- From: イアンフェッティ <ifette@google.com>
- Date: Mon, 18 Jun 2012 09:24:12 -0700
- To: Jeffrey Chester <jeff@democraticmedia.org>
- Cc: Alan Chapell <achapell@chapellassociates.com>, Jonathan Mayer <jmayer@stanford.edu>, Mike Zaneis <mike@iab.net>, Shane Wiley <wileys@yahoo-inc.com>, Tamir Israel <tisrael@cippic.ca>, Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>, Kimon Zorbas <vp@iabeurope.eu>, "JC Cannon (Microsoft)" <jccannon@microsoft.com>
- Message-ID: <CAF4kx8e4pqYoYpYAjp=1zxQBGUuGKvExYeeM3hRaU4NWJyuFcw@mail.gmail.com>
Jeff, That's precisely the problem. Certain people from this working group seem to have no problem taking statements made on calls and feeding warped versions of those statements to reporters; such tactics do not typically go far when one is trying to be a "negotiator" to reach a "grand compromise". (Also, most "negotiators" whom I have seen be successful in the past, hostage negotiators excepted, have been neutral uninterested third parties, not someone with a clear axe to grind.) -Ian On Mon, Jun 18, 2012 at 9:21 AM, Jeffrey Chester <jeff@democraticmedia.org>wrote: > Alan: I find your language and tone troubling. I hope you know that many > people are looking at this thread. Our communications say a great deal > about ourselves, inc to the EU, FTC and media watching this thread closely. > Maybe even Fox News! > > Jeff > > > > On Jun 18, 2012, at 12:17 PM, Alan Chapell wrote: > > I have no issue with your personality. My issue is with your tactics. > Assuming you can cease utilizing tactics that seem unproductive at best, > then I think you will see fewer emails directed at you; criticizing those > tactics. > > This will be my last note on this matter – I'm hopeful and optimistic that > we can move forward productively from here…. > > > Alan > > > From: Jonathan Mayer <jmayer@stanford.edu> > Date: Monday, June 18, 2012 12:08 PM > To: Jeffrey Chester <jeff@democraticmedia.org> > Cc: Alan Chapell <achapell@chapellassociates.com>, Mike Zaneis < > mike@iab.net>, Shane Wiley <wileys@yahoo-inc.com>, Tamir Israel < > tisrael@cippic.ca>, Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" < > public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>, Kimon Zorbas < > vp@iabeurope.eu>, "ifette@google.com" <ifette@google.com>, "JC Cannon > (Microsoft)" <jccannon@microsoft.com> > Subject: Re: Identity providers as first parties > > This thread has devolved into a Fox News-esque referendum on my > personality. It's both a distraction and ineffectual—those who have > collaborated with me over the past year know I'm a tireless, tough-but-fair > negotiator. > > Enough. Back to substance. > > Jonathan > > On Monday, June 18, 2012 at 5:33 AM, Jeffrey Chester wrote: > > Jonathan has played an extraordinary productive role, with insights, > urging compromise (when people like me looked with dismay about the lack > of progress in achieving real privacy safeguards so far), and leadership. > As I have explained to officials, we have not yet seen serious compromise > from industry to ensure DNT is a spec that protects privacy. Jonathan > wants us to all do better, as do I. We all know--or should--that what we > are doing is being closely watched on both sides of the Atlantic by the > press and policymakers. It would be a serious loss if we don't make > progress in Seattle. > > Jeff Chester > Center for Digital Democracy > Washington DC > www.democraticmedia.org > Jeff@democraticmedia.org > > On Jun 18, 2012, at 5:19 AM, Alan Chapell <achapell@chapellassociates.com> > wrote: > > Jonathan, > > Taking you at your word that your goal is to attain consensus, I would > humbly suggest that the tactics you are using – particularly over the past > several weeks – seem at odds with that goal. I'm hopeful that your latest > email