IRC log of dnt on 2012-04-11

Timestamps are in UTC.

00:25:31 [Zakim]
Zakim has left #dnt
01:59:44 [tl]
tl has joined #dnt
02:13:39 [schunter]
schunter has joined #dnt
02:18:20 [dsinger]
dsinger has joined #dnt
02:21:32 [hwest]
hwest has joined #dnt
02:31:36 [KevinT]
KevinT has joined #dnt
02:43:39 [tlr]
tlr has joined #dnt
04:40:04 [npdoty]
npdoty has joined #dnt
04:40:19 [npdoty]
rrsagent, make logs public
04:40:36 [npdoty]
Meeting: Tracking Protection Working Group DC face-to-face
04:40:49 [npdoty]
Chair: Aleecia and Matthias
04:40:54 [npdoty]
rrsagent, draft minutes
04:40:54 [RRSAgent]
I have made the request to generate npdoty
06:49:01 [mischat]
mischat has joined #dnt
07:47:20 [dsinger_]
dsinger_ has joined #dnt
07:47:21 [schunter1]
schunter1 has joined #dnt
08:30:10 [mischat]
mischat has joined #dnt
08:30:40 [mischat]
mischat has joined #dnt
08:48:59 [schunter]
schunter has joined #dnt
08:56:18 [schunter]
schunter has joined #dnt
09:11:38 [schunter]
schunter has joined #dnt
09:18:15 [schunter1]
schunter1 has joined #dnt
09:27:41 [mischat]
mischat has joined #dnt
09:36:08 [schunter]
schunter has joined #dnt
09:59:43 [schunter]
schunter has joined #dnt
10:13:38 [schunter]
schunter has joined #dnt
10:25:46 [schunter]
schunter has joined #dnt
10:38:46 [mischat]
mischat has joined #dnt
10:47:49 [mischat]
mischat has joined #dnt
10:55:55 [schunter]
schunter has joined #dnt
11:04:49 [mischat_]
mischat_ has joined #dnt
11:05:17 [tl]
tl has joined #dnt
11:13:45 [mischat]
mischat has joined #dnt
11:21:41 [schunter]
schunter has joined #dnt
11:22:09 [tl]
tl has joined #dnt
11:22:48 [mischat]
mischat has joined #dnt
11:28:54 [schunter1]
schunter1 has joined #dnt
11:32:36 [schunter]
schunter has joined #dnt
11:35:29 [tl]
tl has joined #dnt
11:52:04 [tl]
tl has joined #dnt
12:15:12 [hwest]
hwest has joined #dnt
12:17:50 [mischat]
mischat has joined #dnt
12:34:53 [mischat]
mischat has joined #dnt
12:52:13 [tl]
tl has joined #dnt
12:53:55 [dsinger]
dsinger has joined #dnt
12:58:16 [hwest]
hwest has joined #dnt
12:58:30 [tedleung]
tedleung has joined #dnt
12:58:57 [robsherman]
robsherman has joined #dnt
12:59:48 [hwest_]
hwest_ has joined #dnt
12:59:49 [amyc]
amyc has joined #dnt
13:00:44 [KevinT]
KevinT has joined #dnt
13:06:08 [schunter]
schunter has joined #dnt
13:08:09 [robsherman]
robsherman has joined #dnt
13:08:21 [chapell]
chapell has joined #dnt
13:08:34 [schunter]
schunter has joined #dnt
13:10:05 [tl]
tl has joined #dnt
13:10:22 [sidstamm]
sidstamm has joined #dnt
13:10:37 [tl]
13:11:35 [jchester2]
jchester2 has joined #dnt
13:12:07 [schunter1]
schunter1 has joined #dnt
13:12:10 [jmayer]
jmayer has joined #dnt
13:16:18 [vincent_]
vincent_ has joined #dnt
13:17:28 [djm]
djm has joined #dnt
13:17:36 [npdoty]
npdoty has joined #dnt
13:17:50 [dsinger]
dsinger has joined #dnt
13:18:04 [jmayer]
jmayer has joined #dnt
13:20:02 [rvaneijk]
rvaneijk has joined #dnt
13:20:42 [hwest]
hwest has joined #dnt
13:20:47 [vinay]
vinay has joined #dnt
13:21:18 [robsherman]
robsherman has joined #dnt
13:21:33 [Joanne]
Joanne has joined #DNT
13:21:34 [ninja]
ninja has joined #dnt
13:22:04 [hwest_]
hwest_ has joined #dnt
13:22:59 [justin]
justin has joined #dnt
13:23:13 [fielding]
fielding has joined #dnt
13:23:27 [ifette]
ifette has joined #dnt
13:23:48 [bryan]
bryan has joined #dnt
13:23:50 [schunter]
schunter has joined #dnt
13:23:51 [aleecia]
aleecia has joined #dnt
13:24:04 [efelten]
efelten has joined #dnt
13:24:09 [bryan]
present+ Bryan_Sullivan
13:24:10 [ifette]
Brill: key is choice
13:24:19 [ifette]
... doesn't hinge on a long privacy policy
13:24:37 [ifette]
... DNT should be a simple, elegant form of choice for users
13:24:37 [npdoty]
npdoty has joined #dnt
13:24:40 [jchester2]
jchester2 has joined #dnt
13:24:43 [ifette]
... understandable and consistent choices for consumers
13:24:51 [npdoty_]
npdoty_ has joined #dnt
13:25:04 [rigo]
rigo has joined #dnt
13:25:05 [ac]
ac has joined #dnt
13:25:21 [Zakim]
Zakim has joined #dnt
13:25:23 [haakonfb]
haakonfb has joined #dnt
13:25:31 [Lia]
Lia has joined #dnt
13:25:33 [ifette_]
ifette_ has joined #dnt
13:25:37 [tlr]
tlr has joined #dnt
13:25:38 [ifette_]
... good progress, worth reviewing how far we've come to put issues in perspective.
13:25:58 [ifette_]
... browsers developed that permitted consumers to tell websites not to track their activities across websites
13:26:05 [ifette_]
... yahoo announced it would roll out a DNT mechanism across its platforms
13:26:11 [ifette_]
... challenges are greater in mobile space
13:26:23 [ifette_]
ScribeNick: ifette_
13:26:35 [ifette_]
Brill: Mozilla has also released a mobile browser with DNT support
13:26:39 [ifette_]
... DAA has more fully developed its aboutads program
13:26:48 [amyc]
amyc has joined #dnt
13:26:57 [ifette_]
... had event in Feburary at White House, committed to honor choices consumers make through settings on their web browsers
13:27:13 [hwest_]
hwest_ has joined #dnt
13:27:15 [JC]
JC has joined #DNT
13:27:17 [ifette_]
... support collaboration between browser + icon based systems
13:27:24 [ifette_]
... welcome DAA's commitment to honor browser based solutions
13:27:29 [ifette_]
... great progress at W3C as well
13:27:39 [ifette_]
... stakeholder participation from many sectors
13:27:42 [tl]
tl has joined #dnt
13:28:10 [ifette]
... Dec 2010, first call for DNT from FTC, had vision of successful DNT mechanism
13:28:23 [WileyS]
WileyS has joined #DNT
13:28:25 [ifette]
... works on all sites, easy to use and understand for consumers, would have staying power even if browsers updated / cookies deleted
13:28:40 [ifette]
... meaningful (if companies don't honor choices they tell consumers they can make, would be consequences)
13:28:56 [ifette]
... and mechanism for consumers to affect how much data is gathered about them, not just targeting
13:29:08 [johnsimpson]
johnsimpson has joined #dnt
13:29:11 [ifette]
... vision has become a reality including w.r.t. collection and use of consumer data
13:29:23 [ifette]
... concern around employment, healthcare, insurance eligibility etc
13:29:25 [tlr_]
tlr_ has joined #dnt
13:29:31 [hwest__]
hwest__ has joined #dnt
13:29:39 [ifette]
... DAA committed to preventing these precise forms of collection and use in conjunction with its aboutads program
13:29:46 [ifette]
... eagerly await full implementation of DAA commitment
13:29:55 [ifette]
... demonstrates DAA and others have embraced collection minimization
13:30:13 [ifette]
... understand group has reviewed several proposals with key issues outstanding
13:30:21 [ifette]
... commission addressed 1st/3rd party to an extent
13:30:39 [ifette]
... indicated that as far as affiliates are concerned, consumer choice mechanism necessary unless it's clear to consumers. (quoting from pp42)
13:30:46 [ifette]
... common branding as one way
13:30:55 [alex_]
alex_ has joined #dnt
13:30:57 [ifette]
... negotiation, compromise
13:31:07 [ifette]
... looking for outcome that the broadest set of stakeholders can live with
13:31:10 [ifette]
... hard and important issues remaining
13:31:21 [ifette]
... hope that people will be guided by principles laid out in FTC's final report
13:31:44 [ifette]
... if successful, will help secure better online environment with meaningful lasting benefits
13:31:47 [ifette]
... happy to take questions
13:32:05 [ifette]
Roy: Notice you don't define collection
13:32:08 [ifette]
... have any thoughts?
13:32:19 [johnsimpson]
testing network
13:32:32 [ifette]
Brill: there is no definition of collection (in ftc report). We refer to it in many areas
13:32:37 [ifette]
... de-identification carveout
13:32:43 [KevinT1]
KevinT1 has joined #dnt
13:33:05 [ifette]
... element of collection subsumed in that concept
13:33:14 [ifette]
... as well as data minimization that focuses on collection issue
13:33:23 [ifette]
... are you asking how long retaining info becomes "collection"
13:33:30 [ifette]
Roy: Currently have "receiving" is collection
13:33:36 [ifette]
... but believe intent of FTC is retaining is collection
13:33:43 [ifette]
Brill: interesting issue, not sure i want to step into that debate
13:33:59 [ifette]
... one thing to receive and do nothing, can also pass through and be a conduit in which case there is an element of collection
13:34:01 [npdoty]
13:34:02 [ifette]
... can see all sorts of examples
13:34:23 [ifette]
... if you receive it and it immediately disappears, it's done away with, that's one thing, vs receiving and passing on, a number of scenarios...
13:34:55 [tl]
Brill: Nice try though. Anyone else what to see what you can snare me with?
13:35:09 [ifette]
Brian (ATT): Looking at commonly accepted practices, there seems to be a general understanding that there's a set of things we all recognize, but there's explicit language in the report that those things may change, aspects of context that need to be taken into account
13:35:17 [npdoty]
13:35:20 [ifette]
.... how do we deal with complexities, business models, broad overlapping categories
13:35:27 [ifette]
Brill: Asking $64,000 question
13:35:36 [ifette]
Brill: let me lay out some thoughts
13:35:48 [ifette]
... true that we started with concept of commonly accepted practices (5 in report)
13:35:55 [ifette]
... fraud prevention etc
13:36:11 [ifette]
... we got a lot of comments in this area
13:36:22 [ifette]
... final report notes difficulties in trying to lay out specific examples
13:36:26 [ifette]
... under/overconclusive
13:36:28 [ifette]
ScribeNick: ifette
13:36:37 [ifette]
Brill: May not take into account innovation, use of info
13:36:41 [ifette]
... may be under-inclusive as wel
13:36:48 [ifette]
... so changed to the 'context of the transaction'
13:36:54 [ifette]
... your question is getting to permitted uses exception
13:37:04 [ifette]
... think you can look at context of transaction and answer 1st/3rd party issues as well
13:37:16 [ifette]
... believe there should be a signal to consumer if there's a first party relation (page42)
13:37:23 [ifette]
... eg branding is a context of the transaction
13:37:30 [ifette]
... other exceptions, would say it's not easy
13:37:49 [ifette]
... we did suggest is that the list FTC set out is a good starting list
13:37:58 [ifette]
... (the 5 examples in the report)
13:38:34 [ifette]
... will be sitting here a while longer
13:38:58 [ifette]
Jeff Chester: is it fair to see FTC looks forward to resolution at W3C where multi-stakeholder process agrees on meaningful standard for DNT? is this important?
13:39:08 [ifette]
Brill: Absolutely. One of three major industry processes underway
13:39:26 [ifette]
... would be terrific if you can come up with a solution. don't want to dictate what that solution is.
13:39:27 [npdoty]
"we call it industry, but really this is broader"
13:39:31 [ifette]
... very supportive of this process
13:39:44 [ifette]
John Simpson: Can you speak more to affiliates and user expectations
13:39:57 [ifette]
... mentioned branding, are there other ways to know something is an affiliate that is in line with user expectations?
13:40:19 [ifette]
Brill: We do talk about common branding as one signal
13:40:31 [ifette]
... reason why I went to law school and not advertising. I'm not the most creative person
13:40:50 [ifette]
... I feel there's ways to communicate clearly to consumers that wouldn't necessarily involve common branding to consumers
13:41:04 [ifette]
... looking for a clear upfront signal to consumers, not something buried in a policy
13:41:17 [ifette]
... clear and immediate communication to consumers, not buried information, in terms of what it would take to give appropriate signal to consumers
13:41:25 [ifette]
... answering by saying what it isn't, not what it is
13:41:36 [ifette]
... think that's the only fair reading of what the report says
13:41:54 [ifette]
... happy to chat, but we are trying to get clear immediate info flowing to consumers, not buried in privacy policies
13:42:20 [ifette]
Jonathan Mayer: Chairman L. suggested if there weren't an effective DNT mechanism developed, he would consider calling for DNT legislation. Would you join in that call?
13:42:30 [ifette]
Brill: In other words, if there is not a clear solution he would call for legislation?
13:42:32 [ifette]
JM: yess
13:42:36 [ifette]
Brill: Yes, I do agree
13:42:53 [ifette]
... but i want to add that he said (the chairman) he thinks we're very close and will get there by EOY and I agree with that as well
13:43:14 [ifette]
... I think we will get there, I've outlined things I still want to see, I think this process is important, but will join him in that call if this isn't successful at the end of the day
13:43:31 [ifette]
JC: Can you give us update on work with EU on consolidating DNT? They have their idea of DNT as well, want to make sure we don't ahve two different standards
13:43:33 [ifette]
Brill: Makes sense
13:43:51 [ifette]
... whatever is developed here, and the DAA program, all of it should be something that works elsewhere if posible
13:43:57 [ifette]
... have had lots of conversations with EU friends, some are here
13:44:12 [ifette]
... think there is optimism in Europe not only on possibility of legislation
13:44:30 [ifette]
... but also folks wanting to see if this process will work and provide answers to concerns europeans have
13:44:45 [ifette]
... haven't gotten into 1:1 discussion with counterparts on particulars of DNT and if it needs to go one way or another on issues
13:45:01 [ifette]
... sense is that they are optimistic about DNT generally providing some solutions for the issues they're looking at
13:45:19 [ifette]
Rigo: When we talk about the EU context, will consent enable the industry to do things they could not cleanly do
13:45:41 [ifette]
... if we create a consent mechanism, can the FTC envision that a company who will use DNT as a consent mechanism, can the FTC envison a company would get an advantage out of it?
