W3C home > Mailing lists > Public > public-tracking@w3.org > October 2012

Re: ACTION-255: Work on financial reporting text as alternative to legal requirements

From: Mike Zaneis <mike@iab.net>
Date: Tue, 2 Oct 2012 11:17:10 +0000
To: mike O'Neill <michael.oneill@baycloud.com>
CC: "public-tracking@w3.org" <public-tracking@w3.org>
Message-ID: <191ABF7A-B7FE-443D-8DCB-8799AE10C38A@iab.net>
This is the farthest thing from a smoking gun for the DNT process. We have already established that data will continue to be collected under any standard, otherwise the Internet economy would cease to function, thus there will continue to be data security breach threats and the government will continue to have access to private information. If these are the concerns you and Rigo share then you are focused on the wrong "solution". 

In addition, every example you two have provided includes data that is far outside of the scope of this group's work. What does anonymous marketing data have to do with closed-loop surveillance video and ATM transactional data (Rigo's so elegantly stated "dog shit" example). 

Most importantly, I'm astounded that the W3C staff continues to express these misguided views and take such a strong advocacy stand for limits that impact none of their actual concerns. If the W3C position is that they are responsible for fundamentally changing the digital privacy regime, please state that clearly so we understand what type of meeting platform you are setting.  

Mike Zaneis
SVP & General Counsel, IAB
(202) 253-1466

On Oct 2, 2012, at 5:56 AM, "\mike O'Neill" <michael.oneill@baycloud.com> wrote:

