IRC log of w3cdnt on 2011-04-29
Timestamps are in UTC.
- 01:29:25 [lowenthal]
- lowenthal has joined #w3cdnt
- 01:38:52 [rpacker]
- rpacker has joined #w3cdnt
- 02:13:59 [npdoty]
- npdoty has joined #w3cdnt
- 02:23:15 [fjh]
- fjh has joined #w3cdnt
- 02:51:07 [dsinger]
- dsinger has joined #w3cdnt
- 03:13:31 [lowenthal]
- lowenthal has joined #w3cdnt
- 13:11:44 [RRSAgent]
- RRSAgent has joined #w3cdnt
- 13:11:44 [RRSAgent]
- logging to http://www.w3.org/2011/04/29-w3cdnt-irc
- 13:11:58 [karl]
- RRSAgent, make logs public
- 13:12:48 [lowenthal]
- lowenthal has joined #w3cdnt
- 13:12:52 [karl]
- Meeting: Web Tracking and User Privacy Workshop - 29 April 2011
- 13:13:13 [rigo]
- rigo has joined #w3cdnt
- 13:22:05 [jmorris]
- jmorris has joined #w3cdnt
- 13:25:13 [wseltzer]
- Serge: UI is critical, and study of UIs for informed consent.
- 13:25:41 [wseltzer]
- user decision change when shown the low-level detail that will be shared
- 13:27:25 [wseltzer]
- Q: How do we show users both sides of the tradeoff?
- 13:27:49 [wseltzer]
- Ian: and how do we show users the impact of their decisions over time...
- 13:28:31 [wseltzer]
- Serge: avoid browser detritus
- 13:29:18 [wseltzer]
- Nick Doty: flexibility of implementation vs consistency of UI?
- 13:30:44 [wseltzer]
- Ian: Security is often not the user's primary objective. Rather, to pay bills, etc.
- 13:31:14 [tlr]
- tlr has joined #w3cdnt
- 13:31:32 [wseltzer]
- Lorrie: P3P implementers often cut and pasted from the spec, not human-readable
- 13:31:57 [wseltzer]
- ... the WG should spend some time thinking about implementation UI
- 13:33:06 [wseltzer]
- Serge: Since the user is the audience for privacy controls, we need study, to focus on users' response
- 13:34:27 [wseltzer]
- Hannes: Facebook has incremented its privacy options over time, standardization taking years of study doesn't
- 13:36:17 [wseltzer]
- [Can study be concurrent, rather than blocker?]
- 13:37:26 [wseltzer]
- Helen Nissenbaum: get informed consent when you're going to violate user expectations
- 13:37:54 [bryan_sullivan]
- bryan_sullivan has joined #w3cdnt
- 13:38:02 [AndroUser]
- AndroUser has joined #w3cdnt
- 13:39:32 [wseltzer]
- Ian: We can't just stick with initial expectations. How to show them the value ads may provide?
- 13:40:35 [wseltzer]
- XXX MSR: instant preview of difference between view with and w/o tracking - split-screen?
- 13:42:27 [wseltzer]
- Ian: Dynamic equilibrium. Situation will change if ad-block goes from 5% to 95%
- 13:43:54 [wseltzer]
- Andy: UI standards are incredibly difficult [crowd agreement]
- 13:46:44 [wseltzer]
- Jonathan Mayer: align the incentives. e.g. if you start with opt-out, FB has incentive to get the user to opt back in to "Like"
- 13:48:34 [wseltzer]
- Jules: think about the economic context of adoption
- 13:48:44 [npdoty]
- npdoty has joined #w3cdnt
- 13:50:03 [wseltzer]
- Did Jules just compare privacy-concerned individuals to the Tea Party?
- 13:50:52 [tlr]
- tlr has joined #w3cdnt
- 13:52:13 [bryan_sullivan]
- Links to WAC's definition of W3C POWDER extensions in ?WAC 2.0? (http://specs.wacapps.net/2.0/feb2011/), to address developer disclosure of device API and private data usage: ?Privacy Considerations for API Usage? http://specs.wacapps.net/2.0/feb2011/core/widget-security-privacy.html#toc-security-privacy-api, ?Privacy Considerations for Device Property Access
- 13:52:13 [bryan_sullivan]
- http://specs.wacapps.net/2.0/feb2011/core/widget-security-privacy.html#toc-security-privacy-property-groups
- 13:52:43 [fjh]
- fjh has joined #w3cdnt
- 13:54:47 [wseltzer]
- alissa, trying to point rigo your way with the mic
- 13:55:42 [wseltzer]
- crowdsourced mic direction...
- 13:57:58 [tlr]
- tlr has changed the topic to: W3C Workshop on Web Tracking & User Privacy | Car & cab sharing wiki: http://www.w3.org/wiki/PrincetonArrivalsAndDepartures
- 13:59:37 [fjh]
- wikipedia - "Moral hazard occurs when a party insulated from risk behaves differently than it would behave if it were fully exposed to the risk"
- 14:00:06 [npdoty_]
- npdoty_ has joined #w3cdnt
- 14:00:09 [wseltzer]
- Karl: A user know he's gained weight by looking in the mirror. How can we put mirrors into the browser?
- 14:00:29 [fjh]
- in other words, moral hazard is when you don't have the consequences, e.g. make risky investment but are covered in case of loss etc, so I'm not sure I understand how this is applicable to trust seals - a party can still be liaible
- 14:00:31 [dsinger]
- wonders if the comparison with disabling cookies is a red-herring; when I disable cookies\, I do something technical that is not immediately obvious to web sites (though they can test it); web sites that don't test may fail in weird ways, long after I set this. DNT is not like that; it's a request *to the site* and if it has negative consequences they can explain it (and ask permission to over-ride) if needed
- 14:00:39 [fjh]
- s/liaible/liable
- 14:04:52 [rpacker]
- rpacker has joined #w3cdnt
- 14:05:55 [AndroUser2]
- AndroUser2 has joined #w3cdnt
- 14:18:00 [ianp]
- ianp has joined #w3cdnt
- 14:35:35 [ianp]
- ianp has joined #w3cdnt
- 14:37:14 [jmorris]
- jmorris has joined #w3cdnt
- 14:37:57 [rpacker]
- rpacker has joined #w3cdnt
- 14:39:18 [jeff]
- jeff has joined #w3cdnt
- 14:39:59 [npdoty]
- npdoty has joined #w3cdnt
- 14:40:11 [bryan_sullivan]
- bryan_sullivan has joined #w3cdnt
- 14:40:12 [fjh]
- fjh has joined #w3cdnt
- 14:40:16 [adrianba]
- adrianba has joined #w3cdnt
- 14:40:45 [fjh]
- fjh has left #w3cdnt
- 14:42:43 [wseltzer]
- Jules: opt-out rates below 1%; business shouldn't fear a usable opt-out
- 14:43:46 [wseltzer]
- ... distinguish behavioral from measurement, because lots of industry depends on measurement.
