- From: Lee Tien <tien@eff.org>
- Date: Tue, 16 Jul 2013 16:50:13 -0700
- To: Nicholas Doty <npdoty@w3.org>
- Cc: "public-tracking@w3.org (public-tracking@w3.org)" <public-tracking@w3.org>
I'm simple-minded, click-fraud seems different from security in the sense of someone trying to crack into a system or computer. And it appears that companies do different things for the different threats, e.g. they might retain data longer for security than for click-fraud, or retain different data. So the point of using two rules is to ensure proper scoping. Each permitted use requires its own justification and its own minimization/retention rule. A bit like NSA/FISA rules that blur national security and law enforcement purposes, need to maintain the wall. Thanks, Lee On Jul 16, 2013, at 4:01 PM, Nicholas Doty wrote: > Hi Lee, > > I understand the key distinction in your change proposal on security/fraud to be the limiting condition of "reasonable grounds to believe the user or user agent is presently attempting to [commit fraud/breach security]". I believe that has been often discussed in the Working Group and we likely understand what it entails. > > But you also proposed separating this into two separate permitted uses, even though the language is roughly identical between the two. Is this an editorial suggestion or is that a key substantive consideration for this proposal? Could you briefly explain your motivations there? > > Thanks, > Nick > > Re: http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Security#Separate_Fraud_and_Security_Permitted_Uses
Received on Tuesday, 16 July 2013 23:50:42 UTC