Re: Third-Party Web Tracking: Policy and Technology Paper outlining harms of tracking

Actually, Jeff, my statement says a great deal about my view of the clarity
of scope and overall progress of this particular working group. But that
isn't exactly anything new.

I suppose I can't stop you from attempting to misrepresent my views and
reading much more into my statements ­ you've already demonstrated that
you're a rather creative guy.  (:

Since we're putting things on the record ‹ is it fair to say that you are
unable to come up with a set of tangible, real world examples of harms that
this group is tailored to address? I've asked a number of times.

Please answer that question on the record ­ with real examples.




From:  Jeffrey Chester <jeff@democraticmedia.org>
Date:  Thursday, October 11, 2012 4:08 PM
To:  Alan Chapell <achapell@chapellassociates.com>
Cc:  <public-tracking@w3.org>, Jonathan Mayer <jmayer@stanford.edu>
Subject:  Re: Third-Party Web Tracking: Policy and Technology Paper
outlining harms of tracking

> Thanks Alan for putting this on the record.   You "struggle to find the harm
> that this group is attempting to address."  This clearly says a great deal
> about your view of privacy and contemporary online marketing data collection
> practices.    Such a perspective, which appears to be shared by the DAA/US,
> raises questions about how the group can accomplish its critical task in a
> meaningful manner.   But I still have hopes that we can develop a consensus
> that moves us ahead.
> 
> Jeff
> 
> 
> 
> 
> Jeffrey Chester
> Center for Digital Democracy
> 1621 Connecticut Ave, NW, Suite 550
> Washington, DC 20009
> www.democraticmedia.org <http://www.democraticmedia.org>
> www.digitalads.org <http://www.digitalads.org>
> 202-986-2220
> 
> On Oct 11, 2012, at 3:33 PM, Alan Chapell wrote:
> 
>> Hi Jeff - 
>> 
>> It is significantly more productive to tie it back to what harms are
>> purportedly going to be addressed by the DNT standard.
>> 
>> As I'm providing input into Permitted Uses, I've argued for some flexibility
>> so as to avoid putting third parties in a position where they are conflicting
>> either with DNT or another competing standard. This argument has received
>> some pushback. Some in the group believe that DNT should just trump all
>> competing or conflicting standards - which I believe is impractical.
>> 
>> As a result, I've asked you, Jonathan and others for some real-life examples
>> on the harms they are trying to minimize so that I can help tailor Permitted
>> Uses to address those harms. Thus far, I've received information on a) harms
>> that are out of the scope of DNT, b) high level examples that are incredibly
>> vague to as to make it almost impossible to find practical approaches to
>> address the purported harms in our work here. If this is all they can offer,
>> well then it might be time to remove those objections to flexibility in
>> Permitted Users so the group can move forward productively.
>> 
>> So I'm not sure why you're asking me this question. I struggle to find the
>> harm that this group is attempting to address. You and your colleagues are
>> the ones telling the world the the proverbial sky is falling. And if the
>> professionals who have made these issues their life's work are unable to
>> provide specific, real world examples, please point me to those who areŠ
>> 
>>   
>> 
>> From:  Jeffrey Chester <jeff@democraticmedia.org>
>> Date:  Thursday, October 11, 2012 1:19 PM
>> To:  Alan Chapell <achapell@chapellassociates.com>
>> Cc:  <public-tracking@w3.org>, Jonathan Mayer <jmayer@stanford.edu>
>> Subject:  Re: Third-Party Web Tracking: Policy and Technology Paper outlining
>> harms of tracking
>> 
>>> Alan.  Could you please clarify.  Are you saying that you and/or your
>>> clients believe that the loss of privacy from contemporary digital marketing
>>> practices is not a "harm."  This will help in the discussion.
>>> 
>>> Regards,
>>> 
>>> Jeff
>>> 
>>> 
>>> 
>>> 
>>> Jeffrey Chester
>>> Center for Digital Democracy
>>> 1621 Connecticut Ave, NW, Suite 550
>>> Washington, DC 20009
>>> www.democraticmedia.org <http://www.democraticmedia.org/>
>>> www.digitalads.org <http://www.digitalads.org/>
>>> 202-986-2220
>>> 
>>> On Oct 10, 2012, at 4:55 PM, Alan Chapell wrote:
