00:31:08 dsinger has joined #dnt 02:22:46 npdoty has joined #dnt 03:52:43 schunter has joined #dnt 10:27:08 Zakim has left #dnt 11:45:39 schunter has joined #dnt 11:49:57 fwagner has joined #dnt 12:52:57 schunter1 has joined #dnt 13:25:36 schunter has joined #dnt 13:26:56 vincent has joined #dnt 13:28:14 vincent has joined #dnt 13:30:59 adrianba has joined #dnt 13:33:54 schunter has joined #dnt 13:35:00 Chris_IAB has joined #dnt 13:41:30 efelten has joined #dnt 13:45:59 vincent has joined #dnt 13:47:52 dsinger has joined #dnt 13:51:57 LMastriaDAA has joined #dnt 13:54:48 npdoty has joined #dnt 13:55:23 Zakim has joined #dnt 13:55:49 Zakim, this will be 87225 13:55:50 ok, npdoty; I see Team_(dnt)13:55Z scheduled to start now 13:56:02 BrianHuseman has joined #dnt 13:56:19 Zakim, code? 13:56:19 the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), npdoty 13:56:43 Team_(dnt)13:55Z has now started 13:56:50 +BrianHuseman 13:56:58 haakonfb has joined #dnt 13:58:29 +tlr 13:58:34 johnsimpson has joined #dnt 13:59:32 robsherman has joined #dnt 13:59:44 -tlr 13:59:45 +kulick 14:00:07 +MIT-Star 14:00:24 +johnsimpson 14:00:34 microphones should be working to people on the phone, but we can't hear you yet, til I fix our speakers 14:00:47 rrsagent, make logs public 14:00:48 +vincent 14:00:50 -kulick 14:01:04 zakim, mute me 14:01:04 vincent should now be muted 14:01:14 zakim, mute me 14:01:14 johnsimpson should now be muted 14:01:17 +kulick 14:02:19 +yianni 14:03:51 BerinSzoka has joined #DNT 14:05:27 +Aleecia 14:05:42 yes, can hear you 14:05:47 nick I can hear you 14:06:54 code for the phone is 87225# right? anyone else having a problem signing onto the conference bridge? 14:07:07 i'm on phone 14:07:11 yes that's the code BerinSzoka 14:07:18 it worked for me 14:07:21 +vinay 14:07:26 weird--I tried a few times... 14:07:28 vinay has joined #dnt 14:07:45 David_Stark has joined #dnt 14:07:47 +1.617.761.6200, conference code TRACK (87225) 14:07:59 ashkan has joined #dnt 14:08:33 Chris Mejia of IAB joining in person 14:08:47 Zakim, who is on the phone? 14:08:47 On the phone I see BrianHuseman, MIT-Star, johnsimpson (muted), vincent (muted), kulick, yianni, Aleecia, vinay 14:09:26 we hear you 14:09:35 + +1.202.656.aaaa 14:09:39 aleecia has joined #dnt 14:09:53 rvaneijk has joined #dnt 14:10:27 hwest_ has joined #dnt 14:10:44 hwest_ has joined #dnt 14:11:08 Are mics in good use? 14:11:10 justin has joined #dnt 14:11:13 Is some on the telephone not muted? 14:11:22 zakim, who is making noise? 14:11:22 zakim, who is making noise? 14:11:33 aleecia, listening for 10 seconds I heard sound from the following: MIT-Star (80%) 14:11:38 Joanne has joined #DNT 14:11:38 Sigh. 14:11:41 hearing terrible background noise is there an open mic and someone typing? 14:11:43 justin, listening for 10 seconds I heard sound from the following: MIT-Star (69%) 14:11:52 And cannot hear Ed if he's speaking 14:12:03 horrible line 14:12:06 Ed's slides: https://www.dropbox.com/s/klyhmpc91bxbv84/Unlinkability%20Boston.pdf 14:12:09 Ed is not speaking yet. 14:12:12 Just went dead? 14:12:15 now hearing nothing 14:12:16 RichardatcomScore has joined #dnt 14:12:25 Zakim thinks the line is up 14:12:30 Ah. And unmuted. 14:12:57 Then this is a good time to debug... 14:13:08 terrible connection 14:13:17 sounds like someone his using his phone like a hammer 14:13:25 dwainber_ has joined #dnt 14:13:34 Thank you, Nick 14:14:24 Marc_ has joined #dnt 14:14:34 jeffwilson has joined #dnt 14:14:34 peterswire has joined #dnt 14:15:12 hear peter 14:15:21 susanisrael has joined #dnt 14:15:35 having trouble getting on the line 14:15:45 Me too, Joanne 14:15:49 I can hear better 14:15:51 Keep trying; I needed a few rounds but it worked 14:15:55 couldn't do it. been on hold for an operator for 10 minutes 14:16:04 Call back in? 14:16:15 I tried 5 times 14:16:19 sound seems to be working 14:16:21 Oooof 14:16:41 +Jonathan_Mayer 14:16:52 jmayer has joined #dnt 14:17:00 schunter has joined #dnt 14:17:22 hearing 14:17:34 scribe? 14:17:37 folks on the phone, we are working on the tech problems 14:17:42 (not in - don't hear that well) 14:18:01 ionel has joined #dnt 14:18:04 +Joanne 14:18:05 question to those on the phone -- volume ok from thomas now 14:18:10 that was a question 14:18:11 yep 14:18:12 fine, thnaks 14:18:14 Yianni has joined #DNT 14:18:23 Peter, do we have a scribe? 14:18:23 yes 14:18:35 yianni is preparing to scribe 14:18:36 that was yes on sound 14:18:37 scribe: Yianni 14:18:46 thank you 14:18:55 scribenick: Yianni 14:18:58 Thomas: You should all know that this is all an ongoing process 14:19:12 ...the concept of pseudonymous data 14:19:20 ...In germany, we have 2 types of data 14:19:21 Thomas's slides: https://www.dropbox.com/s/klyhmpc91bxbv84/Unlinkability%20Boston.pdf 14:19:27 ...anonymous data and personal data 14:19:30 He's on 2 now. 14:19:33 thanks, justin 14:19:40 ...pseudonymous data is still personal data but it is treated in a different manner 14:19:55 these are Ed Felten slides no? 14:20:01 ...anonymous data is not unique or tied to a specific person 14:20:02 +tlr 14:20:09 -tlr 14:20:13 slides are here: http://www.w3.org/2011/tracking-protection/mit/bvdw_w3c_pseud-data_20130211.pptx.pdf 14:20:17 ...reading from the quote 14:20:30 (linked from the agenda and the group home page) 14:20:35 ...if you not able to link to a person or indirectly link, you are out of scope 14:20:42 ...if you are able to link, you are in scope 14:20:43 thanks nick 14:20:56 BillScannell has joined #dnt 14:20:58 WaltM_Comcast has joined #DNT 14:20:58 moneill2 has joined #dnt 14:21:06 ...personal data is information associated with an actual person 14:21:15 ...reading the definition from slides of personal data 14:21:33 ...the German government years ago recognized a grey zone, something in the middle 14:21:36 schunter has joined #dnt 14:21:40 ...that is the concept of pseudonymous data 14:21:57 ...a cookie can be identified with a device 14:22:04 ...but not tied to a known individual 14:22:14 ...different between US and German data 14:22:23 ...this data cannot be treated as anonymous 14:22:31 Paul_G has joined #dnt 14:22:59 what slide are we on? 14:23:07 slide 8 14:23:09 hhGerman Telemedia Law http://www.cgerli.org/fileadmin/user_upload/interne_Dokumente/Legislation/Telemedia_Act__TMA_.pdf 14:23:17 ...replace subjects name with other identifying feature to make impossible or extremely difficult to re-identify 14:23:32 ...are processes by digital advertising business making it impossible 14:23:42 ...huge debate around IP address, whether they are personal or not 14:23:58 ...there are processes rendering IP address anonymous 14:24:12 BrianHuseman has joined #dnt 14:24:19 slide 9 now I guess 14:24:24 ...German telemdia act, reading from slide 14:24:55 ......yes slide 9 14:25:21 ...Data is not allowed to be linked back then it does not make sense 14:25:45 ...regarding DNT and the definition of tracking, this definition covers advertising, market research, and tele media 14:25:59 ...it is a very broad approach that we can offer services without ecplicit consent 14:26:07 ...if I feel harmed by the tracking, I can push back 14:26:18 ...anonymous data is not personal data, it is out of scope 14:26:26 +BerinSzoka 14:26:40 ...pseudonymous data are personal data for the business holding the key 14:27:11 ...third party, such as a researcher, without access to the key, that is lawful processing of the data 14:27:34 fwagner has joined #dnt 14:27:46 slide 12 14:27:52 ...pseudnymous service, normally 3rd parties, change IP address or cookie with random numbers 14:28:06 ...last stage, offering users the right to object 14:28:22 ...this is the process to change personal data to pseudonymous data, slide 13 14:28:30 ...in German law it is a risk based approach 14:29:04 ...German law with attention to market research and marketing, not practical to treat session data like health data 14:29:07 +Dan_Auerbach 14:29:22 ...it is difficult for companies to get huge number of consent for advertising 14:29:29 slide 14 14:29:33 ...there is lawful data processing without expicit consent 14:29:56 ...we try to convince German government, that there is a huge opt out regime, and based on German law 14:30:29 ...Slide 15 - DNT unset reading from slide 14:30:54 just to be sure -- any sound problem on the phone? 14:30:57 ...the concept of pseudonymous data, tracking in Germany is lawful 14:30:58 dan_auerbach has joined #dnt 14:31:09 ...for us DNT unset leads to more flexibility 14:31:09 no peter, sound is fine for me 14:31:13 ...in the advertising market 14:31:42 It's ok 14:31:59 Must be Rob speaking? 14:32:01 kulick has joined #dnt 14:32:03 Rob: this fits in well with the exercise we did yesterday 14:32:19 ...the directive is very clear and is usually left out of discussion 14:32:22 rob van eijk 14:32:29 q? 14:32:32 ...it is not just limited to data controller, it is limited to any other person 14:32:50 ...if police can use pseudonymous identifier because they are a subject, and they can identify then it is still personal data 14:33:05 ...pseudonymous data is not anonynous data, so data protection laws still apply 14:33:25 ...do not agree that pseudonymous data is a subset of personal data 14:33:33 ...it is a third subset of data 14:33:43 q 14:33:47 ...if you go through the effort of de-identified the data, you are not done 14:33:56 ...you still need to manage the risk of re-identification 14:34:20 ...do to changes of technology, you need to organize your busienss process to continuously measure risk 14:34:35 ...if you are using pseudonymous data for OBA, explicit consent is still needed 14:34:48 q? 14:34:58 ...notice and choice principle 14:35:10 ...we are making the concept of consent even stronger 14:35:20 in Q, chris mejia is first, marc groman is second; I will ask Thomas to respond to Rob before those 14:35:31 ...leaves the task that maybe in some cases there is the ability to have anonymous data and still use the data 14:35:51 ...yesterday we used different words, red is highly detailed and identified 14:35:59 ...in orange you take steps to de-identify 14:36:15 q+ chris_iab 14:36:17 ...in green, you ensure that data cannot be linked, throw away the key 14:36:19 q+ marc 14:36:24 Paul_G has joined #dnt 14:36:26 ...at that moment it become anonymized 14:36:32 Wileys has joined #dnt 14:36:40 ...the definition of identifiability, the burden is not on the controller 14:36:48 ...if anyone else can identify, it is personal data 14:37:03 Thomas: Yes it is a process of pseudonymization 14:37:10 ...at the end you have pseudonymous data 14:37:52 ...DPA oppinions, the federal data protection authority that you need to implement in German tele media act 14:38:05 ...in Regulation that this proposal might have a good chance in regulation 14:38:23 ...it is ongoing discussion, 3 out of 4 reports contain the idea of pseudonymous data 14:38:34 ...we are trying to stregthen concept of consent 14:39:00 q+ 14:39:05 Peter: part of why this is relevant is not because Europe is a big market 14:39:30 ...it is also important that when regulation goes forward is that 3rd parties gathering data would be expected to follow the rules of the regulation 14:39:47 ...if you are a 3rd party on a site serving Europeans, you would have to follow regulation 14:39:56 ...no distinction between 1st party and 3rd party 14:40:01 ...this is a reality that may be coming 14:40:16 q+ 14:40:31 Chrs: how do you view DNT signal when it is set on by default, IE 10 14:40:42 Thomas: for user choice, default settings are not appropriate 14:40:45 ack chris_iab 14:40:47 +[IPcaller] 14:40:48 ...default settings are not the way to go 14:40:53 zakim, ipcaller is walter 14:40:53 +walter; got it 14:40:55 ...we must offer a proper choice for consumers 14:41:04 ...we must be able to recognize the non-choice 14:41:11 ...the unset status is pretty important 14:41:35 a bit hard to hear 14:41:36 Thomas: we are talking about global standardiztion 14:41:42 ...default settings in spec are not the way to go 14:41:50 ...it is not directly a market issue 14:41:55 q? 14:42:06 for OBA explicit consent is needed for a lawull processing, even in Germany. 14:42:08 ack marc 14:42:19 Marc: interplay between this law and EU data directive and e-privacy directive 14:42:31 Thomas: EU law is complex, EU directive is a guidline 14:42:38 kimono is in Q as well 14:42:41 ...governments must transpose guidlines into naitonal law 14:42:47 q? 14:42:50 q+ kimon 14:42:51 ...we have Germany who have pretty much done nothing 14:43:08 ...at the end a directive may lead to 27 different laws, more or less a guidance 14:43:15 ...the second kind of law is a regulation 14:43:26 ...a regulation is direct to all member sin EU 14:43:39 ...if you want lawful processing you need to look into national laws 14:43:52 ...if you have a sentence in directive or local law, you need to look at local law 14:44:12 * john simpson, I think they are not seeing you bc you have to say q+ not q? 14:44:12 ...if national governments decide not to implement, then it could become law (complex) 14:44:25 ...German has implemented e-privacy law 14:44:45 ...German government that explicit consent is required by personal data, already covered 14:44:58 ...the pseudonymous data is going beyond minimum set, so more than required 14:45:05 q? 14:45:22 thanks susan, I am saying q? because I want to see who is in the q. I'm not seeking to speak 14:45:24 ...so already under directive, German government decided not to change German tele media act 14:45:39 Rob: it has become clear that Germany is very specific at the moment 14:45:48 ...still need to revise e-privacy directive 14:46:11 ...risk in following the situation in Germany as a general consensus 14:46:26 This reading of the privacy directive doesn't mesh well with current thinking among the DPAs on pseudonymous data 14:46:43 Thomas: pseudonymous risk of uncertainty, but also a chance to show how flexible data protection law can be 14:47:06 Frank: point on from practical side, users can opt out of OBA 14:47:28 ...this is being done by different organizations, look at slides from Berkeley workshop 14:47:42 kimon has joined #dnt 14:47:57 german pseudonymous view presentef br mr Schauf leads to legal uncertainty, you cna not generalize this situaation. DPAs postion explicit consent is needed, as indicated in teh reveised e-priv directive that has not been transporsed yet in Germany. 