Tracking Protection Working Group Teleconference -- 12 Dec 2012

<trackbot> Date: 12 December 2012

<tlr> Scribe: yianni

<aleecia> :-)

<tlr> who dialed in from 202 and 408?

<peterswire> peter and yianni from 202

<kulick> brad kulick, Yahoo! from 408

<schunter> My

<schunter> me

<tlr> ah, good

<schunter> I will be in listen-only mode.

<aleecia> Hi Peter

<kulick> sounds fine

<Brooks> perfect

Peter Swire introduction, start with 2nd item of agenda

<npdoty> scribenick: Yianni

If you are interested in scribing in the future, please email nick doty or peter swire

<AnnaLong> zakim aagg is AnnaLong

We will start meetings promptly at 12

Please notify nick doty in advance if you will be using a new number

<npdoty> yes, feel free to contact me ahead of time, Nick Doty, npdoty@w3.org

<robsherman> To be clear, you're saying to notify Nick ONLY if you're not on IRC — correct?

<tlr> if the following folks could please identify themselves: 1.206.658.aaee 1.202.257.aaii +1.646.827.aajj 1.908.239.aall

<johnsimpson> how long does the regular number stay associated?

<aleecia_> until Zakim mysteriously forgets it again

Amy (Microsoft), just email in advance if you do not have access to IRC

<BrendanIAB> johnsimpson - until Zakim has memory issues

<Chris_IAB> just joined via Skype

<johnsimpson> i need zakim to schedule and run my life

<susanisrael> susanisrael joined from 215.286.xxxxx

<aleecia_> Is there a reason we are not scribing this?

<aleecia_> (prod Nick)

<npdoty> peterswire: particularly important to avoid ad hominem style attacks

<jchester2> I agree with Aleecia. This should be scribed

Disagree fervently on substance, but try not to attack each other on personal grounds

<justin> Is anyone else having trouble getting on? Keep getting busy signal.

<aleecia_> thank you

Try to be constructive in tone and try to avoid personal attacks as a theme going forward

<AdamAN> hi zakim, i'm 646-827-xxxx

<Chris_IAB> +1

<Chris_IAB> no

<tlr> nope

<robsherman> +1 means agree

Third item on agenda: small administrative issue, not a big change in rules

Concern from people that a lot of issues on compliance spec are linked together

Worry that if we have agreement on one issue it will effect another issue

great deal of traffic on email list and on the weekly calls, and if you blink, you may waive concerns about an issue

For compliance spec, try to make sure there is clear notice to the group when we are planning to see consensus

<aleecia_> does this mean we will have a second mailing list for official announcements?

<aleecia_> Thomas, feel free to take that on IRC to save time

we're in a discussion mode, we're are not in a point that we trying to annouce consensus on particular issues

<tlr> yes, there will be an announcement list

that time will come, but we will be clear when we are closing off issues

<aleecia_> thank you. any idea when (re: announcement list)?

<tlr> days

<aleecia_> thank you kindly

<npdoty> we're working out the exact details of that announce list, so that messages will and won't be filtered appropriately

making email list longer to state objections is not a good use of time

Call for questions on phone numbers

<aleecia> Justin was having trouble calling in, but seems to have resolved it

Item number 4 on agenda: other questions and comments

an email to peter personally is appropriate if you have concerns

tlr: times and dates for next in person meeting: 4 Feb or 11 Feb

more information within days, hosting on the US east coast

<ifette> Does east vs west coast US actually matter?

<tlr> ifette, yes

<aleecia> do we know dates on Rigo's thing?

If anyone wants to host, please contact Thomas offline

<tlr> aleecia, week of 28 January

<aleecia> thanks!

<tlr> we expect to have dial-in for US participants for that one

<Chris_IAB> middle of the US?

