Tracking Protection Working Group teleconference

15 Feb 2012

See also: IRC log


+1.408.674.aaaa, tl, +49.721.913.74.aabb, aleecia, dsriedel, rvaneijk, +1.202.326.aacc, efelten, npdoty, ninjamarnau, alex, +1.202.326.aaee, +1.301.270.aaff, johnsimpson, +1.917.934.aagg, +1.646.654.aahh, sidstamm, +1.202.530.aaii, +1.415.520.aajj, dsinger, alexd, +1.617.733.aakk, +1.202.346.aall, +1.206.369.aamm, +1.206.658.aann, +1.202.637.aaoo, +1.714.852.aapp, +1.202.835.aaqq, Helena, +1.202.326.aarr, +1.646.666.aass, +1.408.349.aatt, fielding, cOlsen, kevint, pmagee, +1.202.637.aauu, [Microsoft], +1.801.830.aavv, BrianTs, jchester2, +44.776.849.aaww
ninjamarnau, npdoty


<aleecia> (thanks!)

<npdoty> scribenick: ninjamarnau

<aleecia> https://www.w3.org/2011/tracking-protection/track/actions/overdue

aleecia: We have a whole variety of minutes. If there are no comments we approve them all.
... action-79 for karl to look at TPE lists

<rvaneijk> on the minutes from Brussels day 2, please add hyperlink to WP29 presentation: http://lists.w3.org/Archives/Public/public-tracking/2012Jan/0268.html

aleecia: no update. karl not on the call

<npdoty> action-82?

<trackbot> ACTION-82 -- Thomas Lowenthal to assess the proposed JavaScript opt-back-in API with Mozilla mothership's JS gurus [ISSUE-27]. -- due 2012-02-10 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/82

<WileyS> tl - are you on the call?

aleecia: will ask tom about his action item

<tl> Just dropped for a moment WileyS

<npdoty> action-82?

<trackbot> ACTION-82 -- Thomas Lowenthal to assess the proposed JavaScript opt-back-in API with Mozilla mothership's JS gurus [ISSUE-27]. -- due 2012-02-10 -- OPEN

<trackbot> http://www.w3.org/2011/tracking-protection/track/actions/82

aleecia: Action-82?

tl: We have a draft but have not received final feedback to send it to the mailing list

<npdoty> Andy and Nick (that's me!) need to review Tom's latest draft

aleecia: I will add two days to the deadline.

<npdoty> I think that will also apply to ACTION-91 (which we've largely merged together)

action-104 peter is not on the call

<tl> WIP ACTION-82 http://pastebin.mozilla.org/1484824

aleecia: action-112: Should not have been on the public tracker but rather on his personal to do list
... New Business, announce next f2f meeting soon. We have no place to meet yet

<aleecia> Next face-to-face meeting, 10 - 12 April in Washington, DC

aleecia: Now, Discussion of timeline for publishing
... editors of the compliance document are meeting tomorrow. Plan is to have a draft for review on monday.
... then process as in Santa Clara. Where are parts someone cannot live with
... We will not yet answer the comments of the community group.
... comments on timeline?

<aleecia> http://www.w3.org/2011/tracking-protection/track/agenda

<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Jan/0358.html

aleecia: Issue-14, Some text but no objections on the mailing list

Shane: One question on language was raised. Is there a contractual relationship between controller and processor?
... we need to keep in mind that we will not have 100% coverage

<dsinger> I think we allowed indirect contractual relationships (a chain)

<fielding> transitive contractual relationships are good enough

Shane: in most cases there will be a contractual relationship but maybe not in all cases

<laurengelman> i cannot get through by phone to +1.617.761.6200, conference code TRACK (87225)

Aleecia: We may migrate this mapping issue to another document on national law requirements.

<jchester2_> thank you

<npdoty> jchester2: I think 1st/3rd distinction in US may move more towards the EU model based on upcoming reports from White House and FTC

<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Feb/0177.html

<rvaneijk> tnx !

Aleecia: Issue-101 definition of a user

<aleecia> A user is a human person. When user-agent software accesses online

<aleecia> resources, whether or not the user understands or has specific knowledge

<aleecia> of a particular request, that request is made "by" the user.

<dsinger> are there other kinds of humans, or persons? :-)

<tl> dsinger, There are other kinds of humans, and of persons, yes.

<laurengelman> got it!

<dsinger> "an individual human"?

<fielding> I am pretty sure that monkeys surf the Internet

<dsriedel> do we want to track monkeys?

<tl> That's how we get the works of Shakespeare.

<npdoty> no objection to "an individual human" from "a human person"

aleecia: change human person to individual human.

<tl> Monkeys have no expectation of privacy.