14:48:02 ...in adition to opt out, do not track is in place, we need to expose DNT 1 and DNT 0 14:48:14 ...in addition we have opt out and DNT, from my practical view this will not work 14:48:23 Q? 14:48:24 q? 14:48:29 ack fwagner 14:48:40 Thomas: cookie opt out and cookie opt in, consent and not consent, it is a general question 14:48:49 ...this is not only a question with pseudonymous data 14:49:02 ...in the UK, the e-privacy directive word by word 14:49:14 ...UK data protection authorities used implied consent 14:49:28 ...similar to give user notice with more information then user can decide what to do 14:49:38 ...need to be open about what spec document we send in the world 14:49:40 Paul_G has joined #dnt 14:49:55 ...make sure the interest of natural person is not harmed 14:50:05 ...95% of users who do not know what work is being done 14:50:22 ...need to inform them when data is stored, give them the information then they can safeguard there rights 14:50:27 ...consent is not the only way to go 14:50:43 folks the german speakers have been hard to follow on the phone 14:50:56 Chapell has joined #DNT 14:51:00 kj has joined #dnt 14:51:06 q+ 14:51:30 wileys: data protection regulation formally introduces pseud ids 14:51:31 scribenick: jeffwilson 14:51:38 concept will likely surive 14:51:58 we'll be discussing going forward, what value it provides consumers and businesses 14:51:58 scribenick: jeffwilson 14:52:06 q+ 14:52:13 ack wileys 14:52:14 ack wileys 14:52:15 ack kimon 14:52:22 q 14:52:33 q? 14:52:33 kimon: there are a few things to keep in mind: eprivacy directive says you need consent to store data 14:52:39 it is not tech neutral 14:53:11 q+ moneill2 14:53:15 from a practical view out of the german law environment an approach which means that dnt is used in addition to the the oba opt-out mechanism will increase complexity users have to deal with. From our perspective dnt should be used instead of the actual opt-out approach. 14:53:22 art 5.3 in the e-Priv directive is technology netutral. 14:53:46 it is a neutral assessment, we need to recognize that some countries see the req. as so strict that it would not fulfill the requiremetns of pseud data 14:53:55 Frank, why not use both? DNT for de-identification of data records and opt-out for ceasation of profiling 14:54:06 ack rvaneijk 14:54:19 rob: one of the slides shows that the situation that the processing of profiles without consent is permitted 14:54:28 this falls into the category of personal data 14:54:42 text of telemedia act says this is not allowed 14:55:03 thomas: thats wrong - profiles can be created based on pseud data 14:55:20 rob: usage profile is diffferent, i dont think the two concepts are the same 14:55:52 thomas: if tracking personal data, need explicit consent, if pseud tracking, offer right to refuse but no explicit consent is needed 14:56:19 q+ 14:56:23 q? 14:56:28 mike oneill: "to the extent that the recipient of the service does not object" is the key text 14:56:37 q 14:56:38 walter will be next; on phone, correct? 14:56:55 they still require consent, pseud data is personal data 14:56:56 peterswire: yes, correct 14:57:31 thomas: text- " service provider most offer the right of refusal" 14:57:39 q- 14:57:49 this is not the current status quo , the e-priv directive (revised version), states: after having been provide with clear and coprehencsive informatin. 14:58:03 hefferjr has joined #dnt 14:58:06 This iss not an opinion, but a baseline vor lawfull processing 14:58:07 definition of pseud data - opinions of differ between the committees 14:58:49 marc groman: thanks for the pres, very interesting, i dont think anyone is saying theres a reducting in privacy, only the recognition of three types of data 14:59:08 and the appropriate risks each bucket has 14:59:26 rachel_thomas has joined #dnt 14:59:40 peter: wrapping us session, thanks thomas 14:59:59 tim berners lee is in the room! 15:00:16 rigo has joined #dnt 15:00:41 tim berners lee: thanks for coming, braving the snow, (lost mic) 15:01:17 this is hard work, creating designs, etc is not where the glory is 15:01:45 listening to opinions that are not consistent with yours is hard, requires mental effort, but is very important 15:02:12 this is how we reach consensus, however 15:02:45 one of the reasons w3c working groups work is there is a backdrop of assumptions that the participants have - world will be better for the work 15:03:34 people using the web to inform themselves, learn, buy things, - the web will be better than it was before, w3c has never been a place for people that hold on to their own opinions 15:04:12 we're here to work together and make progress, sacrifice is expected but appreciated. 15:04:22 so thanks very much 15:04:32 and thanks to peter 15:04:38 massive thank you to all 15:05:18 peter: question to tim - for people who havent been part of w3c before, how do participants overcome objections from companies 15:05:36 tim: its a bit general, but every working group is different 15:06:02 look at things like the history of CSS, HTML, SVG, etc - these things took a lot of time 15:06:40 there is a common thread, that you are the interface bettween teh group and your company 15:07:16 ways of getting people up to speed, ways of sharing techniques, and experiences - going back to you company 15:07:39 and openign up the windows a bit to see what else is out there, where things are headed 15:08:21 marc: regardin participation, we see huge companies - but what about the very small companies - small sites, pubishers, companies who dont have the same voice or influence 15:08:31 tim: very good question - we must ask ourselves this constantly 15:08:50 the longtail is important 15:09:23 yes, we have a duty to put ourselves in the shoes of small companies, communities, ind. developers 15:10:09 rrsagent, pointer? 15:10:09 See http://www.w3.org/2013/02/12-dnt-irc#T15-10-09 15:10:14 it is important to support the people who are developing the open web, much of this you dont see 15:10:43 we must make an effort to understand the needs and postions of all 15:11:02 sound is really poor now :-( 15:11:08 lou: we represent companies that make content possible - how does w3c measure success? 15:11:36 tim: certainly - does it get used? does it solve the problems/ 15:11:43 Deployment equals success - you heard it here. 15:11:50 +BerinSzoka.a 15:11:57 + +1.202.639.aabb 15:12:03 are the consumers much happier, and does it unleash the potential, etc. 15:12:03 -BerinSzoka 15:12:09 ionel has joined #dnt 15:12:09 mecallahan has joined #dnt 15:12:42 peter: thanks so very much, tim! 15:12:56 we'll break for 5 minutes 15:13:19 -Dan_Auerbach 15:13:23 Peter's mic is live 15:13:24 +hefferjr 15:14:50 npdoty has joined #dnt 15:15:31 not anymore, I think 15:15:52 +Dan_Auerbach 15:17:23 ionel has joined #dnt 15:17:44 not so muted 15:20:31 -Dan_Auerbach 15:23:20 ionel has joined #dnt 15:23:47 Paul_G_ has joined #dnt 15:24:05 peter: hello on the phone - about to start. we'll do 15-20 mins with ed then breakout to groups 15:24:12 after q&a with ed 15:24:55 ed felton: peter asked me to talk about unlinkability, what we've learned over the last decade with data science 15:25:03 hwest has joined #dnt 15:25:04 s/felton/felten/ 15:25:09 sound check -- ok on the phone? 15:25:16 need some definition of de-identified that is precise enough that it can be applied in practice 15:26:08 the rationale for creating unlinkable data was to be able to override the users DNT choice 15:26:40 it is a mistake to think of a one dimensional privacy space - need to consider both privacy and utility 15:27:07 I believe Ed's point was that this is an area justified by very limited privacy risk. It isn't an area where we're balancing privacy and business. 15:27:14 if we're not careful we can design a solution that offers neither privacy or utility 15:27:27 so where should the trade off be? 15:27:46 it turns out to be easier to quantify utility, hard to quantify privacy 15:27:59 ChrisPedigoOPA has joined #dnt 15:28:14 no mic = no sound on call 15:28:16 slide 5 - what does it mean to be privacy perserving with regards to perfomring a data operation? 15:28:23 can't hear 15:28:31 BillScannell has joined #dnt 15:28:45 nope 15:28:52 ed will repeat the question 15:29:05 can't hear anyone 15:29:16 chapell has joined #DNT 15:29:18 We can hear you guys! 15:29:18 matthias must be asking an epic question :-) 15:29:34 matthias: i like your slide, but its important to realize that there is another dimension in implementation 15:29:39 He's going to put the comment in IRC 15:29:42 we can hear Peter but only him 15:29:45 thanks! 15:29:59 s/Peter/Ed 15:30:07 My comment (unheard, sorry) was: An important third dimension is the effort to get close to the frontier. 15:30:08 ed: more than 40 years of research, huge amount of work 15:30:18 susanisrael has joined #dnt 15:30:30 intuition is an unreliable guide 15:30:53 The slide may look hilly at the frontier: While implementations far from the frontier are simple and efficient, getting onto the border may require large implementation effort. 15:31:14 intuition says: if you are not in the dataset, then the data cannot inform anything about you 15:31:21 e.g. are you a smoker? 15:31:30 if so, then your cancer risk is higher 15:31:54 even if you are not part of the original dataset 15:32:24 intuition always says that aggregate data is always safe 15:32:48 e.g. hunch.com - make recommendations based on correlations of things about you 15:33:17 more than a million users were using hunch, but data was relinkable in several instances 15:33:40 lost.fm and amazon had similar problems, but since been addressed 15:34:03 what does it mean for a data operation to be privacy perserving? 15:34:40 imagine a raw dataset with some sensitive data (peter swire example) - some portion is private, some public 15:35:23 some frameworks are built on atomically sanitized queries/data 15:36:24 some scenarios have analyst and raw data siloed, some are not, but what must be true to maintain the privacy perserving def 15:37:03 for privacy perserving, need the following: feasable, techically actionable, does not ban all data release, implies some limit on data inference 15:37:16 susanisrael has joined #dnt 15:37:51 rachel: from your earier comment regarding amazon, do you believe an inference is the same as knowing the actual behavior? 15:38:14 npdoty has joined #dnt 15:38:36 ed: no, what i meant to say was that members of the public can make inferences about other members 15:39:00 rachel: well, that is not actual knowledge - just an inference. there's a difference when considering a need to limit 15:39:12 ed: well, im not going to argue to epistimology 15:39:32 dsinger has joined #dnt 15:39:40 @RACHEL: if inferred data is used to base a decision upon you are treating a person differently.. ! 15:39:49 +q 15:39:50 chris mejia: inferences are not the same as observations 15:39:50 rob++ 15:39:59 q+ 15:40:02 but even without decisions... 15:40:04 peter: let me see if i can clarify 15:40:21 bryan has joined #dnt 15:40:36 sometimes we make observations, sometimes we make inferences, difference is likelihood 15:40:39 q+ 15:40:46 Couldn't hear Rachel, her mike was off? 15:40:46 Rachel needs to use the microphone, please!! 15:40:58 moneill2, are you still on the qureu from your previous question on German Telemedia act or is this a new one? 15:40:59 inferences are probabalistic 15:41:02 -BerinSzoka.a 15:41:07 a statistical inference is not an implication for user privacy; to know that smokers may get cancer says nothing about a user unless you *know* they smoke, thus is not a privacy concern 15:41:12 q+ 15:41:17 q? 15:41:25 david singer: theres a huge difference between finding teh record and examining the record 15:41:54 Remember what Justice Kennedy wrote in the majority's decision in IMS Health v Sorrell, striking down Vermont's restriction on use of data about drugs doctors prescribe in marketing of drugs back to them: "Facts, after all, are the beginning point for much of the speech that is most essential to advance human knowledge and to conduct human affairs. There is thus a strong argument that prescriber-identifying information is speech for First Amendment pur[CUT] 15:42:08 ed; amazon example showed that facts could be gleened from teh public inference data 15:42:21 ed: must be some limit on what analyst can learn from the data 15:42:46 q- see note above in the minutes addressed to Rachel 15:42:52 q- 15:42:55 goals are modest, but hard to achieve, and knew of no definition tha can satisfy all until 2006 15:43:10 ed: k anon is an example that fails to meet the requirements 15:43:22 total silence on the phone 15:43:26 BerinSzoka: really, I wished there was a way for the USA to learn about the value of data protection without suffering a totalitarian regime such as the German nazis, but am afraid there isn't. 15:43:59 efelten: poorly 15:44:06 Berin - others are saying they can hear Ed 15:44:07 imagine you have a bucket of hiv pos individuals, regardless of size you can infer trait 15:44:29 other problems, assumes tehre' s only one query ever 15:44:30 no can hear Ed 15:44:52 #t 15:44:53 two k anon datasets combined can and have produces privacy issues 15:44:54 Yes, it is much better now 15:44:55 marc has joined #dnt 15:44:55 q? 15:44:59 hey, Rigo, my grandparents grew up in Nazi Germany. it is very much the moral context I inherited 15:45:16 BerinSzoka: It wasn't Rigo who said that, but me 15:45:42 may i politely request we drop the Berin bating on this particular one? 15:45:50 you may 15:45:56 second 15:45:57 thank you. 15:46:18 dalenius' goal - what analyst learns about you (side info + answers) is essentially the same as (side info only) 15:46:33 q+ 15:46:37 diffferential privacy is only one that meets all four criteria 15:46:48 q+ 15:46:52 Richard_comScore has joined #dnt 15:47:16 means that same answer is achieved regardless of whether or not the subject is in the dataset or not 15:47:30 for the q, is everyone still requesting to speak, or were these from earlier? 15:47:53 +BerinSzoka 15:48:06 your participation / presence in the data is irrelevant. can also adust "leakage" level to trade privacy vs. utility 15:48:18 peter, i would still like to speak when ed is done 15:48:46 rvaneijk_ has joined #dnt 15:48:50 enables mutiple queries, interactions. not affected by side information - entirely safe to enhace 15:48:55 I think moneill2 is from the previous session, others are requesting to speak 15:49:04 Peter - yes 15:49:19 enhance the data, "go wild" - it wont impact the privacy 15:49:20 susan and shane -- I see your reconfirmation 15:49:46 marc has joined #dnt 15:49:54 there are known methods to archieve DP for aggregate counting queries 15:50:15 adrianba_ has joined #dnt 15:50:39 peter: re: hashing - what are the attacks? 15:50:59 complex issue - individual methods can be good or bad 15:51:01 moneill2 has joined #dnt 15:51:11 replacing identifiers doesn't always help 15:51:33 (ed's reponse) 15:51:38 q+ 15:51:49 peter: what about wriiing code to break hasing schemes? 15:52:15 ed: suppose you have an identifier, such as a phone number - this fails to a simple dictionary attack 15:52:25 Wileys has joined #dnt 15:52:26 hashing does not lead to anonymization , because the one that hashed knows the algorit and the salt. The hash is reproducable. 15:52:32 microphones please! 15:52:40 and who is speaking now? 15:52:41 shane: you still need to know the key/salt 15:52:53 q? 15:53:06 there is no brute force dictionary method if you don't know the salt 15:53:18 ed; can be complicated depending on whether or not keys are managed properly 15:53:28 If there's a salt or key, there are key management and oracle problems. 15:53:35 +q 15:53:40 salted hashing is not relevant if you want to accomplish the goal of trying to anonymize the data . The ONLY thing that is going to help you is break the LINKABILITY. 15:53:50 even with rotating keys it can be done improperly 15:53:58 And, as Ed and Rob just noted, that does nothing about linkability. 