- From: Peter Cranstone <peter.cranstone@gmail.com>
- Date: Mon, 18 Jun 2012 10:49:19 -0600
- To: <ifette@google.com>, Jeffrey Chester <jeff@democraticmedia.org>
- CC: Alan Chapell <achapell@chapellassociates.com>, Jonathan Mayer <jmayer@stanford.edu>, Mike Zaneis <mike@iab.net>, Shane Wiley <wileys@yahoo-inc.com>, Tamir Israel <tisrael@cippic.ca>, Rigo Wenning <rigo@w3.org>, "public-tracking@w3.org" <public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>, Kimon Zorbas <vp@iabeurope.eu>, "JC Cannon (Microsoft)" <jccannon@microsoft.com>
- Message-ID: <CC04B7B1.3ABB%peter.cranstone@gmail.com>
It seems awfully late to be discussing what constitutes a common objective. How about we define and agree on a definition of privacy? With that out of the way the objective will hopefully become a lot easier. What about starting with the CDT definition? Anything wrong with that? Peter ___________________________________ Peter J. Cranstone 720.663.1752 From: "Ian Fette (イアンフェッティ)" <ifette@google.com> Reply-To: <ifette@google.com> Date: Monday, June 18, 2012 10:44 AM To: Jeffrey Chester <jeff@democraticmedia.org> Cc: Alan Chapell <achapell@chapellassociates.com>, Jonathan Mayer <jmayer@stanford.edu>, Mike Zaneis <mike@iab.net>, Shane Wiley <wileys@yahoo-inc.com>, Tamir Israel <tisrael@cippic.ca>, Rigo Wenning <rigo@w3.org>, W3 Tracking <public-tracking@w3.org>, "rob@blaeu.com" <rob@blaeu.com>, Kimon Zorbas <vp@iabeurope.eu>, "JC Cannon (Microsoft)" <jccannon@microsoft.com> Subject: Re: Identity providers as first parties Resent-From: W3 Tracking <public-tracking@w3.org> Resent-Date: Mon, 18 Jun 2012 16:44:52 +0000 > Jeff, > > I think we all want to see a spec come out that is meaningful and can see > broad adoption by websites while providing a meaningful benefit to consumers > over the current status-quo. That said, I don't appreciate being > misrepresented to press. On that call we were discussing defaults, IE10, and > choice. What I expressed on that call was that, as we have agreed since the > beginning in this WG, DNT is a voluntary mechanism that we are hoping people > will opt-in to. Sites have an option as to whether or not they will support > DNT, and whether they will support it uniformly for all requests or, for > instance, decline the request from user agents known to set it by default, and > ideally have some mechanism in the spec to provide notice to that effect to > the user. > > That's a far cry from saying "we will be able to do whatever [we] want > anyways." > > As to your last point, I continue to feel that the biggest obstacle this > working group faces is that we still have not yet agreed on a common purpose > that we are working towards. We came to the table intending to provide a > mechanism through the browser with which users could opt-out of receiving > online behavioural advertisements. Others came to the table with the aim of > solving the Article 29 "opt-in" issues. Others still have come to the table > with the objective of stopping all data collection by "third parties". Until > we can agree on a common objective for this WG, I fear we may continue to > operate in a less-than-optimal manner. > > -Ian > > On Mon, Jun 18, 2012 at 9:36 AM, Jeffrey Chester <jeff@democraticmedia.org> > wrote: >> I hadn't seen this. But I think Jonathan was correct in his >> characterization. Many privacy advocates hope that Google will provide >> greater leadership to adopt meaningful DNT standard. We are waiting to see >> its plans to ensure the spec protects