- From: Alan Chapell <achapell@chapellassociates.com>
- Date: Fri, 12 Jul 2013 12:45:09 -0400
- To: Peter Swire <peter@peterswire.net>, "public-tracking@w3.org" <public-tracking@w3.org>
- CC: Nicholas Doty <npdoty@w3.org>
- Message-ID: <CE05AA83.355CA%achapell@chapellassociates.com>
Hi Peter - Thanks. I tried to submit my vote earlier, but it was rejected by the system. It may have to do with the length. Nick kindly suggested that I post it to the list, and then offer a link to my email in my response (which I did). Please let me know if it wasn't received. Thanks! From: Peter Swire <peter@peterswire.net> Date: Friday, July 12, 2013 12:42 PM To: Alan Chapell <achapell@chapellassociates.com>, "public-tracking@w3.org" <public-tracking@w3.org> Cc: Nicholas Doty <npdoty@w3.org> Subject: procedure for posting comments today > Hello Alan and the group: > > To make it as easy as possible to collect objections in one, viewable place, > we are asking that you post your comments/objections to the URL below. It > does require logging in as a working group member: > > https://www.w3.org/2002/09/wbs/49311/datahygiene/ > > To view all comments/objections, click here: > > https://www.w3.org/2002/09/wbs/49311/datahygiene/results > > If you experience any technical problems in posting, you can send email to the > chairs and to Nick Doty, at npdoty@w3.org. This will assure that your > comments are considered as submitted in time. We can then assure that your > comments get posted. > > This approach avoids duplicative emails to the list. > > Thank you all, > > Peter > > > > Prof. Peter P. Swire > C. William O'Neill Professor of Law > Ohio State University > 240.994.4142 > www.peterswire.net > > Beginning August 2013: > Nancy J. and Lawrence P. Huang Professor > Law and Ethics Program > Scheller College of Business > Georgia Institute of Technology > > > From: Alan Chapell <achapell@chapellassociates.com> > Date: Friday, July 12, 2013 12:30 PM > To: "public-tracking@w3.org" <public-tracking@w3.org> > Subject: Chapell - Objection to Editor's draft > Resent-From: <public-tracking@w3.org> > Resent-Date: Friday, July 12, 2013 12:31 PM > > July 12, 2013 > > Peter Swire > Matthias Schunter > World Wide Web Consortium > 32 Vassar Street, 32-G519 > Cambridge, Massachusetts 02139 > > Re: Tracking Protection Working Group July Vote > > Dear Peter & Matthias: > > Iıd like to thank the W3C and the co-chairs for the opportunity to provide > feedback to the June W3C Draft (³Editorıs Draft²). I recognize all of the hard > work that has gone into the Editorıs Draft. > > However, I respectfully object to the Editorıs Draft, and strongly encourage > the W3C to use the industry consensus proposal (the ³DAA Proposal²) as a > starting point for the TPWGıs continued work. > > > > The Editorıs Draft is harmful to competition. > The potential anti-competitive implications of this working groupıs output > have been well documented. For example, during a recent hearing at the U.S. > Senate Commerce Committee, several of the committee members raised concerns > about the anti-competitive implications of DNT. Specifically, concerns were > raised about this working group picking winners and losers (Senator Heller), > and there were similar concerns that the W3C process may result in bolstering > a handful of giant Internet companies and ensuring everyone else goes out of > business (Senator McCaskill). Moreover, recent speeches by FTC Commissioner > Commission Olhousen raised anti-competitive concerns about this process, and > Iıve heard similar concerns coming from regulators within the EU. It is worth > noting that the FTC participation in this working group has focused almost > exclusively on privacy with very little mention of the competitive impact of > DNT. > > > For over two years, the approach of this working group has been to focus > almost exclusively on third-party data collection while imposing few limits on > larger entities. Under any implementation, data is going to be collected when > DNT=1 so it comes down to who gets to collect data and for what purposes. > Ceasing collection by third parties while barely curtailing first party data > collection does not provide consumers with meaningful privacy protections > under any objective analysis. And in light of recent events, some analysts > have noted that concentration of information in a small number of large > entities will have negative repercussions on personal freedoms. (See > http://www.newyorker.com/online/blogs/elements/2013/06/why-monopolies-make-spy > ing-easier.html) > > > The Editorıs Draft continues this trend. I continue to be surprised that so > many working group members who hold themselves out as privacy advocates have > accepted this approach. The Editorıs Draft will negatively impact competition > in the Internet economy, without a positive net benefit to users' privacy. By > favoring first party business models and severely curtailing third party > players (who for the most part use pseudonymous data, rather than the PII that > most first parties hold), it would shift marketplace incentives toward more > first party data collection. The end result will be less competition and more > data collected and associated with the personally identifiable information of > consumers: a poor outcome by any objective privacy standard. > > > Conversely, the DAA Proposal offers privacy-enhancing features (e.g., removal > of the URL string when DNT=1) that are geared to address a core concern raised > by advocates and regulators while minimizing the anti-competitive impact of > DNT. > > > Section 7 of the Editorıs Draft is unclear and conflates Opt-out with DNT > As noted by other WG members, section 7 of the Editorıs