W3C home > Mailing lists > Public > public-tracking@w3.org > June 2013

Change proposal -- Permitted Use Security and Fraud -- Issue-24

From: John Simpson <john@consumerwatchdog.org>
Date: Fri, 21 Jun 2013 06:44:01 -0700
Message-Id: <1A837F15-381F-4E28-A0AF-8D9D5E731E9E@consumerwatchdog.org>
Cc: "Roy T. Fielding" <fielding@gbiv.com>, Chris Mejia <chris.mejia@iab.net>
To: "public-tracking@w3.org List" <public-tracking@w3.org>
Colleagues,

I wanted to ensure that the security permitted use language first proposed by Roy Fielding and incorporating essential non-normative text suggest by Ian Fette be considered.  It would substitute for the security language in the June draft and adds the essential concept of graduated response and, importantly, explains the concept.

Regardless of the tracking preference expressed, data may be
   collected, retained, and used to the extent reasonably necessary
   to detect security incidents, protect the service against malicious,
   deceptive, fraudulent, or illegal activity, and prosecute those
   responsible for such activity, provided that such data is not
   used for operational behavior (profiling or personalization)
   beyond what is reasonably necessary to protect the service or
   institute a graduated response.

   When feasible, a graduated response to a detected security incident
   is preferred over widespread data collection (see <defn>).
   An example would be recording all use from a given IP address range,
   regardless of DNT signal, if the party believes it is seeing a
   coordinated attack on its service (such as click fraud) from that
   IP address range. Similarly, if an attack shared some other
   identifiable fingerprint, such as a combination of User Agent and
   other protocol information, the party could retain logs on all
   transactions matching that fingerprint until it can be determined
   that they are not associated with such an attack or such retention
   is no longer necessary to support prosecution.
Regards,
John

---------
John M. Simpson
Privacy Project Director
Consumer Watchdog
2701 Ocean Park Blvd., Suite 112
Santa Monica, CA, 90405
Tel: 310-392-7041
Cell: 310-292-1902
www.ConsumerWatchdog.org
john@consumerwatchdog.org
Received on Friday, 21 June 2013 13:44:28 UTC

This archive was generated by hypermail 2.3.1 : Friday, 3 November 2017 21:45:13 UTC