- From: Mike Zaneis <mike@iab.net>
- Date: Wed, 27 Jun 2012 18:19:10 +0000
- To: Peter Cranstone <peter.cranstone@gmail.com>, Chris Mejia <chris.mejia@iab.net>, Lauren Gelman <gelman@blurryedge.com>
- CC: Alan Chapell <achapell@chapellassociates.com>, "Aleecia M. McDonald - W3C WG Co-Chair" <aleecia@aleecia.com>, W3C DNT Working Group Mailing List <public-tracking@w3.org>, Brendan Riordan-Butterworth <Brendan@iab.net>, Marc Groman - NAI <mgroman@networkadvertising.org>, David Wainberg - NAI <david@networkadvertising.org>
- Message-ID: <9FF2724793CE3843BF5E46A70AA609A594A9AA84@IAB-NYC-EX1.IAB.local>
Peter, You are right, you can implement the "current state of the spec". However, that spec is changing. The technological implementation in that spec is changing, per our hours of discussion last week. I'm sorry you missed the meeting last week, but you should not misrepresent the facts just because you are not aware of them or choose to ignore them. Mike Zaneis SVP & General Counsel Interactive Advertising Bureau (202) 253-1466 Follow me on Twitter @mikezaneis From: Peter Cranstone [mailto:peter.cranstone@gmail.com] Sent: Wednesday, June 27, 2012 2:16 PM To: Mike Zaneis; Chris Mejia; Lauren Gelman Cc: Alan Chapell; Aleecia M. McDonald - W3C WG Co-Chair; W3C DNT Working Group Mailing List; Brendan Riordan-Butterworth; Marc Groman - NAI; David Wainberg - NAI Subject: Re: f2f wrap up & next steps I disagree. You can implement the current state of the spec this afternoon. The W3 could not have made this spec any simpler than a 1, 0 or unset (and those headers haven't changed forever). There can only be three values to look for. That's the no brainer part. What you cannot know is the legal (policy) ramifications are from not complying correctly with what you just implemented. For example - I look for a header, I see the header, I comply with the header - what happens next if someone wants to audit what I just did? What happens if somehow my code has bugs in it and instead of complying with a 1 header I inadvertently send a 0 to all the third parties and violate someone's privacy. What kind of legal costs could I incur from not being perfectly compliant? Tech has never been the issue on this spec - because it's so simple. It's just been used as an excuse to delay adding privacy controls for a consumer which they may or may not "choose" to use. It's now becoming a marketing/legal problem. Peter ___________________________________ Peter J. Cranstone 720.663.1752 From: Mike Zaneis <mike@iab.net<mailto:mike@iab.net>> Date: Wednesday, June 27, 2012 12:07 PM To: Peter Cranstone <peter.cranstone@gmail.com<mailto:peter.cranstone@gmail.com>>, Chris Mejia <chris.mejia@iab.net<mailto:chris.mejia@iab.net>>, Lauren Gelman <gelman@blurryedge.com<mailto:gelman@blurryedge.com>> Cc: Alan Chapell <achapell@chapellassociates.com<mailto:achapell@chapellassociates.com>>, "Aleecia M. McDonald - W3C WG Co-Chair" <aleecia@aleecia.com<mailto:aleecia@aleecia.com>>, W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>>, Brendan Riordan-Butterworth <Brendan@iab.net<mailto:Brendan@iab.net>>, Marc Groman - NAI <mgroman@networkadvertising.org<mailto:mgroman@networkadvertising.org>>, David Wainberg - NAI <david@networkadvertising.org<mailto:david@networkadvertising.org>> Subject: RE: f2f wrap up & next steps I don't think we need to get into a protracted debate about this issue. There is no W3C spec at this time, either a technical spec or a compliance spec. These documents change on a weekly basis and will continue to do so until they are completed. If a company wants to commit publically to following a document that is in a constant state of flux, that is their choice and the IAB will not try to dissuade them from doing so. However, we will educate our members about the actual state of play with the W3C documents, especially when there is messaging that indicates the technical spec is complete and simple to implement, neither of which is true (by definition it cannot be simple to implement a spec that is always subject to change). In any case, the IAB does not provide legal advice and no messaging done in this group should be construed as such. Mike Zaneis SVP & General Counsel Interactive Advertising Bureau (202) 253-1466 Follow me on Twitter @mikezaneis From: Peter Cranstone [mailto:peter.cranstone@gmail.com] Sent: Wednesday, June 27, 2012 1:45 PM To: Chris Mejia; Lauren Gelman Cc: Alan Chapell; Aleecia M. McDonald - W3C WG Co-Chair; W3C DNT Working Group Mailing List; Mike Zaneis; Brendan Riordan-Butterworth; Marc Groman - NAI; David Wainberg - NAI Subject: Re: f2f wrap up & next steps Here's the technology part of the spec. Browser sends DNT:1 