Re: Initial Work Plan on Change Proposals, including for next Wednesday from Rob van Eijk on 2013-07-03 (public-tracking@w3.org from July 2013)

From: Rob van Eijk <rob@blaeu.com>
Date: Wed, 03 Jul 2013 21:25:42 +0200
To: public-tracking@w3.org
Message-ID: <ea3bfed1-3f93-4181-a1b2-9e8082691cf5@email.android.com>
Example of the linkability of hashed pseudonyms: https://blog.twitter.com/2013/experimenting-with-new-ways-to-tailor-ads, a nice use case that shows that the definition of de-identified in the DAA proposal may cause problems.

Rob

Rob van Eijk <rob@blaeu.com> wrote:

>
>Peter,
>
>We have gotten to the point that the only logical and responsible way
>forward IMHO is to task industry to chop up the DAA proposal into
>change proposals and include these in the wiki that Nick painstakingly
>kept up to date.
>
>Next week, I hope that the group will want to dive deeper into the
>discussion on de-identification, when Shane and Dan are back. Dan put
>out a reasonable request on the mailing list, after having put in a lot
>of work on the topic of de-identification.
>
>Rob
>
>
>Dan Auerbach <dan@eff.org> wrote:
>
>>Hi Peter and everyone,
>>
>>I'm unfortunately on vacation next week and won't be available for
>this
>>call. I have given a lot of thought and energy to the
>de-identification
>>and unique id issues, so would like the opportunity to further discuss
>>the following week once I'm back before any decisions are made. I will
>>catch up with the minutes. I'd love to get to agreement on these
>>issues,
>>but they are tough and important, so we need to proceed carefully.
>>
>>Below are some quick comments addressing some of your questions:
>>
>>On 06/28/2013 02:56 PM, Peter Swire wrote:
>>>
>>> To the Working Group:
>>>
>>>  
>>>
>>>             W3C staff and I express appreciation for the hard and
>>> high-quality work that so many of you have put into submitting
>change
>>> proposals to the June Draft.  This email alerts you to the initial
>>> work plan, for the coming week.  We wanted to give you this
>>> information as soon as possible, and plan to circulate as soon as we
>>> can a more complete work plan through the end of July.
>>>
>>>  
>>>
>>>             For the call on Wednesday, July 3, we once again may go
>>> for up to 120 minutes if ittakes that long to complete the agenda. 
>>We
>>> will attempt to keep the call to the usual 90 minutes if we can. 
>>This
>>> email sets forth the current plan for the Wednesday call.
>>>
>>>  
>>>
>>>             _De-identification._      
>>>
>>>  
>>>
>>>             Perhaps not surprisingly in light of all the work done
>on
>>> the issue, the first topic will be to examine and discuss the
>>multiple
>>> proposals on de-identification, as well as other provisions relating
>>> to identification.
>>>
>>>  
>>>
>>>             For this discussion, and comments on the list before
>>> Wednesday, we will address the change proposals, alphabetically
>from:
>>> Dan Auerbach, Rob van Eijk, Roy Fielding, and Thomas Schauf, as well
>>> as the DAA group.
>>>
>>>  
>>>
>>>             For the discussion, and comments prior to Wednesday, it
>>> would be helpful to comment on issues including: (1) how to choose
>>> between two- and three-stage proposals;
>>>
>>
>>I think the 2 stage proposal is simpler. If we move to a 3 stage
>>proposal, the onus is on those advocating for this to (1) properly
>>define the yellow stage, and (2) prove that it is useful to the group
>>to
>>have 3 stages.
>>
>>Regarding (1), I do not think it has been sufficiently defined. For
>>example, what is a "suspect query string" in a URL? What are
>>operational
>>controls? What granularity is the geo information that supplants IP
>>address? What rigorously defined properties does a yellow stage
>possess
>>with respect to risk towards privacy that a red stage lacks? These are
>>hard questions, and I'm not sure we will be able to answer them
>>rigorously enough.
>>
>>Regarding (2), I don't think adding a stage has reduced our
>>disagreement, but rather just shifted it. Whereas in the two stage
>>process, we disagreed about the definition of de-identification and
>how
>>it would apply to non-normative examples, with a three stage process,
>>we
>>now disagree with how much value the yellow stage has. Modulo
>>definitional issues, I'm comfortable with a yellow stage as stated,
>>provided it is used in an incredibly limited way and things move very
>>quickly to green. I suspect that Shane disagrees with this, and thinks
>>there is a lot of value in yellow. Given that we've just shifted
>>disagreement, I'm not sure it's really a step forward.
>>
>>Also as a matter of politeness, since we agreed in Sunnyvale that we