- 14:44:31 [wseltzer]
- Kevin Trilli, Truste: "There's not all bads companies we certify"
- 14:45:22 [AndroUser]
- AndroUser has joined #w3cdnt
- 14:46:53 [wseltzer]
- ... Compliance certification. How does an external party know what's happening?
- 14:47:37 [wseltzer]
- ...Additional elements of transparency needed. Audit; show profile to users; map to consumer expectations.
- 14:48:48 [wseltzer]
- ... and companies should be given a chance to get user's trust..
- 14:50:11 [wseltzer]
- Evidon: We're competitors, but here we're working together to build a standard.
- 14:51:59 [wseltzer]
- ... Transactional transparency; relevant information; meaningful choices
- 14:53:47 [wseltzer]
- Gil Resh, DoubleVerify: behavioral targeting can happen at lots of places in the ad chain
- 14:54:02 [vincent]
- vincent has joined #w3cdnt
- 14:54:13 [wseltzer]
- ... risk of inadvertently misleading endusers
- 14:54:54 [wseltzer]
- [Really? then networks should audit clients and statements more carefully]
- 14:56:49 [wseltzer]
- Gil: opt-out generally intends to leave all behavioral advertising, not per-network
- 14:57:17 [wseltzer]
- Jonathan Mayer: NAI says opt-out is opt-out of being shown behavioral ads only -- that's not what users want/think
- 14:57:33 [wseltzer]
- ... any chance for self-reg to get closer to user prefs?
- 15:01:36 [npdoty]
- Jules: there might be some minimization you could do, but for the most part collection is mostly the same for ad delivery / measurement as it was for behavioral
- 15:02:22 [npdoty]
- Aleecia: users aren't just worried about the ads that appear, but definitely about collection
- 15:02:52 [npdoty]
- ... Users would be just as concerned about analytics
- 15:03:20 [npdoty]
- ... Will feel betrayed if just as much data is collected but used differently
- 15:07:06 [npdoty]
- Jules: you scare a lot of industry folks at the table when you start talking about no collection at all
- 15:09:19 [sudbury]
- sudbury has joined #w3cdnt
- 15:11:40 [npdoty]
- Gil: should group companies into those with oversight and those without oversight, any other granularity will be indecipherable to the user
- 15:25:49 [dsinger]
- all I need of data retention periods is that they are shorter than the time to your next security leak (or other negative consequence) :-)
- 15:26:57 [npdoty]
- Jules: it's a shame that iab daa didn't take on retention periods, but maybe someone should
- 15:27:59 [npdoty]
- ... Concern by companies about flexibility because if they make a statement today, they're locked in because the FTC might consider it a material change
- 15:28:37 [npdoty]
- ... So would prefer to have it defined at a self-regulatory group that could make some reasonable changes later to their policies
- 15:31:02 [lowenthal]
- lowenthal has joined #w3cdnt
- 15:31:08 [npdoty]
- Kevin: consumers think that once the toothpaste is out of the tube, that's it
- 15:31:58 [npdoty]
- Lorrie: do we need regulation in addition to self-regulation, and if so, how?
- 15:32:54 [npdoty]
- Evidon: is there room for a 2-way body for reporting companies at use particular practices or abuses? Yes.
- 15:33:15 [npdoty]
- KevinTrustE: good place for a whitelist.
- 15:35:51 [lowenthal]
- lowenthal has joined #w3cdnt
- 15:38:29 [wseltzer]
- "Throw some people over the bus, or off the ship"
- 15:39:30 [npdoty]
- Evidon: we need increased pressure for companies to join these selfreg programs.
- 15:39:56 [lowenthal]
- something... about buses... or throwing. do mean things to them, that's what i'm trying to say
- 15:41:34 [npdoty]
- SamuelsonClinic: lots of weasel words in description of terms make it unclear what is specifically intended
- 15:43:04 [npdoty]
- ... Consent is not just binary, you commonly give some limited consent based on the context
- 15:43:05 [lowenthal]
- wseltzer, guarantee: better than whatever is for lunch
- 15:43:18 [tlr]
- tlr has joined #w3cdnt
- 15:44:30 [npdoty]
- ... Why don't trade alliances outlaw anti-circumvention techniques, like respawning?
- 15:45:10 [rigo]
- rigo has joined #w3cdnt
- 15:45:17 [npdoty]
- npdoty has joined #w3cdnt
- 15:45:50 [npdoty]
- EdFelten: from the FTC, but not speaking for the FTC or any particular commissioner
- 15:46:23 [rigo]
- is it universal, would it cover all trackers?
- 15:46:34 [rigo]
- 2/ is it usable
- 15:46:44 [rigo]
- 3/ is it permanent?
- 15:47:04 [npdoty_]
- npdoty_ has joined #w3cdnt
- 15:47:14 [rigo]
- 4/ does it cover all tracking technologies? Can questions of compliance be addressed?
- 15:47:38 [rigo]
- 5/ does it control collection instead of opting out of some use
- 15:47:43 [tlr]
- Ed's slides: http://www.w3.org/2011/track-privacy/slides/Felten.pdf
- 15:48:01 [npdoty]
- ScribeNick: npdoty
- 15:48:19 [npdoty]
- EdFelten: we are a law enforcement agency, authority granted by Congress
- 15:48:41 [npdoty]
- ... sometimes get specific authority, as in Do Not Call where a law was passed by Congress
- 15:49:08 [npdoty]
- ... sometimes a general authority, as in the FTC Act, enforcement power against unfair and deceptive acts in commerce
- 15:50:04 [npdoty]
- ... deceptive: if a company makes a firm promise not to do something, and then does and a consumer is harmed as a result [npdoty: I don't think harm is important in deception cases], then that would be against the rules
- 15:50:29 [npdoty]
- ... does have implications for a self-regulatory setting, FTC might be interested in deviations from that code of conduct
- 15:50:50 [npdoty]
- ... speaking for the agency, FTC has not taken a position as to whether a new law is needed for Do Not Track
- 15:51:07 [npdoty]
- ... would be happy to see stakeholders agree on some reasonable arrangement that is mutually acceptable
- 15:51:17 [npdoty]
- ... might get a good outcome for consumers without a law or rulemaking
- 15:51:31 [npdoty]
- ... people are watching (including people in Congress) to see whether that will happen
- 15:52:11 [npdoty]
- ChrisSoghoian: academic and activist, no longer at FTC
- 15:52:38 [npdoty]
- csoghoian: security and fraud exemptions that have been proposed could be the exemption that swallow the rule
- 15:53:28 [npdoty]
- ... Yahoo! kept a separate set of logs for security and fraud, which were not subpoena-proof, so for those concerned about government access this is a considerable problem
- 15:53:51 [npdoty]
- ... security and fraud exemptions always seem like a reasonable idea because who wouldn't want that?
