- From: John Simpson <john@consumerwatchdog.org>
- Date: Tue, 16 Jul 2013 17:58:45 -0700
- To: Lee Tien <tien@eff.org>
- Cc: Nicholas Doty <npdoty@w3.org>, "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
On Jul 16, 2013, at 4:50 PM, Lee Tien <tien@eff.org> wrote: Lee's approach makes sense and is worth discussing. > I'm simple-minded, click-fraud seems different from security in the sense of someone trying to crack into a system or computer. > > And it appears that companies do different things for the different threats, e.g. they might retain data longer for security than for click-fraud, or retain different data. > > So the point of using two rules is to ensure proper scoping. Each permitted use requires its own justification and its own minimization/retention rule. A bit like NSA/FISA rules that blur national security and law enforcement purposes, need to maintain the wall. > > Thanks, > Lee > > On Jul 16, 2013, at 4:01 PM, Nicholas Doty wrote: > >> Hi Lee, >> >> I understand the key distinction in your change proposal on security/fraud to be the limiting condition of "reasonable grounds to believe the user or user agent is presently attempting to [commit fraud/breach security]". I believe that has been often discussed in the Working Group and we likely understand what it entails. >> >> But you also proposed separating this into two separate permitted uses, even though the language is roughly identical between the two. Is this an editorial suggestion or is that a key substantive consideration for this proposal? Could you briefly explain your motivations there? >> >> Thanks, >> Nick >> >> Re: http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Security#Separate_Fraud_and_Security_Permitted_Uses > >
Received on Wednesday, 17 July 2013 00:59:16 UTC