Meeting minutes
Presentation
Discussion
<Zakim> Jemma, you wanted to ask clarification of "small contract"
Jemma: I work for the ARIA accessibility WG. I'm new to data sharing. I'm inspired by this presentation. This is an iportant issue.
… I liked the later part. It was solid about how we'll implement these things.
… I had difficulty understanding the basic idea. What's a "small contract"? Maybe an individual rather than government-level contract?
… I wasn't sure what kind of data sharing you're talking about. Metadata? Can you give us a specific example?
… You mentioned the GDPR, which helps a little bit, but I wasn't sure exactly.
… Third, You mentioned that individuals would be the decision-makers. I don't know enough to learn about data, authenticity. How can we support the users?
jrosewell: Thank you. As far as small contracts, I meant there would be a small number of standard contracts. So we don't have to educate users about a lot of them. Each industry would have its own set of contracts.
… Just like when we purchase tea or coffee there are a small number of contract. People are familiar with this kind of trust.
… I deliberately didn't talk aobut GDPR or personal data until the second section. The hot topic of the moment is privacy, so personal data, but it's not limited to that.
… The decision-maker becomes the person. They decide wich standard contracts they're willing to use.
… Could have a person who doesn't want any data shared at all. Could set up my world so I only see contracts that don't share personal data.
… Coudl tell a search engine to only return that kind of result.
… Could let a publisher refuse to accept a limited choice of contracts.
Jemma: Thanks. Makes sense.
<Zakim> Ralph, you wanted to ask (after the presentation) about mark enforcement
Ralph: I find the notion of trust marks to be intriguing. It's been tried before. One of the issue that we haven't found an adequate solution for is avoiding counterfits. In a physical store, we have counterfeit items, but it's expensive to counterfeit in the physical world. You mentioned cryptographic verification of contracts.
… What are you thoughts about how often and by what methods the ecosystem would expect or require the user's agent to verify the cryptographic mark?
jrosewell: By having a situation where the participants are cryptographically verifying that they use data under a standard contract, and making the information available to the rest of the participants. The ecosystem becomes aware of all the other participants in the ecosystem. That itself doesn't eliminate fraud, but it means the party that said they did something was actually the party.
… We've got established tools to make that happen. Don't have that particular issue of counterfeiting. What we might have is bad actors who don't want to be known. Trying to hide. We address that in the contract perspective by preventing parties from sending data to other parties who aren't bound by that contract in the B2B chain of suppliers.
… Where we see harms -- someone receiving personalized marketing when they haven't consented to it -- the UA could start playing a role in that policing. The media has highlighted the problems in fair trade. Regulators and the rest of the ecosystem help too. That seems to be the right way forward.
… Bad things happen in both sides of the world, and we should use similar tools.
Ralph: I'm asking a more mundane question. People who understand cryptography can design a protocol stack where we can verify who's a participant. I as a user, going to a website, see the trust mark. How often do you imagine that my UA might do the cryptographic verification that this is legitimate?
… Lots of recent discussion of the environmental impact. It seems undesirable that we verify on every visit.
jrosewell: 2 methods: You're referring to a type of standard contract where there's an authoritative body that says it's approved by the conduct authority.
… When you claim to satisfy that kind of contract, the body lets them display the logo. Look to SSL. It's a more enhanced kind of standard contract with lots of certification behind it.
… Banking is another good example. I don't think blockchain is needed.
<Zakim> jyasskin, you wanted to talk about the analogy to the CAB Forum BRs
jyasskin: I think your SSL analogy is a good one
… terminology confusion: you're talking about contracts while W3C is used to specs, but I think they work similarly here
… SSL has the CAB forum, where CAs and Browsers agree on baseline requirements, specificaiton of behavior for certificate issuance
… each root store defines some policies on top
… system of auditors, audit program ased on baseline requirements and extras required by browsers
… perform audits on CAs
… recently, browsers have started reading the audits in more detail, following up on discrepancies
… follow-up on whether contract was followed seems to map to Certificate Transparency
… not a direct translation, but a potential model
… The audits of CAs have some problems
… ask the experts there
… e.g. the auditors have a fiduciary duty to the compaies they're auditing, so they tell the public only whether the audit passed
… better to set up a program where the auditor's duty is to the public
jrosewell: setup is key to driving the right incentives
jrosewell: That's really good. To make some comments: The way you set things up is aboslutely essential to drive the right incentives. We can't have the situation you just descibed in this case. A browser vendor might say that this particular certificate (mark) has a wonky auditing process, and we shoudl warn people.
… Might have a new scheme that's really good, and people would be educated. Even fair trade coffee isn't without its controversy.
… Re the technical solution, my thinking is that you have different levels of complexity proportional to the harm that can be done. Might be a higher level of validation for buying a house or car vs receiving an advertisement.
… The system shouldn't be constrained to just one type that's either simple or complex.
alextcone: One of the examples we have in the wild of this scheme is the francise that's the Digital Advertising Alliance (which my current employer is a party to). AdChoices has existed, and yet we're here. This follows on with jyasskin's point. The incentives have to be really great for this to work.