<ifette> trading between Europe and US I understand, but within the US it seems… less important

strong perference to rotate to the east coast

<WileyS> One argument is that east caost makes it easier for EU participation (cheaper to fly)

Go around the room, and ask for comments, start with letter M

going around the room

<JC> Let's use the IRC list and then go to phone with alphabet

Tell your full name, organization you work with, your role in the organization

<tlr> JC, let's not debate the order ;)

verbal addition to some of the points a new co-chair should hear and group should hear

First person with letter m in their handle will start

Jan 22, Peter will be in Brussels for face to face meetings

Next week on weds and thursday, peter has time to meet with people in DC

<laurengelman> nick- i just joined

willing to set up a skype call with all participants

Peter is very willing to talk one on one or in small groups, please reach out

if you are not part of the 27 submissions online, please state your views

<tlr> if unidentified callers owuld please identify themselves on IRC: 1.202.257.aaii, 1.703.438.aaoo, 44.772.301.aapp, 1.202.253.aaqq, 1.908.239.aarr

<Chris_IAB> ndoty, Lou Mastria is on the call only, dialing in from 90923946...

<justin> peterswire, I just emailed you the list if that helps!

Thomas will start someone in the middle, mike oneil

<tlr> dsigner, yup

Mike O'Neil - software engineer, works in Cal and UK

Sees the group as A way to control third party elements to track people

more on the tech spec, but interested in both

Elise Berkower - Neilsen company

sharing responsibility with an engineer Roman

His focus on the tech, Elise focus on the compiance spec

Nielsen is market research company, has measurements product for all media

panelist for tv rating, panelist for computer, panelist who measure smartphone and mobile devices

The whole range of consumer products is part of Neilsen

The panels are seperate from the analytics are not done for delivering ads or targeting people

more about measuring the internet and how the internet work, so involved with measurement products

Brooks Dobbs CPO for nnumber of entities in WPP through the NAI

non-techie, more on the legal side

Brendan: employed with IAB, but on group an an invited expert

web analytics since late 90s, worked with Microsoft with data collection

scribe: a technologist

Brendant is out of New York

Anna Long - primary work with IBM but working as part of digitable analytics association

<eberkower> Please let Nielsen know when you are coming to New York, Peter; we might be able to provide a venue for a meeting with other New York participants

look at website activities, lead generation, and general privacy matters

Focus more on vendor tools and proces for analytics, out of research triangle park

<jchester2> -q

Adobe analytics - service provider in another of roles

work with product team to build in support for compliance

<JC> Yes

Has a policy background, but also on tech side

Luigi Mastria - managing director DAA

<Joanne> Joanne Furtsch has joined #DNT

Come from the policy side, but knows enough tech to be dangerous

Luigi ut of New York, happy to take to coffee

Heather West - editor of compliance spec

<jchester2> Yes!

works in the policy department of Google

<kulick> i'm still learning

<WileyS> Mostly - learning about a few new folks

<npdoty> most of us have met, but not quite everyone

<BrendanIAB> Getting it nicely documented is handy

Keith Scarborough ANA - fortune 500 companies

all sorts of products and service companies, high tech to banking

Government relations in Washington, one of the founders of DAA

Dan Jaffe also participants at ANA, new to this process

Jonathan Mayer - grad student at Stanford

backgrond in public policy and computer science, also in law school

does computer science research in web tracking, works on policy and law components

been involved early on

<ifette> tlr, i already did Google has ifette

Dan Aurbach Electronic Frontier Foundation, San Fran

works on compliance doc, interested in protecting user privacy

Ian Fette - google, primary on chrome

more on tech spec than compliace spec

I've seen enough of these processes go off and not make progress, need to find where there is willingness

Craige Spiezle - Online Trust alliance - represents markets, government, and tech providers

Think of themselves as a voice of reason, background started as technology in Microsoft

Not an attorney, but regonizes the challenges here, long term impact on consumers and data collection

Adam - AppNexus based out of New York

Allows companies to buy and sell online adds through real time bidding

We have been monitoring discussion, but have not been active

Rob Sherman - lawyer by training, privacy team at Facebook

Help design privacy feature into Facebook and then works with policy side

Wants to empower consumers to make choice, but still have useful services on the web

Adam - lawyers in the field

<adrianba> Adrian Bateman, Program Manager at Microsoft working on Internet Explorer

Adrian Bateman - program manager at Microsoft

Focus on anything about implementation on browser

Main contact, willing to help how ever he can

Bryan Sullivan AT&T - leads service standard team

On service end, ad network, major buyer of advertising

Others at at&t, works with broad range inside company: legal, operations, security