<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Feb/0354.html

<dsriedel> And no money

aleecia: Issue-25
... on resaerch and how research might work

<npdoty> debate over "reasonable period"

aleecia: Jeff was lookung for something more specific than "reasonable period/time"

Cathy: It depends on how long the campaign lasts. We will come back to the group with a new proposal.

aleecia: There may be legal retention requirements.

<WileyS> Financial legal requirements can extend to 15 years

<WileyS> Depends on the nature of use

<jchester2_> we also need to use how the data is operationalized

aleecia: Can we tighten the wording down to something more specific?

<WileyS> Disagree on defining an arbitrary timeframe here

<justin_> Is this just for market research or for all the exceptions?

WileyS: this is broader than just research. Understand Jeff's concerns. The use limitations are the crucial point. But I'm against strict retention periods.

<jchester2_> if a campaign uses the research for targeting in the next campaign, which starts 6 weeks later, and designed to get users to exempt from DNT:1, it raises concerns. Which is why reaonable time limitations are needed.

WileyS: as soon as we assign timelines for one exception there is a need to do this for all.

<aleecia> "Identifiable data will be held as long as the campaign runs to provide consistent data and then all identifiers will be removed after a reasonable period."

WileyS: for frequency capping this totally depends on the campaign.

<npdoty> WileyS: "particular set of principles that will lead to data minimization on frequency capping", not a specific set of dates, but tied to a campaign

<dsinger> branding 'campaigns' may run for years...

<justin_> Even if market research isn't going to be used for targeting, I think it violates user expectations to allow cross-site collection tied to a unique identifer for an unknown period of time when I have DNT:1 on.

<npdoty> +1 for resilience

WileyS: I want to focus more on general resilient requirements for retention.

<justin_> I will continue to argue that if we only have a "data min" standard, market research should be out unless it meets the anonymous exception.

<jchester2_> we should see how industry defines time period for a digital campaign. There is likely an IAB definition.

<WileyS> The principle of data minimization will equally apply to all exceptions

dsinger: A user might look at our document and get the feeling that there is no big difference to before DNT.

<WileyS> There is not a set IAB campaign duration (I sit on the IAB Ad Ops Council)

<npdoty> does it take several exceptions? even this single exception would allow identifiable data to be collected for an extended period, right?

<dsinger> particularly, if an organization claims all exceptions, they remember 'as much as before', and without specific time limits, 'for as long as before'

aleecia: We keep that in mind and need to adress this as a concern. But for the research purposes the issue is slightly different.

<justin_> If someone has opted in to research, then you can ignore my previous comments. But I don't see why it's a specific "market research" exception --- should just be a general override.

<jchester2_> So a campaign can be ongoing, a series of ever-optimized and targeted efforts.

Cathy: We need to get back to the group to understand the concerns about the wording regarding targeting etc.

<justin_> Define "not really very easy"

<ksmith> dsinger - I think thats something to consider. but data minimization would require that data from different exceptions would have to be kept separate. So, if you have frequency capping and research data, there is no additional risk to having frequency capping OR research data

<npdoty> only released as aggregated data to the researcher, right?, but stored in identifiable form by whoever collects it, yes?

<aleecia> Why would frequency capping and research data have anything to do with each other?

<ksmith> exactly my point

<tl> dsinger, I think we need to make clear that only data which is non-reversible is aggregate. The Netflix data, for instance, is not aggregate.

<WileyS> Focus on "use limiations" not on "data retention periods"

rvaneijk: I see the research exception as very different to the frequency capping. Because we talk about siloed data.

<ksmith> # of exemptions is not as important as defining the exemptions well

<dsinger> tl - yes, I agree. once it's irreversibly aggregated, it goes off our radar

<jchester2_> the ad rotation issue is connected to smart versioning and targeting of tracking ads--which is why research and frequency capping is connected in a way.

<efelten> Re aggregate data, why isn't it sufficient to have an exception for truly anonymous data? Are we considering an exception for aggregate-but-nonanonymous data?

aleecia: Add another action on Kathy to revise the wording.

<jchester2_> Can we respond to Ed's point?

<tl> dsinger, But until it is truly irreversible, you're on the hook, and it's the responsibility of the data controller to make sure that aggregation is truly irreversible.

<tl> efelten, I hope that we don't believe in such a category.

<WileyS> The problem with "irretrievably aggregated" is that researches continue to attack attemps to anonymize data. For Netflix they were only able to reverse engineer a very small # (sub 5) out of 10s of thousands. That is anonymous. If you push to 100%, you drive most (all) value out of data

<dsinger> efelten - what is "aggregate-but-nonanonymous"?

<aleecia> http://www.w3.org/2011/tracking-protection/track/issues/21

<tl> WileyS, The Netflix data was not anonymous, and they've paid a huge cash settlement because of it. When we talk about aggregate data, that's absolutely not it.