- 15:54:08 [npdoty]
- ... but many of these are 1st-party, and so wouldn't be under the scope of DNT anyway
- 15:55:04 [npdoty]
- ... click-fraud, for example, is related to clicking on an ad, which should count as a 1st-party interaction
- 15:55:34 [npdoty]
- ... so the remaining issue is impression fraud
- 15:56:08 [npdoty]
- ... somehow, however, ad networks are detecting impression fraud for people who delete cookies, or people who use Apple browsers that block 3rd-party cookies by default
- 15:56:35 [npdoty]
- ... why shouldn't DNT users get at least or better protections than people who buy something from the Apple Store?
- 15:57:03 [npdoty]
- ... ad networks sound like national security, arguing that there can't be transparency for fear of tipping off the bad guys
- 15:57:46 [npdoty]
- ... secrecy is hiding things that would otherwise be laughable if described publicly
- 15:58:11 [npdoty]
- AndrewPatrick: from the Office of the Privacy Commissioner of Canada
- 15:58:38 [npdoty]
- ... web trackers are currently breaking the law (with an asterisk)
- 15:58:53 [npdoty]
- ... "law*"
- 15:59:30 [npdoty]
- ... at least breaking Canadian laws
- 15:59:50 [npdoty]
- ... mostly the 3rd-parties (though perhaps 1st parties are breaking the laws as well)
- 16:00:46 [npdoty]
- ... "information about an identifiable individual"
- 16:00:56 [npdoty]
- ... IP address and cookies, therefore, can be personal information
- 16:01:12 [npdoty]
- ... don't believe the people who say that they're doing anonymous tracking, which is difficult or perhaps impossible
- 16:01:35 [npdoty]
- ... just stripping identifiers doesn't go far enough
- 16:01:44 [tlr]
- slides: http://www.w3.org/2011/track-privacy/slides/Patrick.pdf
- 16:02:00 [npdoty]
- ... consent is not enough: corporations have responsibilities in addition to just getting consent
- 16:02:12 [npdoty]
- ... have to specify the purpose before the time of collection, openness, transparency
- 16:02:29 [npdoty]
- ... Do Not Track proposals, while laudable, don't address the problem
- 16:02:52 [npdoty]
- ... and could make things worse by letting the trackers off too easy, by claiming that this is the only thing they have to do
- 16:03:29 [npdoty]
- RobvanEijk: from the Dutch Data Protection Authority, but speaking for himself
- 16:04:07 [npdoty]
- ... May 25th deadline for the ePrivacy directive implementations
- 16:04:26 [npdoty]
- ... if US companies are targeting EU citizens, then EU data protection law applies
- 16:04:53 [npdoty]
- ... EU privacy directive, been around for at least 30 years
- 16:05:10 [npdoty]
- ... a new such directive is under discussion
- 16:06:10 [npdoty]
- ... Article 7 is the core of how privacy works in Europe
- 16:06:51 [npdoty]
- ... you can process personal data, but if so you need to at least have a legitimate interest balanced against the concerns of the user
- 16:08:05 [npdoty]
- ... proportionality: is it necessary to collect all the data I'm collecting? can I accomplish my goal in another way, with less data?
- 16:08:50 [npdoty]
- ... in addition to the legitimate interest, companies may fail the condition of having taken into account the rights of the user
- 16:09:22 [npdoty]
- ... a lot of different stakeholders involved, but everyone uses different terminology, it would be good to re-use some of the existing terminology
- 16:11:11 [npdoty]
- TimLee(CITP): sounds like things under consideration are already potentially illegal in these other countries: is what Facebook is doing today already illegal under these laws?
- 16:11:53 [npdoty]
- AndrewPatrick: already illegal today, and I think we've moved Facebook a long way, for example in how they handle disclosure of data to 3rd-party apps
- 16:12:52 [npdoty]
- IanFette: contra to csoghoian, you would still need to collect IP addresses for fraud of impressions
- 16:13:51 [npdoty]
- csoghoian: you can get by without retaining data
- 16:14:14 [npdoty]
- IanFette: but it's more complex, you still need to retain data about IP addresses, for example
- 16:15:07 [npdoty]
- DwayneBerlin: (first to admit to being a lawyer), the FTC has already spoken on tracking in the Sears case
- 16:15:35 [npdoty]
- ... very broad, speaks to the deployment of any technology that tracks the user's activity on the Web
- 16:15:58 [npdoty]
- ... unusually detailed about the form of the disclosure (not in the privacy policy or terms of use), relying exclusively on the informed consent model
- 16:17:39 [karl]
- RRSAgent, make minutes
- 16:17:39 [RRSAgent]
- I have made the request to generate http://www.w3.org/2011/04/29-w3cdnt-minutes.html karl
- 16:17:48 [npdoty]
- csoghoian: the facts of the Sears case wasn't about online tracking, but a program/plugin that users download and install and track
- 16:18:22 [npdoty]
- DwayneBerlin: but I'm not sure that was the limitation of the coverage of that rule
- 16:19:17 [npdoty]
- FTCLawyer: Sears is about burying a disclosure being a deceptive practice, which applies beyond a specific technology
- 16:20:35 [npdoty]
- asoltani: if a consumer disabled DNT in order to watch The Daily Show, would that count as affirmative consent for even more invasive practices? would this actually make it worse, as opposed to baseline regulations?
- 16:21:19 [npdoty]
- AndrewPatrick: if the failure to activate DNT counts as acceptable, that definitely lets them off too easy
- 16:23:33 [npdoty]
- HelenNissenbaum: would the FTC agree that the burden is on you to show that you're complying? is that within the power of the FTC?