is an indication that we'll see more compromise and fewer juvenile barbs > when we arrive in Bellevue. > > And for the record, as someone from industry – I strongly favor the > proposal proffered by Shane et al. > > Cheers, > > Alan Chapell > Chapell & Associates > 917 318 8440 > > > From: Jonathan Mayer <jmayer@stanford.edu> > Date: Monday, June 18, 2012 2:06 AM > To: Mike Zaneis <mike@iab.net> > Cc: Shane Wiley <wileys@yahoo-inc.com>, Tamir Israel <tisrael@cippic.ca>, > Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" < > public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>, Kimon Zorbas < > vp@iabeurope.eu>, "ifette@google.com" <ifette@google.com>, "JC Cannon > (Microsoft)" <jccannon@microsoft.com> > Subject: Re: Identity providers as first parties > Resent-From: <public-tracking@w3.org> > Resent-Date: Mon, 18 Jun 2012 06:07:15 +0000 > > Shane and Mike, > > As the Bellevue meeting approaches, this group's sole focus must be > attaining consensus on a moderate compromise. I'm doing everything I can > to facilitate that goal. I have neither the time nor patience to swap > puerile barbs for cheap political points. There's far too much at stake. > > Jonathan > > On Sunday, June 17, 2012 at 6:58 PM, Mike Zaneis wrote: > > Jonathan, > > Can you please elaborate on these very serious claims you have made in > back to back posts? First, you attack two of the most engaged, productive > members of the working group (Shane and Roy who are both editors) and claim > they do not speak for the online advertising industry, yet you did not > point to any companies or public statements of support for your position. > As someone who DOES speak for the industry, I know that Shane and Roy > raise issues that THE industry shares. Please provide substantiation for > your claims. > > As for the unfair competition claims, that is laughable. The only legal > claim we should be discussing is one of liable for such ridiculous > statements. > > Mike Zaneis > SVP & General Counsel, IAB > (202) 253-1466 > > On Jun 17, 2012, at 5:52 PM, "Jonathan Mayer" <jmayer@stanford.edu> wrote: > > Shane, > > As I explained in my initial note: > > We have received valuable feedback from a number of participant > viewpoints, including browser vendors, advertising companies, analytics > services, social networks, policymakers, consumer groups, and researchers. > Out of respect for the candid nature of those ongoing conversations, we > leave it to stakeholders to volunteer their contributions to and views on > this proposal. > > I would add that more than one advertising company expressed concern about > possible retaliation if they broke away from the industry trade groups. > I'll leave it to regulators to decide if the industry's practices > constitute unfair competition. > > Jonathan > > On Sunday, June 17, 2012 at 1:51 PM, Shane Wiley wrote: > > Jonathan,**** > ** ** > Continue to disagree (on many levels). Could you please name those in the > online advertising industry that are supportive of the proposal you shared > with the WG?**** > ** ** > Thank you,**** > - Shane**** > ** ** > *From:* Jonathan Mayer [ <jmayer@stanford.edu>mailto:jmayer@stanford.edu<jmayer@stanford.edu>] > > *Sent:* Sunday, June 17, 2012 1:42 PM > *To:* Shane Wiley > *Cc:* Tamir Israel; Rigo Wenning; <public-tracking@w3.org> > public-tracking@w3.org; <rob@blaeu.com>rob@blaeu.com; Kimon Zorbas; > <ifette@google.com>ifette@google.com; JC Cannon (Microsoft) > *Subject:* Re: Identity providers as first parties**** > ** ** > Shane, **** > ** ** > You and Roy have been vocal in your objections to the EFF/Mozilla/Stanford > compromise proposal. I'm disappointed, though given your inflexibility > throughout this process, entirely unsurprised.