privacy. >> >> Jeff >> >> >> >> On Jun 18, 2012, at 12:31 PM, Ian Fette (イアンフェッティ) wrote: >> >>> Jeff, >>> >>> With respect, >>> >>> >>> "It's not clear to what extent we'll get an agreement on this," Mayer told >>> CNNMoney. "One of Google's representatives said on the call that the company >>> will be able to do whatever it wants anyways. I'm stunned at how transparent >>> some of these companies were -- they just want to minimize the number of Do >>> Not Track users, period." >>> >>> http://money.cnn.com/2012/06/07/technology/do-not-track/index.htm >>> >>> That type of behaviour is not something one would expect from someone who >>> bills themselves as being a "tough-but-fair negotiator." >>> >>> -Ian >>> >>> On Mon, Jun 18, 2012 at 9:27 AM, Jeffrey Chester <jeff@democraticmedia.org> >>> wrote: >>>> Ian: I suggest that what reporters are doing is merely reading the texts >>>> posted. That what's been written says a great deal about both personal >>>> views and--one assumes--the position taken by the CEO and board on DNT and >>>> the spec. There hasn't been anything taken out of context I know about. >>>> See you soon. >>>> >>>> Jeff >>>> >>>> >>>> >>>> On Jun 18, 2012, at 12:24 PM, Ian Fette (イアンフェッティ) wrote: >>>> >>>>> Jeff, >>>>> >>>>> That's precisely the problem. Certain people from this working group seem >>>>> to have no problem taking statements made on calls and feeding warped >>>>> versions of those statements to reporters; such tactics do not typically >>>>> go far when one is trying to be a "negotiator" to reach a "grand >>>>> compromise". (Also, most "negotiators" whom I have seen be successful in >>>>> the past, hostage negotiators excepted, have been neutral uninterested >>>>> third parties, not someone with a clear axe to grind.) >>>>> >>>>> -Ian >>>>> >>>>> On Mon, Jun 18, 2012 at 9:21 AM, Jeffrey Chester >>>>> <jeff@democraticmedia.org> wrote: >>>>>> Alan: I find your language and tone troubling. I hope you know that >>>>>> many people are looking at this thread. Our communications say a great >>>>>> deal about ourselves, inc to the EU, FTC and media watching this thread >>>>>> closely. Maybe even Fox News! >>>>>> >>>>>> Jeff >>>>>> >>>>>> >>>>>> >>>>>> On Jun 18, 2012, at 12:17 PM, Alan Chapell wrote: >>>>>> >>>>>>> I have no issue with your personality. My issue is with your tactics. >>>>>>> Assuming you can cease utilizing tactics that seem unproductive at best, >>>>>>> then I think you will see fewer emails directed at you; criticizing >>>>>>> those tactics. >>>>>>> >>>>>>> This will be my last note on this matter – I'm hopeful and optimistic >>>>>>> that we can move forward productively from here…. >>>>>>> >>>>>>> >>>>>>> Alan >>>>>>> >>>>>>> >>>>>>> From: Jonathan Mayer <jmayer@stanford.edu> >>>>>>> Date: Monday, June 18, 2012 12:08 PM >>>>>>> To: Jeffrey Chester <jeff@democraticmedia.org> >>>>>>> Cc: Alan Chapell <achapell@chapellassociates.com>, Mike Zaneis >>>>>>> <mike@iab.net>, Shane Wiley <wileys@yahoo-inc.com>, Tamir Israel >>>>>>> <tisrael@cippic.ca>, Rigo Wenning <rigo@w3.org>, >>>>>>> "public-tracking@w3.org" <public-tracking@w3.org>, "rob@blaeu.com" >>>>>>> <rob@blaeu.com>, Kimon Zorbas <vp@iabeurope.eu>, "ifette@google.com" >>>>>>> <ifette@google.com>, "JC Cannon (Microsoft)" <jccannon@microsoft.com> >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> >>>>>>> >>>>>>> This thread has devolved into a Fox News-esque referendum on my >>>>>>> personality. It's both a distraction and ineffectual—those who have >>>>>>> collaborated with