15:54:07 peter: going to queue 15:54:27 q? 15:54:54 I think we should continue this discussion and not break out into groups yet 15:55:10 susan: i realized that our difference might be different with regards to privacy and de-id, your assumption about possessing info about anyone might be an invasion of privacy 15:55:17 ...is there a technical question here? 15:55:18 http://www.w3.org/wiki/Privacy/DNT-Breakouts is link to the five breakout groups 15:55:27 Peter, could you please manage the queue in order? thank you 15:55:48 same groups as yesterday? 15:55:59 if someone receives value/content online - they are interacting. its is important to note that not all interactions are in invasion of privacy 15:56:04 yes, same groups as yesterday; some different leaders 15:56:07 q? 15:56:09 thanks 15:56:21 q- susanisrael 15:56:37 +q 15:56:42 same dial in for the groups as yesterday? 15:56:45 ed: this is why we have different levels of sensitivity 15:57:01 alphabetical dial in groups as for yesterday 15:57:02 -q 15:57:10 q- moneill2 15:57:18 the only way the definition fails is if the analyst can learn everything 15:57:34 q? 15:57:38 q? 15:57:41 ack wileys 15:57:56 shane: it is important to point out that bullet 3: "does not ban all data release" is relevant to our work 15:57:56 susanisrael: I don't think anyone is advocating that any processing of personal data is inherently invasive 15:58:17 You can certainly use differential privacy for internal data practices. 15:58:19 susanisrael: I wouldn't, and am probably on the protective end of the spectrum 15:58:21 +1 15:58:23 when we are discussing our practices - we are not talking external release - only internal use 15:58:24 walter, i think they are advocating that 15:58:28 Peter, I would really like to hear how Ed would respond to what our Supreme Court has said about reconciling privacy protections and free speech in the context of striking down a consent requirement: "Facts, after all, are the beginning point for much of the speech that is most essential to advance human knowledge and to conduct human affairs. There is thus a strong argument that prescriber-identifying information is speech for First Amendment purposes" 15:58:29 And, in fact, some advertising companies already do just that. 15:58:36 where we have the benefit of controls and practices to protect the data 15:58:37 q? 15:58:42 FTC recognizes this 15:58:47 that seems pretty relevant to me 15:58:50 susanisrael: No, I think you have to decouple the question of what is linkable (personal) data and when you may process it 15:59:01 your presentation focuses more on external uses of the data 15:59:09 susanisrael: I would concur that observation in a public space shouldn't be curtailed 15:59:14 q 15:59:16 ed: no it is not exclusive to external use 15:59:17 We've already had this discussion (several times) --- internal misuse/forced re-ID is one of the threat models we're concerned about. 15:59:20 q? 15:59:20 susanisrael: persistent observation would be a different question though 15:59:36 q- 15:59:48 walter, my point is in part that the internet is in part a public space. There is a valid discussion about where personal boundaries should lie 15:59:54 +1 to justin 16:00:04 all i am saying is that the "analyst" can be internal or external, but the analyst still may learn from the data 16:00:12 controls will vary based on internal/external 16:00:20 susanisrael: and there we go off the rails, a HTTP(s) session is not a public space, it is a fairly private conversation between a UA and a server 16:00:20 walter: when I keep walking in public and you keep observing me then that is not inherently an invasion of privacy 16:00:26 q? 16:00:27 All of the examples were external data releases 16:00:34 ack bryan 16:00:35 shall we close the queue? 16:00:45 susanisrael: if I keep following you around you might consider a restraining order on me at some point 16:00:46 (not sure if that's what Peter wanted) 16:01:00 aleecia, yes, close the queue. Can I tell Zakim that? 16:01:07 brian: for privacy issue, you must have a link in teh data to that person 16:01:07 zakim, close the queue! 16:01:07 I don't understand 'close the queue!', justin 16:01:17 zakim, close the queue 16:01:17 ok, aleecia, the speaker queue is closed 16:01:29 :) 16:01:30 if we've done everything possible to ensure it's not linkable, then we should be safe 16:01:49 ed; its about whether the analyst can learn the facts about an individual 16:02:05 susanisrael: one of the Transatlantic divides is the lack of appreciation that continuous observation affects access to information 16:02:16 the problem with hunch.com was that the analyst could learn a great deal of attributes via reverse engineering 16:02:35 walter: in this group we are talking about whether a third party that we do not know is part of my interaction/transaction can learn things about me by lurking behind the scenes, to continue the analogy. We are not trying to outlaw observation, however persistent 16:02:40 dsinger_ has joined #dnt 16:02:41 q? 16:02:41 q? 16:02:42 adrianba has joined #dnt 16:02:48 (continuous observation makes humans neurotic, same as continuous isolation.) 16:02:52 ack jmayer 16:02:59 jon mayer: re: differential privacy - can you provide some examples? 16:03:14 ed: sure - aggregate counting queries is one 16:03:17 aleecia, i question your assertion and I don't think we are here to cure neuroses either 16:03:31 we appear to be here to cause them :-) 16:03:47 most common method is to compute with some amount of noise, typically less than what is in the data already 16:03:47 q 16:03:53 susanisrael: This is my point, none is for outlawing observation. What I hope we achieve is giving users an option to say: I don't want to be observed by you or third parties outside the context of this website visit 16:04:03 ack LMastriaDAA 16:04:10 q- 16:04:26 lou: thanks, ed. what is your perspective on permitted uses here? 16:04:31 Ed[s theory implies/rests on the assumption that all observation or collection of information is an invasion of privacy. That is clearly not true. 16:04:42 susanisrael, the chilling effect of persistent surveillance is absolutely one of the problems this working group is here to address. peterswire acknowledged as much yesterday with reference to the right to read anonymously. 16:05:17 Susan, this isn't a personal "theory" of privacy. It's the way computer scientists have come to think about the problem. 16:05:23 ed: the FTC privacy report shows a common structure - a company has enough measures in place, including contractual, internal controls, etc. 16:05:23 susanisrael: no, Ed's theory is not on the legitimacy of the observation, but on the extent to which observation can take place 16:05:46 Susan - that's not actually what Ed is saying. I suggest a one-on-one discussion quickly to clear that up with Ed, if you're still interested. 16:05:47 the core of all that is "what is the thing that you have enough confidence in"? 16:05:49 + +1.206.658.aacc - is perhaps Amy_Colando 16:05:59 what is the goal vs. the compliance superstructure 16:06:08 Justin, while it may be the case that we would like to limit "surveillance" i.e. unknown observation, or that even persistent known observation may have a chilling effect, that does not mean that acquiring any one fact about a person is an invastion of privacy and that is what ed is saying 16:06:21 susanisrael: what is contested is what is observable and what not, that is the essence of anonymisation vs pseudonimisation 16:06:42 Susan - I strongly believe that's not what Ed is saying 16:06:45 lou: you mentioned techniques from 2006 - its a moving target 16:06:54 Aleecia, I do not agree. 16:07:00 susanisrael: and I meant by 'can take place' not in the legal sense, but in the factual sense 16:07:03 I can tell :-) I suggest you speak with Ed. 16:07:08 ed: the inventor of k anon knew that some methods were inadequate 16:07:25 diff. privacy works, there may be new methods that will work better 16:07:34 He's looking at a way to eval different approaches 16:07:35 who is whispering? 16:08:12 justin, aleecia, and walter, my point is that we need not only agreement on de-identification, but agreement on a definition of privacy. I do not believe Ed is presenting the right parameters for this 16:08:13 to be clear - not proposing diff. privacy, only that we keep in mind what is feasible. k anon has its limits and may not work 16:08:18 and as jmayer said, this is a computer science approach, it is the inevitable conclusion of information theory 16:08:39 i agree that specific de-id should not be set in stone 16:08:42 susanisrael: Oh, i concur that a definition of privacy is also needed 16:08:51 dsinger_ has joined #dnt 16:09:01 felix wu: i am noticiing a disconnect in our conversation. its a question of quantifiers - are there any limits on data inferences that meet the goal? 16:09:12 susanisrael: or more precisely, of what we try to protect 16:09:16 if we were to use the defn of privacy as control (not my personal favorite, but the most common) then Ed looks like he's utterly permissive 16:09:18 ed; the inferences i am thinking about is "facts" about individuals 16:09:40 one of the open questions from the de-id preso is what risk are we mitigating? 16:09:47 -Amy_Colando 16:09:49 Richard_comScore has joined #dnt 16:10:04 we're not mitigating risk. we're providing a PET. 16:10:13 Aleecia, again, I do not agree 16:10:18 ed; need to focus about attributes on people in the world, not whats in the DB 16:10:33 +1 to Berin 16:10:40 dsinger__ has joined #dnt 16:10:54 the alternative is we think users should not have choice, control, and transparency 16:10:59 berin: can you give your reaction to the supreme court for the requirements for consent that companies needed to use prescription information for marketing 16:10:59 Isn't this a question for a lawyer? 16:11:05 First Amendment governs W3C? 16:11:08 Aleecia, I don't agree that that is the alternative 16:11:15 + +1.646.654.aadd 16:11:19 - +1.646.654.aadd 16:11:33 ed: i'll remind you of the state actor doctrine (?) 16:11:45 s/actor/action/ 16:11:48 peter: going to breakout now 16:11:55 http://www.w3.org/wiki/Privacy/DNT-Breakouts 16:11:58 P3P was a PET. DNT is a PET. efficacy remains to be discovered. 16:12:11 aleecia: that is a lovely way of putting it 16:12:19 I'll store that for later abuse 16:12:41 - +1.202.656.aaaa 16:12:54 efficacy needs (perhaps presumes) an objective basis for determining whether we achieve or not 16:13:15 for the record, I don't accept Ed's answer--in large part because I do not accept the premise that there is no state action behind this effort. Exhibit A would be the pressure brought to bear by the W3C, notably through Ed himself 16:13:20 -kulick 16:13:22 LMastriaDAA: I'd be happy to take Ovums's recent research as a starting point 16:13:22 - +1.202.639.aabb 16:13:25 -Joanne 16:13:26 oh, no doubt we'll be debating efficacy for years. Every time there's an attempt at legislation, at the very least 16:13:37 BerinSzoka: W3C is not a state actor 16:13:41 -Jonathan_Mayer 16:13:42 -vinay 16:13:50 -vincent 16:14:08 -johnsimpson 16:14:09 -yianni 16:14:13 Does a Joe Barton letter to a data broker asking about their practices constitute a First Amendment violation, BerinSzoka? 16:14:16 walter< I think Berin was talking about the principal not about W3C standards. Ed was making assertions about what rules should apply. 16:14:23 -hefferjr 16:14:25 -Aleecia 16:14:26 aleecia has left #dnt 16:14:42 yes, I was talking about the general principle, which Ed dodged 16:14:51 Justin, i don't think berin was saying inquiry about practices is a first amendment violation 16:15:15 Justin: does Joe Lieberman making a phone call to Amazon and "persuading" them to cut off hosting to Wikileaks count as state action? 16:15:23 susanisrael: I think that if companies agree to use standard X, which includes promises on what data to process and what not, then the FTC enforcing that as part of their consumer protection mandate is not abridging free speech since the companies chose to adhere to standard X 16:15:49 could someone remind us on the phone about which group to call in for? 16:15:53 this coming from someone who obviously is outside any US tradition of constitutional law interpretation 16:16:18 BerinSzoka: I think that's an apples & oranges comparison 16:16:22 -BerinSzoka 16:17:30 susanisrael: and again, Ed was expressing the current scientific thought on what constitutes anonymity from a computer science perspective. That is not a value judgement of non-anonymity 16:17:42 anyway, time for coffee here 16:20:19 npdoty has joined #dnt 16:20:39 johnsimpson has left #dnt 16:22:46 robsherman has joined #dnt 16:23:12 fwagner has joined #dnt 16:25:44 walter, re: comment at 11:15. No one said FTC enforcement of rules and laws re: deceptive practices is an abridgement of free speech rights 16:26:26 susanisrael: I tried to infer your reasoning. I hope I don't come across as overly aggressive here, because I think your concerns are genuine and need a frank discussion. 16:26:31 robsherman has joined #dnt 16:26:32 dsinger has joined #dnt 16:27:47 schunter has joined #dnt 16:28:13 Folks on the phone - if you're dialled in to the normal number, you should join #dnte 16:29:30 -walter 16:30:54 haakonfb has joined #dnt 16:32:43 +MIT346 16:33:20 ionel has joined #dnt 16:34:23 -MIT346 16:35:11 Zakim, who is here? 16:35:11 On the phone I see BrianHuseman, MIT-Star 16:35:12 On IRC I see ionel, haakonfb, schunter, dsinger, robsherman, fwagner, npdoty, adrianba, rvaneijk_, bryan, susanisrael, hwest, rigo, hefferjr, kj, kulick, BrianHuseman, peterswire, 16:35:12 ... Joanne, ashkan, Zakim, RRSAgent, hober, trackbot, mischat, Walter 16:37:00 BrianHuseman, type "/join #dnte" if you want to be in the room for the discussion we're about to have 16:41:05 BrianHuseman has left #dnt 16:41:25 vincent has joined #dnt 16:48:23 nick? can you tell me how the zakim rooms are named? 16:48:38 I want to tell zakim what conference that is 16:48:49 I'm in dnte 17:15:45 Zakim, who is making noise? 17:15:57 hwest, listening for 10 seconds I heard sound from the following: BrianHuseman (54%), MIT-Star (45%) 17:16:33 Zakim, mute BrianHuseman 17:16:33 BrianHuseman should now be muted 17:43:26 + +1.202.656.aaee 17:44:09 - +1.202.656.aaee 17:58:28 Thomas_Schauf has joined #dnt 17:59:05 Thomas_Schauf has left #dnt 18:01:34 fielding has joined #dnt 18:01:49 BerinSzoka has joined #DNT 18:08:00 adrianba has joined #dnt 18:08:07 rrsagent, draft minutes 18:08:07 I have made the request to generate http://www.w3.org/2013/02/12-dnt-minutes.html fielding 18:08:13 rachel_thomas has joined #dnt 18:13:45 fwagner has joined #dnt 18:18:41 +tlr 18:18:53 -tlr 18:28:32 Meeting: Tracking Protection WG F2F, Cambridge, MA 18:28:44 rrsagent, draft minutes 18:28:44 I have made the request to generate http://www.w3.org/2013/02/12-dnt-minutes.html fielding 18:30:23 zakim, list attendees 18:30:23 As of this point the attendees have been BrianHuseman, tlr, kulick, MIT-Star, johnsimpson, vincent, yianni, Aleecia, vinay, +1.202.656.aaaa, Jonathan_Mayer, Joanne, BerinSzoka, 18:30:27 ... Dan_Auerbach, walter, +1.202.639.aabb, hefferjr, +1.206.658.aacc, +1.646.654.aadd, MIT346, +1.202.656.aaee 18:31:19 dsinger has joined #dnt 18:31:37 vinay has joined #dnt 18:31:55 +vinay 18:34:57 schunter has joined #dnt 18:51:03 ionel has joined #dnt 18:51:03 zakim, move TRACK here 18:51:03 I don't understand 'move TRACK here', fielding 18:51:18 zakim, TRACK is here 18:51:18 sorry, fielding, I do not recognize a party named 'TRACK' 18:53:00 zakim, what conferences? 