- 16:24:24 [npdoty]
- EdFelten: we could have a conversation about how such a regime might work and then if the FTC as a body decided they wanted to do that, the FTC would still have to decide whether they had such an authority or whether Congress would need to give them that authority
- 16:24:55 [wseltzer]
- s/FTCLawyer/Peder Magee, FTCLawyer/
- 16:25:05 [npdoty]
- ... auditing or reporting requirements (in other contexts) do often enabled improved enforcement
- 16:26:13 [npdoty]
- csoghoian: when companies get to choose who audits them, you get really bad audits, as in Enron or Moody's
- 16:29:43 [npdoty]
- Bill(U_of_M): policy makers not attuned to adoption issues; fuel efficiency standards or E911 as examples
- 16:30:13 [npdoty]
- AndrewPatrick: should really be as technology-neutral as possible
- 16:30:55 [npdoty]
- EdFelten: right now there's a vigorous and healthy discussion going on about how DNT works
- 16:31:08 [npdoty]
- ... it could easily be counterproductive to dictate at this point what solution makes sense for the stakeholders
- 16:31:29 [npdoty]
- ... Congress might act at some point to get the FTC to take a more specific position
- 16:31:44 [npdoty]
- ... right now it's good for the FTC to be involved in the discussion and foster the discussion by the stakeholders
- 16:33:37 [npdoty]
- RigoW: it's really difficult when regulators are ignoring the technical community and discussing their thing in their corner and wondering why their law remains pure fantasy
- 16:34:00 [npdoty]
- ... at the same time, the technology community often doesn't give due respect to those societal values
- 16:34:22 [npdoty]
- ... W3C has some track record in getting this discussion to happen, but W3C won't put forward an opinion itself
- 16:34:52 [npdoty]
- EdFelten: FTC definitely isn't ignoring it, given that people are here
- 16:35:12 [npdoty]
- RigoW: yes, that's why this discussion is happening (contra the past)
- 16:35:21 [npdoty]
- csoghoian: it's a huge improvement over years in the past
- 16:36:05 [npdoty]
- DaveSinger: if law enforcement will mandate retention, will limiting retention on the consumer side matter at all?
- 16:37:11 [npdoty]
- RobvanEijk: this problem may be addressed in the EU because the Privacy Directive will cover law enforcement as well
- 16:38:05 [npdoty]
- csoghoian: FTC has concluded that privacy policies aren't read and privacy-by-design is valuable, while DoJ and FBI take contrary positions (reasonable expectation; encryption off by default)
- 16:39:31 [npdoty]
- jmorris: should there be an ack or an agreement response header? if it were a one-way transmission and a company regularly ignored it, would that be enough to warrant a legal action? what do we have to do to get the FTC to use its unfairness standard? would an industry best practice that isn't followed be enough?
- 16:40:09 [npdoty]
- AndrewPatrick: even if they do acknowledge, there are still other obligations that they have
- 16:41:44 [npdoty]
- EdFelten: unfairness is a complicated question; it does matter whether something is a considered a best practice or whether the practice is widely followed
- 16:42:41 [npdoty]
- csoghoian: since deception is so important, I like the idea of a hook for FTC
- 16:43:16 [npdoty]
- ... also an interesting idea that whitelisted tracking (for TPLs) that had the string "no-tracking" or "no cookies", which might be a hook for deception
- 16:44:19 [npdoty]
- Jules: want to push back on the idea that the companies that have been doing this for 10 or 15 years have been breaking the law
- 16:45:59 [npdoty]
- ... in EU, by arguing that it's not personal information, they may have avoided even taking the steps towards a link for opting out since there is a law
- 16:46:46 [npdoty]
- ... express consent opt-in for cookies is heading for a clash unless we get something like DNT to count
- 16:47:56 [npdoty]
- RobvanEijk: if you'd like to know what's going on, you should be able to get a signal
- 16:48:21 [npdoty]
- Lorrie: what kind of time frame is the FTC observing this process?
- 16:48:50 [npdoty]
- EdFelten: it doesn't quite work that way; there may come a time where the leadership of the FTC decides that we need a more assertive strategy, but there's no fixed deadline as far as I know
- 16:53:27 [jeff]
- jeff has joined #w3cdnt
- 16:56:41 [AndroUser2]
- AndroUser2 has joined #w3cdnt
- 17:13:54 [sudbury]
- sudbury has joined #w3cdnt
- 17:45:20 [sudbury]
- sudbury has joined #w3cdnt
- 17:49:57 [sudbury]
- sudbury has joined #w3cdnt
- 17:52:37 [jmorris]
- jmorris has joined #w3cdnt
- 17:54:55 [jeff]
- jeff has joined #w3cdnt
- 17:55:01 [karl]
- karl has joined #w3cdnt
- 17:55:57 [alissa]
- alissa has joined #w3cdnt
- 17:58:32 [npdoty]
- npdoty has joined #w3cdnt
- 17:58:51 [npdoty]
- ScribeNick: npdoty
- 17:59:32 [npdoty]
- wseltzer: transparency as part of FIPPs
- 18:00:20 [rpacker]
- rpacker has joined #w3cdnt
- 18:00:38 [tlr]
- tlr has joined #w3cdnt
- 18:00:52 [npdoty]
- ... if you don't get feedback from the server about whether you really aren't being tracked
- 18:01:16 [npdoty]
- ... but could still at least be audited on the server side.
- 18:02:02 [npdoty]
- ... visibility: showing info back to the user (as in notification icons proposed by self-reg) if they drill down into it
- 18:02:22 [AndroUser]
- AndroUser has joined #w3cdnt
- 18:02:40 [npdoty]
- ... TPLs give active feedback to the user, so the user can adapt their behavior to what they get from the server
- 18:03:06 [npdoty]
- I'm personally not aware of the active feedback that comes from an applied TPL
- 18:04:36 [npdoty]
- wseltzer: if we have to call in the heavy hand of the law, we get less flexibility.
- 18:05:28 [npdoty]
- ... TrustE has modified their TPL in response to feedback about having too many whitelisted domains: a helpful feedback loop.
- 18:05:56 [npdoty]
- SueGlueck: Senior Attorney, Microsoft
- 18:06:13 [npdoty]
- Topic: Tracking to Consensus; Coordination of Policy and Technical Standardization in Web Privacy Efforts
- 18:06:41 [jmorris]
- jmorris has joined #w3cdnt
- 18:06:57 [npdoty]
- SueGlueck: what do we actually want to standardize and how do we want to go about doing it?
- 18:07:24 [npdoty]
- ... Poll: do you policy kind of work in the weekdays?
- 18:07:53 [npdoty]
- ... Poll: have you also participated in significant standards work?
- 18:08:44 [npdoty]
- ... Poll: are you a technologist? [Lots.] Poll: and you have been involved in a policy standard? [Many hands go down.]
