draft? http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Data_Hygiene_Tracking_of_URL_Data

… If you can connect something to a user's identity, can't you also reconnect identifiers?

<johnsimpson> Apologies, unlikely to be able stay on much past 1:30 ET (10:30 PT)

… Should there be definitions along the lines of what Shane just described instead?

peterswire: Looking at the DAA draft, I don't see the concept you're describing.

jmayer: [reads from definitions from text]

… I think the text is getting at the idea that deidentification is about breaking the link between unique IDs, and delinking is about removing identifiability in terms of the data set itself.

<WileyS> De-identified is about breaking the link with real users/devices. De-linking is about breaking the link between specific events as well.

<johnsimpson> Shane, can you please explain how your de-ident definition differs from the June draft and the significance of the differences. In other words in what ways would a data set considered as de-identified by your definition not count as de-identified by the definition in the June draft?

… Looking at the text, the definition of "deidentified" may not map to that intent, since the text. The definition assumes that in the deidentified state it could be reassociated or reidentified.

peterswire: I think I heard that "delinked" includes the language about reverse engineering — technical measures have been taken so that, within an organization, they take reasonable steps to ensure that reverse engineering cannot be done. This technical step is not required for deidentified.

<efelten> Does "de-identified" require any technical measures?

<WileyS> John - 3rd time - the industry proposal introduces the concept of a middle-state (Yellow) by breaking apart the definitions of de-identification and de-linking.

<WileyS> Ed - yes

<jmayer> So we're supposed to infer by negative implication that "deidentification" doesn't require technical steps?

<rigo> efelten, do you mean beyond changing UIDs by other UIDs?

<efelten> I don't see why it would require even that, as explained by Shane.

WileyS: In the slide deck, we described that there are technical measures that are taken even in the deidentified state.

… In the delinked state, you take a PURELY technical final step, so that you're no longer relying on operational/administrative controls to ensure that reidentification doesn't occur.

<WileyS> Technical + Operational + Administrative = De-Identified

jmayer: I understand Shane's proposal but am confused about the text.

<susanisrael> jmayer: perhaps my friendly amendment will help

<dan_auerbach> I think we need a LOT more clarification around "yellow" -- apologies that i couldn't speak up or be on IRC earlier

<justin> Agree that it doesn't map to the text. But that's been a point of dispute for a long time.

<dan_auerbach> but i'll follow up over email

<efelten> What is the minimum requirement for technical measures required by de-identified? If any.

<npdoty> jmayer, because Shane has maintained that (as would be described in non-normative text), "cannot reasonably be re-associated" could be accomplished through administrative controls in part

<johnsimpson> agree with Jonathan. don't see how text implements red yellow green

peterswire: Sounds like there is some normal polishing/editing process that should happen here, plus the possibility of non-normative language to add clarity.

… Now move to the procedural part of our discussion.

<jmayer> In particular: If we define "deidentified" as breaking link between IDs, then Shane's proposal doesn't satisfy the definition. If we define "deidentified" in the stronger terms of the present proposal, Shane's proposal doesn't satisfy the definition.

<jmayer> +q

<npdoty> https://www.w3.org/2002/09/wbs/49311/datahygiene/

<susanisrael> I did not have an opportunity to discuss my proposed friendly amendment with shane, as he was on vacation, but perhaps my proposed friendly amendment re: "de-identified" helps with the language.

… The call for objections/comments link is live on the W3C website. The core of the question for Friday is which base text to use.

<laurengelman> I also think it is a problem that it's limited to "cannot be **internally** linked " n the first clause

… The call for objections lists the basic issues about which we are seeking a decision. There would be subsequent polishing and other issues that we've decided today or before we're orthogonal that would be addressed later under either path.

<efelten> And it's not clear what "internally linked" means in practice. Internal to what? A company's entire data vault? A particular user's record?

… What I've said before is that we need an affirmative decision by the group about whether to continue after July, and the way to do that is to have input on this fork in the road.

… All of the comments will be part of the record that the chairs will consider.

<johnsimpson> Where is the link?

<npdoty> https://www.w3.org/2002/09/wbs/49311/datahygiene/

jmayer: What sorts of amendments would be permitted after the fact to either of these base texts?

<rvaneijk> issues 215, 5,16,188,199

<jmayer> A perfecting amendment is not a friendly amendment.

peterswire: We've identified a specific package of issues in the June draft — four issues. For those, after this process we would accept only perfecting or friendly amendments.

<efelten> For the record, the final DAA text was submitted nine minutes before the deadline for submitting amendments to it.

… We have a lot of notice about what the substance is, and we would have to address in each case whether a particular amendment is in order.

<justin> If a perfecting amendment is not a friendly amendment, then does perfecting have any meaning? :)

npdoty: We would be closing ISSUE-215 and still need to go through other issues we have on the Compliance June product.

<rvaneijk> the definition of tracking is apparently not open for amendments ASAIK

peterswire: We'll be avidly reading the list and looking for comments by Friday at 5 pm PT.

