Re: Letter from Commissioner J. Thomas Rosch, Federal Trade Commission

Kimon,

The issue is not choice per se ­ it's how the default installation "may"
affect choice AND the ability of the DNT header to send that intent to the
server. 

Think of this analogy ­ I buy a car with airbags installed for safety. I
expect them turned ON by default. I don't expect to have to climb under the
hood/bonnet to turn them on. Microsoft's default choice for the user is one
of safety. They also provided the choice for the user to change that
default.

I could if I wanted to turn off the DNT setting after installation and
BEFORE going to a Web site. In which case the server sees nothing (there's
still NO ability to set either a 0 or unset ""). Now two days later I decide
that maybe I want to make an alternative choice ­ and I turn it back on.

I now go to a new Web site that honors DNT for the first time ­ how does the
server "know" who set the flag, when it was set, how long it has been set
and whether or not that's really my intent today?

DNT:1 lacks context to answer those questions.

It's now up to the server to start asking some questions IF it thinks the
DNT is invalid. And it's going to need a list of reasons why it thinks that.
So far we have none, other than a press release which servers don't read.



Peter
___________________________________
Peter J. Cranstone
720.663.1752


From:  Kimon Zorbas <vp@iabeurope.eu>
Date:  Wednesday, June 20, 2012 5:39 PM
To:  Peter Cranstone <peter.cranstone@gmail.com>, Craig Spiezle
<craigs@otalliance.org>, "'Delaney, Elizabeth A'" <EDELANEY@ftc.gov>, W3
Tracking <public-tracking@w3.org>
Cc:  "'Vandecar, Kim'" <KVANDECAR@ftc.gov>, "'Thompson, Kimberly M.'"
<kthompson@ftc.gov>
Subject:  Re: Letter from Commissioner J. Thomas Rosch, Federal Trade
Commission

