W3C home > Mailing lists > Public > public-tracking@w3.org > December 2011

Re: [ISSUE-5] What is the definition of tracking?

From: Aleecia M. McDonald <aleecia@aleecia.com>
Date: Mon, 12 Dec 2011 00:49:33 -0800
Message-Id: <3D875222-E7DF-47EA-903B-711FB9C5B794@aleecia.com>
To: Tracking Protection Working Group WG <public-tracking@w3.org>

For those newer to our merry band, I generally read threads carefully but generally let them take their own course. On this one I'm going to step in and make a request: if you absolutely are determined to have this discussion, please take it to public-privacy (or I can ask to set up a new meta discussion list, if that's favored) rather than attempting to hash this out on the public-tracking list, where we are also trying to get work done with deadlines attached. 

Bjoern is correct that the charter is very broad. Several people agree with the idea that we must figure out why we are here, what we want to accomplish, and we should start with principles like what is privacy, does privacy matter and if so to whom, and so forth. While I have some sympathy for that view, I've pushed not to have those discussions. There are two reasons for this (and Jonathan provided some excellent additional reasons).

The first is simply time. We could readily spend from now until June and still not agree on what "tracking" means. It would be a fascinating discussion, I am sure, but the mailing list discussion is not a deliverable. We have standards documents to get done in a very short time. Right now there are three topics I wish to discuss on the Wednesday call, all with text at least one author is over-due writing. For my own part, I owe email responses to several WG members right now, including on some important issues (and hope to be fully caught up by the end of Monday). These sorts of meta-discussions can soak up arbitrary amounts of time, and are potentially very distracting from work we all need to get done. 

The second is I do not think we will come to agreement on the higher-level philosophical issues. Across the span of the membership, we hold very different views. We will continue to pick up new members over time, which makes it even less plausible that we can hash this out once and for all and move on. 

Fortunately, we are not here to solve world peace. I believe we can make good consensus decisions on how to create recommendations everyone can live with, even when we have different reasons for reaching those agreements. We also have some good common ground on goals. From the first meeting in Santa Clara on, we have been talking about writing a recommendation that companies can implement, and that works to give users additional control. 

Let me take an example. Are we working on data collection, or not? When phrased that way we could spend weeks debating the pros and cons. And for some WG members, this becomes a guessing game about FTC intentions: data collection is required in the staff report that came out a year ago, but does that mean all collection, most collection, or is just limiting a little collection going to be enough to satisfy the FTC? What does "collection" mean, anyway? Are IP addresses collected even if they are not logged? What about Germany's laws around IP addresses? If we take the broad question of "collection or not?" we could spend a lot of energy and still not have standards language. And yet. When we had a phone conference, we agreed in extraordinarily short time that third parties receiving DNT: 1 stop data collection, unless covered by an exemption. As of that call, data collection is part of the recommendation. 

One of the things I am thinking about quite a bit right now is how we can create recommendations that are useful in different countries, with different laws and values. I am thinking of this as how to simultaneously "solve for the US" and "solve for Germany" with the assumption that if we can manage both, we have a pretty good range. I think this is possible to do at once. It does *not* mean trying to figure out if the US or Germany is "right" on privacy -- not only is that a hopeless task, mercifully it is not ours to take on. There are regulators and lawmakers aplenty. What we are uniquely positioned to do is to work out standards that support those different value systems, not try to standardize values. 

I have just gone into philosophy on why I think we should not get too far into philosophy. Sigh.

Received on Monday, 12 December 2011 08:50:08 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:38:28 UTC