<johnsimpson> Will the link to objections be on WG web page?

<WileyS> John - its already there

jmayer: We've had discussions about whether the DAA text is consistent with the drafters' intent.

<WileyS> John - click on the Decision Policy link in the left rail

… It's difficult to know how to write an informed opinion if we don't know what the text means.

… Presumably some proposed amendments will clarify what this means.

<johnsimpson> Shane, sorry don't see it...

peterswire: We've now talked through these issues for more than three hours with the people involved in writing the text, as well as a lot of emails. I believe that this group has a developed sense of what the two paths are, and we are asking for your comments.

<Chris_IAB> can you please post the link again?

… You can observe where it is vague or doesn't give enough information on whether we can come to a decision.

<npdoty> https://www.w3.org/2002/09/wbs/49311/datahygiene/

<jmayer> So the only firm point of procedure is that having made this decision, we will close the ISSUE on making this decision?

… But the goal of this week is to close ISSUE-215, and we have given you notice of the specific issues that will be considered.

<Chris_IAB> npdoty, user name and password required?

<npdoty> to answer the questionnaire, yes

<johnsimpson> Don't see how can decide on text that doesn't reflect in ten...

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.138 (CVS log)
$Date: 2013-07-10 17:39:28 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/[speaker?]/hober/
Succeeded: s/my amendment/the DAA proposal/
Succeeded: s/ISSUE-213/ISSUE-215/
Found ScribeNick: susanisrael
Found ScribeNick: susanisrael
WARNING: No scribe lines found matching ScribeNick pattern: <susanisrael> ...
Found ScribeNick: robsherman
WARNING: No scribe lines found matching ScribeNick pattern: <robsherman> ...
Found ScribeNick: susanisrael
Found ScribeNick: robsherman
Found ScribeNick: susan
WARNING: No scribe lines found matching ScribeNick pattern: <susan> ...
Found ScribeNick: robsherman
Found ScribeNick: robsherman
Inferring Scribes: susanisrael, robsherman, susan
Scribes: susanisrael, robsherman, susan
ScribeNicks: susanisrael, robsherman, susan

WARNING: No "Topic:" lines found.

Default Present: npdoty, rvaneijk, Thomas, +1.917.934.aaaa, +1.650.365.aabb, +1.202.494.aacc, susanisrael, ChrisMejia, jchester, WaltMichel, JeffWilson, +1.202.639.aadd, +1.646.827.aaee, efelten, +1.303.492.aaff, mecallahan, paulohm, David_MacMillan, [CDT], +1.650.595.aagg, johnsimpson, +1.813.732.aahh, +1.202.331.aaii, +1.202.345.aajj, Yianni, +1.916.212.aakk, AlisonSwift, brian_huseman, Craig_Spiezle, +1.408.836.aall, hober, Amy_Colando, Joanne, moneill2, vinay, +1.203.563.aamm, dwainberg, ChrisPedigoOPA, Brooks, ronan, Peder_Magee, eberkower, kulick, +49.431.98.aann, BerinSzoka, Jules_Polonetsky, +1.202.370.aaoo, robsherman, billscan, Wendy, ninjamarnau, laurengelman, +1.202.344.aapp, [Microsoft], adrianba, MikeZ, +1.646.666.aaqq, [FTC], WileyS, +1.650.605.aarr, sidstamm, Jonathan_Mayer, Chapell, Dan_Auerbach, Aleecia, [IPcaller], Rigo
Present: npdoty rvaneijk Thomas +1.917.934.aaaa +1.650.365.aabb +1.202.494.aacc susanisrael ChrisMejia jchester WaltMichel JeffWilson +1.202.639.aadd +1.646.827.aaee efelten +1.303.492.aaff mecallahan paulohm David_MacMillan [CDT] +1.650.595.aagg johnsimpson +1.813.732.aahh +1.202.331.aaii +1.202.345.aajj Yianni +1.916.212.aakk AlisonSwift brian_huseman Craig_Spiezle +1.408.836.aall hober Amy_Colando Joanne moneill2 vinay +1.203.563.aamm dwainberg ChrisPedigoOPA Brooks ronan Peder_Magee eberkower kulick +49.431.98.aann BerinSzoka Jules_Polonetsky +1.202.370.aaoo robsherman billscan Wendy ninjamarnau laurengelman +1.202.344.aapp [Microsoft] adrianba MikeZ +1.646.666.aaqq [FTC] WileyS +1.650.605.aarr sidstamm Jonathan_Mayer Chapell Dan_Auerbach Aleecia [IPcaller] Rigo
Found Date: 10 Jul 2013
Guessing minutes URL: http://www.w3.org/2013/07/10-dnt-minutes.html
People with action items: 

WARNING: No "Topic: ..." lines found!  
Resulting HTML may have an empty (invalid) <ol>...</ol>.

Explanation: "Topic: ..." lines are used to indicate the start of 
new discussion topics or agenda items, such as:
<dbooth> Topic: Review of Amy's report


[End of scribe.perl diagnostic output]