Shane Wiley - VP of privacy and data governance at Yahoo

NAI on board of direction, focused on both tech and compliance spec

<bryan> Message I sent to the list with our input is at http://lists.w3.org/Archives/Public/public-tracking/2012Dec/0091.html

hopes to have something that is voluntarily implemented in real worl

Susan - privacy attorney at Comcast

Not on tech side, joined not long after group was started

would like to see DNT to be useful, want to see that they can still distribute content and non-behavior advertising

based out of New York but often in Washington

<tlr> Vincent Toubiana

Vincent - Alcatel-Lucent

Chris with both IAB and DAA

IAB is a founding member of DAA, serves as technical director of DAA

20 year career in technology, 10 in advertising

Focused on the tech spec of DNT and how it can be implemented at scale

Has done a lot of coding, founded two ad tech companies, ran an ad network for several years

But reviewing code is not his speciality anymore

Also servced in IAB, fought through auding with MRC

RIchard with Comscore - Deputy Privacy Officer

Market reserach company, on compliance legal side

<Chris_IAB> Yianni, to clarify the record, I wouldn't say (and didn't say) that I "fought through auditing with MRC"

Phil - Conversion work, involved with web analytics

primarily concerned with the tech and implementation side

<Chris_IAB> Yianni, I serve on the MRC's Digital Committee, sitting through hundreds of industry audits being considered for accreditation by the MRC

<scribe> Done a lot of work with self tracking, approaching from the EU side

<bryan> What was the last speaker's affiliation?

Chris Olsen: assistance director at the Federal Trade Commission

Peter is a senior attorney

Both attorneys

Justin Brookman - CDT, non-profit advoacy group in Washington DC

Editor of the compliance spec, primarily a legal background

working with tech consumer protection issues for 8 or 9 years

CDT has been workign with DNT since 2007

David MacMillen president of capital ideas, management consulting firm

<bryan> I think the speaker was Yianni from the UK, what is his affiliation?

concern with business strategy, strong tech background

<tlr> bryan, speaker was Phil PEarce

<fielding> I am Roy T. Fielding, a Senior Principal Scientist at Adobe within the CTO organization, though most of my work is with content management (Adobe CQ5) and digital marketing. We build the tools that build large first-party Web sites. I am also a founder and director of the Apache Software Foundation (another W3C member, but I only represent Adobe here). I am a co-editor of TPE and the primary editor of HTTP and URI for the IETF. I did my PhD at UC Irvine on the

<fielding> Web software architectural principles and the REST architectural style, and was on the W3C Team during the summer of 1995. I work from home (mostly) in Tustin, California. IANAL, but I've done plenty of work with lawyers as an expert witness on patents and as author of the Apache License 2.0 (an open source license).

Roy Felding Adobe, works in CTO group, contract management side of digital marketing

works with large first party websites

<bryan> Also the last speaker, David, what is your affiliation? I'm trying to match attendees to group participation.

20 years of web background with tech specs

Not a lawyer, but does a lot of work with lawyers

Amy - assistant general council at Microsoft

<npdoty> David MacMillan, just following the calls as an individual, not currently representing an organization in the group /cc bryan

From the legal side, but interested in both specs

Microsoft - Sue (regulatory affiars), Euan Grant (developer and software director)

David Singer, Apple, does tech standard for apple

<dsinger> Work for Apple, based in Cupertino, doing technical standards, with my background in Multimedia, so I do MPEG, 3G multimedia, etc. as well; supported in this work by privacy experts (some of whom I think you and others know). Am also the advisory committee representative to the W3C.

background in multi-media

<dsinger> Am co-editor of the technical spec. with Roy Fielding of Adobe.

advisory committeee rep to W3C

<David> bryan - npdoty is correct - I am not representing group

<dsinger> Interested in DNT as a way to find a consensus approach to privacy (unlike, e.g. blockers). I am a pragmatic centrist with a penchant for reducing tension with small jokes.

goal of finding a consensue approach

<tlr> bryan, I think we're discovering a few callers here that we need to have conversations with :)

Lauren - lawyer, small pratice focused on privacy in San Fran

<tlr> bryan, so I suggest we take this one offline

Wants a fair, delightful result

One spec that represents a consensus approach is the best thing that can come out of this

<bryan> we should not be discovering this adhoc, but managing it more carefully. our participation hinges on W3C process adherence

as opposed to a technical background

<npdoty> bryan, tlr, the group has agreed to allow identified callers who are not formal participants in the group on our teleconferences