13:45:59 [ifette]
Brill: If company embraces DNT, hopeful there will be competition on privacy
13:46:02 [ifette]
... seeing examples of this
13:46:28 [ifette]
... believe companies that advertise how protective they are of customer data, respect customers, ... - believe these companies will have a huge advantage in the marketplace
13:46:54 [ifette]
... for companies here that develop a program that they then embrace, you should tout that where you can and engage in competition based on privacy as well. this is where i see the primary benefit
13:47:07 [ifette]
... wraps up
13:47:33 [ifette]
... thanks
13:48:20 [rigo]
ifette++ for good minuting
13:48:22 [JC]
13:48:47 [npdoty]
scribenick: JC
13:49:42 [JC]
Aleecia: Will start with text that Bryan sent yesterdar
13:49:48 [ifette_]
ifette_ has joined #dnt
13:50:08 [JC]
Bryan: My email summarizes what I stated yesterday round our group's focus
13:50:11 [asoltani]
<rigo> ifette++ for good minuting - +1
13:50:19 [JC]
I don't think W3C will be succcesful i short term
13:50:22 [npdoty]
Topic: Big Issues
13:50:53 [JC]
... user intent and server response
13:51:04 [tl]
13:51:06 [JC]
... TPE should clarify what we are doing here
13:51:14 [JC]
... what is signal conveying from user
13:51:24 [JC]
... what is policy that the site complies with
13:51:42 [JC]
... comply with what they say they will do
13:51:48 [jmayer]
13:52:00 [JC]
... we should do son in normative set of best practices
13:52:18 [JC]
... don't want to slow down work on tracking preferences
13:52:19 [hwest]
hwest has joined #dnt
13:52:47 [JC]
... policy-focused work, W3C works best when focusing formats and technical specs
13:53:22 [hwest_]
hwest_ has joined #dnt
13:53:24 [JC]
... we hope community group progess will shed important light on user needs
13:53:26 [jmayer]
What a wonderful delivered address!
13:54:06 [tl]
I too find these prepared remarks both useful and on-topic.
13:54:10 [npdoty]
bryan, would you care to send that text via email?
13:54:11 [JC]
... we should not replicate community group process within the W3C
13:54:21 [npdoty]
13:54:23 [JC]
Aleecia: We is AT&T
13:54:39 [JC]
... looking for how much support there is for proposal
13:54:58 [npdoty]
q- tl
13:54:58 [JC]
rigo: would be helpful to send text to email DL
13:55:03 [bryan]
Here are my comments in the meeting: The history of policy-focused work in W3C has demonstrated to us that W3C works most effectively when it focuses on protocols (including APIs), data formats, and related User Agent requirements. In areas of policy expression and compliance, it has been less successful, due to the complexities of representing policy choices for users through browser UI, combined with the unfamiliarity of W3C with dealing with the rapidly evolvin
13:55:04 [npdoty]
q- jmayer
13:55:08 [tl]
13:55:09 [JC]
Jonathan: lets try a hum
13:55:21 [bryan]
service architectures, and the roles of various market stakeholders. We hope that the introduction of the Community Group process will help W3C gain a broader and deeper perspective on the Web-enabled services marketplace. But in the short term, which is the most important term for DNT, we believe that in order to make a fast, positive influence on user privacy on the Internet, the W3C should focus on what it does best by focusing on the expression of user intent
13:55:22 [JC]
Mike: I want to understand process
13:55:34 [JC]
... do you want to decouple TPE from compliance document?
13:55:37 [bryan]
It should tackle the more complex issues of policy and compliance through the community group process and collaboration with existing compliance forums, while the market gains experience with the DNT standard. If those compliance forums need to step up their game to address market-specific requirements, that I believe is possible, but it is not necessary or helpful to replicate or supplant that existing process of market-based self-regulation with a one-size-fits-
13:55:40 [jmayer]
13:55:49 [JC]
... any other ideas about where you may go in reagards to permitted uses
13:56:08 [JC]
Bryan: We made early attempts to bring in policy expresions.
13:56:17 [JC]
.. we should revisit that
13:56:48 [JC]
... the W3C could revisit the policy expression
13:56:52 [jmayer]
13:56:57 [dstark]
dstark has joined #dnt
13:57:09 [JC]
Aleecia: going to hum. do we want to spend more time to discuss Bryan's proposal
13:57:13 [bryan]
through W3C.
13:57:34 [JC]
... hum if we should not discuss policy
13:57:49 [JC]
... basically a split in the hum feedback
13:58:01 [npdoty]
Aleecia: suggest we take time on a conference call to discuss this further
13:58:02 [JC]
... we will continue the discussion during a future call
13:58:12 [JC]
... let's pickup where we were yesterday
13:58:27 [JC]
... we have tom
13:58:37 [JC]
tom: Procedural question
13:59:01 [JC]
... in the past there have been items where the group has been split and we haven't discussed them
13:59:07 [JC]
... I don't think we should discuss it
13:59:14 [JC]
Aleecia: noted
13:59:32 [JC]
... let's see what Bryan proposes
13:59:51 [JC]
... whe have an idea of what he is not happy with, but now what he suggests instead
13:59:59 [tl]
s/"... I don't think we should discuss it"/"... I don't think we should continue this procedural question now, but I wanted to raise it"
14:00:04 [JC]
... yesterday we looked at proposals from Jonathan and Shane
14:00:16 [johnsimpson]
14:00:16 [JC]
... discussion around permitted business uses
14:00:26 [jmayer]
Shame on the industry participants. You're not getting your way on substance, so months in you're trying to bail on the process.
14:00:30 [JC]
... Jonathan etc had a proposal for unlinkable data
14:00:48 [KevinT1]
KevinT1 has left #dnt
14:00:55 [KevinT1]
KevinT1 has joined #dnt
14:00:56 [JC]
... Shane says it is unlinkable if it goes through a de-id process
14:00:58 [jmayer]
Once again, if users were in the room, they'd be disgusted.
14:01:16 [JC]
... Jonatha indicates business uses are okay if data is unlinkable
14:01:40 [JC]
... shanke groups suggested that there be a stated policy of what a company is doing
14:02:03 [JC]
... lets look at details of proposals
14:02:04 [johnsimpson]
johnsimpson has left #dnt
14:02:20 [JC]
... are there questions for authers on this. Where do we stand and why
14:02:34 [JC]
... after we talk we will go in different direction
14:02:49 [johnsimpson]
johnsimpson has joined #dnt
14:02:54 [JC]
Rob: What to state why unliknkability is important
14:03:20 [JC]
... data which you are processing would not be personal data and therefore there are no restrictions
14:03:41 [JC]
... you always have to comply with the directive for personal data
14:03:47 [JC]
... take privacy safeguards
14:03:56 [JC]
... it is well worth spending time on that
14:04:17 [JC]
Shane: there have been several conversation
14:04:17 [ninja]
we definitly need to find a different wording from "unlinkable"
14:04:35 [JC]
... once data is unlinkable that data should be outside the scope of DNT
14:04:47 [JC]
... can we make that statement in one place in the document
14:05:01 [JC]
... then we can look at data minimization standards
14:05:02 [bryan]
14:05:21 [JC]
Jonathan: Don't say that unlinkable data is not in scope
14:05:38 [JC]
Rigo: If we say unlinkalbe, unlinkable between what and what
14:05:52 [JC]
... link between me and dossier
14:05:54 [pde]
ninja, why are you unhappy with "unlinkable"?
14:06:04 [JC]
... unlinkable is not connection between me and dossier
14:06:16 [djm]
djm has joined #dnt
14:06:26 [JC]
... going back into such a discussion with our time constraint is a rat hole
14:06:52 [JC]
... if we have sufficient requirements where we clearly can state that you have unlinked data then you can do whatever
14:07:02 [amyc]
14:07:11 [JC]
... I don't want to say that because it is unlinable that it is out of scope
14:07:26 [JC]
... but it does give us a threshold
14:07:27 [amyc]
14:08:00 [JC]
Aleecia: I think what he means that if we we define unlinakble then we can use data in any way we want.
14:08:08 [JC]
... It is the same in the EU
14:08:08 [npdoty]
"everybody's happy"
14:08:14 [JC]
... I htink we all agree
14:08:21 [ninja]
pde, "unlinkable" is a term which is already used in area of privacy research and upcoming ISO standards - in a different way. Unlinkability is in the area of pseudonymity - not anonymity. But we (the working group) is talking about anonymity here.
14:08:33 [JC]
... we still have the task to describe unlinable data
14:08:50 [JC]
... Shane and Peter will work on text
14:09:14 [JC]
David: can we say what we are worried about and skip the things we are not worried about
14:09:15 [npdoty]
ninja and pde, FTC has used the term "reasonably linked to a specific consumer, computer, or other device"
14:09:17 [vincent_]
ninja, I don't think we're just speaking about anonymity here
14:09:18 [pde]
ninja, you mean the literature uses it to mean "unlinkable" between a read world identity and the pseudonym's actions
14:09:18 [pde]
14:09:31 [JC]
Rigo: i want unlinkable to be non-exclusive
14:09:55 [npdoty]
14:09:57 [JC]
... we can state unlinkable, but we cannot say that you have to do specific things
14:10:03 [amyc]
14:10:04 [npdoty]
ack bryan
14:10:21 [JC]
Bryan: will you provide a specification for unlinkable and who will be responsible for compliance?
14:10:28 [pde]
npdoty, and I would note that if you can link all of a device's data points together, then implicitly you have linked them to a particular device (not sure if "particular device" is exactly the same as a "specific device"
14:10:30 [rigo]
Bryan, I think that's Specification maintenance
14:10:34 [pde]
14:10:38 [JC]
Aleecia: lets wait until we have text before we discuss this
14:10:47 [vincent_]
npdoty, so FTC defines unlinkability in the context of anonymity?
14:10:53 [JC]
Jonathan: the DAA already has text on this
14:10:54 [npdoty]
14:10:54 [trackbot]
ACTION-160 -- Peter Eckersley to work with Shane on common ground on unlinkability normative/non-normative text -- due 2012-04-24 -- OPEN
14:10:54 [trackbot]
14:10:59 [ninja]
pde, yes and linkage between several different pseudonyms, or segregated pieces of data.
14:11:01 [amyc]
14:11:22 [JC]
Aleecia: Lets take out unlinkable data for a moment
14:11:25 [pde]
ninja, this sounds like a good topic to discuss over coffee
14:11:27 [ninja]
I won't argue about wording as long as we find a clear definition of what we are talking about
14:11:48 [JC]
.,.. jonathan states that protocal info is okay for short-term use
14:12:19 [JC]
... Shane states its okay of reasonable data minimization efforts are made
14:12:40 [JC]
Ian: it sounds like everyone is okay with short-term protocal data use
14:12:48 [JC]
Aleecia: anyone disagree
14:13:11 [JC]
Ian: need to define short-term and what data can be collected afterwards
14:13:33 [npdoty]
there is apparent agreement in the room on that point
14:13:55 [JC]
Amy: logs are okay to collect for anyt purpose as long and retention is foloowed?
14:14:18 [JC]
Jonathan: we talked about sensitive use, but decided not to define that
14:14:33 [JC]
Aleecia: what is reasonable retention period
14:14:56 [JC]
Jonathan: That is for protocal data. Fon non-protocal there is a lot to talk about
14:15:06 [JC]
Rigo: We need a use limitation on the data
14:15:21 [JC]
... this is in the TPE where we have lots of disputes
14:15:28 [pde]
14:15:36 [enewland]
enewland has joined #dnt
14:15:52 [JC]
Aleecia: lets take market research off the table for now
14:16:16 [JC]
David: for transaction data we know what is needed
14:16:32 [JC]
... for other data it is difficult to get a handle on minimization and retention
14:17:10 [JC]
Aleecia: lets look at data minimization for protocal data
14:17:15 [npdoty]
q+ marc
14:17:16 [WileyS]
14:17:17 [npdoty]
14:17:26 [npdoty]
ack pde
14:17:34 [JC]
Peter: thoughts on data minimization
14:17:48 [JC]
... different retention periods for general use like two weeks
14:17:56 [JC]
... security and fraud a longer period
14:18:07 [JC]
... perhaps auditing in the same bucket
14:18:44 [JC]
... there is a subtle difference between types of protocol data and the full list of data that you can get from logs
14:18:58 [JC]
... I would like to define a standard set of protocol data
14:19:00 [bryan]
14:19:00 [npdoty]
q+ bryan
14:19:06 [npdoty]
ack marc
14:19:12 [JC]
... Marc: thrishold question
14:19:23 [JC]
... what is protocal and non-protocol data?
14:19:36 [npdoty]
14:19:37 [jmayer]
14:19:45 [tlr]
14:19:49 [JC]
Aleecia: lets use flip chart to write text
14:19:52 [rigo]
ack WileyS
14:20:15 [JC]
Shane: I beleive delta between protocol and non-protocol data is log data and cookie data
14:20:42 [JC]
Jonathan: nonprotocal, any cookie or data replayed from client
14:20:47 [JC]
... data solicited from client
14:21:03 [rigo]
JM: any cookie, information service sollicits from a UA (fingerprinting & API call)
14:21:14 [JC]
... moment an API call is made or data is stored it is not protocol data
14:21:23 [rigo]
WileyS: agrees
14:21:46 [rvaneijk]
14:21:50 [JC]
Shane: arbitrary timeframes are difficult to describe
14:22:09 [JC]
... there are many global companies and we do not understand all of their business models
14:22:22 [JC]
... lets stay away from arbitrary timeframes
14:22:34 [bryan]
14:22:52 [JC]
Aleecia: protocol information is what hits your Apache log
14:22:53 [amyc]
14:22:56 [rigo]
q+ to actually say that shorter periods will always comply, but what is the strict limit we want to set?
14:23:03 [JC]
Ian: then that would include cookies
14:23:10 [JC]
Aleecia: true
14:23:18 [npdoty]
14:23:38 [npdoty]
ack bryan
14:23:39 [JC]
Peter: one option is use a rule that can apply to a third party then we can include cookies as well
14:23:45 [WileyS]
Rigo - no strict limits - force companies to disclose and defend their data retention periods
14:24:09 [JC]
Bryan: standard protocal information received by a third party can be obtained?