>>> 
>>>> Hi Jonathan - 
>>>> 
>>>> In addition to my questions below, I'm curious whether your research has
>>>> documented specific examples of these harms occurring in the real world?
>>>> 
>>>> Thanks again,
>>>> 
>>>> Alan
>>>> 
>>>> From:  Alan Chapell <achapell@chapellassociates.com>
>>>> Date:  Saturday, October 6, 2012 5:14 AM
>>>> To:  <public-tracking@w3.org>, Jonathan Mayer <jmayer@stanford.edu>
>>>> Subject:  Third-Party Web Tracking: Policy and Technology Paper outlining
>>>> harms of tracking
>>>> 
>>>>> Hi Jonathan -
>>>>> 
>>>>> A few days ago, you invited me (via IRC) to review your recent paper which
>>>>> ­ among other items ­ outlines some of the potential harms of tracking.
>>>>> (See https://www.stanford.edu/~jmayer/papers/trackingsurvey12.pdf)
>>>>> 
>>>>> Thanks ­ As you may have noticed, I've been asking a number of folks in
>>>>> the WG for examples of harms and haven't received very much information in
>>>>> response. So I want to applaud your effort to help provide additional
>>>>> information and to facilitate a dialog. That said, I want to make sure I
>>>>> understand your thinking here ­ or at least help clarify some of the
>>>>> distinctions you may be drawing.
>>>>> 
>>>>> I'm curious whether your position is that those harms are equally apparent
>>>>> in a first party setting ­ where a first party utilizes their own data for
>>>>> ad targeting across the internet? For example, in your scenario where "an
>>>>> actor that causes harm to a consumer." Is that not also possible in a
>>>>> first party context? Does the first party not have both "the means", "the
>>>>> access" and at least potentially, the ability to take the  "action" that
>>>>> causes the harms you lay out? (e.g., "Publication, a less favorable offer,
>>>>> denial of a benefit, or termination of employment. Last, a particular harm
>>>>> that is inflicted. The harm might be physical, psychological, or
>>>>> economic.")
>>>>> Do you believe that a direct relationship between consumers and first
>>>>> party websites completely mitigates that risk of harm ­ even where the
>>>>> first parties have significant stores of personally identifiable data?
>>>>> 
>>>>> Has your position evolved over the past few months? Correct me if I'm
>>>>> mistaken, but I believe that one of the proposals offered by Mozilla /
>>>>> Stanford and EFF sought to address forms of first party tracking. Do I
>>>>> have that correct?
>>>>> 
>>>>> Thanks ­ I look forward to hearing your thoughts.
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> 
>>>>> Excerpt from your paper for the convenience of others.
>>>>> 
>>>>> 
>>>>> "When considering harmful web tracking scenarios, we find it helpful to
>>>>> focus on four variables. First, an actor that causes harm to a consumer.
>>>>> The actor might, for example, be an authorized employee, malicious
>>>>> employee, competitor, acquirer, hacker, or government agency. Second, a
>>>>> means of access that enables the actor to use tracking data. The data
>>>>> might be voluntarily transferred, sold, stolen, misplaced, or accidentally
>>>>> distributed. Third, an action that harms the consumer. The action could
>>>>> be, for example, publication, a less favorable offer, denial of a benefit,
>>>>> or termination of employment. Last, a particular harm that is inflicted.
>>>>> The harm might be physical, psychological, or economic.
>>>>> The countless combinations of these variables result in countless possible
>>>>> bad outcomes for consumers. To ex- emplify ourthinking, here is one
>>>>> commonly considered scenario: A hacker (actor) breaksinto a tracking
>>>>> company (means of access) and publishes its tracking information (action),
>>>>> causing some embarrassing fact about the consumer to become known and
>>>>> inflicting emotional distress (harm).9
>>>>> Risks associated with third-party tracking are heightened by the lack of
>>>>> market pressure to exercise good security and privacy practices. If a
>>>>> first-party website is untrustworthy, users may decline to visit it. But,
>>>>> since users are unaware of the very existence of many third-party
>>>>> websites, they cannot reward responsible sites and penalize irresponsible
>>>>> sites.10"
>>>>> 
>>>>> 
>>> 
>