**** > ** ** > That said, you do not speak for the online advertising industry. Many > companies have been more willing to countenance constructive compromise. > Your conclusion that advertising industry participants have "mostly > rejected" the proposal is inaccurate.**** > ** ** > Jonathan **** > On Sunday, June 17, 2012 at 12:26 PM, Shane Wiley wrote:**** > > Tamir,**** > ** ** > Jonathan's proposal does attempt to address this point but many in the > room feel this should be left to local law. Justin Brookman and I took a > pass at this language but it shifted to becoming overly prescriptive > (legislating via tech standard) so many in the WG asked for local law to > determine.**** > ** ** > I would suggest this conversation be extracted from Jonathan's proposal to > be handled separately as the rest of proposal has been mostly rejected by > those in the WG that are intended to implement DNT in the real-world (on > the 1st party/3rd party side).**** > ** ** > More to come in Seattle...**** > ** ** > - Shane**** > ** ** > -----Original Message-----**** > From: Tamir Israel [ <tisrael@cippic.ca>mailto:tisrael@cippic.ca<tisrael@cippic.ca>] > **** > Sent: Sunday, June 17, 2012 12:19 PM**** > To: Shane Wiley**** > Cc: Rigo Wenning; <public-tracking@w3.org>public-tracking@w3.org; > <rob@blaeu.com>rob@blaeu.com; Kimon Zorbas; <ifette@google.com> > ifette@google.com; JC Cannon (Microsoft)**** > Subject: Re: Identity providers as first parties**** > ** ** > Shane -- I am not remotely attempting doing so.**** > ** ** > As far back as I can see, the spec was going to put conditions on the **** > means by which out of band consent can be sought.**** > ** ** > Jonathan et al's proposal is:**** > ** ** > 1. Actual presentation: The choice mechanism MUST be actually presented ** > ** > to the user. It MUST NOT be on a linked page, such as a terms of service * > *** > or privacy policy.**** > 2. Clear terms: The choice mechanism MUST use clear, non-confusing **** > terminology.**** > 3. Independent choice: The choice mechanism MUST be presented **** > independent of other choices. It MUST NOT be bundled with other user **** > preferences.**** > 4. No default permission: The choice mechanism MUST NOT have the user **** > permission preference selected by default.**** > ** ** > On 6/17/2012 3:16 PM, Shane Wiley wrote:**** > > Tamir,**** > ** ** > That's up to local laws to determine. Please do not attempt to legislate > via W3C tech standard.**** > ** ** > - Shane**** > ** ** > -----Original Message-----**** > From: Tamir Israel [ <tisrael@cippic.ca>mailto:tisrael@cippic.ca<tisrael@cippic.ca> > ]**** > Sent: Sunday, June 17, 2012 12:14 PM**** > To: Shane Wiley**** > Cc: Rigo Wenning; <public-tracking@w3.org>public-tracking@w3.org; > <rob@blaeu.com>rob@blaeu.com; Kimon Zorbas; <ifette@google.com> > ifette@google.com; JC Cannon (Microsoft)**** > Subject: Re: Identity providers as first parties**** > ** ** > Shane -- Out of band consent *does* trump DNT-1. We are now trying to**** > define the parameters by which out of band consent can be sought.**** > ** ** > Best,**** > Tamir**** > ** ** > On 6/17/2012 3:11 PM, Shane Wiley wrote:**** > > Tamir,**** > ** ** > Out-of-band consent trumps DNT. We've been repeating this mantra for over > a year now - becoming repetitive.**** > ** ** > - Shane**** > ** ** > -----Original Message-----**** > From: Tamir Israel [ <tisrael@cippic.ca>mailto:tisrael@cippic.ca<tisrael@cippic.ca> > ]**** > Sent: Saturday, June 16, 2012 5:23 PM**** > To: Shane Wiley**** > Cc: Rigo Wenning; <public-tracking@w3.org>public-tracking@w3.org; > <rob@blaeu.com>rob@blaeu.com; Kimon Zorbas; <ifette@google.com> > ifette@google.com; JC Cannon (Microsoft)**** > Subject: Re: Identity providers as first parties**** > ** ** > Shane --**** > ** ** > Just so we're really clear: if a user authenticates with Yahoo! on site*** > * > A and controls preferences on that site, does the out of band consent**** > dialogue Jonathan showed invalidate DNT-1: on site A? in general?