me over the past year know I'm a tireless, >>>>>>> tough-but-fair negotiator. >>>>>>> >>>>>>> Enough. Back to substance. >>>>>>> >>>>>>> Jonathan >>>>>>> >>>>>>> On Monday, June 18, 2012 at 5:33 AM, Jeffrey Chester wrote: >>>>>>> >>>>>>> >>>>>>> Jonathan has played an extraordinary productive role, with insights, >>>>>>> urging compromise (when people like me looked with dismay about the >>>>>>> lack of progress in achieving real privacy safeguards so far), and >>>>>>> leadership. As I have explained to officials, we have not yet seen >>>>>>> serious compromise from industry to ensure DNT is a spec that protects >>>>>>> privacy. Jonathan wants us to all do better, as do I. We all know--or >>>>>>> should--that what we are doing is being closely watched on both sides of >>>>>>> the Atlantic by the press and policymakers. It would be a serious loss >>>>>>> if we don't make progress in Seattle. >>>>>>> >>>>>>> Jeff Chester >>>>>>> Center for Digital Democracy >>>>>>> Washington DC >>>>>>> www.democraticmedia.org <http://www.democraticmedia.org/> >>>>>>> Jeff@democraticmedia.org >>>>>>> >>>>>>> On Jun 18, 2012, at 5:19 AM, Alan Chapell >>>>>>> <achapell@chapellassociates.com> wrote: >>>>>>> >>>>>>> Jonathan, >>>>>>> >>>>>>> Taking you at your word that your goal is to attain consensus, I would >>>>>>> humbly suggest that the tactics you are using – particularly over the >>>>>>> past several weeks – seem at odds with that goal. I'm hopeful that your >>>>>>> latest email is an indication that we'll see more compromise and fewer >>>>>>> juvenile barbs when we arrive in Bellevue. >>>>>>> >>>>>>> And for the record, as someone from industry – I strongly favor the >>>>>>> proposal proffered by Shane et al. >>>>>>> >>>>>>> Cheers, >>>>>>> >>>>>>> Alan Chapell >>>>>>> Chapell & Associates >>>>>>> 917 318 8440 <tel:917%20318%208440> >>>>>>> >>>>>>> >>>>>>> From: Jonathan Mayer <jmayer@stanford.edu> >>>>>>> Date: Monday, June 18, 2012 2:06 AM >>>>>>> To: Mike Zaneis <mike@iab.net> >>>>>>> Cc: Shane Wiley <wileys@yahoo-inc.com>, Tamir Israel >>>>>>> <tisrael@cippic.ca>, Rigo Wenning <rigo@w3.org>, >>>>>>> "public-tracking@w3.org" <public-tracking@w3.org>, "rob@blaeu.com" >>>>>>> <rob@blaeu.com>, Kimon Zorbas <vp@iabeurope.eu>, "ifette@google.com" >>>>>>> <ifette@google.com>, "JC Cannon (Microsoft)" <jccannon@microsoft.com> >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> Resent-From: <public-tracking@w3.org> >>>>>>> Resent-Date: Mon, 18 Jun 2012 06:07:15 +0000 >>>>>>> >>>>>>> >>>>>>> Shane and Mike, >>>>>>> >>>>>>> As the Bellevue meeting approaches, this group's sole focus must be >>>>>>> attaining consensus on a moderate compromise. I'm doing everything I >>>>>>> can to facilitate that goal. I have neither the time nor patience to >>>>>>> swap puerile barbs for cheap political points. There's far too much at >>>>>>> stake. >>>>>>> >>>>>>> Jonathan >>>>>>> On Sunday, June 17, 2012 at 6:58 PM, Mike Zaneis wrote: >>>>>>> >>>>>>> >>>>>>> Jonathan, >>>>>>> >>>>>>> Can you please elaborate on these very serious claims you have made in >>>>>>> back to back posts? First, you attack two of the most engaged, >>>>>>> productive members of the working group (Shane and Roy who are both >>>>>>> editors) and claim they do not speak for the online advertising >>>>>>> industry, yet you did not point to any companies or public statements of >>>>>>> support for your position. As someone who DOES speak for the industry, I >>>>>>> know that Shane and Roy raise issues that THE industry