14:24:32 [JC]
... custom headers are used by many systems and sticking to a standard header can break things
14:24:34 [npdoty]
WileyS, I think the suggestion is that in addition to the discussion of minimization of long-term business practices, there would also be a blanket exception for short-term retention
14:24:35 [dsinger]
seems like there may be a major difference between data you are 'exposed to' (stuff sent in headers, for the most part) and stuff that you take explicit measures to 'collect' (e.g. a fingerprint, data from other sources about the user)?
14:24:43 [rigo]
WileyS is a year too long, too short as the absolute limit? 10 years? What is our absolute limit?
14:24:58 [JC]
Aleecia: there are interesting business models over what is placed in a header
14:24:59 [npdoty]
ack jmayer
14:25:00 [dsinger]
14:25:08 [npdoty]
ack rvaneijk
14:25:11 [dsinger]
14:25:13 [ifette]
14:25:14 [johnsimpson]
14:25:16 [tl]
14:25:27 [JC]
Rob: in NL telecom operators are injecting data into fields
14:25:41 [npdoty]
ack amyc
14:25:47 [JC]
... those identifiers could be used as cookies, but they are extremely persisitent
14:25:56 [rigo]
there is a relation between what you retain and how long you can retain it until it stinks
14:26:11 [JC]
Amy: I think that there is room for best practices for serving ads and collecting information
14:26:13 [rigo]
14:26:32 [JC]
... we need to recognize how frequency capping and other tasks require cookies
14:26:43 [WileyS]
Rigo - I can't speak for every company in the globe - far too diverse of a continuium to set a single limit. If a company is involved in nothing other than security support of their clients (traditional 3rd party) they may have valid data retention limits that extend into years.
14:26:45 [JC]
... lets not constrain the common uses of the Internet
14:26:54 [npdoty]
ack dsinger
14:26:55 [WileyS]
Rigo - similar example for financial audit firms
14:26:58 [tl]
14:27:00 [tlr]
One question for the fingerprinting is whether protocol vs non-protocol is the right distinction. Sometimes, protocol elements can be tuned in a non-obvious way, and we'd be concerned about that. Therefore, look at whether and how the site tunes the protocol interaction.
14:27:09 [ninja]
I want to end up constraining these uses of cookies with unique identifiers
14:27:14 [JC]
David: lets look at data that is exposed to the sever and data that it collects
14:27:14 [tlr]
(e.g., eTags, last modified date and cache-control headers, ...)
14:27:28 [JC]
... associating people's name with IP addresses
14:27:37 [JC]
... certain data should not be passed with DNT
14:27:53 [JC]
... can we look at data that is received versus data that is collected
14:28:03 [rvaneijk]
just making ure that the test we are discussing does work out that custom header fields with unique identifiers are NOT standard protocol information. i.e.
14:28:04 [jmayer]
I agree with tlr, we need to be careful about etags, last modified, and other non-cookie protocol information that's set or solicited by a server.
14:28:21 [JC]
Aleecia: just because you get the data doesn't mean that you need to store it in logs
14:28:22 [npdoty]
ack ifette
14:28:38 [JC]
Ian: Aleecia mentioned that we want broad adoption
14:28:58 [JC]
... lots of servers do collection by default and changing this behavior can be difficult
14:29:06 [JC]
... removing cookies can be difficult
14:29:32 [rigo]
I think dsinger's argument was forgotten that amount of logging, retention is in function of the things you want to achieve
14:29:47 [johnsimpson]
14:29:48 [JC]
... it might be useful to say that the information you get is okay and if you keep the data for a long period of time then some must be cut out
14:30:01 [jmayer]
14:30:06 [npdoty]
all the values in cookies are logged by default? I thought access.log just had IP, UA, etc.
14:30:14 [JC]
Aleecia: it is better to remove data from logs than to modify Apache logs
14:30:35 [JC]
Ian: everyone doesn't use Apache and there are many intermediaries
14:30:47 [rvaneijk]
14:30:49 [WileyS]
14:31:00 [dsinger]
cookies only return data to you that you previously attached to the UA; the question needs to be where the data came from in the first place (e.g. from a non-DNT session)
14:31:07 [JC]
Aleecia: if you make a change for data retention vs. data that is stored should be a big difference
14:31:12 [JC]
... am i wrong
14:31:17 [JC]
Ian: i believe so
14:31:38 [JC]
shane: Yahoo represents several hundred thousand businesses that we represent
14:31:50 [JC]
... most of them have no technical staff
14:32:01 [JC]
... making those types of changes would be complex
14:32:11 [JC]
... Yahoo won't do that for them
14:32:17 [JC]
... this is a huge hurdle for them
14:32:28 [npdoty]
ack WileyS
14:32:41 [JC]
Aleecia: what is difference between changing retention time and changing what we save
14:32:49 [rigo]
I think we should define data/information controller before we continue this discussion
14:33:06 [JC]
Ian: it is easier to dump logs after two weeks vs. changing collection
14:33:08 [bryan]
My earlier point: Re the idea to limit retained protocol info to standards-based headers only (under a DNT:1 signal to 3rd parties), a note: custom headers are used by many sites/apps and devivces. For the "contextual content / ad serving" use case, dropping those headers will break a lot of deployed sites/apps. For example, an aspect of context is the user-agent/device that is making the request.
14:33:18 [bryan]
For mobile devices, it is often necessary to identify the device make/model to ensure delivery of content that is compatibile with the device, using a custom header for that purpose, as the standardized headers do not provide the necessary info.
14:33:47 [JC]
... for a lot of companies it would be more natural to do a DNT check during log processing than changing what is collected
14:33:51 [jmayer]
14:34:01 [JC]
Aleecia: I still don't see a big difference
14:34:01 [rigo]
14:34:41 [JC]
Rob: I want to add that if you want to use retention as a privacy safeguard look at what is needed for the communication
14:34:48 [npdoty]
ack rvaneijk
14:34:54 [pde]
14:35:03 [JC]
Aleecia: Is advertising a necessary part of the transaction
14:35:05 [JC]
Rob: no
14:35:19 [JC]
... i think advertising is too broad
14:35:40 [marc]
marc has joined #DNT
14:35:45 [JC]
... a lot of data is collected that is not necessary to display an ad
14:35:45 [npdoty]
Bryan, I think we're talking about the retention of protocol information, not dropping custom headers or anything like that
14:36:12 [JC]
Roy: for financial transactin all data including IP are needed.
14:36:16 [npdoty]
14:36:32 [JC]
Aleecia: Peter walk through your text
14:36:43 [npdoty]
ack pde
14:36:45 [fielding]
s/transactin/advertising accounting/
14:36:47 [JC]
Peter: I wrote what most web servers collect
14:37:40 [JC]
... IP, UA, referrer, data time stamp, URL DNT flag, etags
14:38:04 [JC]
... i wrote donw what servers collect out of the box
14:38:19 [JC]
.. Apache servers can be configured to collect more
14:38:34 [JC]
... there are other things that can be collected
14:38:51 [JC]
... there are issues such ast the order of the headers
14:39:00 [JC]
... this can permit fingerprinting
14:39:15 [JC]
... do we want to include the order of the header in the protocol
14:39:26 [JC]
... do we want to include of the TCP data
14:39:57 [JC]
Jonathan: we could draw a line that states we can collect TCP data
14:40:28 [JC]
Thomas: You are describing the protocal vs. how the data is used
14:40:32 [WileyS]
This approach is FAR too complex for us to resonably believe industry will be able to implement to this detail.
14:40:54 [jmayer]
Really? It's difficult to make a modification to HTTP logging?
14:41:16 [jmayer]
These technical challenges are an order of magnitude easier than the things the companies here accomplish on a daily basis.
14:41:37 [jmayer]
My comment earlier: we could add a line where a company abuses protocol information, like TCP fingerprinting.
14:41:42 [JC]
Roy: we are concerned about data that will lead to identifying the user
14:41:55 [JC]
Ed: unlinkablility can be useful here
14:42:07 [JC]
... if the stored data is unlinkable it is not our problem
14:42:20 [fielding]
user. user agent, or device
14:42:20 [WileyS]
Its the level of modification and the resulting downstream impacts that will be difficult to change. Obviously not difficult with someone of your skills Jonathan, but you're rare in that context. I believe it will be easier to education industry on what we're asking them to implement if we use higher order normative text and not specific header details.
14:42:28 [JC]
Aleecia: according to Jonathan there are ways to use the data for fingerprinting
14:42:41 [JC]
... as long as it is not being done we dont care
14:43:08 [johnsimpson]
johnsimpson has left #dnt
14:43:14 [JC]
Janathan: I want to clarify that as long as we are using IP unlinkability is not on the table
14:43:33 [npdoty]
14:43:49 [jmayer]
We could also add a line, as Ed just suggested, where additional protocol information is not marginally linkable.
14:43:49 [JC]
Tom: I agree that trying to narrow this too much is the wrong place to optimize.
14:43:54 [jmayer]
E.g. the Accept header.
14:44:17 [JC]
... as long as you rotate logs every 6 12 hours the way the logs are processed is important
14:44:25 [amyc]
14:44:30 [JC]
... tweaking the servers should not be important
14:44:42 [JC]
Ian: +1 to Tom.
14:44:59 [JC]
... we should focus on when we are moving the data from logs
14:45:21 [JC]
Aleecia: we have retention that shane and amy are concerned will be arbitrary
14:45:36 [JC]
... so we should take that off the table
14:45:44 [JC]
... what we do when processing is important
14:45:58 [JC]
Tom: there should be a retention policy and make it very long
14:46:06 [JC]
... two weeks should be good
14:46:19 [JC]
... otherwise the period is peculiar
14:46:32 [JC]
... even a really long time is a very short period
14:46:32 [npdoty]
tl: longer than any log rotation period
14:46:42 [JC]
Roy: I disagree
14:46:52 [JC]
... two weeks is okay for large companies
14:47:03 [rigo]
14:47:04 [amyc]
tom, are you referring to two retention periods, one for logs and one for purpose-specific processed data?
14:47:04 [JC]
... for small companies monthly is more realistic
14:47:06 [rigo]
14:47:12 [JC]
Jonathan: I agree with Roy
14:47:14 [npdoty]
Roy, are those mostly first-party servers?
14:47:23 [JC]
... I'm not sure how common that is for third parites
14:47:31 [fielding]
mostly. yes
14:47:37 [JC]
... there should be an unlinkability requrement
14:47:58 [JC]
.. as long as the analytics report is there the logs can be rotated
14:48:04 [JC]
Ian: that is not possible
14:48:09 [tl]
amyc, No.
14:48:19 [rvaneijk]
tekstproposal: a party must take reasonable technical and organizational safeguards to prevent unintential use of log data.
14:48:23 [JC]
... it is hard to say how many unique users you have over three weeks
14:48:36 [JC]
Rigo: the retention period is indefinte
14:48:57 [JC]
... so setting it to 6 weeks would be an outrageous achievment
14:49:07 [Joanne]
Joanne has joined #DNT
14:49:15 [rvaneijk]
14:49:17 [npdoty]
pde: "we're making a huge concession here"
14:49:20 [JC]
Peter: it wouldn't be impractical to modify Apache logs to say we won't keep specific data
14:49:21 [npdoty]
q- rigo
14:49:22 [rigo]
ack rigo
14:49:35 [JC]
... only for businesses with a large 3rd-party presence
14:49:46 [WileyS]
14:50:06 [JC]
... if it turns out that a two-week period is inconvenient then it okay to write a bit of code to resolve that
14:50:40 [JC]
David: it is true that the amout of work you need to do for DNT shoud be proportional to the amount of data you collect
14:50:53 [bryan]
Can Apache be easily configured to output a special log file format (or to a special log file) based upon the presence of a specific header? Can someone point to info on how this is done? I doubt how easy that would be.
14:51:01 [tl]
14:51:02 [npdoty]
singer: if you just have a web badge and don't care about tracking in any way, don't want to make that hard
14:51:03 [JC]
... small companies should not have to worry about DNT
14:51:08 [rigo]
14:51:21 [npdoty]
... grief should be proportional to the amount of effort you're putting in to tracking
14:51:21 [JC]
Thomas: there are two discussions
14:51:32 [JC]
... are we okay with data being stored
14:51:46 [JC]
... can the data not be kept for specific uses
14:51:48 [johnsimpson]
johnsimpson has joined #dnt
14:51:51 [JC]
... people say okay
14:51:58 [JC]
... where is the line
14:52:13 [JC]
... are arbitrary timelines a good idea?
14:52:16 [bryan]
David, are you saying that the Internet at large should pay the penalty (grief) for tracking by some sites?
14:52:32 [JC]
... we may need to punt on being normative on these issues
14:52:41 [npdoty]
bryan, I think that was the exact opposite of his point?
14:52:57 [ifette_]
ifette_ has joined #dnt
14:52:59 [npdoty]
q+ bryan
14:52:59 [bryan]
great, i misunderstood
14:52:59 [JC]
Rob: a party must make reasonable safeguards to prevent improper usage
14:53:04 [rvaneijk]
14:53:06 [rvaneijk]
a party must take reasonable technical and organizational safeguards to prevent unintential use of log data.
14:53:07 [npdoty]
ack rvaneijk
14:53:08 [rvaneijk]
Non normative:
14:53:09 [rvaneijk]
retention time is a safeguard
14:53:10 [npdoty]
ack WileyS
14:53:10 [JC]
shane: rob stole my thunder
14:53:11 [rvaneijk]
14:53:12 [rvaneijk]
14:53:19 [ifette__]
ifette__ has joined #dnt
14:53:33 [JC]
... we are becoming too prescriptive and focusing on wrong areas
14:53:35 [npdoty]
q+ alex_
14:53:48 [jmayer]
14:53:50 [JC]
... we should look at permitted usage, but we are focusing on collection
14:54:09 [JC]
... this conversation is not helpful to the outcome
14:54:31 [ninja]
ninja has joined #dnt
14:54:35 [JC]
... the normative language should provide options for companies
14:54:48 [JC]
Aleecia: we have not spent enough time on this area
14:55:04 [JC]
... once we figure this out we will look at text proposals
14:55:04 [ifette]
14:55:10 [rigo]
ack tl
14:55:47 [JC]
Tom: the problem with non-tracking not worrying about DNT is systems are setup to do tracking all the time
14:56:10 [npdoty]
<IIS/ISS confusion>
14:56:16 [JC]
.. there should be a way to turn off tracking that they do by default
14:56:20 [WileyS]
+1 for "a party must take reasonable technical and organizational safeguards to prevent unintential use of log data."
