RE: Letter from Commissioner J. Thomas Rosch, Federal Trade Commission from SULLIVAN, BRYAN L on 2012-06-20 (public-tracking@w3.org from June 2012)

From: SULLIVAN, BRYAN L <bs3131@att.com>
Date: Wed, 20 Jun 2012 23:06:35 +0000
To: Peter Cranstone <peter.cranstone@gmail.com>, "Delaney, Elizabeth A" <EDELANEY@ftc.gov>, "'public-tracking@w3.org'" <public-tracking@w3.org>
CC: "Vandecar, Kim" <KVANDECAR@ftc.gov>, "Thompson, Kimberly M." <kthompson@ftc.gov>
Message-ID: <59A39E87EA9F964A836299497B686C350FF10755@WABOTH9MSGUSR8D.ITServices.sbc.com>

Comment inline.

Thanks,
Bryan Sullivan

From: Peter Cranstone [mailto:peter.cranstone@gmail.com]
Sent: Wednesday, June 20, 2012 3:42 PM
To: Delaney, Elizabeth A; 'public-tracking@w3.org'
Cc: Vandecar, Kim; Thompson, Kimberly M.
Subject: Re: Letter from Commissioner J. Thomas Rosch, Federal Trade Commission

Elizabeth,

RE: "Microsoft not consumers will be exercising the choice as to what signal the browser will send".

I have to disagree. Microsoft made a public announcement of the browser setting. I knew that when I installed the software. The Microsoft default was my choice when I installed the software, and they also provided me with a way to change my choice if need be.
[bryan] It *may* have been your choice when you installed the software (if you were in some way made aware of this, but I doubt if there would be a verifiable record of that), but there are also many other ways this software can come into your use, in which you are likely to be unaware of this feature; through an automatic update (in which this is a new feature); through purchase of a new PC/device; through using an Internet kiosk; ...

RE: "But it does not solve the fact that the recipients of the signal must still choose to honor the signal and refrain from tracking consumers and/or collecting data about them".

In essence it does solve the fact. A server as per the spec that is said to be honoring the DNT setting MUST refrain from tracking consumers and/or collecting data about them. What the spec does NOT resolve is the following:

If said server receives a DNT:1 setting that the server believes is coming from an invalid browser (by the way there is no such thing as an invalid DNT setting because it's binary) then it MAY chose to ignore that setting.

The dilemma is now apparent. The user has expressed his/her choice by sending valid DNT setting - the server has now also made a choice, to not honor it. Therefore it MUST respond to the user indicating it's status.

The current spec reads with the word "MAY" respond. This is inadequate and opens up a wealth of legal responses all of which are not good. DNT is binary - if you see the 1 setting and you support honoring that setting then you MUST do as it says. If you lack sufficient context about "WHO" made that setting (Microsoft, Me or other 3rd party software) then you MUST request more data from the user.

Peter
___________________________________
Peter J. Cranstone
720.663.1752

From: "Delaney, Elizabeth A" <EDELANEY@ftc.gov<mailto:EDELANEY@ftc.gov>>
Date: Wednesday, June 20, 2012 11:11 AM
To: W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Cc: "Vandecar, Kim" <KVANDECAR@ftc.gov<mailto:KVANDECAR@ftc.gov>>, "Thompson, Kimberly M." <kthompson@ftc.gov<mailto:kthompson@ftc.gov>>
Subject: Letter from Commissioner J. Thomas Rosch, Federal Trade Commission
Resent-From: W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>>
Resent-Date: Wed, 20 Jun 2012 20:31:06 +0000

Dear Members of the W3C Tracking Protection Working Group:

Please see the attached letter from Commissioner J. Thomas Rosch.    Please let us know if you have any questions.  Thank you,

Elizabeth Delaney
Attorney Advisor
Office of Commissioner J. Thomas Rosch
Federal Trade Commission
600 Pennsylvania Ave NW
Washington, DC  20580
202-326-2903

Received on Wednesday, 20 June 2012 23:07:40 UTC