**** > ** ** > Best,**** > Tamir**** > ** ** > On 6/15/2012 11:29 PM, Tamir Israel wrote:**** > > Ok.**** > ** ** > On 6/15/2012 2:07 PM, Shane Wiley wrote:**** > > DAA Opt-out and single-sign on are not related. There are some**** > implementations where the ID is needed beyond the authentication**** > event and therefore data collection occurs outside of the initial**** > authentication event. Users do NOT need to choose Yahoo! as their ID**** > provider if they feel uncomfortable with that outcome.**** > ** ** > - Shane**** > ** ** > -----Original Message-----**** > From: Tamir Israel [ <tisrael@cippic.ca>mailto:tisrael@cippic.ca<tisrael@cippic.ca> > ]**** > Sent: Friday, June 15, 2012 10:56 AM**** > To: Shane Wiley**** > Cc: Rigo Wenning; <public-tracking@w3.org>public-tracking@w3.org; > <rob@blaeu.com>rob@blaeu.com; Kimon**** > Zorbas; <ifette@google.com>ifette@google.com; JC Cannon (Microsoft)**** > Subject: Re: Identity providers as first parties**** > ** ** > Shane,**** > ** ** > Maybe we are getting sidetracked.**** > ** ** > Can you please explain the scope of tracking that results from using**** > Yahoo!'s IdM mechanism? Does it mean you can track all my activities on*** > * > the specific authenticated site? If so does this carry across multiple**** > explicitly authenticated sites? Does it operate in a manner analogous to** > ** > single sign-on? How does it interact with the existing DAA opt-out?**** > ** ** > Thanks and best regards,**** > Tamir**** > ** ** > On 6/15/2012 11:28 AM, Shane Wiley wrote:**** > > Tamir,**** > ** ** > Any service gets to determine its own primary purpose - so if OBA is**** > the payment for the service and this is disclosed as a primary**** > purpose, then that's the bargain the users can choose to consent to**** > or not.**** > ** ** > - Shane**** > ** ** > -----Original Message-----**** > From: Tamir Israel [ <tisrael@cippic.ca>mailto:tisrael@cippic.ca<tisrael@cippic.ca> > ]**** > Sent: Friday, June 15, 2012 8:21 AM**** > To: Shane Wiley**** > Cc: Rigo Wenning; <public-tracking@w3.org>public-tracking@w3.org; > <rob@blaeu.com>rob@blaeu.com; Kimon**** > Zorbas; <ifette@google.com>ifette@google.com; JC Cannon (Microsoft)**** > Subject: Re: Identity providers as first parties**** > ** ** > Shane --**** > ** ** > There are 2 questions here. One is whether you can bundle in the**** > obligation to consent to secondary purposes as a condition of**** > authentication in an IdM context. The primary service in an IdM context*** > * > is authentication, not OBA.**** > ** ** > The second is to what extent the DNT spec should address this. I took**** > the 'independent choice' out of band consent criteria as an attempt to**** > prevent bundling of choices.**** > ** ** > Best,**** > Tamir**** > ** ** > On 6/15/2012 11:06 AM, Shane Wiley wrote:**** > > Tamir,**** > ** ** > But in the use case we're discussing the service being provided is**** > the primary purpose - a user's online identity. A service**** > determines its primary purpose, discloses this to the user, user**** > consents. Case closed.**** > ** ** > - Shane**** > ** ** > -----Original Message-----**** > From: Tamir Israel [ <tisrael@cippic.ca>mailto:tisrael@cippic.ca<tisrael@cippic.ca> > ]**** > Sent: Friday, June 15, 2012 8:02 AM**** > To: Shane Wiley**** > Cc: Rigo Wenning; <public-tracking@w3.org>public-tracking@w3.org; > <rob@blaeu.com>rob@blaeu.com; Kimon**** > Zorbas; <ifette@google.com>ifette@google.com; JC Cannon (Microsoft)**** > Subject: Re: Identity providers as first parties**** > ** ** > Shane, I disagree. Under PIPEDA you should offer users the possibility**** > of opting out of collection, use or disclosure for purposes**** > secondary to**** > the primary service being offered.