Server accepts DNT: 1 (reads incoming header) Server sets a flag on the data for storage compliance reasons Technology issues are now over. It would just take few lines of code to read that incoming header (Mod_DNT<http://www.5o9mm.com/mod_dnt_test_1.php> already does it, you can seen instantly if the header is present. Probably took us an hour.) Everything that happens from that point on (costs, loss or gain in revenue, compliance etc.) is now governed by policy. That's where things are going to get complicated regardless of how DNT is implemented from a technology standpoint. Peter ___________________________________ Peter J. Cranstone 720.663.1752 From: Chris Mejia <chris.mejia@iab.net<mailto:chris.mejia@iab.net>> Date: Wednesday, June 27, 2012 11:36 AM To: Lauren Gelman <gelman@blurryedge.com<mailto:gelman@blurryedge.com>> Cc: Alan Chapell <achapell@chapellassociates.com<mailto:achapell@chapellassociates.com>>, "Aleecia M. McDonald - W3C WG Co-Chair" <aleecia@aleecia.com<mailto:aleecia@aleecia.com>>, W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>>, Mike Zaneis <mike@iab.net<mailto:mike@iab.net>>, Brendan Riordan-Butterworth <Brendan@iab.net<mailto:Brendan@iab.net>>, Marc Groman - NAI <mgroman@networkadvertising.org<mailto:mgroman@networkadvertising.org>>, David Wainberg - NAI <david@networkadvertising.org<mailto:david@networkadvertising.org>> Subject: Re: f2f wrap up & next steps Resent-From: W3 Tracking <public-tracking@w3.org<mailto:public-tracking@w3.org>> Resent-Date: Wed, 27 Jun 2012 17:37:30 +0000 Just to clarify, I have not provided any "legal advise" nor would I ever propose to do so; I'm not a lawyer or even a public policy expert, I'm a technologist. I simply balanced the assertion (from Aleecia's message: "I believe we will be far enough along for many potential early adopters to begin their work on implementations without risk of redoing major work") that companies should proceed with implementing a specification that is not final, with reasonable questions and points to consider before doing so. Considering all points is not only fair, it's a responsible business practice. I also have not proposed that companies should not contemplate testing. Testing and actual implementation are two different things. Kind Regards, Chris Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group | Interactive Advertising Bureau - IAB | chris.mejia@iab.net<mailto:chris.mejia@iab.net> | From: Lauren Gelman <gelman@blurryedge.com<mailto:gelman@blurryedge.com>> Date: Wed, 27 Jun 2012 10:23:10 -0700 To: Chris Mejia - IAB <chris.mejia@iab.net<mailto:chris.mejia@iab.net>> Cc: Alan Chapell <achapell@chapellassociates.com<mailto:achapell@chapellassociates.com>>, "Aleecia M. McDonald - W3C WG Co-Chair" <aleecia@aleecia.com<mailto:aleecia@aleecia.com>>, W3C DNT Working Group Mailing List <public-tracking@w3.org<mailto:public-tracking@w3.org>>, Mike Zaneis - IAB <mike@iab.net<mailto:mike@iab.net>>, Brendan Riordan-Butterworth - IAB <brendan@iab.net<mailto:brendan@iab.net>>, Marc Groman - NAI <mgroman@networkadvertising.org<mailto:mgroman@networkadvertising.org>>, David Wainberg - NAI <david@networkadvertising.org<mailto:david@networkadvertising.org>> Subject: Re: f2f wrap up & next steps It is inappropriate to offer this kind of generalized legal advise on this list. It is up to individual businesses to decide how they want to compete. It is these scare tactics that have made privacy policies ineffective and created the demand for DNT. It is perfectly plausible to write a disclosure on any topic that accurately informs a user of a company's policies and the costs/benefits involved and does not create unreasonable risk to the business. I am available to provide references to people who are happy to work with companies who want to "do the right thing." And frankly, it is just insincere to criticize DNT because it has not been tested in large scale implementation and simultaneously warn companies not to attempt large scale implementations because DNT has not been finalized. Lauren Gelman BlurryEdge Strategies 415-627-8512 On Jun 27, 2012, at 9:57 AM, Chris Mejia wrote: Well written Alan, thank you. I'd like to further highlight one very important point you made below: "Not to mention that any public representation that one is complying with DNT may subject a company to regulatory scrutiny." Any company contemplating public committal to "honoring" DNT headers at this stage, before a specification has been agreed to, finalized and published, should carefully consider a few important points: * The DNT specification is not complete/final. Finalization may be many months away, and there is always a possibility that it is