18:53:00 I see Team_(dnt)13:55Z active 18:53:01 also scheduled at this time are T&S_(DNTC)1:00PM, SW_RDB2RDF()12:00PM, WAI_PF(Text)1:00PM, XML_ET-TF()11:00AM, SYMM_WG()2:00PM 18:53:46 zakim, what is the passcode 18:53:46 I don't understand 'what is the passcode', fielding 18:53:59 zakim, what is the passcode? 18:53:59 the conference code is 87225 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), fielding 18:55:14 +Fielding 19:00:26 aleecia has joined #dnt 19:00:28 when are we starting again? 19:00:32 Joanne has joined #DNT 19:01:13 +Joanne 19:01:28 hwest has joined #dnt 19:01:40 Richard_comScore has joined #dnt 19:02:10 fwagner has joined #dnt 19:02:41 Thomas_Schauf has joined #dnt 19:03:01 johnsimpson has joined #dnt 19:04:28 I'm calling in from home. Someone outside just started up a jack hammer. Bwah? 19:05:15 +johnsimpson 19:05:45 Thanks 19:06:10 npdoty has joined #dnt 19:06:22 peterswire has joined #dnt 19:06:23 scribenick: bryan 19:06:46 susanisrael has joined #dnt 19:06:49 yep 19:06:50 yes - coming in 19:07:18 justin has joined #dnt 19:07:23 Chair: peterswire 19:07:26 thanks to bryan and susan for volunteering 19:07:26 +Aleecia 19:07:28 efelten has joined #dnt 19:07:29 +kulick 19:07:38 moneill2 has joined #dnt 19:07:45 topic: de-id working group readout, path forward 19:08:09 peter: struck how similar answers were from the groups 19:08:13 Paul_G has joined #dnt 19:08:26 David_Stark has joined #dnt 19:08:32 ... 1st what terms to use. all groups ended up focusing on de-id 19:08:47 robsherman has joined #dnt 19:08:52 ... unlinkable is a promise, de-id comes closer to the goal 19:09:28 +BerinSzoka 19:09:32 ... 2nd what text to use, basic agreement on the structure of the words using DAA / FTC as base 19:09:38 But de-identified is a process, not a state of being. Non-identified would make more sense. 19:10:05 ... Rob (FB) had a question about reliance upon agreement to not re-id 19:10:11 WaltM_Comcast has joined #dnt 19:10:26 +1, I think this is smart, may not need any separate public statement 19:10:35 ... if we put "wont" in the text we may not need a 2nd requirement to explicitly promise 19:10:43 q+ 19:10:51 rigo has joined #dnt 19:11:00 zakim, open the queue please 19:11:00 ok, aleecia, the speaker queue is open 19:11:01 Zakim, please open the queue 19:11:01 ok, npdoty, the speaker queue is open 19:11:03 I asked "what does this solve for?" 19:11:17 rvaneijk has joined #dnt 19:11:28 dwainberg has joined #dnt 19:11:29 Chapell has joined #DNT 19:11:40 haakonfb1 has joined #dnt 19:11:44 Yianni has joined #DNT 19:11:53 robsherman: concern is that we have a response header, but it gets complicated in addition that there needs to be text somewhere that says more than the standard calls for 19:11:55 q+ 19:12:22 BrianHuseman has joined #dnt 19:12:24 ack BerinSzoka 19:12:25 As long as you still have an obligation to say you're honoring the signal, I don't care about a separate promise . . . 19:12:31 yes, I'm on the phone 19:12:31 +hefferjr 19:12:32 efelten: you can say that compliance means that you promise to not re-id 19:12:33 but not in the queue 19:12:34 I'm muted 19:12:40 I can hear you fine 19:12:41 zakim, unmute berinszoka 19:12:41 BerinSzoka was not muted, justin 19:12:41 yes 19:12:44 zakim, unmute BerinSzoka 19:12:44 BerinSzoka was not muted, wseltzer 19:12:49 q- will type in irc 19:12:51 LmastriaDAA has joined #dnt 19:12:53 q- 19:12:56 +Mark_Vickers 19:13:01 q? 19:13:02 q? 19:13:04 rachel_thomas has joined #dnt 19:13:35 peter: next task was to id examples via use cases that do or not qualify for de-id 19:13:46 marc has joined #dnt 19:13:55 ... a # of examples that were not de-id, e.g. UDID on smarphone 19:14:43 jeffwilson has joined #dnt 19:14:44 fwagner: on the case of UDID, it can be directly id'd to a user, thus cannot be classed as de-id supporting 19:15:05 ... cookie info similarly cannot be classsified as de-id 19:15:41 dwainberg: looked at de-id methods per its risk of re-id, and UDID is one that had high risk 19:15:51 -Mark_Vickers 19:15:51 peter: ed explain other use cases 19:16:06 +1 relative re-id 19:16:07 efelten: 3 use cases did not meet the definition 19:16:12 ... #1 ??? 19:16:27 q? 19:16:34 ... #2 there is something in the URL that contains a de-identifier 19:17:12 ... e.e. user name, email address, id on sites where that's correlatable, 19:17:51 ... #3 URL history where company holding the data cannot reasonably say that the history can't be linked 19:17:57 q? 19:18:09 lmastria: on the 1st, PII, straighforward 19:18:19 ... 2nd also if PII it's similar 19:18:37 ... 3rd one is hard to define, and not sure it moved the concensus forward 19:18:55 peter: open to comments on the use cases, presume they will be written up 19:19:05 I still don't see any connection between de-id and tracking given that we have already agreed that tracking is turned off for DNT:1 unless consent has been given. De-id is a general privacy concern for keeping data beyond the permitted uses, but we do not have any reason to keep data that cannot be used for tracking and isn't necessary for one of the permitted uses. So, I'd rather see a definition for tracking. 19:19:06 ... any comments on the rest? none 19:19:27 q+ WileyS 19:19:33 ... other question: need to a 2nd category on pseudomized data 19:19:38 ack wileys 19:20:04 shanew: on the use cases, we also id'd two other areas re other things to prohibit; modeling to a small population 19:20:28 ... e.g. this model can work for one user, the pattern is too specific 19:20:31 ChrisPedigoOPA has joined #dnt 19:20:39 q? 19:20:48 q+ 19:20:52 ... also do we infuse concepts of sensitivity into this 19:20:58 "Modeling of an individual user" sounds a lot like re-identification. 19:21:23 q+ 19:21:24 ... e.g. HIV example, none of us would do that, but does it have a place in this conversation 19:22:01 q? 19:22:37 peter: sounded like there were certain categories in which an extra level of screening is needed... how would that qualify for de-id 19:22:51 q? 19:22:52 for child data, we explicitly chose to leave that sensitive category out of the standard altogether 19:22:54 This issue is closed 19:22:55 http://www.w3.org/2011/tracking-protection/track/issues/15 19:23:12 shanew: should we just be silent, leave to regulatory / legal? fine with that 19:23:12 ack aleecia 19:23:13 efelten, i think what shane said is that he would not model at the level of one user or even a small group. I think it was just not captured right here. 19:23:28 Wileys has joined #dnt 19:23:30 Sensitive data is stuff you should get an opt in for. DNT is an opt out standard --- goes to everything else. 19:23:42 aleecia: we close the issue whether we would treat sensitive data differently, e.g. for children's data 19:23:44 Justin - that works for me 19:23:58 Aleecia - thank you, I'm fine with keeping it closed 19:23:58 ... if there is new info we can reopen the earlier issue 19:24:05 q+ felixwu 19:24:09 ack aleecia 19:24:19 ack ChrisPedigoOPA 19:25:11 Mark_Vickers has joined #dnt 19:25:19 chrisPedigoOPA: we talked about browsing history. a concern from a publisher view is that the user turned DNT on, and is served an ad based upon a visit to the publisher's site, 19:25:33 For first parties? 19:25:44 ... something would seem to be awry, if the ad was based upon browsing history 19:25:50 I'd support that 19:25:50 was that concern about ads customized to other articles on the same site? 19:26:25 efelten: FTC thought its definition did apply to browsing history; the key question was to the level of confidence, but no special treatment for history 19:26:31 ack felixwu 19:26:38 rvaneijk_ has joined #dnt 19:27:19 felix: what happens when you have tracking enabled by browsing history? if history is collected, building a model that feeds back to UX, can we distinguish ways that is OK? 19:27:28 Aleecia, my concern is that a user may be retargeted off the publisher's site based on their visit to that site 19:28:01 ... an example is that it feeds back based upon a sensitive category 19:28:24 q? 19:28:45 aleecia, i think chris is talking about 3rd parties, but he can comfirm 19:28:53 ... it's no purely a use case question, but the notion of how the nature of de-id'd data could affect its future use 19:29:05 That seems a reasonable concern, but I am still not clear if you mean first or third parties 19:29:18 (we may already have this covered, depending) 19:29:27 efelten: thru the 2nd branch of the FTC language, promise not to re-id speaks to how to use the data 19:29:30 q+ 19:29:40 ack bryan 19:29:55 ionel has joined #dnt 19:30:07 -- still disagree 19:30:09 bryan: very much in line with what we asserted; a de-identified privacy history is not a privacy concern, the concern is if it is reattached to a user at a later date 19:30:26 bryan: a de-id'd history by itself is not a concern, but only when it was reconnected to a user 19:30:31 (disagreeing with Bryan, that is) 19:30:34 peter: on the role of admin/tech controls 19:31:13 ... shane has spoken about the role of these controls 19:31:37 +Jonathan_Mayer 19:31:38 I mean 3rd parties 19:31:43 Content customization based on request context is not tracking -- that is anticipation of needs based on similar requests that occurred in the past (models) or based on the guesses of the content developers. 19:31:44 shanew: this comes to the confidence question, the risk based model, its not a technical outcome but a confidence-based one 19:32:01 Lia has joined #dnt 19:32:36 peter: commenting on that, re HIPAA, it has a standard for ver low risk 19:32:45 ... there is some low risk that is acceptable 19:33:09 ... but in HIPAA de-id'd means that you can put it on the net with no controls 19:33:12 fielding, did that just come up? or is that a general comment? 19:33:45 ... but in a database/locked world, the risk may be greater give someone breaches the controls 19:33:57 ... that's a reason for org controls to be considered 19:34:17 q+ 19:34:22 The user never said that 19:34:25 efelten: the user has said they do not want that info to be collected, retained, or used. 19:34:28 q? 19:34:28 q+ 19:34:31 q+ 19:34:32 q+ 19:34:32 q? 19:34:33 npdoty, it was based on some earlier comments about models that was not clear 19:34:42 ... the question is whether what is done with the data is aligned with user preference 19:34:58 q? 19:35:00 *Bryan, let me know when you want me to scribe. We can take short turns. 19:35:01 q+ 19:35:20 it is difficult to make statements about "what the user wants" with any certainty when we haven't defined what tracking means. 19:35:22 ack Chapell 19:36:14 chapell: since we decided not to require browser to define DNT, it's not reasonable to say that a promise is being made to the user 19:36:28 Jmayer_ has joined #dnt 19:36:32 q? 19:36:35 Bryan, shall i scribe? 19:36:35 ... (please correct if I did not get that) 19:36:42 ok 19:36:54 scribenick: susanisrael 19:36:58 scribenick: susan 19:37:17 haakonfb1 has left #dnt 19:37:20 haakonfb1 has joined #dnt 19:37:36 Chapell: "promise" seems to imply a regulatory involvement, as opposed to just complying with a standard 19:37:41 q+ 19:37:45 peter: ......my working assumption was that you said you were going to do something, if you say you are doing do not track, so that we be something ftc could hold you to 19:37:48 Promise is not magical. Any statement (as we've agreed to in the std) is actionable by regulators. 19:37:48 q? 19:37:57 agree with Rigo, in the EU it is a legal obligation. 19:38:00 I didn't mean "promise" as a legal term of art (if it is one). I just meant a clear representation to the user that a company was compliant. 19:38:00 haakonfb1 has left #dnt 19:38:02 haakonfb1 has joined #dnt 19:38:05 ack aleecia 19:38:20 peter: can you review history? 19:38:41 efelton: thanks for the clarification. 19:38:52 s/efelton:/efelten,/ 19:38:52 Privacy policy or elsewhee (response header, wkr, etc) 19:38:52 aleecia: talked about regulatory hook, conclusion was that we didn't need separate statement for reg hook, but saying they are following dnt in privacy policy ok in us, at least 19:39:02 s/elsewhee/elsewhere 19:39:21 peter: what i heard you say was if you put in priv policy we are following dnt that would trigger sec 5 kind of promises in us 19:39:37 has there been discussion whether there is discussion in tech spec 19:39:45 shane: we have open issue on this 19:39:47 that was our belief, but we are not the FTC 19:39:53 q+ 19:39:58 At least some of us are not lawyers and cannot answer that question. 19:40:00 that was one of the stated goals of the tracking status response 19:40:18 and by "our" my meaning here is the WG, not the academic or royal we 19:40:21 davidwainberg: if a co were to act contrary to specific statements, like saying they are 3rd party not 1st, yes, that's deceptive, 19:40:25 haakonfb1 has left #dnt 19:40:41 haakonfb1 has joined #dnt 19:40:48 q? 19:40:52 but idea of commitment to spec being a promise that gives rise to sec 5 authority was contentious, open issue 19:41:17 dwainberg: agreement that if specific statements in the tracking status resource is incorrect that would be binding, but dispute whether tracking status resource implied compliance with entire standard 19:41:33 rigo: i think there is no contention here bc main discusison was that sending headers back and forth was not sufficient to trigger liability for lying or deceptive practices 19:41:37 6.6 of the Compliance std: In order to be in compliance with this specification, a third party must make a public commitment that it complies with this standard. A "public commitment" may consist of a statement in a privacy policy, a response header, a machine-readable tracking status resource at a well-known location, or any other reasonable means. This standard does not require a specific form of public commitment. 19:42:00 justin, my memory is that was one option, yes? 19:42:01 bc of p3p cases where companies sent deceptive p3p headers to make ie6 work and court said that was not sufficient to trigger deception 19:42:13 q- 19:42:18 as I understand the current draft (and the stated purposes during the design process) of the TPE, tracking status resource files/headers indicate third- or first-party compliance 19:42:30 aleecia, I thought we were in agreement --- you have to make some sort of representation. I disagree with rigo that a response header would not be sufficient. 19:42:30 that is why i think no contention, but that is why us side wanted statement in privacy policy 19:42:54 q+ 19:42:59 schunter has joined #dnt 19:43:04 who is speaking? 