> Peter,
> 
> just to provide some European feedback: the European Commission in the 5th OBA
> roundtable argued similarly to the FTC that what matters is the users choice.
> They said that they would like users to take the choice and review the
> default. JC, Rigo & Rob to correct me, as they also attended the meeting
> (sorry if I missed others).
> 
> Kimon
> 
> From: Peter Cranstone <peter.cranstone@gmail.com>
> Date: Wednesday 20 June 2012 16:04
> To: Craig Spiezle <craigs@otalliance.org>, "'Delaney, Elizabeth A'"
> <EDELANEY@ftc.gov>, "public-tracking@w3.org" <public-tracking@w3.org>
> Cc: "'Vandecar, Kim'" <KVANDECAR@ftc.gov>, "'Thompson, Kimberly M.'"
> <kthompson@ftc.gov>
> Subject: Re: Letter from Commissioner J. Thomas Rosch, Federal Trade
> Commission
> Resent-From: <public-tracking@w3.org>
> Resent-Date: Wednesday 20 June 2012 16:05
> 
> RE: Your questions.
> 
> US.
> 1. Makes no difference ­ the setting of DNT:1 is valid
> 2. See above
> 3. See above
> 
> EU.
> 1. Makes no difference ­ the setting of DNT:1 is valid
> 2. See above
> 3. See above
> 
> It's not the default setting that is on trial here, its the issue of whether
> or not the server can accurately determine the intent of the user. DNT is
> binary and therefore lacks sufficient context to make a correct determination.
> 
> Therefor if more information is required the server MUST send a response back
> to the client requesting it. To simply ignore the header is NOT a viable
> option ­ the spec needs more context.
> 
> 
> Peter
> ___________________________________
> Peter J. Cranstone
> 720.663.1752
> 
> 
> From: Craig Spiezle <craigs@otalliance.org>
> Date: Wednesday, June 20, 2012 4:58 PM
> To: Peter Cranstone <peter.cranstone@gmail.com>, "'Delaney, Elizabeth A'"
> <EDELANEY@ftc.gov>, W3 Tracking <public-tracking@w3.org>
> Cc: "'Vandecar, Kim'" <KVANDECAR@ftc.gov>, "'Thompson, Kimberly M.'"
> <kthompson@ftc.gov>
> Subject: RE: Letter from Commissioner J. Thomas Rosch, Federal Trade
> Commission
> 
>> There are a few unique scenarios we may want to review for any exceptions or
>> variations to this position.  Do any of the following make a difference?
>>  
>> US
>> 1.      Users updates  their browser.  (I am unclear if IE 10 will be
>> backward compatible with Windows 7)
>> 
>> 2.      User buys a new PC (Windows 8 and IE 10 pre-installed)
>> 
>> 3.      User Upgrades their PC and purchases Windows 8 with IE 10)
>> 
>>  
>> EU ­ impact with the browser selection screen
>> 1.      Users updated their browser.  (I am unclear if IE 10 will be backward
>> compatible with Windows 7)
>> 
>> 2.      User buys a new PC (Windows 8 and selects IE 10)
>> 
>> 3.      User Upgrades their PC and purchases Windows 8 and select IE 10)
>> 
>>  
>>  
>>  
>> 
>> From: Peter Cranstone [mailto:peter.cranstone@gmail.com]
>> Sent: Wednesday, June 20, 2012 3:42 PM
>> To: Delaney, Elizabeth A; 'public-tracking@w3.org'
>> Cc: Vandecar, Kim; Thompson, Kimberly M.
>> Subject: Re: Letter from Commissioner J. Thomas Rosch, Federal Trade
>> Commission
>>  
>> 
>> Elizabeth,
>> 
>>  
>> 
>> RE: "Microsoft not consumers will be exercising the choice as to what signal
>> the browser will send".
>> 
>>  
>> 
>> I have to disagree. Microsoft made a public announcement of the browser
>> setting. I knew that when I installed the software. The Microsoft default was
>> my choice when I installed the software, and they also provided me with a way
>> to change my choice if need be.
>> 
>>  
>> 
>> RE: "But it does not solve the fact that the recipients of the signal must
>> still choose to honor the signal and refrain from tracking consumers and/or
>> collecting data about them".
>> 
>>  
>> 
>> In essence it does solve the fact. A server as per the spec that is said to
>> be honoring the DNT setting MUST refrain from tracking consumers and/or
>> collecting data about them. What the spec does NOT resolve is the following:
>> 
>>  
>> 
>> If said server receives a DNT:1 setting that the server believes is coming
>> from an invalid browser (by the way there is no such thing as an invalid DNT
>> setting because it's binary) then it MAY chose to ignore that setting.
>> 
>>  
>> 
>> The dilemma is now apparent. The user has expressed his/her choice by sending
>> valid DNT setting ­ the server has now also made a choice, to not honor it.
>> Therefore it MUST respond to the user indicating it's status.
>> 
>>  
>> 
>> The current spec reads with the word "MAY" respond. This is inadequate and
>> opens up a wealth of legal responses all of which are not good. DNT is binary
>> ­ if you see the 1 setting and you support honoring that setting then you
>> MUST do as it says. If you lack sufficient context about "WHO" made that
>> setting (Microsoft, Me or other 3rd party software) then you MUST request
>> more data from the user.
>> 
>>  
>> 
>>  
>> 
>> 
>> Peter
>> ___________________________________
>> Peter J. Cranstone
>> 720.663.1752
>> 
>>  
>> 
>> From: "Delaney, Elizabeth A" <EDELANEY@ftc.gov>
>> Date: Wednesday, June 20, 2012 11:11 AM
>> To: W3 Tracking <public-tracking@w3.org>
>> Cc: "Vandecar, Kim" <KVANDECAR@ftc.gov>, "Thompson, Kimberly M."
>> <kthompson@ftc.gov>
>> Subject: Letter from Commissioner J. Thomas Rosch, Federal Trade Commission
>> Resent-From: W3 Tracking <public-tracking@w3.org>
>> Resent-Date: Wed, 20 Jun 2012 20:31:06 +0000
>> 
>>  
>>> 
>>> Dear Members of the W3C Tracking Protection Working Group:
>>>  
>>> Please see the attached letter from Commissioner J. Thomas Rosch.    Please
>>> let us know if you have any questions.  Thank you,
>>>  
>>>  
>>> Elizabeth Delaney
>>> Attorney Advisor
>>> Office of Commissioner J. Thomas Rosch
>>> Federal Trade Commission
>>> 600 Pennsylvania Ave NW
>>> Washington, DC  20580
>>> 202-326-2903
>>>  
>>>