14:56:24 [rigo]
ack bryan
14:56:36 [JC]
Bryan: i support PbD approach
14:56:46 [JC]
... data collection is business-needs based
14:57:01 [dsinger]
14:57:12 [JC]
... we should be very careful not to interrupt work towards PbD by introucint Draconian rules
14:57:13 [johnsimpson]
14:57:13 [npdoty]
what does the room think about WileyS text: "a party must take reasonable technical and organizational safeguards to prevent unintential use of log data."?
14:57:19 [chapell]
+1 for "a party must take reasonable technical and organizational safeguards to prevent unintential use of log data."
14:57:23 [rigo]
q- alex_ later
14:57:26 [jchester2]
14:57:28 [npdoty]
ack jmayer
14:57:34 [npdoty]
q+ alex_
14:58:04 [JC]
Jonathan: without careful best practices I am not comfortable with reasonably needed statements
14:58:21 [bryan]
We have strong internal control on data use and retention that are business needs-based. This is a "Privacy by Design" approach as recommended by the FTC. We should be careful to not impact the positive efforts of companies that take such Privacy by Design steps, by imposting a draconian/inflexible set of rules on what can be logged and/or used. It is more important to promote the efforts of good players in the industry, rather than penalize them for the behavior
14:58:27 [JC]
... there can always be a reasonable explanation to keep logs for 18 months
14:58:34 [ninja]
please note that "reasonable safeguards" is interpreted as state of the art safeguards by DPAs and courts.
14:58:45 [JC]
... there should be degrees of requirements
14:58:52 [JC]
... defend degree of needs
14:59:03 [JC]
... provide total transparency
14:59:03 [rigo]
necessary is the key word that worked in the EU for years
14:59:13 [JC]
... weeks or maybe months is okay, but not 18
14:59:15 [npdoty]
ack ifette
14:59:39 [JC]
Ian: the way that a lot of large services are deployed is there are thousands of web servers doing logging
14:59:51 [JC]
... data is copied to other locations
15:00:04 [chapell]
been following via IRC - not in DC
15:00:08 [JC]
... doing minimization on these servers is a non-starter
15:00:27 [JC]
... once data is stored in a central localtions lots of decisions are made on the data
15:01:08 [JC]
... we should get to a point that we can say what we collect for a short amount of time is okay, and talk about if we persist data collected from logs what is allowed
15:01:23 [Chris]
Chris has joined #dnt
15:01:31 [JC]
David: lets look at latest questions. Only persist data to satisfy a use
15:01:53 [JC]
... you are responsible for preventing the data for unpermitted uses
15:01:55 [jmayer]
ifette, are you asking for a *specific* short-term time period where all use is allowed?
15:02:00 [JC]
... can we apply that to logs?
15:02:01 [robsherman1]
robsherman1 has joined #dnt
15:02:15 [JC]
... maybe we can use same principles to raw log data collection
15:02:25 [JC]
... justify why you kept it and for how long
15:02:38 [rigo]
15:02:46 [rvaneijk]
+1 dsinger
15:02:48 [npdoty]
ack dsinger
15:03:01 [JC]
Jeff: Great discussion
15:03:04 [WileyS]
+1 dsinger
15:03:11 [JC]
... online ad principles is data maximization
15:03:25 [npdoty]
ack jchester
15:03:31 [JC]
... this discussion is critically important
15:03:40 [npdoty]
ack alex_
15:03:46 [npdoty]
ack alex_
15:04:01 [JC]
Alex: need to change normative text to explain unintentional usage
15:04:30 [Chris]
I just want to bring the point that ALL this information (F-capping, financial logging, 3rd party auditing, contextual content, ad serving) is related to the impression delivery, which is the "currency" (it's what's paid for), THUS it all must be retained for SOX compliancy in the US (at least 7-years)
15:04:46 [justin]
Agree with jchester2 that this discussion has been very useful
15:05:21 [JC]
Aleecia: lets do ten minutes where we think lines are between data collected and usage
15:05:38 [JC]
... we are talking about log file information
15:05:54 [WileyS]
Discussion is good, prescriptive, field specific protocal collection limits are not
15:05:56 [JC]
Peter: we can look at cookies, but not high entropy cookies
15:06:23 [jmayer]
15:06:27 [JC]
... though we use same first and third-party domain name we need to mind the tracking with cookies
15:06:34 [Chris]
is there an exception proposed for legally required data retention (i.e. SOX compliancy in the US)?
15:06:36 [JC]
Aleecia: looking at FB
15:06:59 [JC]
... how do we deal with sometimes first party and other times third party?
15:07:08 [dsinger]
For the record: so basic 'rules' for processed data retention seem to be roughly (a) only for a permitted use (b) minimized to the data needed to meet that use (c) retained only until the use is satisfied/met (d) you are responsible for ensuring the data does not get used for any other use. A permitted use needs to be specific enough to enable both the minimization and retention to be definable (by a business) and justifiable; we can't have 'vague' permitted
15:07:10 [dsinger]
uses that don't enable a business to define both the data needed and the term needed. We can now apply these rules to the 'raw log retention' - you should be able to justify the data logged (minimization) and how long (until all processing needs are met), based on what processing you are going to apply to it.
15:07:15 [JC]
Peter: there needs to be different domains
15:07:15 [WileyS]
+1 on impossible migration problem
15:07:24 [ifette]
15:07:33 [ifette]
ack jmayer
15:07:39 [WileyS]
+1 DSinger's proposed text
15:07:45 [JC]
Jonathan: we are starting from the point that there is a base set of information that we get to colelct
15:08:13 [JC]
... without moving into linkable or identifiable cookies, the question is what do we get to use the data for
15:08:20 [npdoty]
ack ifette
15:08:27 [Chris]
we need to decouple retention time and permitted use
15:09:18 [justin]
dsinger, can we add (e) the retention period(s) disclosed
15:09:34 [JC]
Ian: i thought you were saying from the short term information what do I get to use not what may one do with the data during a two week period
15:09:39 [npdoty]
I thought we were talking about ifette's first part
15:09:47 [JC]
Aleecia: we should look at that after break
15:09:49 [justin]
dsinger, sorry, that got cut off: (e) the retention period(s) must be publicly disclosed (easily discoverable)
15:10:08 [rigo]
I haven't discussed the arbitrary use for 2 weeks
15:10:30 [JC]
... I was assuming that a company had two weeks to process logs, not that one could do whatever they wanted during the two weeks
15:10:45 [JC]
Tom: I do not believe that the time before logs are deleted is a free for all
15:10:46 [justin]
Even the DAA principles don't have a free-for-all period
15:10:53 [dsinger]
justin - ok, this is rough text and we should smith it
15:11:09 [JC]
... you just get two weeks for process for permitted usage
15:11:20 [rigo]
15:11:21 [JC]
Peter: it would break everything just cost more to implement
15:11:22 [rigo]
15:11:23 [jmayer]
15:11:27 [WileyS]
This is why attempting to discuss log collection in isolation is not useful. Permitted uses should apply from the moment of collection.\
15:11:44 [npdoty]
tl: not a free-for-all during the two week period, just that you don't have to process/minimize within that two week period
15:11:54 [amyc]
we should get grounded in accepted practices, there are existing materials there
15:12:09 [npdoty]
pde notes that facebook actually already uses a different domain for 1st and 3rd party content
15:12:10 [JC]
Rigo: We need to discuss market research
15:12:10 [pde]
so they can indeed blank their 3rd p cookies without blanking the 1st p ones
15:12:14 [npdoty]
ack rigo
15:12:16 [dsinger]
I don't think we need a specific interval; if someone reads in your policy "we keep raw logs for 10 years" you are on the hook to explain why - and it had better be (really) good!!
15:12:18 [JC]
... free flow is way beyond our discussion
15:12:20 [npdoty]
ack jmayer
15:12:37 [JC]
Jonathan: at the moment raw logs are touched then rules apply
15:13:04 [JC]
... for short period logs can be used for lots of stuff, maybe anything you want for a short time
15:13:57 [JC]
Aleecia: let's take a half hour break
15:14:18 [npdoty]
thanks to JC for scribing a difficult session
15:14:20 [chapell]
+1 to David - "I don't think we need a specific interval; if someone reads in your policy "we keep raw logs for 10 years" you are on the hook to explain why - and it had better be (really) good!!"
15:18:19 [Chris]
FYI: Sarbanes-Oxley requires that strict records retention policies and procedures must be in place, but it does not specify a specific data storage format. It does require corporate officers to institute internal controls on their information to ensure completeness, correctness, and quick access. One exception to the specifics: accounting firms are specifically mentioned in Sarbanes-Oxley. The act calls for accounting firms that audit publicly-traded companies to
15:18:37 [Chris]
The act calls for accounting firms that audit publicly-traded companies to keep related audit documents for no less than seven years after the completion of an audit. Violators can face fines of up to $10 million and 20 years in prison.
15:45:57 [npdoty]
15:46:02 [npdoty]
15:46:08 [npdoty]
q+ chris
15:46:30 [robsherman]
robsherman has joined #dnt
15:47:19 [chapell]
chapell has joined #dnt
15:50:44 [jchester2_]
jchester2_ has joined #dnt
15:51:42 [bilcorry]
bilcorry has joined #dnt
15:52:31 [enewland]
enewland has joined #dnt
15:52:38 [npdoty]
15:52:46 [npdoty]
15:52:53 [npdoty]
q- npdoty
15:52:55 [npdoty]
q- chris
15:53:28 [rigo]
15:53:36 [npdoty]
scribenick: rigo
15:53:46 [npdoty]
Topic: Synthesis
15:53:55 [justin]
justin has joined #dnt
15:54:32 [rigo]
Privacy changes of users and industry changes for privacy, all synthesis
15:54:37 [alex]
alex has joined #dnt
15:55:10 [rigo]
AM: what are users changes from current state to Shane's proposal
15:55:17 [npdoty]
how does privacy situation change for users who turn on DNT?
15:55:51 [amyc]
amyc has joined #dnt
15:55:53 [rigo]
SW: with DNT=1 a user profile wouldn't used to influence user interaction and also no sharing with other partners.
15:56:21 [vincent_]
vincent_ has joined #dnt
15:56:22 [rigo]
... will narrow down to uses on that interaction to keep that running
15:56:29 [ac]
ac has joined #dnt
15:57:05 [dsriedel]
dsriedel has joined #dnt
15:57:31 [npdoty]
npdoty: when we don't add data to a profile/dossier, does that mean that data isn't stored with identifiers in such a way that they can be joined into a profile? or just that they're not combined together in the same table?
15:57:31 [fielding_]
fielding_ has joined #dnt
15:58:14 [npdoty]
WileyS, as I understand your response, you're saying that it's the latter, profile/dossiers aren't created in the sense that the data isn't combined in the same data table, yeah?
15:58:19 [rigo]
JM: relevant characteristics is to avoid recording browsing history
15:58:29 [rigo]
... IP and UA are sufficient to track
15:59:17 [npdoty]
jmayer: significantly greater privacy risk to users when there's more unique IDs
15:59:29 [rigo]
... marginal difference is no unique IDs. Privacy risk if companies collect uniqueID cookies. Forms of business that can be accomplished through unlinkable data are fine
15:59:37 [rigo]
SW: what is the risk delta.
16:00:10 [rigo]
.. primary risk .. our proposal is vulnerable to governmental attack
16:00:25 [rigo]
... governmental risk should be addressed by citizens
16:00:33 [amyc]
so can collect IP address (could be unique ID) but not unique cookie identifier, right
16:00:35 [npdoty]
no meaningful security breach risk for ad networks?
16:00:39 [dsinger]
16:00:59 [rvaneijk]
16:01:02 [rigo]
PE: rogue employees. intrusions, also businesses that pretend to do DNT
16:01:14 [npdoty]
16:01:47 [amyc]
Peter argues for auditability by users via not placing cookies
16:01:59 [rvaneijk]
16:02:18 [johnsimpson]
johnsimpson has joined #dnt
16:02:34 [rigo]
PE: if there are still tracking cookies and just use limitation, than we have no way to see what they do
16:02:40 [rigo]
AM: what about fingerprinting
16:02:42 [dsinger]
16:03:00 [npdoty]
16:03:29 [npdoty]
ack rvaneijk
16:03:39 [rigo]
Rob: compliance delta on the table. In favor of Peters suggestion. Have to see which version of DNT will fly, Tom's version is much more likely to compliant
16:03:43 [tl]
16:03:56 [rigo]
Roy: implemented version of DNt is what counts
16:04:18 [rigo]
... we will never reach consensus on ID setting as you need it for fraud control
16:04:35 [rigo]
AM: marginal changes on implementation
16:04:49 [rigo]
... what would take to implement that
16:04:49 [dsinger]
16:05:18 [rigo]
JM: focusing on cookies? or protocol info too?
16:05:55 [rigo]
... knock off uniqueID cookies...
16:06:05 [rigo]
discussion between TL and JM
16:06:27 [npdoty]
aleecia: for the eff/jmayer/moz proposal, what would it take to implement?
16:06:28 [rigo]
MarcG: some things opposed and some things similar
16:06:50 [rigo]
... talking about risks is the creation of a profile.
16:07:17 [rigo]
.. taking information out of logs and put it into profile ceases to happen.
16:07:28 [rigo]
... that's what we try to achieve
16:07:53 [npdoty]
what do we mean by "creation of a profile"? again, does that mean that there's still a unique ID that combines all of that data?
16:08:25 [rigo]
PE: only way to achieve that I can years later I can query to find out than we are on the same page
16:08:43 [rigo]
if it is just about not targetting in ads, than we are far from each other
16:08:44 [dsinger]
16:08:45 [npdoty]
pde: if you can query that data years later and combine them and that's a profile, then we agree
16:09:29 [rigo]
TL: implementation is simple: don't share information with others of information that you get from users on your site, aggregate all within two weeks and you're done
16:10:00 [schunter]
schunter has joined #dnt
16:10:33 [rigo]
JM: just stop doing most of the things you do. ...
16:10:35 [rigo]
16:10:43 [tl]
s/"aggregate all"/"aggregate all logs from your third party objects"
16:10:51 [dsinger]
16:11:49 [rigo]
JM: get rid of uniqueID if you receive of opt out. allready 50% of companies do that
16:12:02 [npdoty]
jmayer: for simpler cases (hosting a badge, say), you could just change logging or remove cookies
16:12:10 [dsinger]
16:12:14 [rigo]
... second step is what to do with protocol information
16:12:35 [amyc]
16:12:45 [npdoty]
q- tl
16:13:02 [rigo]
... there may be areas where it needs re-engineering, e.g. IP based frequencey capping, unlinkable data exception..