Brad - work at Yahoo with Shane, Cal campus

<bryan> reference to resolution on that?

tech backgroud, with information security team, now with privacy and data governance team

<aleecia> Aleecia M. McDonald, Director of Privacy at the Stanford Law School's Center for Internet & Society (as of last week.) Ten years in software startups prior to returning to CMU for MS policy, then PhD Engineering & Public Policy. Hybrid by design. Not a lawyer but will teach privacy law in the spring. Not an engineer but can code if I cannot find a way out of it ;-) Trying to thread four needles with one thread: business, privacy, US, EU. Can improve welfare [CUT]

<aleecia> v. what we would have absent agreement.

focused on advertising privacy

Aleecia - software start up companies for 10 years

How do we find a solution that works for everyone, we can reach an agreement without having to worry about anti-trust

<npdoty> bryan, it might take me a little time to go back several months to find that documentation in the minutes

Distinction that more privacy is not always better for users, users are not one group

different users want different things, how to support users get outcomes they think they are getting

and what they want

Define: user - is a person, citizen (more than a consumer)

consumer suggests a business relationship that is not always the case

visit in corporate capacity is also a user

<bryan> OK, I did not catch the resolution, and as with our earlier discussion on media access, I would have raised concerns at the time

<tlr> bryan, happy to discuss further

<johnsimpson> I'm John M. Simpson, director of Consumer Watchdog's Privacy Project. We're a nonpartisan, nonprofit public interest group. I'm participating the WG as an invited expert. We have been advocates for Do Not Track for several years. We sponsored SB 761 in California which would have introduced DNT regulations in the state. I was a journalist for 30 years, including executive editor of the Pacific Daily News on Guam and Deputy Editor of USA Today.

John Simpson - director of consumer watchdog privacy project

<peter-4As> +q

partipates in group as a invited expert

<npdoty> fwiw, we do define "user" in the Tracking Compliance doc, http://www.w3.org/2011/tracking-protection/drafts/tracking-compliance.html#def-user

early advocate of DNT, support California DNT legislation, only got through judiciary comm

Hoping to allow user's privacy preferences honored

Sam Silberman - Constant Contacts, company specilized in small businesses reaching privacy needs

Sam Silverban

<tlr> s/silverban/silberman/

<samsilberman> I apologize for leaving the call. I have a another meeting at 1pmET.

Joanne - Truste, expertise on the policy side

interested in both specifications, how it will impact their clients

David Wainberg - lawyer with NAI, council and senior director of technology

Most work at intersection of law and tech

Chris Pedigo - VP government affairs for online publishers association, trade association of 60 publishers

Face of the internet for a lot of consumers, variety of relationships with third parties

Mostly first parties, DNT could be useful to providing consumers more choice over 3rd party data collection

Started working on policy

Ed Felton, prof. at Princeton in Community Science and public policy

<npdoty> s/Felton/Felten/

<tlr> s/Felton/Felten/

does consulting on the side, previously Chief technologist of FTC

his participation is on behalf of the FTC

Peter Kosmala - government affairs for 4A's

Represent a lot of companies developing digital ad campaigns

Jeff Wilson - AOL, newcomers to the group, currently working on W3C membership

<tlr> (and participating here through NAI)

Been doing privacy for 6 years, beofre in tech roles for 10 years, works on privacy team

Peter - Thanks to everyone for coming together on these calls

On the email chain, there were 27 emails with priorities

Discussing theme of the emails, Peter carefully looked at online submissions

Some statements about importance of good procedures

Discussions of role of tech spec versus compliance spec

A number of people said there should be a tech but not a compliance spec

others said we needed both tech and compliance spec

Emphasis of DAA to only have a tech spec and quotes charter, then Jonathon Mayer quoted another part of the charter

Chris - emphasized part of the charter focused on tech spec

Chris - pointing out DAA position that if work would have been on tech spec the work would have already been done

The idea of one size fits all compliance document in the world that has called the divide and bogged down the debate

Wants to focus on tech spec to get a win

to allow regional interpretations of technology when appropriate

diffiult to have one size fits all (specifically between US and EUrope)

you have Canada, South American, and other areas that we have not heard of

<aleecia> How does that fit with quoting selectively from the charter, though? Did you have a point I missed,nor did you miss the rest of the charter?