<Jemma> incentive or PUNISHMENT ;-)
alextcone: How do you get to a place where there's an auditing authority that people don't think is conflicted. How do you think about that?
jrosewell: I bring enthusiasm and naeivety. I haven't been involved in that history or spent 10 years living it. I want to improve advertising even though my business has nothing to do with advertising. I'll talk generally.
… They suffer from being a registry. You have to be a participant and pay a fee to be listed. And then you get on this list, and then what happens? Maybe there's consent options. It doesn't flow through the whole supply chain, wiht all the audits I've discussed.
alextcone: That's correct.
jrosewell: So problems: Audit: How do you know who's been invovled. I don't need to know who all of the B2B suppliers are. I trust CafeDirect to have done a good job; that's why I'm buying their brand. In digital, we expose people to the whole iceberg.
… I'm not equipped to deal with that whole long supply chain list.
… These schemes are just confusing to people.
… Certified contracts, saying "as long as you comply with the rules", they really help businesses because they take the uncertainty away.
… Banking, buying a house, is different from receiving an advertisement.
… When people see those schemes, those logos, like Global Privacy Control. It doesn't bind all the parties to the same contract. It might only apply to California.
… Have I characterized EDAA well?
alextcone: It's just a thing set out to do something similar to what you're talking about. And yet we're here. What about the incentives have resulted in the fact that we think that's probably not the answer but something similar is.
jrosewell: If people can make money by doing bad things or by turning a blind eye, then the wrong incentives were set up. Need incentives to support actors being good actors and support the rest of the ecosystem.
… Also want to avoid unintended consequences.
<Zakim> kleber, you wanted to ask about "proof of compliance with a contract"
kleber: Want to +1 alextcone's question. I wish EDAA self-regulatory scheme had solved this.
… My job would be easier. Want to ask about somethign you said earlier; about cryptographically proving they'd complied with the contract. That would be great. Would be an essential part of how things succeeded.
… But surely the standard contract would need to include some statement like "adherents can only pass data on to people who've also signed", and I don't think there's a way to prove that's what was done.
… Once someone has data, they can do anything with it, in a way that's invisible to the browser. Do you think we have a way to cryptographically verify that, or is that in the domain of auditing?
jrosewell: Good question. I mean the cryptographic proof is that they received the data and have access to the data. It's based on trust. Don't think you can remove the trust choice.
… There are other trust schemes that exist that we can apply here. Trust the supermarket to avoid doing things that harm me.
jrosewell: Cryptographic proof is just that they have the data. Have to trust that they did the right thing. If they did the wrong thing, that's why transparency is important. Browser vendor could look at the activity in aggregate. "This entity seems to be doing personalized marketing when they've committed not to." This brings back transparency. In the 7 Oct statement from the ICO, they talked about the need to balance the
… sharing of data vs privacy. Work together to minimize the risk but not eliminate it entirely.
… Don't have a perfect answer.
kleber: That gets to the heart of why I think this'll be hard to get browsers to adopt. The combination of the transitivity, needing to pass along this trust to an unboundedly large set of parties. Where if even one party defects from the contract, then the contractually protected scheme falls apart. The difficulty of that transparency problem. Figuring out by some kind of observation that the contract was violated,
<Jemma> I would like let wendell speak first.
<Jemma> q_
<alextcone> *Not to mention the need to get companies like Nestle, Disney, Samsung, and the list goes on...to agree to terms about "their" data.
kleber: much less who did the wrong thing. A good contract happens when 2 parties enter in , and they each understand their redress when the other party violates it, and can learn that the other one violated the contract. The large number of parties and the difficulty of telling when the other party has violated makes this hard.
jrosewell: When I buy fair trade coffee, I trust it, despite the long supply chain. We have some mechanisms to track it down.
… There will be bad actors, but that's true in all supply chains; why treat digital differently?
<Joshua_Koran> Michael's point about how to ensure people's data is collected and processed according to expectations applies equally to user agents. What audit mechanism is Chrome suggesting it will make available to ensure it does not surprise people in what happens with their personal data?
wbaker: I'll be stronger in support of what Alex said. Everything you've described is already available and has been practiced for a decade. NAI with standard contracts. Logos program. Javascript that implements. TCF is a great example of multistakeholder negotiation abut what these contracts should be. Supervision, with all these multidimensional and concrete ways of developing policy. Police action, remediation, cure.
… Where in all this infrastructure that we've accreted, we're missing something.
wbaker: I see some quibbles on "didn't like certain contracts". But don't see why we couldn't iterate all this infrastructure to what you want.
jrosewell: General question is "why didn't it work?"
<wseltzer> https://
wseltzer: Want to offer a brief pointer to the breakouts page.
<Zakim> jyasskin, you wanted to comment on what we're missing.
jyasskin: question of what has been missing from other attempts is interesting
… e.g. browsers in the room advocating for users
… hard to get general agreement perhaps
… maybe there isn't as much of an audit program as we need
jrosewell: Does need all parties to be involved.
jrosewell: Thanks all!