Re: f2f wrap up & next steps

The spec speaks to a heck of a lot more than sending 1/0/unset. There's the
mechanism for requesting exceptions, there's response codes from the
server. Saying "you send 0/1 from the browser and you're done" is
disingenuous.

On Wed, Jun 27, 2012 at 11:59 AM, Peter Cranstone <peter.cranstone@gmail.com
> wrote:

> Mike,
>
> The spec talks to sending 1, 0 and unset. Nothing has changed there for
> months and months. All major browsers (except one) currently support it.
>
> So what has changed? Why don't you tell us, and then explain why we cannot
> yet begin to implement it? It's very convenient to say that a spec is a
> "moving target" and yet nobody explains what the moving target is or why it
> keeps moving.
>
> Why don't we start with a real list of what remains to be done to complete
> the implementation of the spec. From Aleecia's list the other day (
> http://www.w3.org/2011/tracking-protection/) we're a few days away from
> last call. Ignoring the missing (or maybe not) Call for Implementation
> we're one month a way from a "Call for Review".
>
> So – in summary we're roughly 45 days away from shipping this spec out the
> door and about 120 days from a final recommendation. Exactly how far off
> can this spec be?
>
> Where's the final to do list – absent that all I see is delaying tactics.
>
>
> Peter
> ___________________________________
> Peter J. Cranstone
> 720.663.1752
>
>
> From: Mike Zaneis <mike@iab.net>
> Date: Wednesday, June 27, 2012 12:19 PM
>
> To: Peter Cranstone <peter.cranstone@gmail.com>, Chris Mejia <
> chris.mejia@iab.net>, Lauren Gelman <gelman@blurryedge.com>
> Cc: Alan Chapell <achapell@chapellassociates.com>, "Aleecia M. McDonald -
> W3C WG Co-Chair" <aleecia@aleecia.com>, W3 Tracking <
> public-tracking@w3.org>, Brendan Riordan-Butterworth <Brendan@iab.net>,
> Marc Groman - NAI <mgroman@networkadvertising.org>, David Wainberg - NAI <
> david@networkadvertising.org>
> Subject: RE: f2f wrap up & next steps
>
> Peter, ****
>
> ** **
>
> You are right, you can implement the “current state of the spec”.
> However, that spec is changing.  The technological implementation in that
> spec is changing, per our hours of discussion last week.  I’m sorry you
> missed the meeting last week, but you should not misrepresent the facts
> just because you are not aware of them or choose to ignore them.  ****
>
> ** **
>
> Mike Zaneis****
>
> SVP & General Counsel****
>
> Interactive Advertising Bureau****
>
> (202) 253-1466****
>
> ** **
>
> Follow me on Twitter @mikezaneis****
>
> ** **
>
> ** **
>
> *From:* Peter Cranstone [mailto:peter.cranstone@gmail.com<peter.cranstone@gmail.com>]
>
> *Sent:* Wednesday, June 27, 2012 2:16 PM
> *To:* Mike Zaneis; Chris Mejia; Lauren Gelman
> *Cc:* Alan Chapell; Aleecia M. McDonald - W3C WG Co-Chair; W3C DNT
> Working Group Mailing List; Brendan Riordan-Butterworth; Marc Groman - NAI;
> David Wainberg - NAI
> *Subject:* Re: f2f wrap up & next steps****
>
> ** **
>
> I disagree. You can implement the current state of the spec this
> afternoon. The W3 could not have made this spec any simpler than a 1, 0 or
> unset (and those headers haven't changed forever). There can only be three
> values to look for. That's the no brainer part. ****
>
> ** **
>
> What you cannot know is the legal (policy) ramifications are from not
> complying correctly with what you just implemented.****
>
> ** **
>
> For example – I look for a header, I see the header, I comply with the
> header – what happens next if someone wants to audit what I just did? What
> happens if somehow my code has bugs in it and instead of complying with a 1
> header I inadvertently send a 0 to all the third parties and violate
> someone's privacy. What kind of legal costs could I incur from not being
> perfectly compliant? ****
>
> ** **
>
> Tech has never been the issue on this spec – because it's so simple. It's
> just been used as an excuse to delay adding privacy controls for a consumer
> which they may or may not "choose" to use. It's now becoming a
> marketing/legal problem.****
>
> ** **
>
>
> Peter
> ___________________________________
> Peter J. Cranstone
> 720.663.1752****
>
> ** **
>
> *From: *Mike Zaneis <mike@iab.net>
> *Date: *Wednesday, June 27, 2012 12:07 PM
> *To: *Peter Cranstone <peter.cranstone@gmail.com>, Chris Mejia <
> chris.mejia@iab.net>, Lauren Gelman <gelman@blurryedge.com>
> *Cc: *Alan Chapell <achapell@chapellassociates.com>, "Aleecia M. McDonald
> - W3C WG Co-Chair" <aleecia@aleecia.com>, W3 Tracking <
> public-tracking@w3.org>, Brendan Riordan-Butterworth <Brendan@iab.net>,
> Marc Groman - NAI <mgroman@networkadvertising.org>, David Wainberg - NAI <
> david@networkadvertising.org>
> *Subject: *RE: f2f wrap up & next steps****
>
> ** **
>
> I don’t think we need to get into a protracted debate about this issue.
> There is no W3C spec at this time, either a technical spec or a compliance
> spec.  These documents change on a weekly basis and will continue to do so
> until they are completed.  If a company wants to commit publically to
> following a document that is in a constant state of flux, that is their