19:43:06 to be clear, none of us knows for sure what the FTC would do. 19:43:13 chris p: no company--I would be shocked if any co just said I am w3c compliant...they would lay out in privacy policy how they comply when 1st/3rd party, how they de-id data, etc 19:43:30 the concern was it might not be enough in the non-US countries 19:43:33 q+ 19:43:44 that it might not be enough in the US was not a widely voiced view at the time 19:43:51 q+ 19:44:00 q+ 19:44:06 ack dsinger 19:44:07 peter: to confirm, merely sending headers would not be deemed a commitment for which violation would be deceptive 19:44:19 but the idea was you accept all of DNT, not that you reply with an ack and then put in your privacy policy "but what my implementation is..." 19:44:27 q+ wseltzer 19:44:29 (that is, the point David is making right now) 19:44:31 q- wseltzer_cpdp 19:44:33 +q 19:44:34 q? 19:44:34 open issue - providing a response header that points the user to the specific representation by a website 19:44:44 david singer: browsers want to know what you get when you implement/send dnt, and compliance doc needs to establish a baseline of meaning 19:44:45 ack justin 19:44:50 q- 19:44:59 q? 19:45:07 +1 to Justin 19:45:19 justin: I thought if you acknowledge dnt header, and then disobey, i thought that was to be actionable 19:45:27 q? 19:45:34 ack WileyS 19:45:35 ack WileyS 19:46:08 shane: 2 points: to this point, we have an open issue as to allowing orgs to point to response header, as to opposed to just acknowledging receipt of header 19:46:13 peter: in tpe? 19:46:49 shane, yes. to ed's point : the user has asked for x and we don't know that - up to this group to decide what we want to offer 19:46:54 Turns out there's research on that, Shane 19:47:03 Yes, agree (somewhat) with WileyS on that --- I don't like that disparate compliance approach, but either way I think the server response would be actionable . . . 19:47:12 We can answer reasonably well what users (say) they (think they) want 19:47:14 [My recollection of the P3P case was that the incorrect response was deemed sent in order to trigger browser action, rather than as indication of a promise. That's different from just "standards compliance."] 19:47:18 q- 19:47:23 q- wseltzer 19:47:42 NOT an open issue 19:47:59 peter: suggest we take off meaning re: sec 5 of response to dnt header from today's discussion 19:48:08 Please note Roy's comment 19:48:09 wendy - actually, FTC said they would enforce for P3P. Ignoring CP abuse is rather absurd. 19:48:20 chris_iab: don't understand how ftc's view is relevant 19:48:31 Aleecia - I disagree that you can make that assertion - surveys are all over the map on this (directional or tied to material impact to real-world give-n-take scenarios) 19:48:37 aleecia - I was commenting in reference to Rigo's comment 19:48:48 peter: bc of rob sherman's point that we don't need an independent promise, but now I think we may have to revisit that. 19:48:52 Justin, I'm not saying that companies are going to blatantly depart from the W3C standard. Just that they wouldn't open themselves to broad liability by simply saying they are DNT compliant. 19:49:21 q+ robsherman 19:49:21 My apologies to the group - I wish I had not brought this up. The more important point is that we seem to be assuming that the User is being promised something, but we aren't defining what that thing is 19:49:22 Shane - would love to trade references some time, but I disagree with you. Perhaps you are reading things I am not -- I'm open to learning more. At present, I believe you are quite wrong. 19:49:32 so that was a specific point about whether such a promise, which some people thought was stronger, would be duplicative 19:49:42 ack rachel_thomas 19:49:44 haakonfb1 has left #dnt 19:49:50 haakonfb1 has joined #dnt 19:50:05 ChrisPedigoOPA, I thought we had agreement that you had to make a public assertion of compliance in order to be compliant. I thought that issue was closed. Either way, I think the response header from a company will suffice as that representation. 19:50:09 rachel: i think it's context of this discussion today that is making a promise about re-id more important 19:50:28 +Mark_Vickers 19:50:28 rachel: i question whether we need to revisit that 19:50:47 Zakim, please clear the queue 19:50:47 I don't understand 'please clear the queue', npdoty 19:50:51 Mark_Vickers has joined #dnt 19:50:53 Zakim, q= 19:50:53 npdoty, if you meant to query the queue, please say 'q?'; if you meant to replace the queue, please say 'queue= ...' 19:50:55 queue= 19:50:56 q+ 19:51:04 rob sherman: just to respond--suggest we leave specific commitment out, unless we decide we need that globally and not on this specific issue 19:51:08 q+ 19:51:15 I think if a company is DNT compliant, they are most certainly going to publicize that. But they won't simply say they are DNT compliant. They will want to lay out exactly how they comply so there is confusion or ability to interpret it differently 19:51:20 aleecia, wendy, it wasn't the FTC, it was the court that decided it is "mere technical exchange of messages", so the FTC is not in question 19:51:29 Q? 19:51:30 Can I just have 30 seconds on the FTC enforcement issue? 19:51:32 q? 19:51:33 I think it's quite simple 19:51:34 + +1.415.920.aaff 19:51:37 =q 19:51:38 q+ 19:51:39 +q 19:51:40 don't want to set up precedent that no magic language on something makes it different, and we can't resolve ftc authority here 19:51:41 +q 19:51:42 ack Chapell 19:51:43 ChrisPedigoOPA, that is not a unified DNT standard. There has to be a floor. 19:51:50 +vincent 19:51:57 Rigo that's new to me -- would love a citation (not arguing with you, would really like to see what that was.) 19:52:14 chappell: apologies for rathole, i think we've been careful about describing promises 19:52:49 Chapell, I think dsinger's response was that the browser couldn't explain to the user until we set what compliance would mean 19:52:50 fielding: what we are describing here is protocol, cannot decide how regulators will interpret. If we do i will log off, can't participate in those discussions 19:52:59 jmayer has joined #dnt 19:52:59 ack fielding 19:53:06 I don't think this is or should be a TPE issue. 19:53:10 +q 19:53:13 peter: have sense that response to header is more limited to some people 19:53:37 aleecia, I never saw the orginal text of that court decision. I think it would be worthwhile to ask Lorrie whether she has the text 19:53:38 peter: shane made a point that there would be lower risk in practice with these organizaitonal controls 19:53:51 is there disagreement between WileyS and efelten on applicability of organizational controls? would either differ on how to apply the FTC definition of de-id? 19:54:02 dan_auerbach has joined #dnt 19:54:05 -Jonathan_Mayer 19:54:12 rigo having talked about CPs with Lorrie and written on the topic of their abuse, to the best of my recollection she never mentioned any such thing 19:54:14 +Jonathan_Mayer 19:54:23 rvaneijk has joined #dnt 19:54:23 ed: definition talks about how a company has to have a necessary level of confidence that data can't be used to infer or ........... 19:54:33 q+ LMastriaDAA 19:54:37 ack LMastriaDAA 19:54:39 ed: i don't know how we know an actor not in this room has org controls 19:54:47 lou: ftc definition does not include infer 19:54:51 ed: i will find it 19:55:12 From FTC report: First, the company must take reasonable measures to ensure that the data is de-identified. This means that the company must achieve a reasonable level of justified confidence that the data cannot reasonably be used to infer information about, or otherwise be linked to, a particular consumer, computer, or other device. 19:55:31 Page 21 of http://www.ftc.gov/os/2012/03/120326privacyreport.pdf 19:55:37 If "topic" = "talking point," then yes, the good actors vs. bad actors line is a common recurrence. 19:55:38 peter: i think there has been discussion re: good actors and spec, vs bad actors who will not sign on. Aleecia, history? 19:55:40 "a particular consumer..." 19:55:52 my bad 19:55:55 Good actor v bad actor is not a dichotomy. 19:55:56 aleecia: generally we are speaking more about good actors, but not exclusively 19:55:56 not a modeled class/set of consumers 19:56:03 q? 19:56:26 ack jmayer 19:56:40 -q 19:56:43 ed: p. 21 of march 2012 ftc report: means co must have reasonable confidence that co cannot infer ....identity....etc. [quotes] 19:56:52 efelten, "infer information about" is awful broad 19:57:08 jmayer: we noted in our group lack of agreement re: how ftc/daa texts apply 19:57:09 q? 19:57:30 jmayer: there might be less agreement than there appears 19:57:34 q- dwainberg 19:57:37 ack BerinSzoka 19:57:48 yep 19:57:49 and the inference cannot occur unless the data controls are breachedm, which is intended to be an unreasonable situation 19:58:20 P3P != P3P CPs 19:58:24 berin: people who are referring to p3p statements being nonenforceable are citing red herring. issue in those cases was materiality. should assume enforceability 19:58:44 fair, aleecia 19:59:04 q+ 19:59:06 peter: propose to state from de-id today: the term de-identify. re: a no of use cases, i heard several people say agree. 19:59:07 (But let's not use CP for "compact policy." It's generally used in tech policy to mean child porn) 19:59:19 propose to have a task to clean up this part and create text on it 19:59:23 efelten, for example, distinguishing a human from a zombie attack robot is inferred information about the user but is in no way identifying that user 19:59:24 ack dwainberg 19:59:25 q? 19:59:55 dwainberg: in our group no consensus that definition of de-identify is right place to draw line re: what is in scope for specification 20:00:26 Q? 20:00:28 peter: understood that to be a logical requirement for a standard that at some point things be aggregated enough or de-identified enough that spec does not apply 20:00:31 (thanks for that tip, Berin) 20:00:55 q+ 20:00:57 Roy, the definition was aimed at linkability, which isn't quite the same thing as identifiability. 20:01:00 dwainberg: appreciate approach of taking risk-based approach, but don't know that we are at point of defining state of things outside do not track 20:01:14 have not had conversation about what is in scope and what we are trying to solve 20:01:27 aleecia, here it is http://blog.ericgoldman.org/archives/2011/12/the_cookie_crum.htm 20:01:29 without mic -> hard to hear 20:01:34 q? 20:01:42 Peter: undrestand link in your mind between scope and definition of tracking 20:01:54 ack fielding 20:02:02 Rigo thank you, but that's LSOs 20:02:17 rvaneijk has joined #dnt 20:02:40 I know, but perhaps we can write the guy to find out what happened and get the decision 20:02:53 fielding: where we state that de-identifiable data is ok the most common practice in the room people exclude [delete] the data 20:02:56 there is no user representation other than members of IAB promise not to use LSOs for behavioral advertising 20:03:01 BREAK 20:03:17 -Joanne 20:03:19 [adjourn for 10 min] 20:03:25 pulling the decision shouldn't be hard, but it's a decision about a very different thing 20:03:43 -Aleecia 20:06:26 efelten, then it should say "infer linkability to" and not "infer information about" 20:07:35 haakonfb1 has left #dnt 20:07:38 haakonfb1 has joined #dnt 20:16:18 npdoty has joined #dnt 20:16:45 +Joanne 20:16:50 rrsagent, make logs public 20:16:51 rrsagent, please draft minutes 20:16:51 I have made the request to generate http://www.w3.org/2013/02/12-dnt-minutes.html npdoty 20:18:02 scribenick: bryan 20:18:25 peter: starting again 20:18:37 topic: achieving success in the compliance spec 20:18:55 ionel has joined #dnt 20:19:14 peter: asked to co-chair in Nov, since then >50 stakeholder meetings 20:19:17 *Bryan if you want me to do this part let me know 20:19:28 ... attempt to listed to the very diverse input so far 20:19:59 ... 1st question: working slowly on the TCS we could be here a year, any problem with that? 20:20:14 Chapell has joined #DNT 20:20:35 +Aleecia 20:20:41 shanew: agree that we could be here for a year, but would rather put in the time to ensure that the spec is not full of unintended consequences 20:21:38 peter: what will it take for us to converge sooner? an april F2F may be needed... 20:21:52 how about fewer F2F meetings and more time spent writing the actual draft? 20:22:30 ... Tim spoke today, he described what we are doing as (1) relieving the tension, that have led to contentious debate, and (2) the result should not be null 20:22:45 ... (showing "Criteria for Standard" slide) 20:22:48 http://www.w3.org/2011/tracking-protection/mit/plenary.swire.021113.pptx.pdf 20:23:02 slides 5 and 6, I believe 20:23:44 ... overall criteria is to create a W3C standard, not null e.g. exactly the same as when this started, and that can reduce tracking for participating sites 20:23:55 ... looking at the charter 20:24:14 ... mission of the WG is (reads the mission in the charter) 20:24:39 ... (reading from the scope) 20:24:59 ... also compliance 20:25:19 ... (reading deliverables) 20:25:42 ... group has decided not to move forward on TSL 20:26:18 ... sine I'm chairing the compliance spec, producing one is what we have to do 20:26:35 (slide 3 from peter's opening slides) 20:26:42 ... (looking at "History & DNT" slide) 20:27:08 ... persistent, one-time choice for user; tech neutral, and reversible 20:27:17 ... talk about choice and harm 20:27:37 ... I understand that DNT Is a choice mechanism for users 20:27:49 ... we have at least one other, eg. the DAA mechanism 20:28:34 ... I asked yesterday what was the harm that resulted in the DAA, and did not hear anything, thus consider it a choice mechanism 20:28:47 q? 20:29:08 ... so we are looking at a choice mechanism; now will consider some things we might to do complete that 20:29:37 Is Peter talking off of slides? If so, can someone share them to those on the phone 20:29:43 +q 20:29:50 Are there slides on this? 20:29:56 ... laying out a set of things, trying to make sense of this; every decision will be subject to consensus, and issues will be discussed one by one 20:30:51 ... the job is to determine if there are reasonable objections to each item, not all at once; capped by an overall process to determine if you can live with it 20:30:52 +BerinSzoka.a 20:31:14 ... consensus on any one item does not affect agreement to the whole thing 20:31:29 ... another way... there are not line item vetoes 20:32:26 ... Tim said we are here to get a job done, not make a point; sacrifices are expected and appreciated; listening to other opinions is hard but important 20:32:48 ... now talk about the provisions 20:32:54 ... permitted uses 20:33:24 ... an optimistic thing; there is a lot of consensus on what's important on what is needed for the net to continue 20:34:21 John, no slides here in the room 20:34:26 ... on de-id, we know now what should go into the normative text 20:34:32 thanks, Shane 20:34:49 ... we may need more work on explanatory text, but need to create issues and work them 20:35:08 ... re service providers... some things to make all sides upset 20:35:52 ... for SPs, there are well defined procedures for controllers and processors; turns out to be identical those rules under HIPAA 20:36:14 ... e.g. responsibility is to the principle and contractually bound 20:36:35 ... defining details of inhouse and outhouse gets into difficulty 20:37:05 ... I would suggest that this not be in the standard: a list of SPs that can be shared with the world 20:37:18 ... also a list of who may be getting the data but not complying 20:37:40 q? 20:38:04 ... similar to HIPAA that a practical level, it is very difficult for large companies to provide a list of every SP 20:38:10 Current strawman text from bare bones document: Outsourced service providers are considered to be the same party as their clients if the outsourced service providers only act as data processors on behalf of that party in relation to that party, silo the data so that it cannot be accessed by other parties, and have no control over the use or sharing of that data except as directed by that party. 