16:13:19 [rigo]
... some loss in functionality, but can get that back by re-engineering
16:13:51 [dsinger]
q+ to give a point of view on what cookies are
16:13:54 [rigo]
... e.g. those being dependend on uniqueID cookies
16:14:22 [Chris]
16:14:25 [bryan]
"reinggeneering" is a very broad/fuzzy impact.
16:14:45 [npdoty]
16:14:56 [dsinger]
16:14:59 [rigo]
AmyC: you focusing on number, many different business models in the room.
16:15:18 [Chris]
what kind of "re-engineering" would replace cookie based F-capping exactly?
16:15:29 [rigo]
... logins, cookies, analytics, so requirements may be much more substantial
16:15:36 [tlr]
q+ groman
16:15:41 [amyc]
16:16:15 [rigo]
jmayer: about analytics services: Some will not have to change a lot. Adobe siloing data, making representation to customers and public.
16:16:26 [rigo]
Roy: but still setting uniqueIDs
16:16:57 [rigo]
JM: outsourcing ok, and first party can use uniqueID
16:17:17 [dsinger]
16:17:32 [WileyS]
16:17:41 [rigo]
RF: important part is backend, we do not keep the information in the backend, only in aggregate
16:18:06 [rigo]
JM: if Adobe silos collection and retention, than its fine
16:18:35 [dsinger]
16:18:40 [dsinger]
16:20:15 [rigo]
HeatherWest (HW): user get analytics cookie and can opt out
16:20:16 [WileyS]
16:20:28 [rigo]
jmayer: you could link the opt out cookie to DNT
16:20:41 [johnsimpson]
16:20:44 [schunter]
schunter has joined #dnt
16:21:16 [rigo]
jmayer: for social networks widgets, because we focus on collection. They would have to segregate identifiers
16:21:42 [rigo]
... effect for user, you would see an unpersonalized widget
16:21:51 [schunter]
schunter has joined #dnt
16:21:57 [mischat]
mischat has joined #dnt
16:22:02 [rigo]
ack dsinger
16:22:02 [Zakim]
dsinger, you wanted to give a point of view on what cookies are
16:22:05 [fielding_]
s/only in aggregate/only segregated by customer/
16:22:37 [rigo]
dsinger: what is a cookie, it is data that originates from server. cookie is an extension from the sites database
16:22:55 [rigo]
... you may want to include cookie data in the extensions
16:23:07 [npdoty]
ack Chris
16:23:29 [dsinger]
so a cookie is much more like an extension/part of the site database, than part of the protocol
16:23:58 [rigo]
Chris: some re-engineering to do frequency capping without cookies
16:24:10 [rigo]
... what would the re-engineering imply?
16:24:20 [rigo]
jmayer: yeah! have a solution
16:24:27 [rigo]
WileyS: see mailing-list
16:24:29 [rigo]
16:24:32 [rigo]
ack WileyS
16:24:37 [npdoty]
ack groman
16:24:37 [npdoty]
ack WileyS
16:24:38 [rigo]
ack grom
16:25:20 [rigo]
WileyS: NAI users not 50% rather 20%. And they do use alternate means to preserve their business without unique IDs
16:25:40 [rvaneijk]
rvaneijk has joined #dnt
16:25:57 [rigo]
... also, it is not "some" re-engineering, it is "major" re-engineering possibly from scratch
16:26:12 [schunter]
schunter has joined #dnt
16:26:33 [rigo]
AM: how much is WileyS proposal easier than jmayer's
16:26:42 [Chris]
yes, agree, it would be major re-engineering
16:27:04 [npdoty]
equating DNT use with existing self-regulatory opt-out, but persistent
16:27:07 [rigo]
WileyS: it is using DNT to perform the trigger of our opt out regimes that we already have implemented
16:27:21 [rigo]
... attach into opt-out system
16:27:28 [Chris]
not sure client side f-capping is accurate or scalable
16:28:11 [schunter1]
schunter1 has joined #dnt
16:29:01 [rigo]
.... more of a deployment issue
16:29:01 [rigo]
WileyS: scale: 2-6 weeks dev circle, than into a train to be implements
16:29:10 [rigo]
AM: how different are those? Can we figure out what the differences look like and see how far apart we are.
16:29:18 [schunter2]
schunter2 has joined #dnt
16:29:19 [rigo]
... changes for privacy are so far apart
16:29:57 [jmayer]
16:30:03 [rigo]
PE: if DNT is implemented in a way that a lot of uniqueID cookies are used, the privacy gain is minimal
16:30:29 [dsinger]
16:30:37 [dsinger]
16:30:38 [rigo]
Roy: issue is not collecting that data, but retaining that data
16:31:04 [efelten]
efelten has joined #dnt
16:31:09 [dsinger]
…and dave would add, associating that identifier with data (and whether that associated data is permitted or not)
16:31:14 [rigo]
jmayer: issue of outsourcing, ID scoped on first parties.
16:31:19 [npdoty]
q+ mikez
16:31:23 [npdoty]
ack jmayer
16:31:36 [ninja]
I would like come back to the proposal of johnsimpson - who was objected to frequency capping for DNT1 users at all. I agree.
16:31:36 [dsinger]
fielding_: also associated with freq capping
16:32:05 [rigo]
AM: ask the authors to hash out what the marginal differences between the proposals are
16:32:14 [dsinger]
16:32:18 [rigo]
16:33:40 [rigo]
Topic: Security Fraud prevention without cookies
16:33:42 [npdoty]
Topic: Fraud and Cookies
16:33:54 [npdoty]
16:34:03 [dsinger]
q+ to talk about what happens when cookies aren't used
16:34:15 [hwest]
q+ ifette
16:34:21 [rigo]
jmayer: company would be able to use protocol logs retained over a certain period of time. IETF group allowed for longer time
16:34:33 [johnsimpson]
16:34:40 [rigo]
... companies have in practice be isolated from the rest of the business
16:35:21 [rigo]
... protocol information is available, enables attack detection. wanna make sure legitimate security concern does not swallow the privacy gain
16:35:43 [dsinger]
16:35:51 [rigo]
ack mikez
16:35:51 [bryan]
16:35:53 [npdoty]
q- mikez
16:35:56 [rigo]
ack dsinger
16:35:57 [Zakim]
dsinger, you wanted to talk about what happens when cookies aren't used
16:35:58 [npdoty]
ack dsinger
16:36:11 [tl]
16:36:21 [ifette]
ifette has joined #dnt
16:36:23 [rigo]
dsinger: removing cookies deplaces the problem into harder places to manage
16:36:50 [npdoty]
dsinger: moving cookies off the table might lead to sophisticated fingerprinting which might be even harder to detect
16:36:50 [rigo]
PE: fingerprinting javascript calls to do fingerprinting are known
16:37:04 [npdoty]
16:37:15 [rigo]
... announcing DNT ok and doing fingerprinting is a giant red flag
16:38:04 [rigo]
ifette: only collect data for fraudulent is if you discover, you go back into your logs and see what happened. What other actors acting at the same time
16:38:08 [Chris]
great point about fraud detection-- you have to see it in logs over time
16:38:43 [rigo]
PE: we tried to write down what the engineers said: If we have six month of protocol log than we can manage
16:38:52 [tlr]
16:38:54 [rigo]
iefette: 6 month is a big IF
16:38:58 [dsinger]
16:39:00 [tlr]
ack ifette
16:39:02 [npdoty]
16:39:07 [tlr]
q+ jmayer, ifette
16:39:12 [npdoty]
ack bryan
16:39:32 [rigo]
bryan: is that tied to a specific incident or things that you have to keep in place (this is potential harmful actor etc)
16:39:56 [rigo]
... national carriers have some reponsibility
16:40:34 [npdoty]
aleecia: again, we're only talking about third parties, fewer national security issues with advertisers
16:40:36 [npdoty]
ack tl
16:40:38 [npdoty]
ack jmayer
16:40:39 [rigo]
jmayer: perhaps 2 parts to that question.
16:40:57 [rigo]
.... a service persistently under attack and other is uniquely sensitive circus
16:40:59 [npdoty]
q+ mikez
16:41:14 [rigo]
... fix exploits
16:41:38 [tl]
npdoty, Can you put me back in the queue where I was?
16:41:49 [rigo]
AM: anon announces that they target your service. Now would that alter your approach
16:41:52 [bryan]
The essence of my comment was: Does "a specific concern" mean a specific incident (e.g. breakin or fraudulent act), or something more on-going, e.g. "this service is commonly susceptible to fraud/attack"?
16:41:55 [Chris]
most reliable fraud/threat detection uses pattern analysis algorithms that sort through historical data (logs), over long periods of time, to identify fraudulent/nefarious trends; if we limit the log data that can be analyzed, don't we cut off our nose to spite our face?
16:41:56 [tlr]
q+ fielding
16:42:02 [npdoty]
q= tl, ifette, mikez, fielding
16:42:15 [npdoty]
queue=tl, ifette, mikez, fielding
16:42:25 [rigo]
jmayer: we are only targetting a particular user or user agent. It doesn't takes into account if the entire service is into account
16:42:30 [npdoty]
q- ifette
16:42:33 [schunter]
schunter has joined #dnt
16:42:36 [npdoty]
ack tl
16:42:40 [fielding_]
ack tl
16:43:22 [rigo]
tl: cookies and fingerprinting to security, servers is not distinguishable
16:43:31 [npdoty]
ack mikez
16:43:38 [dsinger]
q+ to say that trying to 'read tea leaves' on compliance is a tar pit
16:44:02 [rigo]
mikez: one issue for later discussion: only talking about third parties, how carriers are defined, ISPs are those first parties
16:44:12 [schunter]
schunter has joined #dnt
16:44:13 [npdoty]
ack fielding_
16:44:17 [npdoty]
ack fielding
16:44:26 [tl]
16:44:26 [bryan]
The reference to the 1st party responsibility to safely/reliably operate a network was an example, understood as outside the scope of this particular case (3rd parties) but illustrative of types of ongoing security concerns that in other examples could apply to 3rd parties.
16:44:38 [npdoty]
do we have an issue open on carriers/ISPs and how they handle/respond to a DNT signal?
16:44:51 [tl]
16:44:58 [npdoty]
16:44:58 [trackbot]
ISSUE-132 -- Should the spec speak to intermediaries or hosting providers to modify any responses/statements about DNT compliance? -- raised
16:44:58 [trackbot]
16:45:08 [rigo]
fielding_: couple different aspects on fraud control. Mainly to discover patterns for fraud that is going on. But also discover fraud before it occurs, and this uses third party data some times
16:45:38 [rvaneijk]
16:46:06 [rigo]
... mesh up the data from sources and hypthetic fraud case, you would apply a different higher level process
16:47:27 [jmayer]
16:47:36 [npdoty]
ack dsinger
16:47:36 [Zakim]
dsinger, you wanted to say that trying to 'read tea leaves' on compliance is a tar pit
16:48:18 [npdoty]
ack tl
16:48:23 [rigo]
dsinger: we should not guess what makes a site fraudulent. If you do not trust a site, don't use it
16:48:35 [pde]
fielding_, I'm sorry you got cut off there
16:48:48 [pde]
I was hoping to hear the end of your answer
16:48:55 [dsinger]
trying to guess whether a site that claims compliance, is in fact in compliance, by watching how they behave, is a tar pit for us
16:49:00 [ifette]
sorry, didn't mean to cut roy off
16:49:02 [rigo]
tl: DNT is about influence databases that I do not control or know about. Basically users turn on DNT to avoid the Panopticon
16:49:05 [jchester2]
16:49:10 [WileyS]
16:49:18 [ifette]
16:49:25 [rigo]
... we are storing and creating the panopticon all the time, bad result
16:49:26 [schunter]
schunter has joined #dnt
16:49:45 [fielding_]
and we are back to the definition of collection
16:49:51 [pde]
ifette, when we create private spaces in the real world, we close the doors and pull the blinds
16:50:06 [ifette]
do you pay in cash at the grocery store using no loyalty cards?
16:50:09 [ifette]
out of curiosity?
16:50:10 [dsinger]
aleecia: can we do fraud detection etc. without using identifiable cookies?
16:50:12 [ifette]
16:50:15 [pde]
ifette: indeed I do
16:50:26 [ifette]
you are quite special :)
16:50:30 [npdoty]
ack rvaneijk
16:50:38 [sidstamm]
ifette, you *can*
16:50:48 [pde]
I have to respect the price that Safeway will pay for private data though.
16:51:04 [ifette]
sid, and you can open an incognito window as well (or a private browisng window etc)
16:51:15 [WileyS]
pde: You can also avoid the internet - problem solved
16:51:18 [dsinger]
dsinger wonders if aleecia's question is in scope? you can set a unique ID and associate it with very little data, for example. it's the associated data that is the 'track'
16:51:40 [schunter1]
schunter1 has joined #dnt
16:51:44 [npdoty]
ifette, can fraudsters open incognito windows?
16:51:56 [justin]
WileyS, or more like, just block all third parties. Would hope people agree that's not the ideal outcome.
16:52:00 [npdoty]
ack jmayer
16:52:03 [pde]
WileyS: "Yahoo!'s advice: if you want real privacy, avoid the Internet" ;)
16:52:04 [rvaneijk]
in EU a permitted use (even when DNT is on) has to pass a simple test which is called the legitimate business interest test:
16:52:06 [rvaneijk]
1a is the processing proportionate
16:52:07 [rvaneijk]
1b. can it be done in another way
16:52:08 [sidstamm]
ifette, how well does the incognito window work if it's always active?
16:52:09 [rvaneijk]
2. what is the impact on the privacy of the user
16:52:10 [rvaneijk]
outcome => unique ID possilbe
16:52:11 [ifette]
nick, sure, and you see that they are coming with no cookies and htat's potentially useful information to you
16:52:24 [rigo]
but purpose limitation
16:52:28 [ifette]
sid, compared to what?
16:52:32 [pde]
WileyS: Verizon actually said that on the record
16:52:52 [rigo]
jmayer: have to better understand how to do more security with less personal information
16:53:03 [sidstamm]
ifette, lets take it offline
16:53:15 [ifette]
sidstamm, beer
16:53:22 [sidstamm]
16:53:57 [npdoty]
ifette, can industry fraud teams treat DNT users like incognito users? (i.e. use that as a signal, although not the signal of a persistent unique identifier cookie?)