<dsinger> maybe we mean something different by aggregated; I understand that to mean "I had 2,000 visitors from california", i.e. cumulative counts that comfortably exceed 1...

Aleecia: Issue-21 on how DNT and auditing might work. Many comments that this is far too complex
... looks like we have no support for the proposal on the mailing list

<tl> WileyS, There's a lot of really valuable aggregate data. Our geo-hashed user-counts are irretrievably anonymous, but still hugely useful.

<alex> alex

Kevin: Was regarded as interesting but not part of the spec.

Alex: We are interested in a seperate standard to prove that you are not tracking.
... This could be a way to introduce the TPL. Using them for this issue.

Aleecia: I think this different from the auditing issue

<laurengelman> i think the idea to design the spec to permit auditing for compliance is a good idea

<justin_> Agree with chapell

<johnsimpson> Agree with chapell

chapell: I think this is a seperate task for Trustee and others to build something around this.

<npdoty> interest in a Community Group discussion around standards for auditing DNT?

<WileyS> "so called"?

<fielding> please see tracking status resource in http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#status-resource

jchester: We should have at least a framework for auditing and not leave this to self-regulatory certificates. I would like to work on this.

<efelten> dsinger, here's an example of aggregate but non-anonymous data: http://www.cs.utexas.edu/~shmat/shmat_oak11ymal.pdf

aleecia: Who volunteers?

<KevinT> I of course will help with any others

<chapell> I would like to provide input, but don't think I should lead (given that I'm skeptical of the concept)

<jchester2_> I want to discuss with my NGO colleagues on this tom'w, but won't know until tom'w.

<alex> I will help with proposal for Audits

<laurengelman> i will help, but cannot lead

<npdoty> interested in auditing discussion: KevinT, Chapell, Jchester2, Alex, Laurengelman

<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Jan/0266.html

<npdoty> KevinT, if it looks like this discussion is useful but not right for the scope of this group, I think we could talk about alternate venues

<aleecia> http://lists.w3.org/Archives/Public/public-tracking/2012Feb/0001.html

<tl> efelten, I have only glanced, but I am confused as to how that paper covers aggregate data?

aleecia: Issue-45 on making a public statement on DNT

<KevinT> sorry

<efelten> tl, let's take that discussion offline

<justin_> Can you describe, fielding?

<fielding> http://www.w3.org/2011/tracking-protection/drafts/tracking-dnt.html#status-resource

fielding: tracking status section that I added to the TPE spec solves this by requiring a well known resource. Action-115

<WileyS> +1 for Jonathan's approach - if TPE requires forced response, then I disagree

<WileyS> responses should be "SHOULD", not "MUST"

aleecia: regardless of the mechanism we need to align the the two specs.

<laurengelman> responses should be "MUST" , not "SHOULD" :)

<ninjamarnau_> +1 on the MUST :)

<npdoty> I think Jonathan's text is compatible with any of our conclusions on the TPE mechanism

<WileyS> Understood those that don't have to implement DNT feel strongly about a MUST :-)

<fielding> npdoty, his last sentence contradicts TPE draft

aleecia: We have been talking about first parties.

<laurengelman> :) i did get that impression

aleecia: i like to suggest that we go back to jonathan and tom's proposal.

<npdoty> fielding, I see, by being weaker than one proposal for the technical mechanism

aleecia: work out user expectations around the edges of "branding"

<fielding> WileyS, I can't see a reason why the well-known resource would be anything other than MUST

<fielding> link?

aleecia: We have a debate right now on if and how information can be shared across brands.

<aleecia> This is conceptual, would be asking Tom & Jonathan to revise

aleecia: Comments?

<WileyS> Roy - I'm leaning toward the well known location as a MUST - let me think about it a bit more

<johnsimpson> explain the concept some more, please, Aleecia

<aleecia> http://www.w3.org/TR/tracking-compliance/

<npdoty> specifically 1st/3rd party question: http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#firstThirdParties

<npdoty> sorry, rather http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#parties

aleecia: Concerns were that asking companies to understand user expectations is too complicated.

<justin_> I'm sorry, you have lost me

aleecia: Tossing that out to see reactions.

<amyc> not sure i understand this proposal

ndoty: In Brussels we were rather talking about services than brands

<justin_> How are these separate issues? If we limit a party to a common service/individual brand, then corporate ownership becomes irrelevant, yes?

<amyc> agree justin

<ksmith> I think that clarifies the issues somewhat, but I am not sure it will help us resolve the issue. I am afraid it will just move the discussion to a different issue #. But I am willing to try

ndoty: not a huge distinction there. But may make things more clear.

<WileyS> Disagree with this limitation and will force many multi-brand companies millions of dollars in either re-branding or in technical solutions to separate commonly owned data

<npdoty> WileyS, I don't think Aleecia has yet proposed a specific limitation

jchester: Support the service idea.