>>would come up with a new name for "yellow" given that both
>>"de-identified" and "pseudonymous" were too contentious, I'd
>appreciate
>>it if we could avoid using the latter two terms when talking about the
>>3
>>state proposal. Let's just use the placeholder "yellow" until we agree
>>on what the state should be called.
>>
>>> (2) the pros and cons of the DAA proposed changed language, compared
>>> to the longstanding focus on language similar to the FTC’s
>three-part
>>> test; (3) clarifying any similarities and differences between Rob’s
>>> approach and the other two; and (4) how to think about the use of
>>> non-normative text here inaddition to normative text.
>>>
>>On (4), I very much agree with Adrian's comment on a call that if we
>>can't begin to see close to eye to eye with respect to non-normative
>>examples, it would be unwise to fool ourselves into thinking we have
>>agreement. We have a concrete use case that is in contention that
>>doesn't strike me as an edge case: a browsing history tied together by
>>unique identifiers that stretches over a long time span, and has some
>>fields altered, for example IP->Geo. Is this de-identified or not? If
>>we
>>can't answer that question, we don't have a good idea of what we are
>>trying to define by the term.
>>
>>>  
>>>
>>>              _Identification and Unique Identifiers._
>>>
>>>  
>>>
>>>             Another issue on identification and de-identification
>>> concerns the June Draft text  that “Third parties MUST NOT rely on
>>> unique identifiers for users or devices if alternative solutions are
>>> reasonably available.”
>>>
>>>  
>>>
>>>             Amy Colando proposed a change to add “technically
>>> feasible” after “reasonably available.”
>>>
>>>  
>>>
>>>             The DAA group proposed deleting this provision entirely.
>>>
>>>  
>>>
>>>             For this discussion, it would be helpful to have
>comments
>>> and discussion on issues including: (1) the clarity (or lack
>thereof)
>>> of “reasonably available” and “technically feasible”; (2) evidence
>>> that such alternatives are available today or may soon be available;
>>> and (3) reasons for or against shifting to alternatives if they
>>become
>>> “reasonably available” and/or “technically feasible.”
>>>
>>My biggest problem with this language is the lack of clarity regarding
>>"technically feasible" and "reasonably available", and it's puzzling
>>since no-unique-id solutions exist today. After discussion with
>various
>>people, I don't think that it's too high a bar to forego the use of
>>unique ids for DNT:1 users, except in one-off situations. For example,
>>large successful ad companies have existed which do not use unique
>ids.
>>I have yet to hear a compelling need, but for web companies that may
>>have one that hasn't been raised in this working group, they are free
>>to
>>not implement this voluntary tracking standard.
>>
>>>  
>>>
>>>              _The DAA Group proposal._
>>>
>>>  
>>>
>>>             After these discussions, the DAA group is invited to
>>> explain to the group its overall proposal for a path forward to Last
>>> Call.  As I understand it, the DAA group has presented an
>integrated,
>>> overall proposal, where it would support what essentially is a
>>package
>>> of proposed changes to the June Draft. 
>>>
>>>  
>>>
>>>             With a presentation of this integrated package, the
>group
>>> can ask questions to clarify the multiple proposed changes, and
>begin
>>> a process of identifying areas where others in the group may agree
>to
>>> the proposal, or an amended version of theproposal, or else
>>articulate
>>> reasons why they would not join a consensus on the proposal.
>>>
>>>  
>>>
>>>             In terms of work leading up to Wednesday’s call, please
>>> make proposed language changes directly to the wikis, while
>>explaining
>>> the rationale for changes to the full list.
>>>
>>>  
>>>
>>>             Thank you, and information on other next steps will
>>> follow.  (I note, however, that I likely will have limited
>>> connectivity this weekend.)
>>>
>>>  
>>>
>>>             Peter
>>>
>>>
>>> P.S. Please feel free to be working on the other change issues as
>>> well, as a way to move forward as effectively as possible.  The
>point
>>> of this email is to highlight the group work in the coming days.
>>>
>>>  
>>>
>>>  
>>>
>>>  
>>>
>>>
>>>
>>> Prof. Peter P. Swire
>>> C. William O'Neill Professor of Law
>>> Ohio State University
>>> 240.994.4142
>>> www.peterswire.net
>>>
>>> Beginning August 2013:
>>> Nancy J. and Lawrence P. Huang Professor
>>> Law and Ethics Program
>>> Scheller College of Business
>>> Georgia Institute of Technology
>>>
Received on Wednesday, 3 July 2013 19:26:12 UTC