15:36:06 RRSAgent has joined #dnt 15:36:06 logging to http://www.w3.org/2014/05/14-dnt-irc 15:36:08 RRSAgent, make logs world 15:36:11 Zakim, this will be TRACK 15:36:11 ok, trackbot; I see T&S_Track(dnt)12:00PM scheduled to start in 24 minutes 15:36:11 Meeting: Tracking Protection Working Group Teleconference 15:36:12 Date: 14 May 2014 15:36:36 regrets: dsinger, johnsimpson 15:47:57 jeff has joined #dnt 15:52:37 fielding has joined #dnt 15:53:58 npdoty has joined #dnt 15:55:08 regrets+ johnsimpson 15:55:13 Chris has joined #dnt 15:55:29 T&S_Track(dnt)12:00PM has now started 15:55:36 +[IPcaller] 15:55:40 zakim, ipcaller is me 15:55:40 +walter; got it 15:55:47 zakim, call ninja-office 15:55:47 ok, ninja; the call is being made 15:55:49 +Ninja 15:56:03 +Chris_IAB 15:56:36 +Fielding 15:57:42 Alan has joined #dnt 15:58:03 +Wendy 15:58:13 +Jeff 15:58:15 +npdoty 15:58:28 Chris_IAB is really Alan 15:58:40 Someone needs to find the mute button 15:58:44 or may have found it now 15:59:27 regrets+ kulick 15:59:29 + +31.65.275.aaaa 15:59:34 +Peder_Magee 15:59:39 zakim, Chris_IAB is really Alan 15:59:41 +Alan; got it 15:59:49 +Carl_Cargill 15:59:51 +MECallahan 16:00:09 mecallahan has joined #dnT 16:00:11 magee has joined #dnt 16:00:14 that's NL 16:00:25 + +1.323.253.aabb 16:00:29 justin has joined #dnt 16:00:33 zakim, aaaa is robvaneijk 16:00:33 +robvaneijk; got it 16:01:13 +Susan_Israel 16:01:16 Zakim, aabb is Ari 16:01:16 +Ari; got it 16:01:27 susanisrael has joined #dnt 16:01:38 +Chris_Pedigo 16:02:00 eberkower has joined #dnt 16:02:00 regrets+ JackHobaugh 16:02:07 ChrisPedigoOPA has joined #dnt 16:02:22 +??P21 16:02:30 moneill2 has joined #dnt 16:02:34 WileyS has joined #dnt 16:02:43 +eberkower 16:02:45 Chris Mejia just joined the call 16:02:58 Zakim, mute me, please 16:02:58 eberkower should now be muted 16:03:04 +hefferjr 16:03:24 +[IPcaller] 16:03:26 +[CDT] 16:03:32 zakim, cdt has me 16:03:32 +justin; got it 16:03:38 zakim, [IPCaller] is me 16:03:38 +moneill2; got it 16:03:38 zakim, who is on the phone? 16:03:39 On the phone I see walter, Ninja, Alan, Fielding, Wendy, Jeff, npdoty, robvaneijk, Peder_Magee, Carl_Cargill, MECallahan, Ari, Susan_Israel, Chris_Pedigo, ??P21, eberkower (muted), 16:03:39 ... hefferjr, moneill2, [CDT] 16:03:39 [CDT] has justin 16:03:59 Zakim, please choose a scribe 16:03:59 Not knowing who is chairing or who scribed recently, I propose Ninja 16:04:00 zakim, ??P21 is Chris Mejia 16:04:00 I don't understand '??P21 is Chris Mejia', ninja 16:04:16 Zakim, please choose a scribe 16:04:16 Not knowing who is chairing or who scribed recently, I propose Jeff 16:04:23 sidstamm has joined #dnt 16:04:32 vincent has joined #dnt 16:04:33 Zakim, is this Jeff chester or jeff jaffe? 16:04:33 I don't understand your question, jeff. 16:04:36 kj has joined #dnt 16:04:46 OK, I guess its me. 16:04:51 zakim, ??p21 is Chris_Mejia 16:04:51 +Chris_Mejia; got it 16:05:10 +WileyS 16:05:11 Alan Turransky 16:05:18 scribenick: jeff 16:05:25 Hello everyone! 16:05:46 Alan: welcome aboard 16:05:46 Hello and welcome Alan 16:05:48 Ninja: Welcome to Alan Turransky from IAB, and Chris Mejia as an Invited Expert. 16:05:50 https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Disregarding 16:05:55 Justin: Disregard signal 16:05:56 +vincent 16:05:56 zakim, take up agendum 1 16:05:56 agendum 1. "Disregard signal, ISSUE-207" taken up [from ninja] 16:06:03 + +aacc 16:06:08 Zakim, aacc is Mozilla 16:06:09 +Mozilla; got it 16:06:16 Zakim, Mozilla has me 16:06:16 +sidstamm; got it 16:06:30 ... one word away from consensus 16:06:39 ... Nick provided Proposal 2 in wiki 16:06:46 ... addresses Roy's concerns 16:07:27 schunter has joined #dnt 16:07:27 Justin reads -- > https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Disregarding#Proposal_2:_Proposed_revision_from_Nick 16:08:03 Justin: Nick's proposal captures Roy and Mike's issue 