never finalized (i.e. the spec creation could be abandoned pursuant to intellectual property claims, for example). Although we are all working to a positive outcome, companies should consider ALL possible outcomes before committing. * Committing your adherence publicly to a "moving target" specification may bind/expose your company later to requirements that may not be achievable once the specification is finalized. In other words, why would you commit to something when you don't know what that something will be? What if the technical requirements of the final spec are not achievable, are cost prohibitive and/or not friendly to your business model and thus your longevity as a company? What if adherence to the final specification means a significant drop in revenue for your company? * Be sure that at least here in the US, and possibly elsewhere, regulatory authorities will likely exercise all their power to ensure that you remain in compliance with the final specification, even though you may have only committed to a preliminary version. In bringing action against your company, they may cite reasonable consumer expectations based on the final specification and/or market confusion if you don't elect to comply with the full specification later, having publicly committed to it previously. All in all, while it might seem like you are "doing the right thing" or "getting ahead of the game" by committing early to the unfinished specification, doing so may put your company at significant risk down the line. Please make this decision carefully, and ensure you are well informed before committing. The IAB, DAA, NAI and OPA are industry resources you may want to consult during your decision making process. Again, we are all interested in protecting consumer privacy. Kind Regards, Chris Mejia, IAB Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group | Interactive Advertising Bureau - IAB | chris.mejia@iab.net<mailto:chris.mejia@iab.net> | From: Alan Chapell <achapell@chapellassociates.com<mailto:achapell@chapellassociates.com>> Date: Wed, 27 Jun 2012 11:34:35 -0400 To: "Aleecia M. McDonald - W3C WG Co-Chair" <aleecia@aleecia.com<mailto:aleecia@aleecia.com>>, W3C DNT Working Group Mailing List <public-tracking@w3.org<mailto:public-tracking@w3.org>> Subject: Re: f2f wrap up & next steps Resent-From: W3C DNT Working Group Mailing List <public-tracking@w3.org<mailto:public-tracking@w3.org>> Resent-Date: Wed, 27 Jun 2012 15:35:35 +0000 Thanks Aleecia. I'm sure this wasn't your intent, but I'd caution the group against creating the impression that the marketplace should look to implement right now given that we haven't defined many of the key terms at this point. While it may make sense for some companies to expiriment and look through documentation as we create it, the reality is that many small to mid-sized companies may not have the resources to pour into understanding let along implementing a document where key terms are still in flux. Not to mention that any public representation that one is complying with DNT may subject a company to regulatory scrutiny. Also, I wanted to circle back regarding the group's charter. Thomas mentioned something about rechartering during the meeting, but I hadn't heard anything further. I'm wondering if this is an appropriate opportunity to re-evaluate what we're really trying to accomplish in this group as there seemed to be a myriad of opinions raised to that effect in Bellevue. And to be clear, I'm not necessarily advocating specific changes to the charter. In any event, if the W3C is working under the assumption that rechartering should automatically take place without at least some group discussion, I would see that as problematic. I'm sure that's not the case. So, I'm simply asking if this will be on the July 11 agenda? I believe the charter expires in July, correct? Cheers, Alan Chapell Chapell & Associates On 6/25/12 11:17 PM, "Aleecia M. McDonald" <aleecia@aleecia.com<mailto:aleecia@aleecia.com>> wrote: Greetings, Thank you to the 60+ people who attended the Seattle meeting, many of whom flew great distances to make it. We walked in with two Compliance proposals that were far apart, with neither able to reach consensus in the form it was in. As a group we decided we needed to move the proposals closer to the center, and we did just that. We walked out with an overall direction that everyone can live with for permitted business uses, including proposed text for two of the five we discussed, and great new ideas. We can now see the outline what DNT will look like and where we need to go. We took up some of the most contentious remaining issues, on purpose, and we made solid progress on