16:54:10 [justin]
I think the eventual language will (and should) closely mirror what rvaneijk just said.
16:54:12 [npdoty]
q+ amyc
16:54:13 [WileyS]
pde: Not what I said - but close. If you are unable to manage cookies directly (fairly low knowledge bar) the next best way to avoid unique IDs in cookies is to avoid web sites that use them
16:54:18 [rigo]
ack jchester2
16:54:30 [npdoty]
ack jchester
16:54:55 [npdoty]
ack WileyS
16:54:55 [jmayer]
My point was that we need to understand exactly what the marginal impact on security and fraud prevention is.
16:55:01 [rigo]
jchester2: I want to hear specific responses on the proposal from mozilla
16:55:16 [jmayer]
Many companies currently allow users to opt out of a unique ID cookie and still accomplish security and fraud prevention.
16:55:21 [rigo]
WileyS: I tried to respond to this on hte mailing-list
16:55:23 [ifette]
npdoty, i feel like we're conflating the two
16:55:30 [rigo]
... malware protection, filtering
16:55:37 [ifette]
npdoty, there are still uses for incognito windows / private browsing / ...
16:55:52 [rigo]
... use cookies and uniqueID are useful to detection
16:56:25 [npdoty]
ack amyc
16:56:29 [rigo]
.. losing this abilities and making DNT a trigger
16:56:55 [rigo]
amyc: about malware, this is critical use of IDs
16:57:29 [WileyS]
jmayer: not "many", rather "few" in reality
16:57:34 [dsinger]
16:57:37 [rigo]
AM: would be good to have a conference call on security with the entire group
16:57:47 [npdoty]
16:57:50 [dsinger]
16:58:35 [npdoty]
pde: do you have higher attack rates related to Safari users?
16:58:36 [rigo]
not necessarily present, and have security experts present
16:59:13 [dsinger]
WileyS: yes, to some degree
16:59:44 [jmayer]
Shane, I've done research on this very topic. You are wrong. Many ad companies drop their unique ID cookie when a user opts out.
17:00:10 [fielding_]
jmayer, the web is more than ad companies
17:00:17 [Chris]
due to the very sensitive nature of their work in discovering and preventing fraud, security experts are not going to be super willing to share much, if any information about their methods
17:00:26 [fielding_]
so is Y!
17:00:47 [jmayer]
Roy, I agree that we need to talk about non-ad third parties.
17:01:08 [jmayer]
FYI, here's my research on cookies NAI members leave after opting out:
17:01:40 [rigo]
AM: going with WileyS only would make privacy advocates unsatisfied, going with jmayer and tl and pde only would leave the industry clueless on how to implement, so have to compromise more
17:01:50 [Chris]
I lead with the IAB's Consumer Protection Taskforce, a group of industry security experts that works on anti-malvertising; this group does not loosely share methodology
17:03:43 [robsherman1]
robsherman1 has joined #dnt
17:05:14 [npdoty]
rrsagent, draft minutes
17:05:14 [RRSAgent]
I have made the request to generate npdoty
17:05:41 [vincent__]
vincent__ has joined #dnt
17:06:09 [vincent__]
vincent__ has left #dnt
17:33:38 [hwest]
hwest has joined #dnt
17:33:58 [hwest_]
hwest_ has joined #dnt
17:41:51 [johnsimpson]
johnsimpson has joined #dnt
17:42:44 [npdoty]
npdoty has joined #dnt
17:42:54 [npdoty]
17:42:55 [npdoty]
17:43:07 [npdoty]
17:43:19 [npdoty]
q+ marc
17:43:23 [npdoty]
q- marc
17:43:29 [npdoty]
ack npdoty
17:45:44 [rigo]
rigo has joined #dnt
17:47:49 [schunter]
schunter has joined #dnt
17:49:31 [schunter]
schunter has joined #dnt
17:52:53 [schunter]
schunter has joined #dnt
17:54:38 [schunter]
schunter has joined #dnt
17:54:38 [enewland]
enewland has joined #dnt
18:00:14 [rvaneijk]
rvaneijk has joined #dnt
18:03:27 [alex]
alex has joined #dnt
18:04:30 [hwest]
hwest has joined #dnt
18:04:53 [hwest_]
hwest_ has joined #dnt
18:04:58 [justin]
justin has joined #dnt
18:05:01 [rigo]
scribenick: rvaneijk
18:05:13 [jchester2]
jchester2 has joined #dnt
18:05:17 [rvaneijk]
looking at raised isues now
18:05:20 [vincent_]
vincent_ has joined #dnt
18:05:22 [rigo]
TOPIC: raised issues and changes in status
18:05:39 [Joanne]
Joanne has joined #DNT
18:05:48 [rvaneijk]
18:05:48 [trackbot]
ISSUE-26 -- Providing data to 3rd-party widgets -- does that imply consent? -- raised
18:05:48 [trackbot]
18:05:57 [ac]
ac has joined #dnt
18:05:58 [Lia]
Lia has joined #dnt
18:06:05 [Joanne]
Joanne has joined #DNT
18:06:08 [schunter]
schunter has joined #dnt
18:06:21 [rvaneijk]
promoted to open
18:06:24 [asoltani]
lima lounge = walk out, turn right, walk 4 blocks towards 14th street. embibe
18:06:26 [jmayer]
jmayer has joined #dnt
18:06:39 [rvaneijk]
@nick, could youdo the issue status?
18:06:51 [rvaneijk]
18:06:51 [trackbot]
ISSUE-59 -- Should the first party be informed about whether the user has sent a DNT header to third parties on their site? -- raised
18:06:51 [trackbot]
18:07:14 [tl]
tl has joined #dnt
18:07:52 [tl]
18:08:18 [schunter]
schunter has joined #dnt
18:08:31 [rvaneijk]
shunter: the assumtion was normally DNT all over the place, now you do only send header + also what header
18:08:35 [npdoty]
npdoty has joined #dnt
18:08:48 [ac_]
ac_ has joined #dnt
18:09:03 [rvaneijk]
tl: thought this is dealt with in the exception api
18:09:10 [rvaneijk]
rigo: TPE
18:09:19 [npdoty_]
npdoty_ has joined #dnt
18:09:19 [haakonfb]
haakonfb has joined #dnt
18:09:32 [tl]
ack tl
18:09:44 [rvaneijk]
18:09:44 [trackbot]
ISSUE-60 -- Will a recipient know if it itself is a 1st or 3rd party? -- raised
18:09:44 [trackbot]
18:09:49 [ac_]
ac_ has joined #dnt
18:10:27 [rvaneijk]
dsinger: will a receipiant know or will a receipiant be told ?
18:10:43 [rvaneijk]
tl: answer is already present in the spec, issue is closed
18:10:56 [dsinger]
18:11:20 [vinay]
vinay has joined #dnt
18:11:22 [bryan]
bryan has joined #dnt
18:11:37 [bryan]
Can Tom point to the place in the spec where this is explained?
18:11:58 [rvaneijk]
pde takes action item.
18:12:38 [pde]
WileyS: can you point me to a thread or two?
18:12:42 [tlr]
tlr has joined #dnt
18:12:45 [npdoty_]
npdoty_ has joined #dnt
18:12:51 [rvaneijk]
... to review the spec and make sure that the text intended is in the spec. + coordinate with tl
18:13:06 [npdoty_]
rrsagent, pointer?
18:13:06 [RRSAgent]
18:13:14 [rvaneijk]
18:13:14 [trackbot]
ISSUE-66 -- Can user be allowed to consent to both third party and first party to override general DNT? -- raised
18:13:14 [trackbot]
18:13:16 [schunter]
schunter has joined #dnt
18:13:33 [rvaneijk]
aleecia: answer is yes. issue closed.
18:13:38 [tlr]
issue-66 closed
18:13:38 [trackbot]
ISSUE-66 Can user be allowed to consent to both third party and first party to override general DNT? closed
18:13:57 [rvaneijk]
18:13:57 [trackbot]
ISSUE-67 -- Should opt-back-in be stored on the client side? -- raised
18:13:57 [trackbot]
18:14:31 [tlr]
jonathan: issue-67 overtaken by events
18:14:36 [tlr]
singer: overtaken by events
18:14:38 [rvaneijk]
mshunter: close it, because assupmtion is part of the exception API
18:14:39 [tlr]
issue-67 closed
18:14:39 [trackbot]
ISSUE-67 Should opt-back-in be stored on the client side? closed
18:14:55 [tlr]
18:14:55 [trackbot]
ISSUE-72 -- Basic principle: independent use as an agent of a first party -- raised
18:14:55 [trackbot]
18:15:00 [ac]
ac has joined #dnt
18:15:04 [ifette]
ifette has joined #dnt
18:15:10 [vincent_]
18:15:25 [fielding]
fielding has joined #dnt
18:15:31 [rvaneijk]
18:15:31 [trackbot]
ISSUE-75 -- How do companies claim exemptions and is that technical or not? -- raised
18:15:31 [trackbot]
18:16:04 [rvaneijk]
rigo: if you have out of band, then you have to send a response header. This is not in the spec yet, therefor open issue.
18:16:22 [rvaneijk]
WIleyS: agreemment, details need to be worked out.
18:16:38 [dsinger]
maybe change the issue to "signal a claimed permitted use" :-)?
18:16:40 [rvaneijk]
18:16:40 [trackbot]
ISSUE-83 -- How do you opt out if already opted in? -- raised
18:16:40 [trackbot]
18:17:09 [fielding]
not necessarily a response header -- the consent is noted in the response (wherever that response is given)
18:17:48 [rvaneijk]
tl: uri specifies whether user has opted in
18:18:19 [rvaneijk]
rigo: if you received a DNT header yesterday, and today new DNT header, then the newer header should overwrite.
18:18:23 [rvaneijk]
tl: indeed
18:18:35 [rvaneijk]
dsinger: lots of difficult questions in here.
18:18:49 [rvaneijk]
rigo: this is DNT thing.
18:19:12 [rvaneijk]
WileyS: is is TPE
18:19:36 [rvaneijk]
issue-83 open
18:19:41 [rvaneijk]
18:19:41 [trackbot]
ISSUE-92 -- If data collection (even very specific with IP address, user agent, referrer) is time-limited, with very limited retention, is that still tracking? -- raised
18:19:41 [trackbot]
18:19:55 [tlr]
issue-92: subsumed by other issues, don't touch with 10 ft pole
18:19:55 [trackbot]
ISSUE-92 If data collection (even very specific with IP address, user agent, referrer) is time-limited, with very limited retention, is that still tracking? notes added
18:20:00 [rvaneijk]
issue-92 closed
18:20:00 [trackbot]
ISSUE-92 If data collection (even very specific with IP address, user agent, referrer) is time-limited, with very limited retention, is that still tracking? closed
18:20:02 [tlr]
issue-92 closed
18:20:02 [trackbot]
ISSUE-92 If data collection (even very specific with IP address, user agent, referrer) is time-limited, with very limited retention, is that still tracking? closed
18:20:50 [tlr]
npdoty: do we have an issue about short-term storage as discussed this morning?
18:21:01 [rvaneijk]
18:21:01 [trackbot]
ISSUE-93 -- Should 1st parties be able to degrade a user experience or charge money for content based on DNT? -- raised
18:21:01 [trackbot]
18:21:01 [tlr]
aleecia: good point; we should have an issue against that
18:21:14 [rvaneijk]
WileyS: answer is yes
18:21:21 [tlr]
issue-93: group agrees answer is yes
18:21:21 [trackbot]
ISSUE-93 Should 1st parties be able to degrade a user experience or charge money for content based on DNT? notes added
18:21:24 [tlr]
issue-93 closed
18:21:24 [trackbot]
ISSUE-93 Should 1st parties be able to degrade a user experience or charge money for content based on DNT? closed
18:21:25 [rvaneijk]
... these are first parties.
18:21:46 [tlr]
johnS: disagree, but move on closing this
18:22:00 [dsinger]
it may be imprudent, but alas, they can do whatever they like
18:22:05 [rvaneijk]
18:22:05 [trackbot]
ISSUE-94 -- Is "Do Not Track" the right name to use? -- raised
18:22:05 [trackbot]
18:22:22 [rvaneijk]
aleecia: status to postponed
18:22:25 [vincent_]
vincent_ has left #dnt
18:22:30 [rvaneijk]
18:22:30 [trackbot]
ISSUE-97 -- Re-direction, shortened URLs, click analytics -- what kind of tracking is this? -- raised
18:22:30 [trackbot]
18:22:41 [rvaneijk]
aleecia: good text from justin
18:23:16 [vincent_]
vincent_ has joined #dnt
18:23:24 [npdoty_]
ISSUE: would we additionally permit logs that are retained for a short enough period?
18:23:24 [trackbot]
Created ISSUE-134 - Would we additionally permit logs that are retained for a short enough period? ; please complete additional details at .
18:23:30 [rvaneijk]
18:23:30 [trackbot]
ISSUE-99 -- How does DNT work with identity providers? -- raised
18:23:30 [trackbot]
18:23:46 [rvaneijk]
ifette: use case of facebook connect
18:25:35 [rvaneijk]
jmayer: some SSO will continue to collect information
18:25:55 [rvaneijk]
issue-99 open
18:26:31 [rvaneijk]
fielding: agrees with jmayer
18:26:47 [rvaneijk]
dsinger: now first party?
18:26:54 [tlr]
18:26:54 [trackbot]
ACTION-59 -- Nick Doty to find duplicate for ISSUE-33, add note -- due 2012-02-01 -- CLOSED
18:26:54 [trackbot]
18:26:57 [tlr]
18:27:04 [rvaneijk]
wileyS: we have text.
18:27:15 [rvaneijk]
18:27:15 [trackbot]
ACTION-159 -- David Singer to draft shorter language to describe conditions for consent (with npdoty) -- due 2012-04-24 -- OPEN
18:27:15 [trackbot]
18:27:19 [npdoty]
dsinger: what happens when a user visits a site and is already logged in to the identity provider? are they still a first party?
18:27:40 [rvaneijk]
18:27:40 [trackbot]
ISSUE-102 -- Short names & titles of specifications -- raised
18:27:40 [trackbot]
18:27:43 [tlr]
18:27:43 [trackbot]
ACTION-157 -- Shane Wiley to update logged-in consent proposal by April 24 -- due 2012-04-24 -- OPEN
18:27:43 [trackbot]
18:27:48 [tlr]
shane -- this one?