16:08:14 ... discussion on mailing group 16:08:23 ... use of word "unambiguous" 16:08:23 q+, I still don't think "MUST be clear" is a testable requirement 16:08:27 Support Nick's proposal - no need for the addition of "unambigious" as suggested by Rob and Mike 16:08:30 ... may be non-normative 16:08:34 q? 16:08:43 q+ to say I still don't think "MUST be clear" is a testable requirement 16:08:44 ... concerns about Nick's language? (other than unambiguous) 16:08:54 yes I am OK with non-normative bit 16:08:54 ack fielding 16:08:54 fielding, you wanted to say I still don't think "MUST be clear" is a testable requirement 16:09:20 Roy: We should be clear in a privacy policy. But, I don't think MUST be clear is testable. 16:09:23 q+ 16:09:40 ... so why would it be a protocol/compliance requirement. 16:09:47 ... use non-normative text 16:10:05 Justin: TPE states must say was signal is disregarded 16:10:11 ... can test if language is there 16:10:21 ... not if it is sufficient 16:10:26 +Brooks 16:10:27 +??P35 16:10:36 ... so you are saying existing language + non-normative text 16:10:39 Brooks has joined #dnt 16:10:41 Roy: Yes. 16:11:01 ... conceptually OK with Nick's points as non-normative 16:11:24 ... Within W3C, "MUSTs" should be testable. 16:11:28 WMichel has joined #DNT 16:11:35 +WaltMichel 16:11:42 Justin: How do we convey "ought"? 16:11:50 +q 16:11:53 Zakim, ??P1 is schunter 16:11:53 Zakim, ??P35 is schunter 16:11:54 I already had ??P1 as Shawn_Henry, schunter 16:11:54 +schunter; got it 16:12:00 matt has joined #dnt 16:12:06 +MattHayes 16:12:21 Roy: "Ought" means MUST to people, but does not require a test suite 16:12:36 ... different groups handle differently. 16:12:40 Justin: Reasonable. 16:12:40 q? 16:12:44 ack walter 16:12:54 justin, instead of "ought" could it say that being clear will be "helpful"? 16:12:58 Walter: Technical validations don't apply to compliance 16:13:10 ... regulator will ask how it applies in court of law 16:13:21 ... compliance is non technical 16:13:34 ... "Ought" in non-normative language is normative 16:13:47 ack mo 16:13:56 Mike: Unambiguous is important 16:14:03 ... it is open-ended for server 16:14:09 ... no list of tokens 16:14:25 jeff: Actually, in many jurisdictions a regulator will be willing to give an opinion before going to court 16:14:27 ... hence unambiguous clarifies need specific reason 16:14:32 I don't think "testable in a court of law" is a level we should be aiming for; courts can test anything, whether it is attached to a MUST or ought. 16:14:33 Please explain the difference between clear and unambigious in that context? 16:14:38 +1 16:14:54 was there an example that would be clear but also ambiguous? 16:14:59 vauge does not equal clear 16:15:01 fielding: it goes with the territory of compliance specs 16:15:27 jeff: "in many jurisdictions a regulator will be willing to give an opinion on whether something is ambiguous or not" 16:15:36 Mike: Something can be clear in English, but vague in terms of true meaning 16:15:40 s/vauge/vague/ 16:15:48 Example of ambiguous: 'You're request has been ignored because your user agent is compliant or beacause we believe we have an OOBC" 16:16:01 not compliant 16:16:23 Justin: Are you open to an amendment: give reasons without requiring clarity 16:16:29 ... put in non-normative 16:16:37 q? 16:16:44 ... or do you agree you need normative language 16:16:49 colsen has joined #dnt 16:16:50 s/Are/Nick, are/ 16:16:52 vincent, that example does not apply; "C" is for OOBC. 16:16:56 Nick: I'm flexible. 16:17:12 adrianba has joined #dnt 16:17:22 Justin: Examples where there are requirements on clear statements (other specs)? 16:17:26 +[FTC] 16:17:31 Nick: Geolocation. Collecting location data. 16:17:41 fielding, I agree but I'm thinking of a case where there could be two reasons for rejecting the signal one of them being lack of compliance 16:17:46 Justin: Roy do you feel strongly? Everyone else is mostly on board. 