Meeting minutes
[Presentation: Phil Eligio]
<weiler> [he's presenting using different slides, though]
<AramZS> (the format is q plus sign `to` and then string I think jrosewell)
<Zakim> jeff, you wanted to get Phillip's view on how representation could be improved.
<Zakim> robin, you wanted to point out that The Times's offer of training in W3C standards for publisher organisations still stands
<Zakim> wseltzer, you wanted to react to jeff
<JacquesHansROCHE> I'm here sorry
<Zakim> AramZS, you wanted to ask why an identifier is the only solution to these problems?
<JacquesHansROCHE> I can take notes
AramZS: Can you dig in a bit more to the conclusion you reached that a 1:1 psuedonymoous identifier is the solution
<weiler> aramzs++
AramZS: we've had the discussion and reached a different answer
Phil: we concluded that was what drove value today
… know there's been some owrk to address value-drivers that aren't 1:1
<jeff> Jeff: In the EPC paper it encourages W3C to have greater representation in our ecosystem. But we are an open organization with about 450 members, 1/3 in Europe; merged with IDPF. What else can we do?
Phil: no technical solution proposed in the paper
AramZS: do you think the group of publishers here would be open to a diferent solution that reasonably satisfied the needs being met by ID?
Phil: if it reasonably satisfies
… important conversation to have
… not at the end point of the conversation eyt
<jeff> Phillip: (paraphrase after the fact) Good question, Jeff. Difficult to find technical resources. It would probably be helpful if you can be proactive.
Phil: publishers interested in finding a solution that addresses these areas
<jeff> Robin: In terms of guiding publishers and advertisers how to get around in W3C, I'm happy to lead a workshop.
weiler: I heard you say you're looking for a simple transparent solution
… and in the paper, propose psuedonymous identifier
… If a linkable identifier is widely used across the web, it loses its psuedonymity properties
… you may have to do something more complicated
jrosewell: a lot of businesses will have suppliers that support them
<joshua_koran_> @sam "pseudonymous" by definition means that it has technical or operational means to keep the activity distinct from directly-identifiable information (i.e. offline identity)
jrosewell: rely on technology providers
… lots of those tech companies that support publishers, generally referred to as "ad tech", are involved with W3C
… they are capable of representing views of publishers
… we talked about business models and solutions
… not just code, but also laws
<gendler> AramZS ++ to that question
jrosewell: heard a presentation from Blacklight re how GDPR has impacted
… could be discussed in proposed Decentralization IG
… Spectrum of owned+operated together, and splitting operation and administration, any preference?
Phil: the paper specified neutral
… didn't describe the governance
… question that can be investigated
… if we build for neutral entity, need to address governance
kris_chapman_: comment on the difficulty of knowing which groups to join, timing for participation
… I spend about 25% of my time working in various W3C groups
kris_chapman_: there's a need to provide a pecking order among groups, which is the priority to be involved with
<Zakim> robin, you wanted to point out that this is not a unanimous position in the EPC
kris_chapman_: so you don't miss important conversations
robin: re pseudonymous identifiers, I wouldn't say EPC had a unanimous position. More nuance
… pseudonymous identifiers are a governance and privacy method designed for areas that are strongly governed
… e.g. clinical trials with IRB, audits, bureaucracy
… lots involved in "doing it right"
… accountability
… requires lots of bureaucracy to do it right
… that would slow innovation substantially
… from our perspective, more value to try innovative alternatives
<kleber> +1 to Robin
robin: Second, the idea that any non-publisher can represent publishers is preposterous
… Ad tech companies are more than welcome to participate, a key part of the future of the web
… but they shouldn't speak as if they represent publishers
anil: Is there a prospective business model behind the identifier you mentioned?
<cwilso> +1
anil: eg. relating to email marketing?
Phil: there hasn't been specific discussion around that
<Zakim> AramZS, you wanted to the question that ad tech could represent the interests of publishers
AramZS: reinforce what Robin said
… a number of studies show 70% of ad profits go to ad companies, not to publishers
… reports on % of ad traffic that's fraudulent
… not interested in disparaging ad tech
<joshua_koran_> +1 to cleaning up fraud, but we have to also acknowledge publishers are sources of fraud independent of intermediaries
AramZS: but address technical problems that need to be solved re reporting and business issues
… Advertising technology represents some interests; web publishing represents others
… recognize that they're separate interests
<Zakim> weiler, you wanted to ask why use a model that needs governance (v. fully self-soverign)
<AramZS> An assessment on some of the reporting of fraud https://mashable.com/2016/06/09/ad-fraud-organized-crime/#NEIQuQmMSsqE
<AramZS> Another estimation of fraud: https://www.campaignlive.co.uk/article/unilever-were-miles-ahead-pack-tackling-ad-fraud/1592052
weiler: when I hear concerns about governance, wonder why we use an architecture with such requirements, rather than engineering
Phil: look forward to the conversation, don't have a clear answer today
weiler: or proposing something else that doesn't have those problems
<tantek> I'm curious about the defensiveness about (not) disparaging ad tech, I mean, everyone knows about the widespread problem of https://en.wikipedia.org/wiki/Malvertising right?