20:38:25 marc has joined #dnt 20:38:37 justin, that seems promising. is there a reason permitted uses compliance heading now includes service providers? 20:38:47 I thought we have had consensus on service providers since ages as "having no own rights on the data" In which case they are considered first party 20:39:12 Rigo, not only do I disagree, this is a body-on-the-tracks disagreement 20:39:24 ... I have heard proposals about appending data; as I understand there is 1st party known info that can shared with data brokers, to get more info about users; my understanding is that this is outside DNT's intent re limiting leakage 20:39:32 In the EU, you have legal liability resting with the data controller. In the US, we do not. 20:39:44 We cannot add liability to a technical spec 20:40:08 ... also some aspects of market research; thanking ESOMAR for explaining how this works 20:40:09 npdoty, don't understand the question 20:40:17 I think we have ISSUE-170 for data append, though BareBones.html refers to a non-existent issue-229 20:40:19 To me this is about transparency: no secret databases. No data flows that users cannot understand 20:40:31 ... one aspect is the panel-based collection and use; this works and is understood 20:40:48 justin, sorry, the heading for section 6.2, Permitted Uses, now explicitly includes service providers as well as third parties 20:41:02 aleecia, we said that first parties better mention those service providers (should) because browser could consider them third parties or malicious 20:41:12 ... 2nd is the targeted collection of info for specific demographic groups; under DNT 1, this would be reaching out for additional info after they have said they do not want to be tracked 20:41:25 aleecia, curious where you get the idea that US has no liability for data handling, but we should have that conversation in person some time 20:41:53 Yianni has joined #DNT 20:41:53 Aleecia, for users the important element is who is responsible for the relationship with them. In this case, the 1st party is responsible, not the Service Provider. Companies should not be forced to display who their vendors are if those vendors are simply agents of that company. LEGALLY that Service Provider is no different than the company it is representing. 20:41:54 Roy any time we're in the same place, I will buy the first round 20:42:44 That should go out. 20:42:50 ... seems to me hard to explain how pervasive tracked info put into databases is OK as long as it's not shared 20:42:59 Rigo if you listen to Peter he is saying no, there's no need to mention service providers. That the companies themselves do not know where they send data, so we should not worry about it because it's too hard. I deeply disagree. 20:43:03 Aleecia, for US conteaxt, please review the legal concept of "agency" (which is a bit more limited in the Service Provider case as they are not able to take on liability for the company they are serving) 20:43:33 "real market research" . . . I don't see how you can draw that line. 20:43:57 It is this same concept of responsibility in representation that leads to the Data Controller / Data Processor divide in the EU. 20:44:01 justin, it is worth further discussing how you draw that line 20:44:04 ... sitting down with W3C staff, there aren't many more unresolved pieces in the document;much is stable 20:44:33 aleecia: I see. I say: We have a good definition, everybody was ok with it and we have a reasonable "should" for the tracking status. I do not see why we should get rid of that 20:44:40 ... there may be some areas where more work is needed; issues can be created with leaders and small groups to work on them 20:44:46 susanisrael, sure, I'm willing to have the conversation. I just don't see from peterswire's talk where that line logicially is, and why "real market research" would logically retain less data. 20:45:12 Shane you've read the FIPPs. without knowing where your data goes, you cannot have notice, choice, access, or user-initiated redress 20:45:14 ... two things not mentioned: default settings, and meaning of compliance to DNT 20:45:23 and that's just the US subset 20:45:31 justin, i think he is suggesting it is better defined and arguably has a known scope in each instance 20:45:34 Also, if there is a *narrow* carve-out for market research, that argues for a stronger locking down on the deidentification requirement. 20:45:35 ... a continuing thread about the def of tracking 20:45:44 ... the spec is the simple answer 20:45:59 ... others have said no def is the way to proceed 20:46:01 susanisrael, and I disagree at first blush, but willing to have the discussion! Maybe there's a silver bullet. 20:46:03 Rigo that's not what Peter just suggested. He just suggested not even a should. Just: companies don't know where they send data, so don't worry about it. 20:46:08 That's not reasonable at all. 20:46:12 ... any def limits everything in the spec 20:46:28 aleecia, if a service provider has no rights to the data independently, your data does not 'go' there 20:46:34 +1 to Wileys It is funny that the service provider/ data processor is the only thing where we clearly opted for the EU model. Nowhere else we did that 20:46:45 ... having a separate conversation about the meaning opens up revisitation of everything 20:46:56 I did not hear that companies don't know where they data before they send it, but they might not know (or update the list) in real-time to inform the user at time of collection. 20:47:01 Susan if Amazon sends my home address and credit card number to FedEx, my data does go there. 20:47:03 IRC please 20:47:04 ... David had put up a definition of tracking 20:47:09 Aleecia, its a representation issue - as long as the 1st party takes responsibility then knowing the exact details of vendor relationships is not a required transparency element 20:47:18 [slide: "Tracking is the retention or use, after a transaction is complete, of data records that are, or can be, associated with a single user."] 20:47:19 aleecia, I don't think that's what peterswire was suggesting. Just that you don't need to document to the user every service provider. 20:47:23 Can we get in IRC 20:47:30 aleecia, I don't think that's what peterswire was suggesting. Just that you don't need to document to the user every service provider. 20:47:36 aleecia, getting rid of that definition means that those other deliveries will become third parties according to the definitions we have currently in the specification 20:47:36 "Tracking is the retention or use, after a transaction is complete, of data records that are, or can be, associated with a single user." 20:47:38 Aleecia, this aligns with FIPPs 20:47:40 And I'm saying that secret databases are anathema to privacy protections 20:48:01 ... there may be problems with this at a text level; but I invite any input on what may be a problem with this 20:48:04 Not even asking for user control. Just transparency. 20:48:28 efelten: we have to define it in further detail for DNT 0 because we need clear permissions for the EU market 20:48:36 ... now on procedures; the effort to simplify down the open issues; the bare bones is not that long, and is the normative representation 20:48:39 aleecia, too long for irc, but happy to discuss offline. If fedex has no right to retain your data, but it "passes through" their hands, it does not go (end up) there 20:48:42 …notes that the definition was an attempt to 'shrink the ocean' -- if your data falls outside this, we're not interested; if inside, read on for the details. 20:48:45 I'm just quoting what Peter had on the slide, for those who aren't in the room. 20:48:52 ... something that length should not take another year 20:48:54 thanks, Ed 20:49:11 * Bryan, do you need me to scribe shortly? 20:49:17 sure 20:49:26 susanisrael, fedex is delivery. Can they take the data to profile the people delivered? 20:49:40 Aleecia, Companies are not compelled to release their intellectual property - vendor relationships are part of the competitive landscape. There is no "secret database" there is only I'm working with company XYZ and who they decide to hire to assist them in that regard as a pure Service Provider is no different than still just working with company XYZ 20:49:43 ... from Nov to now was a listening session, now we need to work hard on closing the issues 20:49:43 q+ 20:49:45 q? 20:49:45 q; 20:49:48 Q? 20:49:50 q+ 20:50:09 Susan happy to take you up on that, and this suggests at least some path forward: if we truly had short retention times for SPs, this would not be something I would like, but it would take me from body-on-the-tracks to being unhappy. Which would be a real upgrade. 20:50:13 q+ 20:50:18 q+ 20:50:19 I have made the request to generate http://www.w3.org/2013/02/12-dnt-minutes.html wseltzer 20:50:35 Wileys: would you consider it harmful to have "should" of service providers in tracking status file? 20:50:40 rigo, don't think fedex is best example, but idea is a service provider cannot use or retain the data except to help the first party do something 20:50:56 Rigo, I believe it should be a MAY (sorry to mix the terms in my response :-) ) 20:51:02 ack BerinSzoka 20:51:14 susanisrael, yes, this is exactly the idea I had in mind as an agreement 20:51:18 BerinSzoka: when you mentioned the harm question for the DAA, ... (could not summarize, help is welcome) 20:51:23 s/agreement/consensus/ 20:51:27 ouch 20:51:32 ouch in the room, too 20:52:00 SORRY 20:52:53 q? 20:53:06 I like the direction forward, but I think that where the charter says "This specification defines the meaning of a Do Not Track preference" it means a definition that can be adequately conveyed to a user that is making such a preference. I think that definition is the basis of all of the other definitions we have discussed, and should be understood first before attempting to decide smaller issues. 20:53:08 Wileys, yes, even a MAY, because if you don't, the browser MAY consider it a third party and block it 20:53:08 ack fielding 20:53:09 q- dwainberg 20:53:14 Berin's basic point is that he still does not agree we should do DNT, as I understood it, because he is not convinced there is harm. 20:53:19 q+ dwainberg 20:53:22 roy, speak up and slowly 20:53:26 Berin please tweak as needed 20:53:35 David Singer: Does you definition apply to 1st parties? 20:53:40 q? 20:53:42 fielding, is dsinger's definition sufficient? 20:53:47 fielding: comment in irc; think the def of DNT is critical; we cant make reasonable statements re what the user is expecting without it 20:53:58 Rigo, I'm fine with MAY and that company takes the risk their Service Providers are accidentally blocked 20:54:02 ack jmayer 20:54:18 dsinger, that's why I typed it in irc ;-) 20:54:26 jmayer: how would this approach apply to permitted uses other that those that were broader than they should have been 20:54:33 q- 20:54:37 johnsimpson: it's just a definition of tracking; yes, it applies, but first parties are allowed to track 20:54:53 ... would a site be able to set ID cookies despite a DNT 1 signal? 20:54:55 Aleecia, what I'm saying is that Peter (at least seemed to have) missed the important point Rachel made yesterday: the DAA opt-out was offered even because there was no demonstrated harm because the COST of doing so was so low because the adoption rate was expected to be so small, but that's completely different from a world where DNT adoption is several times higher--if not a majority of users globally 20:55:03 * Bryan, you ok? or should i scribe? 20:55:09 go ahead 20:55:23 ah, you were giving history rather than making an argument. missed that, thank you 20:55:34 scribenick: susanisrael 20:55:47 peter: financial reporting and audits are the longest lead time permitted uses 20:56:10 My broader point, Aleecia, is that, when we debate what DNT should mean, I think those who want to push DNT to limit practices that create value (that ultimately funds media) should bear the burden of establishing SOME kind of harm to justify the cost of their proposals 20:56:10 David Singer: Thanks, that's how I understood it, though I would say that there would still be some limits on first party tracking, i.e., can't share the data... 20:56:16 peter: optimism re agreement on categories of permitted uses 20:56:38 on unique id i took this to be related to our de-identification discussion today, you all will help me understand better 20:57:03 q> 20:57:03 there was discussion about what it would take to help us meet the de-id standard, and that's where we need to talk more about unique id 20:57:05 deidentified data and permitted uses are different issues . . . 20:57:05 q? 20:57:09 q? 20:57:14 ack next 20:57:34 justin, dsinger's definition covers all data collection, not tracking across different websites (what the user means by do not track) 20:57:40 To clarify / correct Berin's note, my point yesterday was not an economic one. Rather that the DAA principles took into account potential harm in coming out with prohibitions for practices that had a strong potential for harm, versus an opt-out (or no permission needed) for practices that had no strong potential harm - OBA. 20:57:42 chris: thanks, peter. concerns re: data append. 20:57:42 I think Jonathan was asking whether Peter is suggesting that routine collection of ID cookies by third parties would be okay? 20:58:07 when first party goes to get more data re its users, there may be a service provider relationship 20:58:09 peter: i forgot to say that 20:58:24 - +1.415.920.aaff 20:58:25 And, finally, it's worth noting that the DAA cross-site principles DO address real harm--without the need for consumers to excercise choice. 20:58:27 johnsimpson: yes, if you are 'tracking', even as a 1st party, you should read the spec., it applies to you. Not very much if you are a first party, to be sure, but it does apply 20:58:37 chris: data added may be public data, or gained with some explicit consent, so don't think broad data append restriction is particularly helpful 20:58:40 fielding, how about what I previously suggested: tracking is "the collection and retention of data across multiple parties' web domains in a form such that it can be attributed to a specific user or device." 20:58:41 Yes, exactly Ed. 20:58:45 Peter simply dismissed those points 20:59:30 peter: factual q --need more help with this but append where data broker does not get the data is a service provider 20:59:35 Could sub out "collection and retention" with "retention, sharing, and use" if you like . . . 