shares. Please >>>>>>> provide substantiation for your claims. >>>>>>> >>>>>>> As for the unfair competition claims, that is laughable. The only legal >>>>>>> claim we should be discussing is one of liable for such ridiculous >>>>>>> statements. >>>>>>> >>>>>>> Mike Zaneis >>>>>>> SVP & General Counsel, IAB >>>>>>> (202) 253-1466 <tel:%28202%29%20253-1466> >>>>>>> >>>>>>> On Jun 17, 2012, at 5:52 PM, "Jonathan Mayer" <jmayer@stanford.edu> >>>>>>> wrote: >>>>>>> >>>>>>> Shane, >>>>>>> >>>>>>> As I explained in my initial note: >>>>>>> We have received valuable feedback from a number of participant >>>>>>> viewpoints, including browser vendors, advertising companies, analytics >>>>>>> services, social networks, policymakers, consumer groups, and >>>>>>> researchers. Out of respect for the candid nature of those ongoing >>>>>>> conversations, we leave it to stakeholders to volunteer their >>>>>>> contributions to and views on this proposal. >>>>>>> I would add that more than one advertising company expressed concern >>>>>>> about possible retaliation if they broke away from the industry trade >>>>>>> groups. I'll leave it to regulators to decide if the industry's >>>>>>> practices constitute unfair competition. >>>>>>> >>>>>>> Jonathan >>>>>>> >>>>>>> >>>>>>> On Sunday, June 17, 2012 at 1:51 PM, Shane Wiley wrote: >>>>>>> >>>>>>> Jonathan, >>>>>>> >>>>>>> Continue to disagree (on many levels). Could you please name those in >>>>>>> the online advertising industry that are supportive of the proposal you >>>>>>> shared with the WG? >>>>>>> >>>>>>> Thank you, >>>>>>> - Shane >>>>>>> >>>>>>> From: Jonathan Mayer [ <mailto:jmayer@stanford.edu> >>>>>>> mailto:jmayer@stanford.edu] >>>>>>> Sent: Sunday, June 17, 2012 1:42 PM >>>>>>> To: Shane Wiley >>>>>>> Cc: Tamir Israel; Rigo Wenning; <mailto:public-tracking@w3.org> >>>>>>> public-tracking@w3.org; <mailto:rob@blaeu.com> rob@blaeu.com; Kimon >>>>>>> Zorbas; <mailto:ifette@google.com> ifette@google.com; JC Cannon >>>>>>> (Microsoft) >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> >>>>>>> Shane, >>>>>>> >>>>>>> You and Roy have been vocal in your objections to the >>>>>>> EFF/Mozilla/Stanford compromise proposal. I'm disappointed, though given >>>>>>> your inflexibility throughout this process, entirely unsurprised. >>>>>>> >>>>>>> That said, you do not speak for the online advertising industry. Many >>>>>>> companies have been more willing to countenance constructive compromise. >>>>>>> Your conclusion that advertising industry participants have "mostly >>>>>>> rejected" the proposal is inaccurate. >>>>>>> >>>>>>> Jonathan >>>>>>> On Sunday, June 17, 2012 at 12:26 PM, Shane Wiley wrote: >>>>>>> Tamir, >>>>>>> >>>>>>> Jonathan's proposal does attempt to address this point but many in the >>>>>>> room feel this should be left to local law. Justin Brookman and I took a >>>>>>> pass at this language but it shifted to becoming overly prescriptive >>>>>>> (legislating via tech standard) so many in the WG asked for local law to >>>>>>> determine. >>>>>>> >>>>>>> I would suggest this conversation be extracted from Jonathan's proposal >>>>>>> to be handled separately as the rest of proposal has been mostly >>>>>>> rejected by those in the WG that are intended to implement DNT in the >>>>>>> real-world (on the 1st party/3rd party side). >>>>>>> >>>>>>> More to come in Seattle... >>>>>>> >>>>>>> - Shane >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca> >>>>>>> mailto:tisrael@cippic.ca] >>>>>>> Sent: Sunday, June 17, 2012 