jrosewell: I'm not directly involved in ad tech, though I have customers in that field
… disagree, a tech company can represent its customers
… any industry can have its bad actors (diesel emissions, Enron), but we shouldn't all actors with the same brush
… the vast majority I've interacted with are trying to do the right thing
… no one finds fraud numbers acceptable
<AramZS> Some writing on why the split of profit to middlemen technologies creates real problems in the ecosystem - http://adcontrarian.blogspot.com/2017/01/why-ad-fraud-thrives.html
jrosewell: Re pseudonymous identifiers and governance, EPC aren't the only body proposing. Competition and Markets Authority UK also propose
… before we assume there's a problem associated with audit and control, shouldn't we understand those solutions and compare with alternative
kris_chapman_: Salesforce isn't ad tech, martech.
… while best representatives of publishers are the publs themselves, I do try to represent the feedback I hear from our customers in publishing
<AramZS> Two pieces on the question of the concerning split in profit regarding middlemen - https://mediatel.co.uk/newsline/2016/10/04/where-did-the-money-go-guardian-buys-its-own-ad-inventory/ & https://digiday.com/careers/ad-tech-confession/
kris_chapman_: re pseudonymous identifier, we tend to have engineering background and therefore try to develop engineering solutions
… not the only answer
… we shouldn't dismiss business logic and business solutions
<jrosewell> Agree with Kris that we tend to seek solutions in technology and not in other areas such as policy, governance, etc.
<Zakim> kleber, you wanted to ask about specific data ownership needs of publishers — a global identifier pushes in the opposite direction of pubs keeping control of their data, audiences, etc
kleber: on the subject of pseudonymous identifiers, 30 years of privacy research says there's no global cross-context identifier with the properties you're looking for
… without a lot of regulatory work behind enforcement
… what are the specific data ownership needs of publishers
… in the regime you're talking about
… global ID we're talking about seems to cut against some of the needs
… I'm author of privacy sandbox proposals, e.g. letting publishers advertise on their site without contributing to the building of audiences that can be used off-site
<Zakim> gendler, you wanted to ask if publishers are the customer for adtech companies or the product
kleber: pseudonymous ID doesn't offer protection against that threat
gendler: NYT, to jrosewell, I'd disagree that publishers are the customers of ad tech
… advertisers are the customer, publishers are the product
… so harder for them to represent publishers' interests
… re painting all with the same brush, overall ecosystem has issues
… links Aram is putting in the chat
wseltzer: in web-adv BG, we've been working to focus on use cases one abstraction above the technical implementation today. What needs would a pseudonymous identifier serve, and can we address those in a privacy-preserving way, perhaps through new web features and computational properties (multi-party computation, differential privacy)?
<Zakim> weiler, you wanted to respond to kris
weiler: re preference for engineering solutions
… in security and privacy, at least some of our adversaries don't play by the rules
… sometimes it's state actors or organized crime
… seeking to subvert user interests
… e.g. state actors blocking TLS 1.3
<Zakim> joshua_koran_, you wanted to discuss pseudonymous IDs
weiler: that's when I don't think we can rely on policy solutions
joshua_koran_: Zeta Global, martech
… agree with wseltzer start with business cases, then evaluate the technology that would solve them
… we tend not to look at problems that can
… 't be solved by technology
… agree we want to clean up fraud.
… much of that driven by publishers, and advertisers deploy anti-fraud tech
jrosewell: let's not label countries as bad actors
… W3C shouldn't
<AramZS> Note: other ad tech firms than SSPs work directly with publishers.
jrosewell: some ad tech companies, SSPs, work with publishers; others, DSPs, work with advertisers
… I should have referred specifically to sell-side
<Zakim> robin, you wanted to point out that engineering, governance, policy aren't either/or
robin: re not just focusing on engineering, it's not either or
… look at engineering and policy solutions, a big toolbox
… engineered solutions can act as forcing functions
… value in doing more work to bridge engineering and policy solutions
… e.g. GPC noted limits in pure-tech, and looked to bridge to policy
… I'd say there's 50 years experience looking at pseudonymous identifiers, from paper filing times, and still they don't work
<Zakim> AramZS, you wanted to the question of mechanical enforcement and the need for it
AramZS: adtech engineering director, Washington Post
… +1 Robin
… publishers work with lots of systems besides SSPs
… there is fraud that occurs with creation of fake users, fake publishers, and larger problem around incentives for propaganda and fake news
… separate needs so we can understand incentives and transpaerency
… one of those incentives is the need to monetize on individual users, which creates the demand for fake users
<robin> I would further note that legitimate publishers are also harmed by fraudulent publishers since we compete for the same money
<jeff> [Tantek, in terms of your point "I'm curious about the defensiveness about (not) disparaging ad tech" within W3C we should never be disparaging an entire industry.]
kris_chapman_: I have an engineering background too
… support looking beyond engineering for solutions
… and beyond where engineering is today
<weiler> [jeff: I disagree.]
Ivan: thank you all!