**** > ** ** > This is the basis of the opt-out consent scheme being applied to**** > online**** > tracking.**** > ** ** > Best,**** > Tamir**** > ** ** > On 6/15/2012 10:58 AM, Shane Wiley wrote:**** > > Tamir,**** > ** ** > I disagree and PIPEDA does as well. As long as you're clear to a**** > user what a service provides and a user expressly consents to**** > those practices, the discussion is over.**** > ** ** > Please don't try to raise CA regulatory schemes into conversations**** > on one hand then completely reverse your stance at whim - this**** > seriously undermines your credibility.**** > ** ** > - Shane**** > ** ** > -----Original Message-----**** > From: Tamir Israel [ <tisrael@cippic.ca>mailto:tisrael@cippic.ca<tisrael@cippic.ca> > ]**** > Sent: Friday, June 15, 2012 7:54 AM**** > To: Shane Wiley**** > Cc: Rigo Wenning; <public-tracking@w3.org>public-tracking@w3.org; > <rob@blaeu.com>rob@blaeu.com; Kimon**** > Zorbas; <ifette@google.com>ifette@google.com; JC Cannon (Microsoft)**** > Subject: Re: Identity providers as first parties**** > ** ** > Shane --**** > ** ** > The need for independent choice is critical, I think, to the out**** > of band**** > consent scheme. You shouldn't be able to force users out of their DNT**** > choices as a condition of authentication.**** > ** ** > Best,**** > Tamir**** > ** ** > On 6/15/2012 10:48 AM, Shane Wiley wrote:**** > > Rigo,**** > ** ** > DNT will NEVER trump an out-of-band consent. The user would**** > simply withdraw from using the service they had provided prior**** > consent to. If the product would like to offer two levels of**** > service, it can of course do that, but that would be completely**** > outside the scope of DNT.**** > ** ** > DNT is not the privacy silver bullet and answer to all privacy**** > issues on the Internet - let's stop trying to push it in that**** > direction.**** > ** ** > Thank you,**** > - Shane**** > ** ** > -----Original Message-----**** > From: Rigo Wenning [ <rigo@w3.org>mailto:rigo@w3.org <rigo@w3.org>]**** > Sent: Friday, June 15, 2012 1:28 AM**** > To: <public-tracking@w3.org>public-tracking@w3.org**** > Cc: Shane Wiley; <rob@blaeu.com>rob@blaeu.com; Kimon Zorbas; > <ifette@google.com>ifette@google.com;**** > Tamir Israel; JC Cannon (Microsoft)**** > Subject: Re: Identity providers as first parties**** > ** ** > Shane, Kimon,**** > ** ** > On Thursday 14 June 2012 16:47:03 Shane Wiley wrote:**** > > I’ve used a few others and they appears to do the same so I’m**** > confused as to what real-world identity provider scenario someone**** > is considering where consent wasn’t already obtained?**** > > I confirm that we agreed that the out-of-band agreement will trump**** > the DNT:1 signal. We also agreed that the service has to signal this**** > to the client.**** > ** ** > I guess, what Rob is trying to achieve is to say, even in this**** > context, a service could offer the choice of stopping to track and**** > only use information for the login/authentication purpose. This**** > could be the meaning of DNT:1 if the Service sends ACK in a**** > login/authentication context. If you're looking for medical**** > information in a login context, you don't want your login provider**** > to spawn that to your insurance. I think this is a very legitimate**** > use case. The service could say: "yes, I see your point" and send**** > ACK instead of "out-of-band".**** > ** ** > We are just defining switches. People will decide whether they**** > switch stuff on or off or provide a switch at all.**** > ** ** > Rigo**** > > ** ** > > > > > >
Received on Monday, 18 June 2012 16:24:46 UTC