Draft is confusing, as > it is not clear to which opt-outs the text is referring (user settings for a > specific site? Email marketing opt-outs?). Moreover, most opt-outs choices are > recorded utilizing third-party cookies. Any attempt to include opt-out in a > DNT spec is inappropriate without a corresponding requirement that browser > stop blocking third-party cookies. > > More importantly, industry self-regulatory opt-out mechanisms were always > intended to function separately from DNT. DNT is intended to be a global > standard, and the self-regulatory regimes focus on particular regions. I (and > other WG members) have concerns about including a reference to such programs > in a global specification where implementers may be in regions where the > self-regulatory program has not been deployed. Some members of the working > group have suggested that DNT should replace the industry self-regulatory > programs. However, this notion ignores the significant time and resources > invested in self-regulatory programs that were created in consultation with > regulators from multiple jurisdictions. The self-regulatory programs are > effective, while DNT is completely untested to date. Throwing out the > self-regulatory programs in favor of DNT at this junction would be reckless > and could harm consumer privacy interests. > > > Finally, and as described below, the volume of non-browser, non-user activated > DNT signals is growing at an alarming rate. Until DNT:1 signals can be > technically structured such that Servers have confidence they were actually > turned on by users, then equating DNT:1 to the industry opt-out program is > impractical. > > The Editorıs Draft does not offer any mechanism to address the proliferation > of invalid DNT signals > By definition, many of the DNT signals being sent today are out of compliance > with the Editorıs Draft. This is not meant to be a criticism of work done by > the browsers to date. Rather, its meant as a simple observation: that a > significant number of DNT signals were enacted in a manner that is out of > compliance with the User Agent requirements contained the Editorıs Draft > (e.g., the disclosure guidelines in Section 3). In order to mitigate this > issue, the Editorıs Draft would need to essentially require that all > enactments of DNT be turned off (set to DNT:unset) so that Users may reset > them in a manner that meets the basic disclosure requirements of the current > spec. > > > Perhaps more concerning, the volume of non-browser, non-user activated DNT > signals is growing at an alarming rate. The cost of adding DNT:1 to the > header is very inexpensive from a technical perspective and weıve seen > routers, anti-virus software, plug-ins and other tools set DNT=1 in ways that > violate basic standards of privacy. To use W3C co-chair Matthias Schunter's > phrase, we're seeing a proliferation of DNT signals "spraying" into the > ecosystem. While many of us are still hopeful solutions can be found to > contain the issue, the reality for the foreseeable future is that weıll > continue to see DNT invalid implementations of DNT and are unlikely to > consistently be able to distinguish between valid and invalid DNT > implementations. > > > Some working group members have asserted that we should simply err on the side > of caution and treat all DNT signals as valid. However, I strongly believe > that this approach would violate long-standing privacy concepts such as > notice, choice, and transparency. > > > The Editorıs Draft exempts browsers and other user agents from prohibitions > against tracking > The Editorıs Draft does not prohibit user agents from either: a) taking URL > string to create segments to sell to advertisers (or others) for ad targeting > across the web, or b) enabling other entities to do so. To my eyes, that type > of behavior would be considered tracking and should be prohibited by the spec. > Unfortunately, it is not covered by the Editorıs Draft. If others in the > ecosystem are prohibited from tracking, it seems fair and appropriate that we > ensure that similar prohibitions are placed on user agents. > > > The Editorıs Draft will result in a low level of adoption > The larger goal of all W3C initiatives is voluntary adoption by implementers > of the standard. Unfortunately, the Editorıs Draft suffers from too many > significant flaws that it is unlikely to be adopted by the marketplace. The > entities primarily covered by the proposed DNT standard -- third party online > businesses are unlikely to adopt and comply with the approach in the > Editorıs Draft, because it is over-broad and anti-competitive, and would > severely curtail their businesses without a commensurate privacy benefit to > consumers. A balanced and narrowly tailored approach that solves specific > privacy concerns while maintaining competition and a diverse internet economy > is much more likely to gain widespread adoption, and ultimately benefit > consumers. > > Conversely, the DAA Proposal has a significantly greater chance of receiving > widespread adoption (admittedly, with some polishing). The Editorıs Draft has > so many flaws and non-starters for the intended implementers it's not a useful > baseline for continuing discussion, especially in light of the DAA's proposal > which is ostensibly much, much closer to a form that would actually be > accepted by intended implementers. Hence, the DAA Proposal has a significantly > greater chance of receiving widespread adoption. > > For the above reasons, I object to the Editorıs Draft and encourage the chairs > to move forward with the DAA Proposal. > > Respectfully, > > Alan Chapell > Chapell & Associates > >
Received on Friday, 12 July 2013 16:45:44 UTC