18:27:51 [dsinger]
if I visit BogVille Chron who use Twitter as an identity provider, and I am already logged in, so I don't interact then with Twitter, is Twitter then 1st or 3rd party?
18:28:00 [rvaneijk]
18:28:00 [trackbot]
ISSUE-103 -- We're not sure where the exceptions should be and ensure they are categorically captured in the base 3rd party prohibition statement. -- raised
18:28:00 [trackbot]
18:28:18 [rvaneijk]
aleecia: this is overtaken by events -> close issue
18:28:21 [npdoty]
dsinger, +1, I think that's important
18:28:39 [rvaneijk]
now mooving on to pending review...
18:28:46 [rvaneijk]
18:28:49 [rvaneijk]
18:28:57 [rvaneijk]
18:29:03 [rvaneijk]
... :)
18:29:06 [tlr]
issue-99: see also issue-152 and related text in
18:29:07 [trackbot]
ISSUE-99 How does DNT work with identity providers? notes added
18:29:11 [rvaneijk]
18:29:11 [trackbot]
ISSUE-49 -- Third party as first party - is a third party that collects data on behalf of the first party treated the same way as the first party? -- pending review
18:29:11 [trackbot]
18:29:57 [dsinger]
18:30:00 [dsinger]
18:30:02 [schunter]
schunter has joined #dnt
18:30:12 [rigo]
18:30:20 [rigo]
we should raise an issue about it
18:30:39 [rvaneijk]
18:30:39 [trackbot]
ISSUE-14 -- How does what we talk about with 1st/3rd party relate to European law about data controller vs data processor? -- pending review
18:30:39 [trackbot]
18:30:58 [npdoty]
for those interested in context for issue-103, the discussion was whether the compliance spec should have language for a broad prohibition on practices and then a list of exceptions, or organized otherwise, as in
18:31:59 [rvaneijk]
action: WileyS to work on issue 49
18:31:59 [trackbot]
Sorry, couldn't find user - WileyS
18:32:14 [tlr]
action: Shane to work on issue-49 - due in 3 weeks
18:32:14 [trackbot]
Created ACTION-161 - work on issue-49 [on Shane Wiley - due 1970-01-01].
18:32:23 [tlr]
action-161 due 2012-05-07
18:32:23 [trackbot]
ACTION-161 work on issue-49 due date now 2012-05-07
18:33:03 [npdoty]
"Global Best Practices" as the product/document name?
18:33:06 [rvaneijk]
WileyS: best practices document,showing how DNT maps to different frameworks
18:33:50 [rvaneijk]
... some of this will change depending on the outcome of these days.
18:34:11 [rvaneijk]
dsinger: it is a non normative document
18:34:22 [rvaneijk]
rigo: object to anything having legal in the name
18:34:40 [npdoty]
"Global Considerations"?
18:34:46 [rvaneijk]
tlr: global considerations
18:34:55 [npdoty]
(at this point, I would take just: "Practices")
18:35:10 [rvaneijk]
jchester2: bill of rights interpretation, is negotiated very soon.
18:35:39 [rvaneijk]
aleecia: people have volunteerded to work on the docoment (Brussels)
18:35:43 [npdoty]
aleecia: as long as we're taking away time from the group, but we have expertise and interest in the room
18:35:53 [npdoty]
s/we're taking/we're not taking/
18:36:14 [npdoty]
18:36:37 [rvaneijk]
issue: draft Global Considerations document
18:36:37 [trackbot]
Created ISSUE-135 - Draft Global Considerations document ; please complete additional details at .
18:36:40 [npdoty]
18:36:52 [rvaneijk]
18:36:52 [trackbot]
ISSUE-52 -- What if conflict between opt-out cookie and DNT? -- pending review
18:36:52 [trackbot]
18:37:00 [fielding]
the nice thing about non-normative docs is that they don't require consensus and can include multiple opinions
18:37:13 [rvaneijk]
aleecia: any comments on the draft text?
18:37:25 [ninja]
ninja has joined #dnt
18:37:31 [npdoty]
18:37:46 [rvaneijk]
... compliance spec section 5.3 ?
18:38:41 [npdoty]
action: newland to remove note from section 5.3, now that we have consensus
18:38:41 [trackbot]
Created ACTION-162 - Remove note from section 5.3, now that we have consensus [on Erica Newland - due 2012-04-18].
18:39:13 [npdoty]
fielding: not sure I actually understand that section
18:39:16 [rvaneijk]
Interaction with existing user privacy controls
18:39:17 [rvaneijk]
As multiple systems may be setting, sending, and receiving DNT and/or Opt-Out signals at the same time, it’ll be important to ensure industry and web browser vendors are on the same page with respect to honoring user choices in circumstances where "mixed signals" may be received.
18:39:19 [rvaneijk]
As a general principle, more specific settings override less specific settings.
18:39:20 [rvaneijk]
No DNT Signal / No Opt-Out: Treat as DNT unset
18:39:22 [rvaneijk]
DNT Signal / No Opt-Out: Treat as DNT:1
18:39:24 [schunter]
schunter has joined #dnt
18:39:24 [rvaneijk]
Opt-Out / No DNT Signal: Treat as DNT:1
18:39:25 [rvaneijk]
Opt-Out / DNT User-Granted Exception: Treat as DNT:0 for that site; DNT User-Granted Exception is honored
18:39:27 [rvaneijk]
18:39:28 [rvaneijk]
NOTE: The above text will need to be modified to include the appropriate terminology as this is decided upon by the working group. For example, DNT User-Granted Exception would need to be replaced with "Site-Specific Exception" depending on the outcome of that discussion.
18:39:45 [rvaneijk]
fielding: will provide replacement text...
18:39:48 [npdoty]
action: fielding to explain confusion or an alternative to text explaining the interaction with existing user privacy controls
18:39:48 [trackbot]
Created ACTION-163 - Explain confusion or an alternative to text explaining the interaction with existing user privacy controls [on Roy Fielding - due 2012-04-18].
18:40:03 [tlr]
ACTION: roy to provide replacement text for issue-52
18:40:03 [trackbot]
Created ACTION-164 - Provide replacement text for issue-52 [on Roy Fielding - due 2012-04-18].
18:40:16 [npdoty]
close action-164
18:40:16 [trackbot]
ACTION-164 Provide replacement text for issue-52 closed
18:40:18 [rvaneijk]
aleecia: text need editorial work
18:40:21 [rvaneijk]
18:40:21 [trackbot]
ISSUE-65 -- How does logged in and logged out state work -- pending review
18:40:21 [trackbot]
18:40:39 [npdoty]
action-163: related to issue-52
18:40:39 [trackbot]
ACTION-163 Explain confusion or an alternative to text explaining the interaction with existing user privacy controls notes added
18:40:42 [rvaneijk]
-> open
18:40:49 [rvaneijk]
18:40:49 [trackbot]
ISSUE-98 -- Should we consider applicable laws and regulations, such as the Article 5, paragraph 3 ePriv Dir -- pending review
18:40:49 [trackbot]
18:41:06 [rvaneijk]
to be dealt with in GLobal COnsiderations
18:41:22 [rvaneijk]
18:41:22 [trackbot]
ISSUE-30 -- Will Do Not Track apply to offline aggregating or selling of data? -- pending review
18:41:22 [trackbot]
18:41:33 [tlr]
action-164: duplicate of action-163
18:41:34 [trackbot]
ACTION-164 Provide replacement text for issue-52 notes added
18:41:39 [rvaneijk]
aleecia: is the answer we do?
18:41:56 [rvaneijk]
npdoty: was the proposal to not have additional text?
18:42:46 [rvaneijk]
aleecia: amy did not provide text.
18:43:22 [rvaneijk]
currently closed
18:43:50 [ifette_]
ifette_ has joined #dnt
18:45:04 [npdoty]
action: fette to draft example text around using the Geolocation API for non-normative text on "Geolocation compliance" section in Compliance
18:45:04 [trackbot]
Created ACTION-165 - Draft example text around using the Geolocation API for non-normative text on "Geolocation compliance" section in Compliance [on Ian Fette - due 2012-04-18].
18:45:22 [rvaneijk]
18:45:22 [trackbot]
ISSUE-39 -- Tracking of geographic data (however it's determined, or used) -- pending review
18:45:22 [trackbot]
18:46:01 [rvaneijk]
18:46:01 [trackbot]
ISSUE-19 -- Data collection / Data use (3rd party) -- pending review
18:46:01 [trackbot]
18:46:12 [rvaneijk]
issue-19 closed
18:46:12 [trackbot]
ISSUE-19 Data collection / Data use (3rd party) closed
18:46:19 [tlr]
issue-19: handled elsewhere
18:46:19 [trackbot]
ISSUE-19 Data collection / Data use (3rd party) notes added
18:46:22 [rvaneijk]
18:46:22 [trackbot]
ISSUE-16 -- What does it mean to collect data? (caching, logging, storage, retention, accumulation, profile etc.) -- pending review
18:46:22 [trackbot]
18:46:38 [rvaneijk]
aleecia: text that went to the mailling list
18:47:30 [rvaneijk]
WIleyS: we do not address what is 'collection'
18:47:33 [jchester2_]
jchester2_ has joined #dnt
18:48:09 [rvaneijk]
dsinger: there is a different to being exposed to data and using the data
18:48:19 [npdoty]
18:49:20 [rvaneijk]
wileys: if it hits a webserver, is that collection or not?
18:49:40 [rvaneijk]
rigo: as soon as there is storage involved we are confronted with collection
18:50:18 [ninja]
ninja has joined #dnt
18:50:32 [npdoty]
WileyS, is that a suggestion that you want "receives" to mean that data that is received but purged?
18:51:11 [tl]
tl has joined #dnt
18:51:13 [rvaneijk]
rvaneijk: collection is receiving with the intention to storing..
18:51:39 [npdoty]
action: west to draft updated text on definitions of "collection" and similar terms "Data collection, retention, use, and sharing" (with fielding)
18:51:39 [trackbot]
Created ACTION-166 - Draft updated text on definitions of "collection" and similar terms "Data collection, retention, use, and sharing" (with fielding) [on Heather West - due 2012-04-18].
18:51:52 [rvaneijk]
18:51:52 [trackbot]
ISSUE-28 -- Exception for mandatory legal process -- pending review
18:51:52 [trackbot]
18:52:08 [Chris]
technically speaking, the terms collection and storage are inherently connected-- you can't have one without the other
18:52:21 [npdoty]
18:52:22 [Chris]
if you collect, the moment you do so, you store
18:52:32 [Chris]
if you store, you have collected in order to store
18:52:53 [Chris]
I think what you want to define is duration of collection and intended use
18:52:55 [npdoty]
Chris, does that mean we should use "collect" and "retain" interchangeably?
18:53:20 [Chris]
as soon as you collect, you retain
18:53:39 [Chris]
retain should be defined more precisely by duration
18:53:41 [fielding]
it is not just storage -- it is storage associated with a user/agent/device
18:54:01 [rvaneijk]
+1 fielding
18:54:29 [npdoty]
fielding, storage not associated with a user/agent/device is just storage of unlinkable data, right? do we have to change the definition of "storage" or "collection"?
18:54:38 [rvaneijk]
18:54:38 [trackbot]
ISSUE-21 -- Enable external audit of DNT compliance -- pending review
18:54:38 [trackbot]
18:54:48 [jmayer]
I'm not thrilled with the text on legal compliance - it's pegged to a few specific legal constructs.
18:54:52 [rvaneijk]
take this conversation on a call
18:55:09 [jmayer]
So long as the understanding is, essentially, voluntary vs. mandatory legal obligations.
18:55:10 [Chris]
legal compliance is jurisdictional
18:55:11 [rvaneijk]
18:55:12 [trackbot]
ISSUE-25 -- Possible exemption for research purposes -- pending review
18:55:12 [trackbot]
18:55:25 [jmayer]
Voluntary in the sense of the law allows saying no, even if it may not be in business interests to say no.
18:56:06 [Chris]
all legal compliance is voluntary; but if you don't comply, you are subject to the penalty of laws for which you are not complying
18:56:21 [rvaneijk]
scribenick: vincent_
18:56:28 [vincent_]
issue-5 ?
18:56:28 [trackbot]
ISSUE-5 -- What is the definition of tracking? -- open
18:56:28 [trackbot]
18:56:39 [npdoty]
18:56:42 [vincent_]
aleecia: still an open issue
18:56:54 [npdoty]
three different options are in the Compliance editor's draft
18:57:23 [vincent_]
tl: if some fraction of the group want to add it to the doc and some want not, does it happen or not
18:57:27 [fielding]
npdoty, I mean that the notion of data collection (the term used by regulators) is distinct from storage because it is specifically about data linked to a user/agent/device
18:57:48 [vincent_]
aleecia: moving on
18:57:55 [vincent_]
18:57:55 [trackbot]
ISSUE-6 -- What are the underlying concerns? Why are we doing this / what are people afraid of? -- open
18:57:55 [trackbot]
18:58:00 [npdoty]
fielding, so "collecting data that can't reasonably be linked to a particular device" is an oxymoron? it seems like a sensible phrase to me, fwiw
18:58:27 [vincent_]
aleecia: unless anybody object, we're geting this close
18:58:55 [fielding]
I know, which is why we need to define it. ;-)
18:58:55 [vincent_]
johnsimpson: introduction pretty good, agree to close
18:59:56 [vincent_]
rigo: should we mention westling (who defined the notion of personal dossier)
19:00:41 [vincent_]
npdoty: would additional text help people understand if so we should leave issue open
19:01:09 [vincent_]
rigo: will to take on action to take a pass on the introduction
19:02:08 [vincent_]
johnsimpson: the introduction was first in the compliance doc and is now in both
19:02:11 [Chris]
how about we just add a "reading list" of documents submitted voluntarily that relate to the subject of DNT?
19:02:30 [vincent_]
19:02:30 [trackbot]
ISSUE-10 -- What is a first party? -- open
19:02:30 [trackbot]
19:02:32 [npdoty]
ifette, you're one of the people who told me that you thought having a consolidated list of our privacy concerns would improve our discussions of the other sections. would you agree that it would help to have consolidated text here?