- 18:08:59 [npdoty]
- ... an interesting ride working through policy issues in a technical standards body
- 18:09:54 [npdoty]
- ... what should be standardized? My list: Tracking Protection [Lists] as one more choice
- 18:11:32 [npdoty]
- ... which standards bodies have the most experience working through policy issues? Would this be in the scope of the charter of IETF?
- 18:12:04 [npdoty]
- ... because browsers have started to implement DNT header, the clock is ticking and we need to get this done
- 18:12:15 [karl]
- ... we should idenitfy the stakeholders
- 18:12:46 [npdoty]
- ... global nature of the web (given the earlier presentation on legality in Canada/EU)
- 18:12:47 [karl]
- ... There are also countries without any legal frameowrks, the Web is happening anywhere.
- 18:13:04 [npdoty]
- AlexF: why standardize? what should get standardize? should standards groups define policy?
- 18:13:20 [npdoty]
- Topic: why standardize? what should get standardize? should standards groups define policy?
- 18:13:40 [karl]
- Consumer/User values what does that mean in the DNT system?
- 18:13:40 [npdoty]
- AlexF: find consensus; define outcomes; make it enforceable
- 18:13:47 [karl]
- ... Consumer/User values what does that mean in the DNT system?
- 18:14:31 [npdoty]
- ... What should get standardized? On the table: TPL, DNT Header, DOM property, response header, whitelisting capability, compliance audit perspective
- 18:14:34 [karl]
- ... (graphs of the different parts that should be standardized)
- 18:15:01 [npdoty]
- ... should standards groups define policy? we DO have the expertise, in the W3C those with expertise are eager to get involved
- 18:15:11 [karl]
- ... We do have the expertise, but not enough stakeholders.
- 18:15:27 [npdoty]
- ... we DON'T have the full range of stakeholders, including some of the display advertising folks, for example
- 18:16:16 [npdoty]
- ... joint (with Stanford) submission to the IETF for the DNT header, defining syntax and semantics of the header and the response -- this is a DRAFT
- 18:16:29 [karl]
- ... (few points from the position papers)
- 18:16:32 [karl]
- ... See http://www.w3.org/2011/track-privacy/papers/mozilla.pdf
- 18:16:34 [npdoty]
- ... TPLs are independent from DNT header/DOM element
- 18:16:54 [npdoty]
- ... feasible efforts for work across W3C and IETF
- 18:17:22 [npdoty]
- ... public forum, need to have public participation, so that we can bring in the ad networks / display ad ecosystem and have their buy-in and input
- 18:17:39 [karl]
- ... The tracking protection in the DOM element should be done at W3C
- 18:17:50 [npdoty]
- ... so we propose W3C cover TPLs and DOM, while IETF covers HTTP header and corresponding pieces
- 18:17:51 [karl]
- ... and the corresponding pieces at the IETF
- 18:18:31 [karl]
- PeterSaintAndre: I do not speak for IETF
- 18:18:52 [npdoty]
- PeterSaintAndre: we work based on rough consensus and running code
- 18:18:58 [karl]
- ... anyone can write a proposal, IETF has a very open process.
- 18:19:03 [npdoty]
- ... a very open process, anyone can participate
- 18:19:06 [karl]
- ... we value freedom of speech
- 18:19:08 [npdoty]
- ... people feel very free to speak
- 18:19:24 [npdoty]
- ... got lots of vocal feedback at Prague
- 18:19:50 [npdoty]
- ... whether everyone will show up is an open question, have to corral them sometimes
- 18:20:06 [karl]
- ... there has been a good relationship between W3C and IETF
- 18:20:07 [npdoty]
- ... division with W3C: IETF has tended to do HTTP protocol while HTML/XML etc done at the W3C
- 18:20:24 [npdoty]
- ... open question of the right place is where to do this work
- 18:21:12 [npdoty]
- ... IETF is structured into working groups, multiple streams, including IETF working groups or individual submissions, enter into RFCs
- 18:21:40 [karl]
- (next IETF meeting: http://www.ietf.org/meeting/81/index.html Quebec city, Canada, July 24 - 29, 2011)
- 18:21:43 [npdoty]
- ... a lot of similarity in how things work between IETF/W3C, advantages and disadvantages
- 18:22:13 [npdoty]
- ... at IETF, no consensus or decision yet on whether to take on this work or decide where it should be done
- 18:23:11 [karl]
- Jmayor: how ietf and w3c cooperate?
- 18:23:13 [npdoty]
- jmayer: historically, how have IETF and W3C collaborated?
- 18:23:32 [npdoty]
- tlr: historically had joint working groups
- 18:23:57 [npdoty]
- ... now prefer to carve out which pieces can be done where and then have a liaison relationship on how to coordinate
- 18:24:23 [npdoty]
- ... a good working relationship, which functions well when there's a good interface defined between work items
- 18:24:52 [karl]
- PeterSaintAndre: the relationship had been improved for the last few years
- 18:25:00 [npdoty]
- PeterSaintAndre: things have gotten better as we've had more overlap in people, people getting involved as individual participants on both sides
- 18:25:34 [karl]
- dsinger: DNT is HTTP header so IETF, but it is also user management, policy
- 18:25:40 [npdoty]
- DavidSinger: on the one hand, I think HTTP header so should be IETF, on the other hand, I think because it's about state and about users which seems like W3C
- 18:25:41 [karl]
- .... which is IETF usually.
- 18:25:52 [npdoty]
- PeterSaintAndre: yes, that's why it's challenging
- 18:25:55 [karl]
- s/which is IETF/which is W3C/
- 18:26:34 [npdoty]
- Shawn: why split it between the two?
- 18:27:20 [npdoty]
- AlexF: very different user experience of the TPL and DNT
- 18:27:21 [karl]
- alexF: my understanding is that there are strong differences between the TPL and DNT Headers.
- 18:27:32 [npdoty]
- ... more stakeholders we can bring in on advertising would increase success
- 18:28:35 [npdoty]
- jmayer: as a technological matter, TPLs are relatively straightforward in how we understand them, whereas the meaning of the header requires much more standardization
- 18:29:09 [npdoty]
- SueGlueck: it's not intended as an ad blocker, curated lists for blocking tracking
- 18:29:23 [npdoty]
- ... which could be advertising or some other form of blocking
- 18:30:22 [npdoty]
- ... the struggle around the header is about defining what tracking means, is the IETF better for making these policy decisions
- 18:30:27 [npdoty]
- ... ?