16:17:56 ... will this roil the standards community? 16:18:02 +[Microsoft] 16:18:03 from Geo: http://www.w3.org/TR/geolocation-API/#privacy_for_recipients refers to "must clearly and conspicuously disclose" 16:18:06 zakim, [Microsoft] is me 16:18:06 +adrianba; got it 16:18:09 Roy: I can't implement it. 16:18:19 After hearing Roy's arguments, I'm now more on the side of not having "MUST be clear" in normative text. Non-normative feels this is a better path here. 16:18:24 ... Is it necessary that compliance be implementable? 16:18:27 ... I don't know 16:18:33 the problem isn't unimplementability, the concern was about testing it 16:18:41 ... geolocation not good example... didn't go through CR process 16:18:48 ... I'm not a process maven 16:18:50 fielding: the problem with non-normative is that it makes it non-binding 16:18:57 ... Maybe W3C Team can make a recommendation 16:18:57 (the documented I cited was a Recommendation, FWIW; even though it's not my favorite section) 16:19:03 Justin: We are very close. 16:19:03 fielding: and a compliance spec that isn't binding is not a compliance spec 16:19:26 ... but how does document convey the meaning. 16:19:31 q+ 16:19:33 ... I'll take it offline with staff 16:19:42 q? 16:19:43 ... Shane says Roy convinced him 16:20:08 Nick: We can decide on text and ask for comments about QA process 16:20:33 Justin: still some dispute. Walter, Rob, and Mike want normative 16:20:35 walter, the reason it has to be non-binding is because clarity is in the eye of the beholder. What is clear to me is not clear at all to others. I have no ability to implement that requirement, and I would love to be clear ALL the time. 16:20:55 Carl: Let's do what Nick said. W3C staff can comment on the QA issue. 16:21:38 fielding: ultimately we're crafting a contract here and that is never done under the same constraints as engineering a protocol specificiation 16:21:41 Carl's suggestion is fine with me. 16:21:42 eh, specification 16:21:50 q+ 16:21:53 q- 16:22:08 ack chris 16:22:09 Justin: OK. Notes that Roy is OK. 16:22:10 fielding: and as much I'm willing to yield to your opinions on the TPE, as little I'm willing to yield to them on this 16:22:17 s/specificiation/specification/ 16:22:28 Chris: Unambiguous is piling on top. Unnecessary. 16:22:35 ... also Roy's concerns. 16:22:41 -robvaneijk 16:22:46 ... how do we define unambiguous? 16:23:03 +robvaneijk 16:23:03 ... frivolous words will make companies less likely to implement 16:23:18 Brooks_ has joined #dnt 16:23:25 Justin: It is not non-implementable; just not testable 16:23:30 ... editorial decision. 16:23:34 ... no CfO 16:23:43 ... let's do what Carl proposed 16:23:48 q? 16:23:56 I don't think it is an editorial decision 16:24:03 rrsagent, make minutes 16:24:03 I have made the request to generate http://www.w3.org/2014/05/14-dnt-minutes.html jeff 16:24:24 Topic: UA compliance 16:24:24 zakim, take up agendum 2 16:24:24 agendum 2. "User agent compliance, ISSUE-205" taken up [from ninja] 16:24:31 https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_User_Agent_Compliance 16:24:35 Justin: Not a lot of discussion yet. 16:24:47 ... two ways to go (unless someone has a third) 16:24:53 action: doty to add updated 207/disregard text, with QA review to follo 16:24:53 Created ACTION-448 - Add updated 207/disregard text, with qa review to follo [on Nick Doty - due 2014-05-21]. 