the hardest stuff. I am particularly pleased with proposals that allow business uses to continue while improving privacy, by doing things a little differently with a low burden for implementation. That's a home run. That's exactly what we are looking for, the point where everyone can live with the outcome. That is the hope and promise for DNT, and what we are all working so hard to realize. We still have a lot to do. There are many details to fit into place, some of them quite important to some stakeholders. We will work through them. I was encouraged hearing people say, "This is not what I would choose, but I can live with it in order to move forward." Well done. That's how consensus happens. On TPE, editors will incorporate decisions that came out of the final day, and then we will review the final text as a group to ensure all is as agreed. Similarly on Compliance, the editors will write a strawman proposal that incorporates text from four different documents (existing draft, proposed combination draft, proposal from Shane et al, proposal from Jonathan et al.) That strawman is already well in progress thanks to our talented editors. My hope is for a Compliance strawman draft by the week of July 2. As a group, we will then review all text that has not had consensus (that is, no need to re-review text that was already agreed upon in prior drafts, nor the text we agreed upon while Nick live-edited during the Seattle meeting.) We need to publish new drafts soon, since it has been several months since our last publications. We will evaluate the state of the drafts to see if we are ready to ask for input as a First Last Call document with major issues resolved, or if we are looking at a Third Public Working Draft. Either way, I believe we will be far enough along for many potential early adopters to begin their work on implementations without risk of redoing major work, provided we are very clear about where work remains in flux. To do that well, as Ian points out, we will need at least one user agent developing a compliant implementation so we can test interoperability. We have already worked through about half of the issues on user agent compliance with one conference call and an hour in Seattle. We'll work through the rest in the fairly near term. After we review the strawman draft, if you are planning on doing an implementation soon and there are specific unresolved Compliance issues that would get in your way, I'm open to prioritizing them earlier. Just let me know so I can make informed scheduling trade offs. Our next face-to-face meeting will be in Europe, likely in mid- to late September. If you have a location that can handle about 70 people in that time frame for three days, please let us know the details. We have a generous standing offer to go back to Brussels, though we try to hold meetings in varied locations to distribute the travel burden. Once we know our options we will use an online Doodle poll to understand which possibilities allow the greatest number of TPWG members to attend, just as we have done for past meetings. Coming soon... - a new mailing list to receive external comments. By the time we get out of Last Call, we'll have a few of those, plus comments from implementations. - Rigo will begin to organize the first draft of the Global Considerations document, which will be non-normative. To me, it felt like Seattle was the bumpiest f2f I've co-chaired. I am thrilled to have new voices and a greater breadth of stakeholders, but it is challenging with different levels of understanding of the work to date. Next time, perhaps we need a mandatory in person pre-meeting for anyone who has not attended a prior f2f. It's also hard to make progress with the sheer number of people. I didn't scale with the group size as well as I'd like. I have some ideas and will keep thinking about that. And I made it harder on all of us than it had to be because I started to get frustrated. We'd spent two months with radically different proposals and movement by inches when we needed yards. What I learned last week is to have more faith in the ability of the full group to get hard things done, and to trust the process. We're making progress, moving toward the middle, and as Ed points out, we can see where the final compromise needs to be. Let's make it happen. Thank you again to Microsoft for the space, and for Facebook, Google, and Yahoo! for hosting financially and feeding us. A special warm thank you to JC for taking great care of us in his beautiful city of Seattle. If you scribed last week - thank you! If you didn't - be ready to do so an upcoming call. :-) Aleecia
Received on Wednesday, 27 June 2012 18:20:10 UTC