20:59:53 chris: so that is transfer of data, vs broad restriction on all practices of data append 20:59:55 justin, I think that definition would be fine 21:00:06 "ownership of data" . . . 21:00:13 peter: this is an area where i want to learn more about service provider 21:00:30 schunter has joined #dnt 21:00:32 chrispedigo: i am frustrated on this issue, this is history on this 21:00:42 justin, Roy: Please put full definition in IRC when you have it. 21:00:48 I think we have a short thread on data append starting here: http://lists.w3.org/Archives/Public/public-tracking/2012Sep/0002.html 21:01:00 and the issue is 170: http://www.w3.org/2011/tracking-protection/track/issues/170 21:01:19 q+ 21:01:19 q? 21:01:19 q? 21:01:20 history is, we were waiting on a defn of data append 21:01:33 which was attempted and wandered sideways 21:01:38 ack fielding 21:01:40 peter: i don't have all history, so some data append is a service provider relatioonship, but some is not and there may well be ways to draw lines, protecting against where data broker is enriching its own data base 21:01:42 johnsimpson, my proposed definiton: the collection/retention/use/sharing of data across multiple parties' web domains in a form such that it can be attributed to a specific user or device." Which of those terms we use is dependent somewhat on how those terms are defined. 21:02:08 fielding: frustrated, if 1st party uses service provider to retarget data from its own site....... 21:02:21 gee, good thing we didn't actually dwell on those pesky harm and cost/benefit questions so we could race through this enormously long queue... 21:02:35 peter: is this the qu? if first party retargets based on surfing on own site using processer 21:02:52 Could Amazon or Zappos use a third party ad network (in a service provider relationship) to serve ads based on its first-party data? 21:03:01 q? 21:03:15 fielding: meant that service provider uses data from first party site to retarget user 21:03:17 Justin: my view is no. 21:03:32 Is the use case to serve targeted content/ads on its own site, or on an unrelated site? 21:03:37 susan: not sure this use case exists but theoretically it could 21:03:41 Curious what Peter's view is. 21:03:44 q+ 21:04:07 for example, is the question can Amazon use appended data from a service provider to serve targeted content on amazon.com; so long as the service provider cannot use any of amazon.'s data outside of this particular use cae 21:04:32 vinay, unrelated site. 21:04:32 q+ 21:05:01 fielding: if dat ais being passed outside control of first party, and third party can use it then not permitted by dnt 1, but if still in 1st party control, then wouldn't that be outside dnt 1 21:05:17 peter: this is my first take on this 21:05:24 justin: follow up based on roy 21:05:31 ack justin 21:05:36 ah, okay -- i thought you were answering on a related site. on an unrelated site, i would consider that a company can't do that (if DNT:1 was enabled). 21:05:38 q+ 21:05:43 can amazon use doubleclick as service provider 21:06:25 to retarget based on activity on its own site 21:06:41 ack next 21:06:49 works for me to say it is an issue going forward 21:06:50 peter: will work on that 21:07:12 davidsinger: wanted to reduce size of ocean when i wrote this definition 21:07:50 dsinger, I disagree -- we have been stalled for six months 21:07:52 I think we have on table a doc that has not changed much in 6 months, we have general consensus about shape of doc. 21:08:15 my feeling is we are not learning much any more, need to go ask people to go try to implement it 21:08:15 +1 for getting a draft into the wider world 21:08:20 and planning to revise 21:08:24 q? 21:08:27 it's voluntary, need voluntary experimentation phase 21:08:50 also good that it's a global doc, so that helps implementers, it's global 21:09:20 let's just try to get something out, a last call which means it may not be right or perfect but let's get something out soon 21:09:37 peter: for other standards, is last call imperfect? 21:09:43 davidsinger, yes 21:09:55 q? 21:10:15 ack dwainberg 21:10:27 dwainberg: we were mixing up a lot of issues 21:10:30 q+ 21:10:44 peter: this is partly the chair not having worked through all the pieces before 21:11:21 peter: with your help and help form others, let's try to get issue out in next couple weeks 21:11:24 Can we please put Justin's definition insetad? 21:11:38 q+ 21:11:41 peter: let's consider david singer's definition 21:11:43 s/insetad/instead/ 21:11:43 q+ 21:12:01 q? 21:12:22 rachel: not an all inclusive concern but any customer list would be included as tracking going forward 21:12:30 [slide text: "Tracking is the retention or use, after a transaction is complete, of data records that are, or can be, associated with a single user."] 21:12:33 peter: so problem is that this is not limited to online? 21:12:34 q+ 21:12:36 +q 21:12:38 rachel: even online 21:12:48 q+ 21:12:55 rachel: transaction is a broad word 21:12:58 *thanks Wendy 21:13:10 to be clear, we could include many things in tracking and then narrow it later (to third-party, to non-permitted uses, to retention beyond a short-term period) 21:13:23 q? 21:13:29 ack LMastriaDAA 21:13:36 historical note: we are not limited to HTTP 21:13:36 peter: any short definition may be amplified elsewhere, but what about offline and through http header 21:13:44 SPDY was the example there 21:14:00 aleecia, i was told by w3c that we were limited to http 21:14:14 lou mastria: we have a definition 21:14:18 peter: pls send language 21:14:21 q? 21:14:27 ack ChrisPedigoOPA 21:14:42 DAA definition of multi-site data is "data collected from a particular computer or device regarding Web viewing over time and across non-Affiliate Web sites." 21:14:43 that is incorrect 21:14:50 chris pedigo: echoing lou: "over time and across sites" 21:14:53 that = limited to HTTP 21:15:05 tracking should be about user activity across sites 21:15:12 ack fielding 21:15:13 rachel_thomas, that's very similar to my proposed definition 21:15:13 peter: so across unaffiliated sites over time 21:15:17 by 'transaction' I meant 'HTTP transaction' i.e. a request and response 21:15:23 q+ 21:15:25 fielding: [can't hear roy] 21:15:41 justin, can you repost your definition - missed it. 21:15:41 My definition: the retention, use, or sharing of data across multiple parties' web domains in a form such that it can be attributed to a specific user or device." Which of those terms we use is dependent somewhat on how those terms are defined. 21:15:42 thx! 21:16:01 [add daa language to ds language 21:16:16 q? 21:16:20 ack rachel_thomas 21:16:24 ack rvaneijk 21:16:28 fielding: would prefer to refer to tracking across sites, which is closer to [what I think of as] tracking 21:16:28 ack rvaneijk 21:17:01 q_ 21:17:03 q- 21:17:15 q+ 21:17:17 Would like to understand how, if at all, "web viewing" differs from "HTTP transactions". 21:17:22 I think that DNT:0 is sometimes needed beyond only cross site permissions. So reducing the scope may backfire here 21:17:30 rob van eijk: 2 issues. I would like to append "by a party or other person" to reflect data controller unable to do it 21:17:36 npdoty, to what we are trying to define under do not track (and hence would want to explain to a user) 21:17:52 +q 21:18:01 Cross-site only doesn't at all seem a reasonable defn of tracking (though we may or may not limit what we care about that way) 21:18:14 rob van eijk : scope still limited to one who is processing, account for possible risk associated with abilities of others 21:18:22 Do we have DAA definition 21:18:43 "Data Collected from a particular comuter or device regarding Web viewing over time and across non-Affiliate Web Sites" 21:18:45 aleecia, sure we could define "tracking" as knowing more than one fact about a particular individual. But I'm not sure why that helps us (for the record, I'm not sure how any of this helps us). 21:18:52 DAA definition (on slide): "data collected from a particular computer or device regarding Web viewing over time and across non-Affiliate Web Sites." 21:18:54 [yanni can you copy the definitions into irc] 21:18:56 Issue 5! 21:19:09 issue-5? 21:19:09 ISSUE-5 -- What is the definition of tracking? -- raised 21:19:09 http://www.w3.org/2011/tracking-protection/track/issues/5 21:19:10 q+ to discuss editors' handling 21:19:23 peter: need an issue on this, there has been a big appetite for it 21:19:53 rob van eijk: 2nd issue, we somehow need to include something about unlinkable state as well as de-id state 21:20:02 We're going to set scope in many, many places 21:20:04 q? 21:20:07 q? 21:20:08 peter: my own take is that it's out of scope by de-id 21:20:09 q+ 21:20:12 ack Wileys 21:20:12 ack Wileys 21:20:19 I'd do an intellectually honest defn of tracking and then limit scope as applicable 21:20:34 Do we have DAA in IRC, I've not seen it? 21:20:43 i put it in earlier john 21:20:44 DAA definition (on slide): "data collected from a particular computer or device regarding Web viewing over time and across non-Affiliate Web Sites." 21:20:51 thanks nick. 21:20:55 sorry see it now 21:21:10 wileys: both daa and justin's defnition use terms particular or specific, whereas in your definition you say a single, but de-identification schemes often resolve to something single, but not particular and specific 21:21:21 efelten: and across non-Affiliate Web Sites should be tight to DNT:1 and not to entire DNT. Otherwise it kills DNT:0 meaning as it would only mean agreement to cross site collection and no permission for first party collection... 21:21:37 q+ later 21:21:44 s/entire DNT/entire specification/ 21:21:46 q- 21:21:47 peter: david is that ok? 21:21:50 david: yes 21:21:52 q? 21:22:04 ack johnsimpson 21:22:16 john, please restart 21:22:31 johnsimpson: What concerns me about both definitions, is that they elide a number of activities traditionally considered tracking 21:22:39 -BerinSzoka.a 21:22:42 +1 21:22:43 yes, but what does the user want when they check that DNT box? 21:23:01 to be treated as if they were brand new each time 21:23:15 by first parties? 21:23:19 johnsimpson: there are whole sets of experiences that should be intuitively considered tracking, including one that is first party, so if you go with david singer's idea that it applies to all, should apply to third parties 21:23:19 aleecia, I could certainly live with a broader definition of tracking to note that first party tracking is a thing. But limiting to third-party tracking is a closer approximation of what we're doing here. And even that we're not totally stopping. 21:23:54 justin, but it creates a logic gap for varies things we do 21:24:07 That's fine, Justin, but the idea that first parties don't track is absurd on its face. That we ask less of first parties is deeply established, I'm not attacking that. But first parties do track. 21:24:09 so it is bad drafting IMHO 21:24:17 If we're defining tracking, let's do it honestly. 21:24:18 the DAA definition is from https://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf. Note that the full doc includes permitted uses, prohibitions (against use for eligibility purposes), responsibilities for first, third and service providers, etc. 21:24:22 q+ 21:24:29 And cross-site is not required for tracking either. 21:24:46 Rachel, does it contain any limitations on collection or retention? 21:24:50 yes. 21:24:52 We're defining a term. We should be able to have another group copy & paste our defn and use it. 21:24:55 What limitations? 21:25:02 aleecia, the traditional meaning of tracking does not involve activity at a single site -- it is following someone as they travel across some distance (not the same site) 21:25:05 peter: so if there are 43 clicks on first party sites is that tracking, is that the issue? 21:25:22 aleecia, you want a definition that Field and Stream could cut and paste to use? 21:25:45 "traditional"? 21:26:03 rachel_thomas: you're right, the DAA definition was taken out of context 21:26:13 aleecia, when a user says "tracking is bad", what do you think they mean? 21:26:13 chris pedigo: we have agreed to carve out first parties, my belief is that first parties should be completely exempt, and we should be allowed to share datas, but agreed to limit on sharing data to avoid a loophole 21:26:21 justin if any other W3C WG later grabs the defn and says "here's what tracking is" they shouldn't need to edit it 21:26:38 Ed, The Data Security Principle requires entities to provide reasonable security for, and limited retention of, data collected and used for OBA/MSD purposes. http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf 21:26:47 chrispedigo: concerned about unintended consequences, and having it be deemed to apply to first parties 21:26:49 Chris_IAB has joined #dnt 21:26:55 q? 21:27:19 aleecia, to be clear, I think this discussion is more about coming up with a definition of what we're trying to address in a scope section rather than an operational definition. Because, you know, "tracking" is not an operational term in the document. 21:27:28 john simpson: i thought purpose of working group was to provide choice about what data collected and for average user collection of data is an issue regardless 21:27:56 rachel_thomas: nice definition for what "cross-site" means. I think defining first parties away is a mistake. We can talk about permissions or only limited requirements for first parties, but ruling them out of scope is unwise IMHO 21:27:56 then let's have a section that specifically says "if X isn't you, ignore this doc" rather than trying to shoehorn it into a defn that doesn't actually work out 21:28:11 rachel_thomas, so it's just focusing on data used for OBA right? ohter collection is not considered as tracking? 21:28:13 Ed, limits on collection are included on page 2 - https://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf 21:28:21 agree with David Singer that there's a whole world who can ignore or just read a very tiny portion, and we should help them out 21:28:21 in a trade off we decided fewer limits on 1st party sites, but we got around this by avoiding definition, but since so much demand for one i think we need to acknowledge all kinds of tracking 21:28:22 aleecia, I think there are a lot of people in the group who would prefer this discussion just to go into SCOPE. 21:28:32 so do a scope section 21:28:44 How about:  "Tracking is the retention of a user's Web browsing history over time, across unaffiliated sites, that is linked or may be reasonably linkable to a unique device."  21:28:46 Rachel, could you provide a few concrete examples of collection or retention practices that would be prohibited by the DAA principles? 21:28:50 we've intertwined defn and scope. not sure that's a great idea. 21:28:55 vincent, good question. NO. The multi-site data principles (https://www.aboutads.info/resource/download/Multi-Site-Data-Principles.pdf) expand upon the OBA principles (http://www.aboutads.info/resource/download/seven-principles-07-01-09.pdf) to cover all multi-site data, not just OBA. 21:29:01 (in fact, the title of the document is "Tracking Compliance and Scope") 21:29:05 q+ 21:29:06 peter: we are having this conversation and including idea of no defintion, "null" which is still on table, but here we are exploring language we could use if we have a definition 21:29:12 Rachel, I see a limitation of retention to "as long as needed …" Thanks for that. Is there a limit on collection somewhere? 