12:19 PM >>>>>>> To: Shane Wiley >>>>>>> Cc: Rigo Wenning; <mailto:public-tracking@w3.org> >>>>>>> public-tracking@w3.org; <mailto:rob@blaeu.com> rob@blaeu.com; Kimon >>>>>>> Zorbas; <mailto:ifette@google.com> ifette@google.com; JC Cannon >>>>>>> (Microsoft) >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> >>>>>>> Shane -- I am not remotely attempting doing so. >>>>>>> >>>>>>> As far back as I can see, the spec was going to put conditions on the >>>>>>> means by which out of band consent can be sought. >>>>>>> >>>>>>> Jonathan et al's proposal is: >>>>>>> >>>>>>> 1. Actual presentation: The choice mechanism MUST be actually presented >>>>>>> to the user. It MUST NOT be on a linked page, such as a terms of service >>>>>>> or privacy policy. >>>>>>> 2. Clear terms: The choice mechanism MUST use clear, non-confusing >>>>>>> terminology. >>>>>>> 3. Independent choice: The choice mechanism MUST be presented >>>>>>> independent of other choices. It MUST NOT be bundled with other user >>>>>>> preferences. >>>>>>> 4. No default permission: The choice mechanism MUST NOT have the user >>>>>>> permission preference selected by default. >>>>>>> >>>>>>> On 6/17/2012 3:16 PM, Shane Wiley wrote: >>>>>>> Tamir, >>>>>>> >>>>>>> That's up to local laws to determine. Please do not attempt to legislate >>>>>>> via W3C tech standard. >>>>>>> >>>>>>> - Shane >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca> >>>>>>> mailto:tisrael@cippic.ca] >>>>>>> Sent: Sunday, June 17, 2012 12:14 PM >>>>>>> To: Shane Wiley >>>>>>> Cc: Rigo Wenning; <mailto:public-tracking@w3.org> >>>>>>> public-tracking@w3.org; <mailto:rob@blaeu.com> rob@blaeu.com; Kimon >>>>>>> Zorbas; <mailto:ifette@google.com> ifette@google.com; JC Cannon >>>>>>> (Microsoft) >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> >>>>>>> Shane -- Out of band consent *does* trump DNT-1. We are now trying to >>>>>>> define the parameters by which out of band consent can be sought. >>>>>>> >>>>>>> Best, >>>>>>> Tamir >>>>>>> >>>>>>> On 6/17/2012 3:11 PM, Shane Wiley wrote: >>>>>>> Tamir, >>>>>>> >>>>>>> Out-of-band consent trumps DNT. We've been repeating this mantra for >>>>>>> over a year now - becoming repetitive. >>>>>>> >>>>>>> - Shane >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca> >>>>>>> mailto:tisrael@cippic.ca] >>>>>>> Sent: Saturday, June 16, 2012 5:23 PM >>>>>>> To: Shane Wiley >>>>>>> Cc: Rigo Wenning; <mailto:public-tracking@w3.org> >>>>>>> public-tracking@w3.org; <mailto:rob@blaeu.com> rob@blaeu.com; Kimon >>>>>>> Zorbas; <mailto:ifette@google.com> ifette@google.com; JC Cannon >>>>>>> (Microsoft) >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> >>>>>>> Shane -- >>>>>>> >>>>>>> Just so we're really clear: if a user authenticates with Yahoo! on site >>>>>>> A and controls preferences on that site, does the out of band consent >>>>>>> dialogue Jonathan showed invalidate DNT-1: on site A? in general? >>>>>>> >>>>>>> Best, >>>>>>> Tamir >>>>>>> >>>>>>> On 6/15/2012 11:29 PM, Tamir Israel wrote: >>>>>>> Ok. >>>>>>> >>>>>>> On 6/15/2012 2:07 PM, Shane Wiley wrote: >>>>>>> DAA Opt-out and single-sign on are not related. There are some >>>>>>> implementations where the ID is needed beyond the authentication >>>>>>> event and therefore data collection occurs outside of the initial >>>>>>> authentication event. Users do NOT need to choose Yahoo! as their ID >>>>>>> provider if they feel uncomfortable with that outcome. >>>>>>> >>>>>>> - Shane >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca> >>>>>>> mailto:tisrael@cippic.ca] >>>>>>> Sent: Friday, June 15, 2012 10:56 AM >>>>>>> To: Shane Wiley >>>>>>> Cc: Rigo Wenning; <mailto:public-tracking@w3.org> >>>>>>> public-tracking@w3.org; <mailto:rob@blaeu.com> rob@blaeu.com; Kimon >>>>>>> Zorbas; <mailto:ifette@google.com> ifette@google.com; JC Cannon >>>>>>> (Microsoft) >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> >>>>>>> Shane, >>>>>>> >>>>>>> Maybe we are getting sidetracked. >>>>>>> >>>>>>> Can you please explain the scope of tracking that results from using >>>>>>> Yahoo!'s IdM mechanism? Does it mean you can track all my activities on >>>>>>> the specific authenticated site? If so does this carry across multiple >>>>>>> explicitly authenticated sites? Does it operate in a manner analogous to >>>>>>> single sign-on? How does it interact with the existing DAA opt-out? >>>>>>> >>>>>>> Thanks and best regards, >>>>>>> Tamir >>>>>>> >>>>>>> On 6/15/2012 11:28 AM, Shane Wiley wrote: >>>>>>> Tamir, >>>>>>> >>>>>>> Any service gets to determine its own primary purpose - so if OBA is >>>>>>> the payment for the service and this is disclosed as a primary >>>>>>> purpose, then that's the bargain the users can choose to consent to >>>>>>> or not. >>>>>>> >>>>>>> - Shane >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca> >>>>>>> mailto:tisrael@cippic.ca] >>>>>>> Sent: Friday, June 15, 2012 8:21 AM >>>>>>> To: Shane Wiley >>>>>>> Cc: Rigo Wenning; <mailto:public-tracking@w3.org> >>>>>>> public-tracking@w3.org; <mailto:rob@blaeu.com> rob@blaeu.com; Kimon >>>>>>> Zorbas; <mailto:ifette@google.com> ifette@google.com; JC Cannon >>>>>>> (Microsoft) >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> >>>>>>> Shane -- >>>>>>> >>>>>>> There are 2 questions here. One is whether you can bundle in the >>>>>>> obligation to consent to secondary purposes as a condition of >>>>>>> authentication in an IdM context. The primary service in an IdM context >>>>>>> is authentication, not OBA. >>>>>>> >>>>>>> The second is to what extent the DNT spec should address this. I took >>>>>>> the 'independent choice' out of band consent criteria as an attempt to >>>>>>> prevent bundling of choices. >>>>>>> >>>>>>> Best, >>>>>>> Tamir >>>>>>> >>>>>>> On 6/15/2012 11:06 AM, Shane Wiley wrote: >>>>>>> Tamir, >>>>>>> >>>>>>> But in the use case we're discussing the service being provided is >>>>>>> the primary purpose - a user's online identity. A service >>>>>>> determines its primary purpose, discloses this to the user, user >>>>>>> consents. Case closed. >>>>>>> >>>>>>> - Shane >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca> >>>>>>> mailto:tisrael@cippic.ca] >>>>>>> Sent: Friday, June 15, 2012 8:02 AM >>>>>>> To: Shane Wiley >>>>>>> Cc: Rigo Wenning; <mailto:public-tracking@w3.org> >>>>>>> public-tracking@w3.org; <mailto:rob@blaeu.com> rob@blaeu.com; Kimon >>>>>>> Zorbas; <mailto:ifette@google.com> ifette@google.com; JC Cannon >>>>>>> (Microsoft) >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> >>>>>>> Shane, I disagree. Under PIPEDA you should offer users the possibility >>>>>>> of opting out of collection, use or disclosure for purposes >>>>>>> secondary to >>>>>>> the primary service being offered. >>>>>>> >>>>>>> This is the basis of the opt-out consent scheme being applied to >>>>>>> online >>>>>>> tracking. >>>>>>> >>>>>>> Best, >>>>>>> Tamir >>>>>>> >>>>>>> On 6/15/2012 10:58 AM, Shane Wiley wrote: >>>>>>> Tamir, >>>>>>> >>>>>>> I disagree and PIPEDA does as well. As long as you're clear to a >>>>>>> user