- 18:30:44 [npdoty]
- PeterSaintAndre: working groups have done work with policy implications, like GeoPriv
- 18:31:11 [npdoty]
- ... policy decisions about tracking might not be defined in a technical standard at all
- 18:31:16 [karl]
- s/... ?/What are really the differences? IETF-W3C? why one better from another one/
- 18:31:37 [npdoty]
- ... tracking might be a different thing in the EU and Canada
- 18:32:23 [npdoty]
- csoghoian: browser vendors are apparently implementing before any formal standardization spec
- 18:33:01 [npdoty]
- ... technology companies are implementing it before an agreement while the advertising companies are deciding to wait
- 18:33:33 [npdoty]
- ... since Microsoft is both, why isn't Microsoft's ad business respecting the header?
- 18:33:49 [npdoty]
- SueGlueck: chicken/egg problem
- 18:34:12 [npdoty]
- ... clock is ticking both because we have implemented the header in our browser and because of FTC and other regulators are putting pressure on it
- 18:34:27 [AndroUser]
- AndroUser has joined #w3cdnt
- 18:34:27 [npdoty]
- ... does lead to some uncomfortable choices because we own an ad network
- 18:34:45 [npdoty]
- ... do think it's a good forcing function for us
- 18:35:09 [npdoty]
- AlexF: HTML5 is another example of browsers leading before a formal specification
- 18:35:14 [npdoty]
- <general laughter in audience>
- 18:35:43 [npdoty]
- AlexF: browser movement does change the discussion from theoretical to concrete
- 18:36:32 [npdoty]
- karl: usually work is done in one forum rather than the other because the interested people are there
- 18:36:37 [npdoty]
- ... there's no strong sense of competition
- 18:36:44 [npdoty]
- ... lots of overlap in both organizations
- 18:36:57 [npdoty]
- ... differences are in patent practices, forms of working
- 18:37:09 [npdoty]
- ... depends on the competencies of the people engaged in the work, that's the main difference
- 18:37:40 [npdoty]
- ... it happens all the time that browsers implement something in a sort of beta form to see if it works before working together to standardize
- 18:38:33 [npdoty]
- PeterSaintAndre: that's why IETF believes in rough consensus and running code, sometimes one comes first, sometimes the other
- 18:39:32 [karl]
- JohnMorris: I'm skeptical that be w3c or ietf
- 18:39:36 [npdoty]
- jmorris: my personal assumption is that I'm skeptical that an IETF WG or W3C WG is the right place for the meaning of tracking to be resolved
- 18:39:58 [karl]
- ... the meaning of tracking will be well defined in these fora
- 18:40:39 [npdoty]
- ... TPL and DNT header could be done in separate working groups or at least separate workflows, so that debates over one won't slow down the other
- 18:40:47 [karl]
- ... I would hate battles of one piece of technology slowing down the other ones.
- 18:41:03 [npdoty]
- tlr: what are the timelines for this work to be done, and how do we match up the work on those timelines?
- 18:41:38 [wseltzer]
- view from the front of the room: lots of glowing apples
- 18:41:51 [npdoty]
- WuChou: DNT HTTP header in IETF makes sense since IETF covers HTTP protocol
- 18:42:23 [npdoty]
- ... good to do TPLs through W3C since it's most likely to be described through XML
- 18:42:53 [npdoty]
- tlr: HTTP headers are one of the well-defined extension points so that other groups can standardize them and then have them approved by IETF
- 18:43:33 [karl]
- PeterSaintAndre: Joint WG last call, coordination, are part of the processes to have appropriate reviews
- 18:43:36 [npdoty]
- PeterSaintAndre: can ask for review from HTTP experts at the IETF, or get last call review at the IETF
- 18:44:37 [npdoty]
- jmayer: could we have advisory work in the standards body, help from the technical community to a federal agency that's looking at regulation. does this seem sensible, or is there history of this?
- 18:45:19 [npdoty]
- hannes: in emergency services, there was a question about how the technology works, and standards group provided information to FCC
- 18:45:56 [npdoty]
- ... FCC has requirements on location accuracy (different in different jurisdictions), and so the technical standard needs to support the strictest such requirement
- 18:46:52 [npdoty]
- tlr: can a standards body organize a forum for discussion between technologists and regulators? interest groups are one way to do that, a public discussion that can be managed by chairs and staff
- 18:47:42 [npdoty]
- alissa: different standards bodies require different numbers of existing implementations; in W3C you generally need 2 in order to reach a final recommendation, in IETF it varies by the level of standard
- 18:48:13 [jeff]
- jeff has joined #w3cdnt
- 18:48:38 [karl]
- (session closed)
- 18:49:01 [karl]
- (we will be using the blackboard)
- 18:49:05 [npdoty]
- Topic: Switching to the chalk board! with tlr and Lorrie
- 18:49:56 [npdoty]
- I've been impressed with the diversity of views at this workshop; does anyone know what the breadth of participation has been like at IETF, at Prague, for example?
- 18:50:58 [npdoty]
- lfc: definitions include all-tracking, oba-tracking (as in opt-out cookies, just behavioral targeting), middle ground (CDT, EFF, etc. definitions with exceptions)
- 18:51:41 [karl]
- ... how much consensus is there around school of thoughts
- 18:51:42 [npdoty]
- ... are people willing to proceed in the process even if the definition isn't the one that they most like?
- 18:52:21 [karl]
- (laughing about doing a show of hands or a hummmm)
- 18:52:27 [npdoty]
- ... what would your first choice be out of these three choices?
- 18:53:40 [jeff]
- Each approach got some hums
- 18:54:05 [karl]
- a longer or a shorter hmmm
- 18:54:13 [karl]
- hmmmmmmmmmmmmmmmmmmmmm
- 18:54:15 [karl]
- hmmm
- 18:54:18 [karl]
- hmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmmm
- 18:54:20 [karl]
- :)
- 18:54:32 [npdoty]
- let the record show that nobody hummed to say that the CDT definition is unacceptable for work
- 18:56:07 [npdoty]
- tlr: working groups are for the purpose of negotiating between the participants about the technical and sometimes policy decisions
- 18:56:21 [npdoty]
- ... could also have an interest group as a forum for additional discussion, including future work
- 18:56:31 [npdoty]
- ... W3C is prepared to run and staff a Working Group
- 18:57:00 [npdoty]
- ... we have limited time, some questions that need to be resolved relatively quickly in a way that's visible and accountable to the public
- 18:57:49 [npdoty]
- ... I have heard that we need a process that will address several of these questions within a set time, and if that doesn't happen then we need to accept that maybe there is no consensus on this particular topic
- 18:58:16 [npdoty]
- whatever we do needs to be time-limited and tightly-scoped
- 18:58:27 [npdoty]
- tlr: whatever we do needs to be time-limited and tightly-scoped
- 18:58:37 [npdoty]
- ... what is that scope and that timeline?
