Re: Letter from Commissioner J. Thomas Rosch, Federal Trade Commission

Peter,

just to provide some European feedback: the European Commission in the 5th OBA roundtable argued similarly to the FTC that what matters is the users choice. They said that they would like users to take the choice and review the default. JC, Rigo & Rob to correct me, as they also attended the meeting (sorry if I missed others).

Kimon

From: Peter Cranstone <peter.cranstone@gmail.com<mailto:peter.cranstone@gmail.com>>
Date: Wednesday 20 June 2012 16:04
To: Craig Spiezle <craigs@otalliance.org<mailto:craigs@otalliance.org>>, "'Delaney, Elizabeth A'" <EDELANEY@ftc.gov<mailto:EDELANEY@ftc.gov>>, "public-tracking@w3.org<mailto:public-tracking@w3.org>" <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Cc: "'Vandecar, Kim'" <KVANDECAR@ftc.gov<mailto:KVANDECAR@ftc.gov>>, "'Thompson, Kimberly M.'" <kthompson@ftc.gov<mailto:kthompson@ftc.gov>>
Subject: Re: Letter from Commissioner J. Thomas Rosch, Federal Trade Commission
Resent-From: <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Wednesday 20 June 2012 16:05

RE: Your questions.

US.

  1.  Makes no difference – the setting of DNT:1 is valid
  2.  See above
  3.  See above

EU.

  1.  Makes no difference – the setting of DNT:1 is valid
  2.  See above
  3.  See above

It's not the default setting that is on trial here, its the issue of whether or not the server can accurately determine the intent of the user. DNT is binary and therefore lacks sufficient context to make a correct determination.

Therefor if more information is required the server MUST send a response back to the client requesting it. To simply ignore the header is NOT a viable option – the spec needs more context.


Peter
___________________________________
Peter J. Cranstone
720.663.1752


From: Craig Spiezle <craigs@otalliance.org<mailto:craigs@otalliance.org>>
Date: Wednesday, June 20, 2012 4:58 PM
To: Peter Cranstone <peter.cranstone@gmail.com<mailto:peter.cranstone@gmail.com>>, "'Delaney, Elizabeth A'" <EDELANEY@ftc.gov<mailto:EDELANEY@ftc.gov>>, W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Cc: "'Vandecar, Kim'" <KVANDECAR@ftc.gov<mailto:KVANDECAR@ftc.gov>>, "'Thompson, Kimberly M.'" <kthompson@ftc.gov<mailto:kthompson@ftc.gov>>
Subject: RE: Letter from Commissioner J. Thomas Rosch, Federal Trade Commission

There are a few unique scenarios we may want to review for any exceptions or variations to this position.  Do any of the following make a difference?

US

1.       Users updates  their browser.  (I am unclear if IE 10 will be backward compatible with Windows 7)

2.       User buys a new PC (Windows 8 and IE 10 pre-installed)

3.       User Upgrades their PC and purchases Windows 8 with IE 10)

EU – impact with the browser selection screen

1.       Users updated their browser.  (I am unclear if IE 10 will be backward compatible with Windows 7)

2.       User buys a new PC (Windows 8 and selects IE 10)

3.       User Upgrades their PC and purchases Windows 8 and select IE 10)



From: Peter Cranstone [mailto:peter.cranstone@gmail.com]
Sent: Wednesday, June 20, 2012 3:42 PM
To: Delaney, Elizabeth A; 'public-tracking@w3.org<mailto:'public-tracking@w3.org>'
Cc: Vandecar, Kim; Thompson, Kimberly M.
Subject: Re: Letter from Commissioner J. Thomas Rosch, Federal Trade Commission

Elizabeth,

RE: "Microsoft not consumers will be exercising the choice as to what signal the browser will send".

I have to disagree. Microsoft made a public announcement of the browser setting. I knew that when I installed the software. The Microsoft default was my choice when I installed the software, and they also provided me with a way to change my choice if need be.

RE: "But it does not solve the fact that the recipients of the signal must still choose to honor the signal and refrain from tracking consumers and/or collecting data about them".

In essence it does solve the fact. A server as per the spec that is said to be honoring the DNT setting MUST refrain from tracking consumers and/or collecting data about them. What the spec does NOT resolve is the following:

If said server receives a DNT:1 setting that the server believes is coming from an invalid browser (by the way there is no such thing as an invalid DNT setting because it's binary) then it MAY chose to ignore that setting.

The dilemma is now apparent. The user has expressed his/her choice by sending valid DNT setting – the server has now also made a choice, to not honor it. Therefore it MUST respond to the user indicating it's status.

The current spec reads with the word "MAY" respond. This is inadequate and opens up a wealth of legal responses all of which are not good. DNT is binary – if you see the 1 setting and you support honoring that setting then you MUST do as it says. If you lack sufficient context about "WHO" made that setting (Microsoft, Me or other 3rd party software) then you MUST request more data from the user.



Peter
___________________________________
Peter J. Cranstone
720.663.1752

From: "Delaney, Elizabeth A" <EDELANEY@ftc.gov<mailto:EDELANEY@ftc.gov>>
Date: Wednesday, June 20, 2012 11:11 AM
To: W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Cc: "Vandecar, Kim" <KVANDECAR@ftc.gov<mailto:KVANDECAR@ftc.gov>>, "Thompson, Kimberly M." <kthompson@ftc.gov<mailto:kthompson@ftc.gov>>
Subject: Letter from Commissioner J. Thomas Rosch, Federal Trade Commission
Resent-From: W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Wed, 20 Jun 2012 20:31:06 +0000

Dear Members of the W3C Tracking Protection Working Group:

Please see the attached letter from Commissioner J. Thomas Rosch.    Please let us know if you have any questions.  Thank you,


Elizabeth Delaney
Attorney Advisor
Office of Commissioner J. Thomas Rosch
Federal Trade Commission
600 Pennsylvania Ave NW
Washington, DC  20580
202-326-2903