21:29:18 q? 21:29:41 jmayer, i believe i answered your question in my two posts directed at ed felten. 21:29:42 rob sherman: wanted to respond briefly to exchange between chris and john, and i think there is less defintiion than is apparent, about what goes into defintion of tracking 21:30:06 generally i think this group has been on same page.....think this is about framing defintion not about what we actually do 21:30:21 Rachel, you pointed to language. Many have objected that the language does not actually limit practices. I'd like to understand, through examples. 21:30:29 peter: trying to understand, let me proble: do you see any defintions between what is permitted? 21:30:51 rob sherman: i actually don't fully understand john simpson's approach 21:30:55 the language outlines buckets - clearer than one-off examples. 21:31:10 what is the effort we are making with defintions on screen, which they are debating? 21:31:24 q? 21:31:26 Limiting to across sites (affiliated or not) doesn't make sense for a defn of tracking. It may make perfect sense for scope. 21:31:27 q+ 21:31:33 q+ 21:31:57 peter: one reason to have defintion of tracking is that it sets defintion of what is in scope.....put people on alert, hey you are inside scope of spec 21:32:32 this definition would be an alert of who is covered....another possibility, would be to say here is a guide to what we think is tracking but this is not binding part of spec 21:32:33 Rachel, I have difficulty understanding to contours of the permitted use buckets. Peter has testified on the Hill that they're practically unlimited. If you can't give examples, it seems fair to assume the permitted uses are so broad as to swallow the collection rules. 21:32:51 another way to go is this is normative part of spec 21:32:55 q? 21:32:59 this is why this is important discussion 21:33:11 scribenick: bryan 21:33:18 scribenick: bryan 21:33:27 TPE requires a definition of tracking 21:33:42 q+ 21:33:51 or at least what DNT: 1 conveys 21:34:07 ack npdoty 21:34:07 npdoty, you wanted to discuss editors' handling 21:34:08 nick: the editors could put a def in and rewrite the rules so they address that term, it wouldn't change the substance; as a question for the editors... 21:34:10 ack robsherman 21:34:21 peter: is it just a rewriting matter? 21:34:39 justin and roy, thinking about the retargeting using only first party data i think the issue there is really a first party turning around and acting as a third party, not really a service provider issue 21:35:00 q+ 21:35:04 q- 21:35:11 justin: instead of making a def for a word that does not matter in the document, we could address this in the scope so it does not affect normative text 21:35:23 peter: is the scope normative? 21:35:56 it would be odd for scope to be normative 21:35:56 tlr: it can be, or not. depends upon how the scope is written 21:36:21 q? 21:36:28 ack rachel_thomas 21:36:28 q- 21:36:30 I am not proposing that we write the Scope discussion of "tracking" (why are we here?) to be normative. 21:36:30 ack jmayer 21:36:33 peter: the binding about the def of tracking would need to follow with a decision on the normative impact of that def 21:36:54 jmayer: suggest that the group should move onto another topic 21:37:11 agree with fielding that it might be unusual for Scope to be normative; in HTML5 for example: http://www.w3.org/TR/html5/introduction.html#scope 21:37:17 actually, no, we have been procedurally prevented from talking about tracking definition in any meaningful way 21:37:21 ... if we are to agreement, it will be thru competing text proposals 21:37:30 q? 21:37:39 ... urge that we not define tracking, even moreso that we don't talk about it 21:38:04 +Alan 21:38:11 q? 21:38:17 ack ChrisPedigoOPA 21:38:23 peter: as co-chair I have not understood these issues, and this helps; also ecosystem stakeholders have asked for this discussion; but it will end soon 21:38:47 is the concern actually issue-6 rather than issue-5? 21:38:53 issue-6? 21:38:53 ISSUE-6 -- What are the underlying concerns? Why are we doing this / what are people afraid of? -- closed 21:38:53 http://www.w3.org/2011/tracking-protection/track/issues/6 21:39:03 chrispedigoOPA: this def does help identify the problem we are trying to solve, and it includes over time and cross-site 21:39:37 "capture the lens through which we're looking" 21:39:42 ... as this doc evolves, it's important for future users that we capture the lens through which we are looking 21:39:54 q? 21:40:09 peter: i need to understand the current things that 1st parties re not passing on 21:40:14 justin and heather, we have "2. Scope and Goals" empty now with a link to issue-6 21:40:30 ... with the note that we would come back to it later 21:40:47 q? 21:40:50 ack Chris_IAB 21:40:56 chrismejia: I have 3rd party tracking as the retention of user's web behavior over time that may be linked to a particular user or device (chris please correct as needed) 21:41:05 rvaneijk has joined #dnt 21:41:07 Chris_IAB, can you drop that definition into IRC in case we didn't get the language correctly in scribing? 21:41:11 ack dwainberg 21:41:36 dawinberg: there is I think consensus that use of 1st party data in that context is definitely out of scope 21:41:56 q? 21:42:03 ... it would thus be more precise not to talk about the party, but the data in the context of collection and use 21:42:05 s/dawinberg/dwainberg/ 21:42:38 if you want to define tracking, please help with the definition of DNT:0 in the global considerations 21:42:40 Here ya go: "3rd Party Tracking is, for the purpose of this spec, the retention of a user's Web browsing history over time, across unaffiliated sites, that is linked or may be reasonably linkable to a unique device." 21:42:44 would it put less burden on the permitted uses? incorporating a permitted use into a one sentence definition of tracking seems like a great challenge 21:42:47 ... on the def of tracking, we put less of a burden on permitted uses when we define it; enable more innovation and flexibility in the spec to accomodate it 21:43:17 ... what is lacking in David's def is more explanation of the type of data that is included in tracking 21:43:39 ... e.g. browsing history is in, similar to data on web viewing over time 21:43:45 q? 21:43:52 ack fielding 21:44:06 fielding: scope def is important but defining user preference is more important 21:44:08 q+ 21:44:12 We should be talking in terms of HTTP (which the server sees, and which is the protocol carrying the headers) vs. "web browsing" which is a user-interface notion. 21:44:14 New topic - can we do one at a time, please? 21:44:25 ... we need a simple way for users to define their preference 21:44:35 "need to have a simple way of informing the user" 21:44:51 q? 21:44:59 ... reason we are here is to adhere to user preference; that's why we are focusing on a def of user tracking 21:45:04 ack Chris_IAB 21:45:13 for what it's worth, I disagree with Roy still. Not a surprise to anyone so I'll keep out of the queue. 21:45:33 But in case we're doing the "sustained objection" model. Users are not asking for cross-site only. 21:45:44 web-history sounds compelling, but what about the combination with data from other sources? 21:45:54 Chris_IAB: it's easier to solve for n, when we know what n is. Offering a narrow def for this spec and purpose creates an n that is solvable 21:45:54 do we have a separate issue for user presentation / education? if Roy's concern is less scoping and more user presentation, that might be something we can take up separately 21:46:37 ... disagree with the assertion that it would be a waste of time to revisit when n included everything. it would be worthwhile to reconsider 21:46:45 Agree that's a distinct issue. Not sure there's much we can say there (see discussion Alan and I had yesterday) but we might at least get some good "shoulds" there, which would make me happier. 21:46:53 This is from the charter: "The Working Group will produce Recommendation-track specifications for a simple machine-readable preference expression mechanism ("Do Not Track") and technologies for selectively allowing or blocking tracking elements." Does not say only third party tracking. 21:47:10 aleecia, until we define what users are actually asking, I don't see how you can make any assumptions about what they are asking 21:47:17 Users would like DNT to stop first party tracking 21:47:19 peter: a path for compliance, from here; we have worked on compliance, and a def of tracking; some of the fault lines are clearer 21:47:29 I think we've lost Chapell for the afternoon, but he might be interested in working with fielding on the importance of user presentation. 21:47:50 Nick that sounds like a constructive approach forward. 21:48:06 johnsimpson, respectfully, it depends on how you define the word "track" in the context of "do-not-track" 21:48:32 ... the remaining pieces are permitted uses, service provider de-id, market research, and provisioninally the def of tracking 21:48:41 ... that is not a huge # of things 21:48:44 my point is that we have to agree on the definitions of the words we use in a scope to understand the scope itself 21:48:51 npdoty, please don't try to relegate this to an out of scope discussion on UI. What I want is a required deliverable of the WG. 21:49:06 fielding: part of the issue is really that aleecia's research created evidence that users want that "off" button and that the industry fears that this is too much in the current eco-system. A dilemma IMHO 21:49:07 Aleecia, could you please reference the source of data you are referring to in your assertions of what all users want? It would be helpful to review the integrity of the research your relying upon in your declarations. 21:49:07 ... a reasonable list that can be addressed; I intend to work directly to get specific text to close the issues 21:49:23 fielding, I was hoping to divert discussions on UI into a more helpful discussion on what we need for effective communication to the user 21:49:26 ... I will push, and you have your chance to let me know what you think 21:49:50 ... that's it for the agenda for today 21:49:51 Wileys: I've seen aleecia's research presented on several occasions. see above, it is a dilemma, somewhat. 21:49:52 +q 21:49:56 Shane, your implicit point that users want different things is correct. 21:50:02 how to get out: more communication 21:50:08 [Mead Hall] 21:50:17 Mark_Vic_ has joined #dnt 21:50:25 http://www.themeadhall.com/ 21:50:26 backside of legal seafood 21:50:37 There's work from Berkeley as well 21:51:09 mschunter: there a re minor changes to the agenda, just reshuffling; we can maybe take less time 21:51:25 Some of what I reference was not published; we did a large study at Mozilla of Mozilla users on the geek side. More representative than I would have expected, but assuredly not a random sample. 21:51:38 And Microsoft has done their own research as well 21:51:44 where do we subscribe to the list 21:51:50 ... we have a special public tracking annc list, enabling only chairs to post issues, sort of a warning function 21:51:52 http://lists.w3.org/Archives/Public/public-tracking-announce/ 21:51:56 John - you are already subscribed 21:51:59 members of the working group are already subscribed 21:52:13 As for tradeoffs, once again I point you to the Annenberg work that's been replicated many times 21:52:24 ... will send a message to the list to let those know who are on it 21:52:26 thank you Aleecia - I'll take the weight of your assertions with the transparency their supporting representation is provided. 21:53:05 peter: one method to warn you of issue closing 21:53:05 +q 21:53:09 parse failure. I mean, I get there's snark, but I'm not sure what you were trying to say since the grammar there failed 21:53:12 ... you will have a chance to object 21:53:27 -BrianHuseman 21:53:47 ack justin 21:54:12 justin: you said we would reintro market research and permitted use; what is the plan? 21:54:23 ... eg work up permitted use language? 21:54:32 peter: will work offline on that 21:54:42 David Stark, Richard Weaver, Justin Brookman -- all good people to talk together on the market research issue 21:55:19 Aleecia, apologies, I see the grammar miss now. I mean to say it'll be difficult to put much weight behind your assertions without supporting evidence (aka - lack of transparency). So feel free to continue to share your beliefs of what "all users want" but please understand if many of us don't place as much confidence in those assertions as we could if there was reliable, well-thought out research 21:55:19 approaches behind it. That rarely exists in this space unfortunately. 21:55:24 jmayer: concern that there are some interdependencies on issues; we might get more work done up front with a constelllation of options rather than tackling each issue 21:55:49 ... e.g. browser-based API for exceptions; some have suggested a linkage with the consent standard 21:56:02 ... knowing that linkage in advance would help 21:56:04 Shane - I've just given you pointers to research from multiple organizations. You've likely read all of them already. 21:56:40 You're right that I short cut "the majority of users" to "users" and did not in any way mean to imply "all users." If you seriously mistook that, sorry for the short hand. That was not my intent. 21:56:42 peter: sympathy for that proposal; we may get to options for issues and note that solutions are related to other issues, with provisional closure 21:57:05 Users are absolutely not a monolithic block, which is a point you'll find I make frequently 21:57:10 ... until the related discussions are done we will not have final closure; would that help? 21:57:17 jmayer: entirely reasonable 21:57:19 -Joanne 21:57:22 -hefferjr 21:57:26 Zakim, list attendees 21:57:26 As of this point the attendees have been BrianHuseman, tlr, kulick, MIT-Star, johnsimpson, vincent, yianni, Aleecia, vinay, +1.202.656.aaaa, Jonathan_Mayer, Joanne, BerinSzoka, 21:57:29 ... Dan_Auerbach, walter, +1.202.639.aabb, hefferjr, +1.206.658.aacc, +1.646.654.aadd, MIT346, +1.202.656.aaee, Fielding, Mark_Vickers, +1.415.920.aaff, Alan 21:57:29 -Aleecia 21:57:29 -Alan 21:57:30 rrsagent, please draft minutes 21:57:30 I have made the request to generate http://www.w3.org/2013/02/12-dnt-minutes.html npdoty 21:57:32 -BerinSzoka 21:57:32 -vincent 21:57:35 [Today's meeting concluded] 21:57:37 -Mark_Vickers 21:57:43 -vinay 21:57:44 -johnsimpson 21:57:46 johnsimpson has left #dnt 21:57:50 Zakim, drop MIT-Star 21:57:50 MIT-Star is being disconnected 21:57:51 -MIT-Star 21:57:56 -Jonathan_Mayer 21:59:23 -kulick 21:59:26 -Fielding 21:59:27 Team_(dnt)13:55Z has ended 21:59:27 Attendees were BrianHuseman, tlr, kulick, MIT-Star, johnsimpson, vincent, yianni, Aleecia, vinay, +1.202.656.aaaa, Jonathan_Mayer, Joanne, BerinSzoka, Dan_Auerbach, walter, 21:59:27 ... +1.202.639.aabb, hefferjr, +1.206.658.aacc, +1.646.654.aadd, MIT346, +1.202.656.aaee, Fielding, Mark_Vickers, +1.415.920.aaff, Alan 22:35:27 BillScannell has joined #dnt 22:42:20 dsinger has joined #dnt 22:58:20 npdoty has joined #dnt