- 19:00:20 [npdoty]
- karl: Incubator Group (very time-limited) good for documenting the state of existing work, definitions of terms, conclusions about next steps
- 19:01:44 [npdoty]
- jeff: I don't think we should plan for failure, we should set a scope that can be done in a year and then do it
- 19:02:35 [npdoty]
- ... would hate to only have an Incubator Group out of this, I think it's important that we move quickly on whatever we do
- 19:03:20 [npdoty]
- ... regarding criticisms of W3C openness: we make extensive use of Invited Experts in order to ensure that we get stakeholders involved even when not members
- 19:03:34 [npdoty]
- tlr: +1, that's part of our job as staff
- 19:04:22 [npdoty]
- alissa: via asoltani, hard to define the scope and timeline differently; if the scope is very small (bits on the wire) can do it quickly, with a larger scope it will take longer
- 19:05:14 [npdoty]
- DavidSinger: we have got to do something soon for Do Not Track, within the year; we need to make it quite obvious that this is not the only problem
- 19:05:28 [npdoty]
- ... need an Interest Group to consider privacy problems on an ongoing basis and spawn specific projects as necessary
- 19:06:28 [npdoty]
- Aleecia: given that there are implementations already, we are already late. it takes at least a year to define what tracking means, get a consensus, etc. but there's a value in a beta definition to be out in the very near term
- 19:06:41 [npdoty]
- ... and then have a full process on the definition that takes as long as it takes
- 19:06:57 [npdoty]
- ... beta definition should be within 6 weeks
- 19:07:55 [npdoty]
- jmayer: skeptical that we can get full consensus of Do Not Track meaning (to the level that W3C and IETF usually use)
- 19:08:12 [npdoty]
- ... but can get consensus now that just not-targeting-ads isn't sufficient
- 19:08:30 [npdoty]
- ... and that there's a clear definition now, so at least there's a process for airing your grievances
- 19:08:50 [npdoty]
- ... bad for everyone for people to continue to say that they don't know what Do Not Track means and as a result won't respond to it
- 19:09:45 [npdoty]
- tlr: want to build a process that can handle disagreement and find the points that have broad consensus and address objections
- 19:11:08 [npdoty]
- Bryan: look at this from an ecosystem perspective and the various entities, what are the parties and how does this affect them?
- 19:11:57 [npdoty]
- vinaygoel: I think W3C/IETF should focus on the technical and leave up the policy decision to other groups (including self-regulatory groups)
- 19:12:32 [npdoty]
- ... there is low-hanging fruit or easy consensus to get DNT as meaning OBA opt-out
- 19:13:08 [npdoty]
- xxx: +1 on an interest group for ongoing
- 19:13:56 [karl]
- http://tools.ietf.org/html/draft-mayer-do-not-track-00
- 19:14:06 [karl]
- there is already a draft for the DNT header
- 19:14:11 [npdoty]
- ... need some consensus on the definition before we expect to make a significant impact
- 19:15:03 [npdoty]
- asoltani: need a process for defining both technical standards and definitions
- 19:15:49 [npdoty]
- ... there are a few bills: a California bill, some in DC, etc., that's one limit on the timeline
- 19:16:31 [npdoty]
- csoghoian: pushback on Yahoo! (vinaygoel), people in DC would pat themselves on the back if we agreed on that, but we actually only get one shot now until 10 years from now
- 19:16:51 [npdoty]
- ... ad networks know this, so want to make this not very useful now so that the pressure will be off
- 19:17:19 [npdoty]
- harlan: how do we know when we have consensus? tlr: it depends.
- 19:18:15 [npdoty]
- tlr: it's the skill of the chair so sometimes there are no major objections, but in contentious issues you can use things like a hum or a vote
- 19:18:33 [npdoty]
- ... the chairs are particularly important because they will lead the way to consensus
- 19:19:36 [npdoty]
- ... W3C has the process of Formal Objections for cases of vehement dissent, an appeal to the director TBL
- 19:20:05 [npdoty]
- Peter: IETF has similar processes; rough consensus doesn't have unanimity, but if you vehemently disagree you can appeal
- 19:20:11 [npdoty]
- ... +1 that the chair is very important
- 19:20:57 [npdoty]
- alissa: DAA members aren't here, and they need to be in whatever room the definition is decided on
- 19:21:26 [karl]
- http://lists.w3.org/Archives/Public/ietf-http-wg/2011AprJun/0133
- 19:21:45 [npdoty]
- ... legislative season ends in the fall, so would recommend an extremely quick technical spec with little definition
- 19:22:43 [npdoty]
- jeff: I'd like to get something done soon
- 19:24:10 [npdoty]
- ... is there a policy definition that can be defined in the very short term that is a good one?
- 19:25:25 [npdoty]
- DavidSinger: is OBA opt-out just the same as tracking everything but not building a profile?
- 19:25:54 [npdoty]
- vinaygoel: no, OBA opt-out means collecting data for some purposes (measurement, etc.) but not building profiles
- 19:26:04 [npdoty]
- lfc: that's not the official OBA definition, that must be a new one
- 19:27:14 [npdoty]
- karl: jmayer has already submitted a draft in March, it's there, push it!