16:24:56 ... Peter + W3C staff have language 16:25:06 ... somewhat descriptive (what needs to be presented) 16:25:21 ... less prescriptive 16:25:29 adrianba has joined #dnt 16:25:33 ... Option 2: Not have anything in TCS about UA compliance 16:25:41 ... done in TPE (section 3) 16:26:00 ... remove section 16:26:13 ... haven't heard from Alan Chappel 16:26:31 ... Jack has proposed language 16:26:48 q+ 16:26:51 ... TCS relies on signals sent by UA in TPE 16:26:53 -Susan_Israel 16:26:57 ack walter 16:27:21 Walter: UA tracking another party should not affect a website tracking a user 16:27:47 Justin: Alan's proposal would not affect 3rd party website 16:28:01 ... would just say that have cloud based browser; also shouldn't track 16:28:14 Walter: I agree that cloud browser shouldn't do that. 16:28:43 ... but if cloud browser goes to Amazon it should not affect tracking 16:28:48 Justin: Not the intent 16:28:53 Walter: That's how I read it. 16:29:17 q? 16:29:24 Justin: Alan will accept a friendly amendment to make that clear 16:29:43 ... any other comments? 16:29:48 ... contentious in the past 16:29:49 (I think there might have been some confusion about the original proposal; as UAs aren't generally recipients of the DNT signal anyway) 16:29:53 ... maybe we are exhausted 16:30:02 ... anyone support current language in draft? 16:30:03 q? 16:30:04 +1 to that 16:30:08 I would rather have no text 16:30:08 I could live with that 16:30:10 +1 16:30:15 but will happily provide a friendly amendment 16:30:21 ... I will take to mailing list. 16:30:22 q+ 16:30:26 great 16:30:28 ack brooks 16:30:50 Brooks: What are the implications of being testable? 16:30:59 ... why not the same as in TPE? 16:31:15 ... if not testable (must do user's concern) how is it valid? 16:31:23 is this related to the current issue? or just a question of interest? 16:31:31 Justin: Good question. Roy? 16:31:42 s/concern/preference/ 16:32:08 q? 16:32:09 Roy: It is testable on the UA 16:32:15 ... that's all that matters 16:32:18 Zakim, who is making noise? 16:32:24 someone calling from Belgium 16:32:26 -MECallahan 16:32:29 -robvaneijk 16:32:31 [phone operator in some language I don't understand] 16:32:34 npdoty, listening for 10 seconds I heard sound from the following: Fielding (33%), [CDT] (13%) 16:32:37 it was Flemish first 16:33:19 ... it is testable, how the user agent sets the signal 16:33:44 Brooks: But that is not related to the actual user preference that we must respond to. 16:34:06 Roy: That is a theoretical, conceptual problem 16:34:19 ... I'm talking about testability at the user 16:34:25 ... 100% testable 16:34:31 (as a philosophy grad, I love getting into epistemology) 16:34:37 npdoty: heh 16:34:37 Brooks: The requirement is that it reflect preference at receiving end 16:34:46 ... must be testable and is not 16:34:47 npdoty: let's do a Plato's cave here 16:34:59 ... says "signal sent" 16:35:21 Roy: It should say "sender"; but "sent" is sufficient. 16:35:28 q? 16:35:28 Justin: Section 4 (TPE) is on the UA 16:35:50 ... could be a Last Call objection or a W3C folks issue 16:36:02 it is actually on the UA and anything acting as the UA (privacy proxies, for example) 16:36:19 Justin: Two more issues 16:36:23 Topic: Geolocation 16:36:25 https://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Geolocation 16:36:40 zakim, take up agendum 3 16:36:40 agendum 3. "Geolocation, ISSUE-202" taken up [from ninja] 16:36:50 ... noone favored keeping Geolocation in there 16:37:04 ... Mike objected 16:37:10 on UA section, justin will follow up on the mailing list regarding possibly closing this issue by removing text / referring to TPE 16:37:18 -schunter 16:37:23 ... because geolocation over time can be identifying 16:37:30 ... Singer suggested non-normative text 16:37:36 is that not already reflected in the definition of tracking? 16:37:47 ... Mike is that OK with you? 16:37:50 Mike: Yes. 16:37:54 scribenick: Ninja 16:37:55 Even postal code is often too fine-grained 16:38:23 q+ 16:38:24 I've seen a PhD thesis that claimed that it was identifying individuals in over 60% of the cases 16:38:33 Mike: Geolocation is used to identify devices and therefore individuals. We should have something somewhere. 