19:02:40 [schunter]
schunter has joined #dnt
19:02:41 [vincent_]
aleecia: covered in proposed text
19:03:09 [vincent_]
WileyS: no big difference express on that one yesterday
19:03:22 [vincent_]
... all draft proposal share a common view on that
19:04:10 [vincent_]
issue-10 closed
19:04:10 [trackbot]
ISSUE-10 What is a first party? closed
19:04:23 [vincent_]
19:04:23 [trackbot]
ISSUE-31 -- Minimization -- to what extent will minimization be required for use of a particular exemption? (conditional exemptions) -- open
19:04:23 [trackbot]
19:04:29 [vincent_]
19:04:29 [trackbot]
ISSUE-54 -- Can first party provide targeting based on registration information even while sending DNT -- open
19:04:29 [trackbot]
19:04:47 [robsherman]
robsherman has joined #dnt
19:04:59 [vincent_]
fielding: I thought issue-54 was closed
19:05:05 [npdoty]
we agree on the important basic outline of first parties as the same between open proposals
19:05:10 [vincent_]
19:05:10 [trackbot]
ISSUE-69 -- Should the spec say anything about minimal notice? (ie. don't bury in a privacy policy) -- open
19:05:10 [trackbot]
19:05:16 [npdoty]
but still need to work out the exact text
19:05:18 [vincent_]
tl: that's open
19:05:24 [vincent_]
19:05:24 [trackbot]
ISSUE-71 -- Does DNT also affect past collection or use of past collection of info? -- open
19:05:24 [trackbot]
19:06:26 [vincent_]
WileyS: we have a draft, currently text, agree that it MAY affect prior but not MUST
19:06:30 [npdoty]
agreement among parties that dnt may but not must affect handling of past collection, but haven't detailed exact wording
19:06:40 [vincent_]
aleecia: is this also working in EU
19:07:54 [vincent_]
brian: use of prior collective data is blocked
19:08:00 [npdoty]
rigo: there are use cases where users turn on DNT temporarily and then want that profile to come back when they turn DNT back off later
19:08:37 [vincent_]
WileyS: the question is about getting to the data collected prior to dnt:1 and delete it
19:08:42 [npdoty]
wording of issue 71 confusing
19:08:53 [vincent_]
aleecia: the wording on it is not so good
19:08:59 [tl]
tl has joined #dnt
19:09:11 [npdoty]
agreement is on purging of prior data, rather than on using of previously collected data or retroactively preventing collection of data
19:09:25 [vincent_]
jmayer: get a super concrete example
19:09:48 [vincent_]
... user sent a unique ID and send DNT:1 should the website delete the profile
19:09:56 [vincent_]
rigo: no, we can close it
19:10:07 [schunter]
schunter has joined #dnt
19:10:14 [vincent_]
npdoty: changing the title
19:10:21 [vincent_]
tl: ok as long as it stays closed
19:10:35 [vincent_]
issue-73 ?
19:10:35 [trackbot]
ISSUE-73 -- In order for analytics or other contracting to count as first-party: by contract, by technical silo, both silo and contract -- open
19:10:35 [trackbot]
19:11:09 [vincent_]
WileyS: three open issue on that problem
19:11:36 [vincent_]
19:11:36 [trackbot]
ISSUE-88 -- different rules for impression of and interaction with 3rd-party ads/content -- open
19:11:36 [trackbot]
19:11:52 [vincent_]
WileyS: this is the meaningfull interaction, captured in another issue
19:12:19 [vincent_]
... we all agreed and it did not make it in the final text
19:12:24 [npdoty]
new title for clarifying: ISSUE-71: Does DNT require purging or modify data collected in the past (not under DNT)?
19:12:33 [vincent_]
... the detail that we not closed on is about the brand
19:13:21 [vincent_]
WileyS: facebook has proven that you can get away without brand
19:13:31 [vincent_]
aleecia: it is brand
19:13:53 [vincent_]
hwest: like button did not started as a brand but it is now
19:14:34 [rigo]
19:14:35 [vincent_]
efelten: user knows that they are interacting with someone else that the first party
19:15:15 [npdoty]
I think when the Like button first came out, all versions had an F logo
19:15:22 [vincent_]
ifette: : if you are a smaller company, just getting started, branding is not that simple, hence facebook is a bad example
19:16:00 [vincent_]
jmayer: it's possible there will be a 3rd party widget that is not branded
19:16:23 [vincent_]
... twitter comes with tweet which is branded
19:16:47 [vincent_]
... if you did not know that the like button was facebook's, why would you click it?
19:16:53 [amyc]
amyc has joined #dnt
19:17:17 [npdoty]
ack rigo
19:17:19 [npdoty]
q+ Chris
19:17:21 [vincent_]
... tweet is sufficently related to twitter that if they click on it, they'll understand it's twitter
19:17:24 [npdoty]
q+ hwest
19:17:38 [vincent_]
rigo: the discussion about branding & expectation is an area specific on
19:17:58 [vincent_]
... the branding issue is trying to define a party even though we do not have define a party at all
19:18:11 [fielding]
19:18:15 [npdoty]
we certainly have discussed the breadth of parties, although we haven't come to a conclusion on it
19:18:16 [vincent_]
... we did not agree on a definition of party (APEC or EU for instance)
19:18:30 [vincent_]
... adopting the branding concept of party
19:18:45 [vincent_]
... a party definition that relies on branding is US specific
19:18:46 [fielding]
ack Chris
19:18:59 [jmayer]
19:19:06 [fielding]
q+ JC
19:19:33 [npdoty]
ack Chris
19:19:33 [npdoty]
Chris Pedigo this time, not Chris Mejia, sitting next to him
19:19:34 [hwest_]
hwest_ has joined #dnt
19:19:45 [jmayer]
An important point here: clear branding or user expectations - for a user who clicks.
19:19:50 [npdoty]
ack JC
19:19:51 [fielding]
ack JC
19:19:53 [jmayer]
The relevant population is not the world at large.
19:19:53 [vincent_]
aleecia: some people branding means you can say where it comes from
19:20:00 [schunter]
schunter has joined #dnt
19:20:09 [jmayer]
P(understand source | button design)
19:20:09 [vincent_]
JC: are we talking about discoverable branding
19:20:15 [hwest__]
hwest__ has joined #dnt
19:20:20 [npdoty]
q+ ifette
19:20:26 [johnsimpson]
19:20:28 [rvaneijk]
19:20:29 [jmayer]
vs. P(understand source | button design ^ click button)
19:20:33 [vincent_]
aleecia: anyon object of leaving this open?
19:20:59 [npdoty]
JC: for example, maybe hovering over a small button would tell you more about which company, etc.
19:21:02 [rvaneijk]
19:21:04 [vincent_]
19:21:04 [trackbot]
ISSUE-89 -- Does DNT mean at a high level: (a) no customization, users are seen for the first time, every time. (b) DNT is about data moving between sites. -- open
19:21:04 [trackbot]
19:21:08 [hwest]
19:21:30 [jmayer]
19:21:33 [vincent_]
aleecia: addressed in the current proposal but leave it open
19:21:48 [vincent_]
19:21:50 [vincent_]
19:21:50 [trackbot]
ISSUE-111 -- Signaling state/existence of site-specific exceptions -- open
19:21:50 [trackbot]
19:22:12 [vincent_]
issue 111 move to TPE
19:23:02 [fielding]
I was going to say that hyperlinks in text don't have branding and are considered first-party. There is no need for more restriction there.
19:23:07 [johnsimpson]
johnsimpson has left #dnt
19:25:36 [rigo]
rob was on the Q too
19:25:48 [npdoty]
Lima Lounge @ 14th & K (upstairs)
19:25:48 [npdoty]
break for 30 minutes
19:29:26 [rvaneijk]
Just wanted to remind that WileyS, Rigo and I have worked on a definition and proposed text for it: "A first party is who determines the purposes, conditions and means of the data processing"
19:31:57 [enewland]
enewland has joined #dnt
19:32:14 [schunter]
schunter has joined #dnt
19:32:37 [amyc]
amyc has joined #dnt
19:32:42 [amyc]
19:32:54 [hwest]
hwest has joined #dnt
19:33:55 [npdoty]
npdoty has joined #dnt
19:34:25 [schunter1]
schunter1 has joined #dnt
19:34:37 [tl]
tl has joined #dnt
19:37:03 [schunter]
schunter has joined #dnt
19:38:51 [schunter2]
schunter2 has joined #dnt
19:42:15 [schunter]
schunter has joined #dnt
19:47:17 [schunter1]
schunter1 has joined #dnt
19:51:20 [schunter]
schunter has joined #dnt
20:01:49 [Joanne]
Joanne has joined #DNT
20:02:51 [vincent_]
vincent_ has joined #dnt
20:03:14 [vincent_]
aleecia: starting with a hum and then spliting in small groups
20:03:18 [jmayer]
jmayer has joined #dnt
20:03:28 [justin]
justin has joined #dnt
20:04:08 [amyc]
amyc has joined #dnt
20:04:10 [vincent_]
HUM for "if you have definition of Shane view of parties, could you not live with that"
20:04:43 [Lia]
Lia has joined #dnt
20:04:51 [rigo]
rigo has joined #dnt
20:04:55 [hwest_]
hwest_ has joined #dnt
20:05:13 [jchester2]
jchester2 has joined #dnt
20:05:36 [tl]
tl has joined #dnt
20:07:14 [amyc]
hum for cannot live with Jonathan (parties) and Shane (uses) is louder
20:07:17 [vincent_]
huming for the different combination (Shane definition of parties and Jonahan definition of business)
20:07:26 [vincent_]
quite loud
20:07:31 [amyc]
Aleecia: other hums appear to be evenly split
20:07:44 [amyc]
... breaking into small groups to discuss use cases
20:07:48 [vincent_]
ok I got it wrong, sorry
20:07:58 [npdoty]
npdoty has joined #dnt
20:08:07 [amyc]
... different effects for users
20:08:17 [amyc]
... what harms are we trying to prevent
20:08:33 [amyc]
sorry vincent, just realized we are scribing over one another
20:09:09 [amyc]
Ed: groups should be diverse
20:09:29 [amyc]
Aleecia: picks groups
20:09:42 [amyc]
... picks group leaders
20:11:48 [fielding]
fielding has joined #dnt
20:12:02 [fielding_]
fielding_ has joined #dnt
20:12:42 [robsherman]
robsherman has joined #dnt
20:19:57 [schunter]
schunter has joined #dnt
20:23:04 [schunter1]
schunter1 has joined #dnt
20:26:44 [schunter]
schunter has joined #dnt
20:27:17 [schunter2]
schunter2 has joined #dnt
20:27:37 [vincent_]
vincent_ has joined #dnt
20:37:11 [schunter]
schunter has joined #dnt
21:01:43 [johnsimpson]
johnsimpson has joined #dnt
21:02:06 [amyc]
21:02:28 [amyc]
Aleecia: reviewing results of small groups
21:02:48 [bryan]
scribenick: bryan
21:02:48 [ac]
ac has joined #dnt
21:02:51 [vinay_]
vinay_ has joined #dnt
21:03:05 [bryan]
amyc: we came up with 16 things. here are the highlights
21:03:27 [bryan]
... 1: having a copy of online reading / browsing history
21:03:50 [bryan]
2: ease of access to info by 3rd parties, gotvs, employer, family etc
21:04:08 [bryan]
3: use by others for bad purposes, things you do not want to be targeted for
21:04:22 [npdoty]
rrsagent, pointer?
21:04:22 [RRSAgent]
21:05:00 [bryan]
4: diffuse things re online ecosystem, e.g. accuracy of data, online experience, losing access to low-price content (please check this)
21:05:03 [amyc]
Shane: also tried to highlight actual harm
21:05:09 [schunter]
schunter has joined #dnt
21:05:13 [enewland]
enewland has joined #dnt
21:05:17 [amyc]
... based on proposals, which were removed
21:05:29 [bryan]
scribenick: amyc
21:06:04 [amyc]
... government access, inadvertatnt disclosure, internal bad actor, creepy or chill factor (harm to dignity), denial of employment/insurance, discrimination
21:06:25 [Lia]
Lia has joined #dnt
21:06:59 [amyc]
... content exclusion (diminished diversity); modifying user experience based on sensitive data, secondary uses in violation of silent norms
21:07:22 [amyc]
... sharing or selling to 3rd party, unsolicited or annoying marketing
21:07:49 [schunter]
schunter has joined #dnt
21:08:04 [amyc]
Tom: recorded selection of harm and grouped
21:08:24 [amyc]
... we then classified whether DNT could prevent, and measured on Shane and J porposals
21:08:47 [amyc]
... Consequences, somebody makes decisions about me, J may mitigate
21:09:00 [amyc]
... Sharing, site exposes to 3rd party
21:09:05 [amyc]
... both mitigate
21:09:19 [amyc]
... Collection, someone unknown retains info, neither mitigate
21:09:44 [amyc]
... Retention, someone unknown retains info, neither mitigates
21:09:52 [amyc]
... Info retained by others using devices
21:10:35 [amyc]
... Bad actors collect info, not sure what proposals have to say about that
21:11:13 [amyc]
... Company claims to honor practice, but does not, not something that DNT can fix
21:11:39 [amyc]
... Compliance and noncompliance looks similar enough on back end, DNT should fix, J proposal may fix, Shane does not
21:11:57 [amyc]
... Companies use means to bypass technical barriers I have used to prevent collection
21:12:31 [amyc]
... (1) company provides data to govt and (2) accidental data breach
21:12:50 [amyc]
Nick: will consolidate discussion
21:13:08 [amyc]
... unknown party out of my control retaining data about me
21:13:34 [amyc]
... govt can request data, breach may lead to release of data, rogue employee
21:14:00 [amyc]
... distinction between how that was controlled within company, maybe OK if small team had access
21:14:30 [amyc]
--- better if data was siloed and retained only for particular use
21:14:30 [schunter]
schunter has joined #dnt
21:14:46 [amyc]
... knowing which ads were seen could tell you about user
21:15:32 [amyc]
Aleecia: at a high level, a lot of overlap, but different in particulars
21:15:42 [amyc]
... send lists to mailing list or IRC
21:16:00 [tl]
Our list is at, can someone post that to the list?
21:16:59 [amyc]
... meeting tonight at Lebanese Taverna, take redline to Adams Morgan
21:17:32 [amyc]
... meet at 8 pm
21:17:45 [johnsimpson]
johnsimpson has left #dnt
21:18:03 [rvaneijk]
rvaneijk has left #dnt
21:21:30 [schunter]
schunter has joined #dnt
21:30:05 [schunter]
schunter has joined #dnt
21:31:05 [schunter]
schunter has joined #dnt
21:32:07 [Zakim]
Zakim has left #dnt
21:35:31 [npdoty]
rrsagent, draft minutes
21:35:31 [RRSAgent]
I have made the request to generate npdoty
21:38:42 [schunter]
schunter has joined #dnt
21:41:04 [schunter]
schunter has joined #dnt