- 19:28:15 [karl]
- ... see http://lists.w3.org/Archives/Public/ietf-http-wg/2011AprJun/0133
- 19:28:33 [npdoty]
- jmorris: on behalf of CDT, CDT is actively thinking about whether they can handle a policy process like this, which would be a possibility
- 19:29:24 [npdoty]
- aleecia: (this might not be a good idea, but,) could at least come up with a basic user communication a la: "hi, I see that you have a DNT header turned on, here's what it means for this site"
- 19:29:26 [jmorris]
- s/behalf of CDT,/behalf of CDT and without making any predictions or commitments/
- 19:30:56 [npdoty]
- Shawn: we would really need the W3C to come out with prescriptive rules about what you have to do in response to the header
- 19:31:10 [npdoty]
- AlexF: really need a definition on 1st party vs 3rd party
- 19:31:40 [npdoty]
- ... from a Mozilla perspective, we are coming up with an implementation guide for what servers should do
- 19:31:46 [npdoty]
- ... this could be an incubator
- 19:32:34 [npdoty]
- Andy: what about reducing the scope? (concerned about having exemptions for fraud/security)
- 19:33:04 [npdoty]
- ... if those are exempt, I don't need to participate as much
- 19:34:08 [npdoty]
- DavidSinger: response headers or responding with consequences from the site sounds good; supporting Aleecia's suggestion
- 19:34:50 [npdoty]
- asoltani: don't want to add more confusion
- 19:35:50 [npdoty]
- Yahoo!: http://aboutads.info/choices in particular the bottom of the page
- 19:36:26 [npdoty]
- Evidon: need more research projects
- 19:38:01 [npdoty]
- jmorris: a beta definition that changes later might upset users about things changing underneath them
- 19:38:30 [npdoty]
- vinaygoel: without granular control, users might opt out completely instead of just opting out of brands they don't trust
- 19:39:01 [npdoty]
- csoghoian: but consumers don't have the time to opt out of every single brand
- 19:39:18 [npdoty]
- ... and haven't heard of any of these companies (ad networks)
- 19:40:20 [npdoty]
- vinaygoel: what I mean instead is that if Yahoo! requires them to opt back in (a quid pro quo), they should be able to opt back in only for a single party
- 19:40:53 [npdoty]
- csoghoian: but what if the quid-pro-quo requirement is about unknown companies?
- 19:42:49 [npdoty]
- tlr: how do we get this pile of work into something that happens in a reasonable amount of time? what are the direct next steps?
- 19:44:02 [npdoty]
- AlexF: we have been talking to ad networks / trade associations
- 19:44:54 [npdoty]
- ... that could be one of our first action items
- 19:46:10 [npdoty]
- Bryan: a typical first step is to create a landscape document (entities, technologies involved) would demonstrate to the market that we have a good understanding
- 19:47:17 [npdoty]
- jeff: concern about not getting the right thing, concern about not having all the important stakeholders
- 19:47:41 [npdoty]
- ... we the W3C want to have as many stakeholders as possible, happy about Alex's suggestion, we'll go wherever we need to go to have those meetings
- 19:48:14 [npdoty]
- ... if for whatever reason we can't get all that together, we still need to do something, so we may end up with a beta definition anyway
- 19:49:55 [npdoty]
- jmayer: I don't disagree with CDT or other concerns about the beta, but there are opportunity costs in not going ahead quickly
- 19:50:54 [npdoty]
- xxx: the choice is not now or never
- 19:51:36 [npdoty]
- SueGlueck: there are alphas and there are betas; if it does feel uncertain or alpha, industry is less likely to embrace it or invest money/engineering into it
- 19:52:10 [npdoty]
- ... a more robust or thoughtful beta would be more useful, even if it takes longer than 6 weeks
- 19:53:26 [npdoty]
- Andy: most of the bills introduced call for FTC rulemaking, so the legislative timeline may not be a specific limit on defining tracking
- 19:54:01 [npdoty]
- lfc: some people would like to do something before any bill gets passed; FTC has to issue a report by the end of the year
- 19:54:46 [npdoty]
- alissa: it's not about timeline of passage of specific legislation, but about general interest
- 19:55:16 [npdoty]
- DavidSinger: the time limit is the next major privacy incident
- 19:56:01 [npdoty]
- asoltani: we could have an opportunity to shape the language in some of these bills, smart guidance to policymakers might be helpful
- 19:56:44 [npdoty]
- Aleecia: if I were running an industry self-reg group, I would try to get a definition out as soon as possible, in order to beat a W3C definition and be the only voice
- 19:57:14 [npdoty]
- csoghoian: FTC rulemaking since you don't want Congress making specific technical requirements
- 19:57:49 [npdoty]
- ... self-regulatory response will be that they get to avoid regulation altogether because of, for example, agreement on DNT == OBA opt-out
- 19:58:54 [npdoty]
- tlr: this is a global problem, what does coordination beyond the US need to look like?
- 19:59:30 [jeff]
- +1 to tlr
- 20:00:35 [npdoty]
- alissa: it's hard to say something nation-specific in an international standards body
- 20:02:40 [npdoty]
- kevin: tls/ssl was international, but then certificate authorities had national discretion
- 20:04:20 [karl]
- http://lists.w3.org/Archives/Public/public-privacy/
- 20:04:33 [npdoty]
- tlr: immediate action will be a report on what's on the board and this discussion
- 20:05:08 [npdoty]
- ... questions of forum could be figured out through usual channels
- 20:05:16 [npdoty]
- ... at least consensus on Interest Group
- 20:05:41 [npdoty]
- ... have made progress on what the recommendation work should be, at W3C, IETF and elsewhere, but still needs to be finalized
- 20:05:47 [karl]
- you can subscribe by sending an email to public-privacy-request@w3.org with the word subscribe in the topic
- 20:06:23 [npdoty]
- lfc: a summary of the hums
- 20:06:32 [npdoty]
- ... fairly evenly split about their first choice was
- 20:06:53 [npdoty]
- ... but show-stoppers for both, but the CDT definition wasn't a show-stopper for anyone in the room
- 20:08:27 [npdoty]
- Bryan: related work in Device API disclosure, should look at the overlap of existing work (in W3C or outside)
- 20:09:01 [npdoty]
- jeff: thanks to tlr and lfc [lots of applause]
- 20:09:12 [npdoty]
- ... what will we be seeing next?
- 20:09:20 [karl]
- BIG THANKS to npdoty and wseltzer
- 20:10:40 [npdoty]
- tlr: first record of the meeting will be out soon, perhaps a week; a summary report no later than mid-May (to tell the AC at Bilbao)
- 20:11:19 [npdoty]
- ... strawman charter by the end of May
- 20:12:02 [npdoty]
- ... announcements will go to the registration list, but eventually please subscribe to http://lists.w3.org/Archives/Public/public-privacy/
- 20:16:47 [AndroUser2]
- AndroUser2 has joined #w3cdnt
- 20:17:08 [AndroUser2]
- AndroUser2 has joined #w3cdnt
- 20:17:58 [AndroUser2]
- AndroUser2 has joined #w3cdnt
- 20:18:39 [AndroUser2]
- AndroUser2 has joined #w3cdnt
- 20:18:40 [AndroUser2]
- AndroUser2 has joined #w3cdnt
- 20:19:09 [AndroUser2]
- AndroUser2 has joined #w3cdnt
- 22:00:12 [AndroUser2]
- AndroUser2 has joined #w3cdnt
- 22:38:19 [lowenthal]
- lowenthal has joined #w3cdnt
- 23:39:00 [alissa]
- alissa has joined #w3cdnt
- 23:49:56 [lowenthal]
- lowenthal has joined #w3cdnt