16:38:47 maybe not … when recorded by a single context 16:38:52 ack field 16:39:19 justin: I agree. But it is in my view not different from other identifying tracking data. Maybe could be added to definition of tracking? 16:39:19 should I remove the requirement section and add non-normative text to Deidentified section? 16:40:07 fielding: Pure geolocation data would not be considered tracking data under our definition. 16:40:11 q? 16:40:28 justin: Issue is that over time geolocation data could become identifying. 16:40:43 ... I will follow up with an email to the mailing list. 16:40:44 http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Service_Provider 16:40:48 action: doty to remove geolocation req; add non-normative note to de-identified or tracking 16:40:48 Created ACTION-449 - Remove geolocation req; add non-normative note to de-identified or tracking [on Nick Doty - due 2014-05-21]. 16:40:54 zakim, take up agendum 4 16:40:54 agendum 4. "Service Providers, ISSUE-206" taken up [from ninja] 16:40:58 … unless it is collected under multiple contexts, in which case it might be identifying user activity across multiple contexts and therefore tracking 16:41:22 +??P2 16:41:27 justin: reading out the wiki text proposal from Roy and the existing TCS text 16:41:50 I am okay with service provider 16:42:24 fielding: Proposed only very small changes. 16:42:49 ... Minor tweaks to the bullet list. And first paragraph is more precise in our proposal. 16:43:24 Zakim, ??P2 is schunter 16:43:24 +schunter; got it 16:43:41 ... Hope that our proposal is just as legally enforceable as the earlier TCS language. 16:44:36 justin: Another proposal from Dan Auerbach *reads out* 16:45:08 q+ 16:45:17 ack walter 16:45:27 +Susan_Israel 16:45:44 ... Do some participants want to support this proposal? Or take up parts from it? 16:46:08 walter: How does this interact with the same party flag? 16:46:15 http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#rep.same-party 16:46:37 service providers might also use the "controller" property to indicate which first party 16:46:49 fielding: You would not get this information from the service provider but from the first party via the same party resource. 16:46:57 q? 16:47:10 walter: Not really answers my question. Will follow up with an email. 16:47:33 also noted that the change in bullet (4) of our proposal is to allow contracts that are already consistent with the spec but do not use the exact same language 16:47:39 (wants to make sure I'm not missing an action item or something) 16:48:12 justin: On Service Providers, I would like to ask folks to look at the text proposals from Roy and Dan and further discuss the issue. 16:48:28 s/get this information/get the same-party array/ 16:48:40 ... Today was to surface the issue and discussion. Let us know what you think about this issue. 16:48:41 -Peder_Magee 16:48:47 -[CDT] 16:48:48 -walter 16:48:48 -Mozilla 16:48:48 -Susan_Israel 16:48:50 -Alan 16:48:50 -adrianba 16:48:50 -vincent 16:48:51 -WaltMichel 16:48:51 -Chris_Pedigo 16:48:52 -[FTC] 16:48:52 -Chris_Mejia 16:48:53 -npdoty 16:48:53 +robvaneijk 16:48:53 -moneill2 16:48:53 ... Thank you for today. 16:48:55 -Brooks 16:48:56 -Jeff 16:48:57 -Wendy 16:48:58 Adjourned 16:48:59 -eberkower 16:49:00 -Fielding 16:49:08 -Ninja 16:49:09 -Carl_Cargill 16:49:19 -WileyS 16:49:20 Zakim, list attendees 16:49:20 As of this point the attendees have been walter, Ninja, Fielding, Wendy, Jeff, npdoty, +31.65.275.aaaa, Peder_Magee, Alan, Carl_Cargill, MECallahan, +1.323.253.aabb, robvaneijk, 16:49:23 ... Susan_Israel, Ari, Chris_Pedigo, eberkower, hefferjr, justin, moneill2, Chris_Mejia, WileyS, vincent, +aacc, sidstamm, Brooks, WaltMichel, schunter, MattHayes, [FTC], adrianba 16:49:24 -hefferjr 16:49:26 -schunter 16:49:27 -Ari 16:49:29 rrsagent, please draft the minutes 16:49:29 I have made the request to generate http://www.w3.org/2014/05/14-dnt-minutes.html npdoty 16:49:32 -robvaneijk 16:49:35