what a service provides and a user expressly consents to >>>>>>> those practices, the discussion is over. >>>>>>> >>>>>>> Please don't try to raise CA regulatory schemes into conversations >>>>>>> on one hand then completely reverse your stance at whim - this >>>>>>> seriously undermines your credibility. >>>>>>> >>>>>>> - Shane >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Tamir Israel [ <mailto:tisrael@cippic.ca> >>>>>>> mailto:tisrael@cippic.ca] >>>>>>> Sent: Friday, June 15, 2012 7:54 AM >>>>>>> To: Shane Wiley >>>>>>> Cc: Rigo Wenning; <mailto:public-tracking@w3.org> >>>>>>> public-tracking@w3.org; <mailto:rob@blaeu.com> rob@blaeu.com; Kimon >>>>>>> Zorbas; <mailto:ifette@google.com> ifette@google.com; JC Cannon >>>>>>> (Microsoft) >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> >>>>>>> Shane -- >>>>>>> >>>>>>> The need for independent choice is critical, I think, to the out >>>>>>> of band >>>>>>> consent scheme. You shouldn't be able to force users out of their DNT >>>>>>> choices as a condition of authentication. >>>>>>> >>>>>>> Best, >>>>>>> Tamir >>>>>>> >>>>>>> On 6/15/2012 10:48 AM, Shane Wiley wrote: >>>>>>> Rigo, >>>>>>> >>>>>>> DNT will NEVER trump an out-of-band consent. The user would >>>>>>> simply withdraw from using the service they had provided prior >>>>>>> consent to. If the product would like to offer two levels of >>>>>>> service, it can of course do that, but that would be completely >>>>>>> outside the scope of DNT. >>>>>>> >>>>>>> DNT is not the privacy silver bullet and answer to all privacy >>>>>>> issues on the Internet - let's stop trying to push it in that >>>>>>> direction. >>>>>>> >>>>>>> Thank you, >>>>>>> - Shane >>>>>>> >>>>>>> -----Original Message----- >>>>>>> From: Rigo Wenning [ <mailto:rigo@w3.org> mailto:rigo@w3.org] >>>>>>> Sent: Friday, June 15, 2012 1:28 AM >>>>>>> To: <mailto:public-tracking@w3.org> public-tracking@w3.org >>>>>>> Cc: Shane Wiley; <mailto:rob@blaeu.com> rob@blaeu.com; Kimon Zorbas; >>>>>>> <mailto:ifette@google.com> ifette@google.com; >>>>>>> Tamir Israel; JC Cannon (Microsoft) >>>>>>> Subject: Re: Identity providers as first parties >>>>>>> >>>>>>> Shane, Kimon, >>>>>>> >>>>>>> On Thursday 14 June 2012 16:47:03 Shane Wiley wrote: >>>>>>> I’ve used a few others and they appears to do the same so I’m >>>>>>> confused as to what real-world identity provider scenario someone >>>>>>> is considering where consent wasn’t already obtained? >>>>>>> I confirm that we agreed that the out-of-band agreement will trump >>>>>>> the DNT:1 signal. We also agreed that the service has to signal this >>>>>>> to the client. >>>>>>> >>>>>>> I guess, what Rob is trying to achieve is to say, even in this >>>>>>> context, a service could offer the choice of stopping to track and >>>>>>> only use information for the login/authentication purpose. This >>>>>>> could be the meaning of DNT:1 if the Service sends ACK in a >>>>>>> login/authentication context. If you're looking for medical >>>>>>> information in a login context, you don't want your login provider >>>>>>> to spawn that to your insurance. I think this is a very legitimate >>>>>>> use case. The service could say: "yes, I see your point" and send >>>>>>> ACK instead of "out-of-band". >>>>>>> >>>>>>> We are just defining switches. People will decide whether they >>>>>>> switch stuff on or off or provide a switch at all. >>>>>>> >>>>>>> Rigo >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>> >>> >> >
Received on Monday, 18 June 2012 16:50:09 UTC