<WileyS> So we have the following levels: sub-domain, domain, service, brand, corp affiliation

<aleecia> We still retain the issue of discoverability v. branding v. how we do multi-brand

<aleecia> I'm suggesting we open a new issue on that

<WileyS> "easily discoverable" feels like the appropriate compromise between GLBA "Affiliate Stance" versus strict "domain" stance.

amyc: Sorry, I did not get that

<justin_> Easily discoverable is effectively the same as GLBA. Now "common branding" is a compromise!

johnsimpson: If we break it down to brands and services, we make first parties a lot smaller than they really are.

<amyc> Ninja, making point that creating sub issue of brand by brand (or service by service) not a fruitful direciton to move things forward

<WileyS> Justin, disagree, I can send you to many banking sites and I'll challenge you to figure out who the common owner is. Versus, go to ESPN and click on the Privacy link - IMMEDIATELY apparent this is a Disney company.

<amyc> support Tom's recommendation that alternative first party definition be proposed, rather than continuing to slice and dice

<justin_> Yeah, but NO ONE goes to that privacy link WileyS

aleecia: We have moved forward on the direction that we can have two or mor first parties on one site.

<jchester2_> I volunteer to work on text

<WileyS> Justin_, disagree - and absolute statements don't help advance the conversation ("NO ONE")

aleecia: And second, it is difficult for users to find out which brands belong to one "party" if they are not crossbranded

<WileyS> Can we have this be about common ownership?

<WileyS> Common ownership + easily discoverable

<justin_> WileyS, fine, 0.2%? The fact that the number is miniscule is relevant.

<WileyS> The fact the information is easily accessible to those that actually care is more relevant

<laurengelman> How does this relate to Action-99, David Singer's recent proposal?

aleecia: To answer laurengelman - this will be a competing proposal.

<npdoty> "counter-proposal and feature trade across them"

<npdoty> I like the concept of "feature trade" :)

<npdoty> scribenick: npdoty

amyc: to show external progress, might be better to have two complete proposals rather than subdividing

<jchester2_> I think your suggestion is good one

<justin_> WileyS, the point of DNT is to offer an easy way to stop cross-site tracking. If there's going to cross-site tracking that happens despite the instruction, that should be obvious, I shouldn't have to look at each site's privacy policy to see where my data might go.

tl: there are some that would like your class of proposals, and I would like to see text

<jchester2_> can you summarize their proposal again?

<rvaneijk> WileyS, DNT is to offer a granular dialogue under the hood of the browser. Visiting a pricacy policy is orthogonal to that.

<jchester2_> I volunteer to draft a response

aleecia: for proposal from tom and jonathan around user expectations for brands owned by a company. does someone volunteer to draft a response?

<laurengelman> i will help jeff

<jchester2_> I need to review Jonathan and Tom's proposal, to see where I agree and need to clarify--based on my interests

<fielding> To be clear, I think the cross-site (or cross-service) discussion applies to all of this text, not just the branding question.

<scribe> ACTION: chester to draft a response to 1st/3rd proposal (with Lauren) [recorded in http://www.w3.org/2012/02/15-dnt-minutes.html#action01]

<trackbot> Created ACTION-123 - Draft a response to 1st/3rd proposal (with Lauren) [on Jeffrey Chester - due 2012-02-22].

<WileyS> justin_, I disagree as user education will still need to surround DNT at launch to cover SCOPE OF APPLICATION (exceptions, site-specific exceptions, and common ownership/branding, etc.). If users care, they can easily find the information. Forcing more "junk" on pages to cover off for the very few users who care doesn't feel proportionate to the problem attempting to be solved.

<scribe> ACTION: colando to draft an alternate 1st/3rd proposal (with Shane and Ted) [recorded in http://www.w3.org/2012/02/15-dnt-minutes.html#action02]

<trackbot> Created ACTION-124 - Draft an alternate 1st/3rd proposal (with Shane and Ted) [on Amy Colando - due 2012-02-22].

<jchester2_> Each service has different A/B testing, landing page optimization approaches, etc. Users don't know this

<WileyS> Those are typically 1st party Jeff

<jchester2_> That's why we need to define servive versus brand, etc.

aleecia: adjourned for this week

trackbot, end meeting

Summary of Action Items

[NEW] ACTION: chester to draft a response to 1st/3rd proposal (with Lauren) [recorded in http://www.w3.org/2012/02/15-dnt-minutes.html#action01]
[NEW] ACTION: colando to draft an alternate 1st/3rd proposal (with Shane and Ted) [recorded in http://www.w3.org/2012/02/15-dnt-minutes.html#action02]
[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.135 (CVS log)
$Date: 2012/04/30 04:59:30 $