<ifette> effective is relative

<jchester2> +q

W3C has been a very effective organization from tech side

<npdoty> if people are interested in the charter, you can read here: http://www.w3.org/2011/tracking-protection/charter

<jmayer> +q

Some of the other issues highlighted: how much to think about regional approach or global approach

comments have come from both directions

linkability and unlinkability is another area of focus

Series of back and forth on how to define key terms: tracking menionted the most

some said defining was important, others said it was a distraction

<Chris_IAB> also wanted to point out that we can define TECHNICAL compliance without having to define policy

Statements today and email show substantial disagreement

rather than try to resolve them today or say what the answers should be, should focus on areas where consensus can be found

<jmayer> I didn't follow the earlier discussion—was there an answer on whether the charter is limited to only the technical specification?

Try to build on accurate understanding of how the world is

perhaps not having big normative decisions at this point

<tlr> The charter explicitly mentions both deliverables. Reading the charter in a way that is internally consistent is preferable. ;)

Peter sees the challenges many people have pointed out, find relatively soon specific things to work on, rather than force consensus

Peter wants to listen very hard at this time

<aleecia> Hearing nothing, I assume there's no actual issue there (charter) but if I'm missing something, would love to hear what

Jeff - hope peter will resolve charter issue, needs clarity on charter

Need to do due diligence on this issue, lots of reasons why people are taking positions

need furthur research and discussion, hope to call it as you see it

<aleecia> Wait, JC is Jeff Chester? :-)

Peter is just observing right now that statements are contrary

<jmayer> aleecia, would prefer to not take the waiver approach. We should explicitly resolve something as important as what the charter allows.

in legislative debates, things can look impossible right before they get solved

<fielding> In voluntary standards debates, things without agreement get deleted.

Chris - can have a compliance spec for tech only

instead of defining policy

W3C has in the past been technologists putting together tech specs

With DNT, there have been a lot of lawyers added to the group

<aleecia> What would it look like to have compliance without policy?

<WileyS> Yianni, I believe you can - its focus would be based on technical symantics and workflow and not mention broader policy issues.

<aleecia> Genuine question

Ian - may start a committee to research charter

<aleecia> Fair.

a lot of progress on spec, not so much on policy

<dsinger> unsurprisingly, I think a simple centrist compliance document is possible; it won't be perfect, and won't implement much, if any, policy. but a dnt signal that has no 'common meaning' may be ... problematic

<ifette> I did not say we should start a committee to research the charter

focus should not be on what the charter says, instead where can agreement be reached

Thomas - interpret charter in internally consistent way, charter mentions compliance spec

<ifette> I said that I thought it was probably within the scope of the charter, but regardless of that, you must have agreement of the group to publish a document, and that we may or may not have that consensus and that might be a more fruitful question to discuss than charter issues

<jchester2> let Jonathan speak

<tlr> s/interpret charter/some folks read charter/

<justin> jmayer can put it in irc, though I think I know where he was headed . . .

Peter - call for next week

Do we have something to do for call next week?

<fielding> +1 for vacation

<jmayer> Here's what I was going to say: There are three components to the charter, 1) preference expression, 2) compliance, 3) selective blocking. For each of those components, the charter might allow or require decisions.

<Brooks> with our without a compliance spec, DNT:1 seems to me to be limited in meaning to a meaning that has been noticed to a consumer

<npdoty> if you have specific suggestions for compliance discussion for the call next week, follow up with Peter via email.

<jmayer> I think we have consensus that the charter allows all three. I don't think we have consensus on whether the charter requires any of the three.

<aleecia> Call canceled unless other notice?

<WileyS> Hopefully we'll know about the face-to-face soon...

Call on the 26th and on the 2nd are cancelled

<ifette> jmayer, i personally agree with you there, but regardless on whether you're chartered to do something, that doesn't necessarily mean that it happens

<johnsimpson> Thank you

<justin> Thanks PeterSwire

<npdoty> thanks all

<laurengelman> bye!

<aleecia> Ian, agree: TSLs are prime example

- DRAFT -

Tracking Protection Working Group Teleconference

12 Dec 2012

Attendees

Contents

going around the room

Summary of Action Items

Scribe.perl diagnostic output