> 
> Alan,
> 
> I don't know if this amounts to a smoking gun.
> 
> If everybody's online behaviour can be recorded and stored without consent,
> without knowledge in most cases, then the data will be very valuable to
> oppressive governments & criminals  and they will find ways to access it.
> 
> Criminals could get to it though corrupt insiders and potentially oppressive
> government through law, 
> 
> For example the Draft Communications Data bill in the UK would allow the
> security services to demand access to behavioural data from anyone who
> gathered it, not just the ISPs. 
> 
> If this could happen in the UK it is not hard to imagine how it could in
> less democratic countries.
> 
> 
> 
> Mike
> 
> 
> -----Original Message-----
> From: Alan Chapell [mailto:achapell@chapellassociates.com]
> Sent: 02 October 2012 01:50
> To: Rigo Wenning
> Cc: Mike Zaneis; David Wainberg; Nicholas Doty; public-tracking@w3.org;
> Dobbs, Brooks
> Subject: Re: ACTION-255: Work on financial reporting text as alternative to
> legal requirements
> 
> The only thing you and I agree upon here is that you can't provide the
> smoking gun. (:
> 
> 
> More belowŠ
> 
> 
> On 10/1/12 7:01 PM, "Rigo Wenning" <rigo@w3.org> wrote:
> 
>> Alan,
>> 
>> On Monday 01 October 2012 16:51:45 Alan Chapell wrote:
>>> I appreciate your taking the time - and the willingness to engage in 
>>> dialog. However, you really did not directly answer my questions. You 
>>> are providing high level examples of privacy issues - most of which 
>>> will not be addressed by DNT unless we radically change our approach.
>> 
>> If DNT would not address some of those issues, you wouldn't see me 
>> engaged. :)
> 
>> But this IMHO. I also know that I can't provide the smoking gun. I 
>> guess, Ninja and Rob could. W3C as a community is a pretty good 
>> indication whether something is going on. People are afraid. This can 
>> kill the entire market. That's why we are discussing here.
>> 
>> more inline
>> 
>>> On 10/1/12 4:27 PM, "Rigo Wenning" <rigo@w3.org> wrote:
>>>> blocking tools. I can show you how easy it is. If this is still an 
>>>> issue in 5 years, this may even be more damaging to the industry 
>>>> than DNT ever could be.
>>> 
>>> How is DNT going to stop this practice? If I'm buying my tickets via 
>>> Delta.com, Delta is a 1st party and would not be subject to a DNT 
>>> signal for these purposes.
>> 
>> Oh, Airline XYZ can only do so because they have bought the profile 
>> that tells them I can afford the higher price... - just as an example - 
>> That we do not address first parties is irrelevant for the EU and a 
>> sign of careful nudging of the US community.
> 
> In my experience, it would be unlikely (at best) that airline XYZ.com would
> operate in the way that you're suggesting. We need to distinguish what is
> POSSIBLE in theory from what is PRACTICAL. Going back to your initial hypo:
> you explained that a) you went to XYZ.com in the afternoon and got one price
> and b) you re-visited that site later in the evening and got a different
> price. And you believe that XYZ.com had purchased a profile between your
> afternoon and evening visits to XYZ.com resulted in your seat price
> increasing???? A MUCH more likely scenario is that the airline has booked
> some additional seats on that flight and is now charging more for each
> incremental seat. Or perhaps the airline just charges more for flights at
> night than during the day.
> 
> So if this is your example of harm, you may want to keep looking (:
> 
> 
> 
>>> 
>>>> 2/ Democratic values
>>>> In confirmation of Godwin's law let me tell you that I think that 
>>>> totalitarianism doesn't need computers. But it makes life easier for 
>>>> them. The concentration of high amounts of personal data in few 
>>>> hands is a risk in the power balance.
>>> 
>>> I agree - concentration of data in a small number of players is 
>>> problematic. How do you see DNT addressing this issue? In fact, I 
>>> think one can make a plausible argument that DNT will concentrate 
>>> data in a smaller number of entities. I believe that's a horrible 
>>> outcome that many in this group may be missing and/or choosing to 
>>> ignore.
>> 
>> You fail to give an argument for your assertion. While one can make a 
>> plausible argument, you'll have to make that argument to contradict me.
>> Why should the number of players be smaller if I can refuse collection? 
>> Note: a first party -by definition- can't collect cross site. Leaves 
>> you the 2-3 big fish. Those have a different
>> incentive: They are targets.
>>> 
>> [...]
> 
> If you put the third party intermediaries out of business - by definition
> the marketplace will be smaller.
> 
> 
>>> My point - There are going to be legitimate exceptions for the use of 
>>> data. And each exception should be weighed on the merits - benefit to 
>>> creating the exception vs risks of keeping the exception. My issue 
>>> with your approach is that you aren't really explaining what you 
>>> think the harm is to allowing my specific exception.
>> 
>> Because there is a fundamental transatlantic divide. We have that even 
>> internally. While the eastern part believes that the availability of 
>> organized personal data is very prone to abuse, the western part 
>> believes that it is all about use limitations. Give the data to the 
>> junkie but say: "do not use!". Some believe, some don't.
>> Note that those legitimate exceptions are law in EU. Self regulation 
>> has to re-invent those. For the unregulated, this is a test whether we 
>> can find a reasonable compromise without the formal democratic process.
> 
> I have no idea what you mean hereŠ But while we're on the subject of
> providing arguments for your assertions, I'd invite you to provide a
> specific argument of harm that addresses the request for exemptions. If the
> XYZ.com is the best you can do, well...
> 
>> 
>>> 
>>>> It is therefore essential that somebody can just indicate to the 
>>>> system not to be recorded. And that the system just does not record, 
>>>> or at least throws away after a very short time. So DNT is just a 
>>>> tiny tool, a little aspect in this overall picture.
>>>> But it could be a useful tool. Now you may understand that recording 
>>>> the same information for accounting or PCMCP (a pure use limitation 
>>>> that is) is not sufficient for most people.
>>> 
>>> What are these people you cite? Are you representing the interests of 
>>> consumers in the same way that Jeff and John are?
>> 
>> People just meant my grandma. I neither represent consumers nor 
>> industry nor W3C Team. Because the answer given here are not 
>> coordinated with the W3C Team. I'm just talking to you from my ivory 
>> tower of 15 years of privacy research. This is my second exercise after 
>> P3P, XACML privacy extensions and the like... But I see the polls that 
>> indicate that over 56% of Europeans erase _all_ their cookies at least 
>> once a month. 25% weekly (from the top of my head, search for 
>> eurobarometer).
>> 
>> 2002, the industry thought: "danger banned, no privacy provisions in 
>> the US, move on". And the browsers thought: "we manage cookies by 
>> blocking tools". Ten years after, we are back to the core semantic
>> problem: "Can I trust your assertions?". What does that tell me?
>> Everybody has to optimize in some direction. That's what this effort is 
>> all about. I have to optimize in the direction of excellence...
>> And putting in question the bases of the effort for financial reporting 
>> is against my optimization target. And there, your wording was much 
>> better (and stronger) than mine.
> 
> Thank you. Its interesting that you reference P3P. Do you believe that P3P
> was a success? 
> 
>> 
>> Rigo
>> 
> 
> 
> 
> 
> 
Received on Tuesday, 2 October 2012 11:18:12 UTC

This archive was generated by hypermail 2.3.1 : Friday, 21 June 2013 10:11:35 UTC