> choice and the IAB will not try to dissuade them from doing so.  However,
> we will educate our members about the actual state of play with the W3C
> documents, especially when there is messaging that indicates the technical
> spec is complete and simple to implement, neither of which is true (by
> definition it cannot be simple to implement a spec that is always subject
> to change).****
>
>  ****
>
> In any case, the IAB does not provide legal advice and no messaging done
> in this group should be construed as such.****
>
>  ****
>
> Mike Zaneis****
>
> SVP & General Counsel****
>
> Interactive Advertising Bureau****
>
> (202) 253-1466****
>
>  ****
>
> Follow me on Twitter @mikezaneis****
>
>  ****
>
>  ****
>
> *From:* Peter Cranstone [mailto:peter.cranstone@gmail.com<peter.cranstone@gmail.com>]
>
> *Sent:* Wednesday, June 27, 2012 1:45 PM
> *To:* Chris Mejia; Lauren Gelman
> *Cc:* Alan Chapell; Aleecia M. McDonald - W3C WG Co-Chair; W3C DNT
> Working Group Mailing List; Mike Zaneis; Brendan Riordan-Butterworth; Marc
> Groman - NAI; David Wainberg - NAI
> *Subject:* Re: f2f wrap up & next steps****
>
>  ****
>
> Here's the technology part of the spec.****
>
>  ****
>
> Browser sends DNT:1****
>
> Server accepts DNT: 1 (reads incoming header)****
>
> Server sets a flag on the data for storage compliance reasons****
>
>  ****
>
> Technology issues are now over. It would just take few lines of code to
> read that incoming header (Mod_DNT<http://www.5o9mm.com/mod_dnt_test_1.php>already does it, you can seen instantly if the header is present. Probably
> took us an hour.) Everything that happens from that point on (costs, loss
> or gain in revenue, compliance etc.) is now governed by policy. ****
>
>  ****
>
> That's where things are going to get complicated regardless of how DNT is
> implemented from a technology standpoint.****
>
>  ****
>
>
> Peter
> ___________________________________
> Peter J. Cranstone
> 720.663.1752****
>
>  ****
>
> *From: *Chris Mejia <chris.mejia@iab.net>
> *Date: *Wednesday, June 27, 2012 11:36 AM
> *To: *Lauren Gelman <gelman@blurryedge.com>
> *Cc: *Alan Chapell <achapell@chapellassociates.com>, "Aleecia M. McDonald
> - W3C WG Co-Chair" <aleecia@aleecia.com>, W3 Tracking <
> public-tracking@w3.org>, Mike Zaneis <mike@iab.net>, Brendan
> Riordan-Butterworth <Brendan@iab.net>, Marc Groman - NAI <
> mgroman@networkadvertising.org>, David Wainberg - NAI <
> david@networkadvertising.org>
> *Subject: *Re: f2f wrap up & next steps
> *Resent-From: *W3 Tracking <public-tracking@w3.org>
> *Resent-Date: *Wed, 27 Jun 2012 17:37:30 +0000****
>
>  ****
>
> Just to clarify, I have not provided any "legal advise" nor would I ever
> propose to do so; I'm not a lawyer or even a public policy expert, I'm a
> technologist. ****
>
>  ****
>
> I simply balanced the assertion (from Aleecia's message: "*I believe we
> will be far enough along for many potential early adopters to begin their
> work on implementations without risk of redoing major work*") that
> companies should proceed with implementing a specification that is not
> final, with reasonable questions and points to consider before doing so.
>  Considering all points is not only fair, it's a responsible business
> practice.****
>
>  ****
>
> I also have not proposed that companies should not contemplate testing.
>  Testing and actual implementation are two different things.****
>
>  ****
>
> Kind Regards,****
>
>  ****
>
> Chris****
>
>  ****
>
> Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group |
> Interactive Advertising Bureau - IAB | chris.mejia@iab.net |****
>
>  ****
>
> *From: *Lauren Gelman <gelman@blurryedge.com>
> *Date: *Wed, 27 Jun 2012 10:23:10 -0700
> *To: *Chris Mejia - IAB <chris.mejia@iab.net>
> *Cc: *Alan Chapell <achapell@chapellassociates.com>, "Aleecia M. McDonald
> - W3C WG Co-Chair" <aleecia@aleecia.com>, W3C DNT Working Group Mailing
> List <public-tracking@w3.org>, Mike Zaneis - IAB <mike@iab.net>, Brendan
> Riordan-Butterworth - IAB <brendan@iab.net>, Marc Groman - NAI <
> mgroman@networkadvertising.org>, David Wainberg - NAI <
> david@networkadvertising.org>
> *Subject: *Re: f2f wrap up & next steps****
>
>  ****
>
>  ****
>
> It is inappropriate to offer this kind of generalized legal advise on this
> list.  It is up to individual businesses to decide how they want to
> compete. It is these scare tactics that have made privacy policies
> ineffective and created the demand for DNT.  ****
>
>  ****
>
> It is perfectly plausible to write a disclosure on any topic that
> accurately informs a user of a company's policies and the costs/benefits
> involved and does not create unreasonable risk to the business.  I am
> available to provide references to people who are happy to work with
> companies who want to "do the right thing."****
>
>  ****
>
> And frankly, it is just insincere to criticize DNT because it has not been
> tested in large scale implementation and simultaneously warn companies not
> to attempt large scale implementations because DNT has not been finalized.
> ****
>
>  ****
>
> Lauren Gelman
> BlurryEdge Strategies
> 415-627-8512****
>
>  ****
>
> On Jun 27, 2012, at 9:57 AM, Chris Mejia wrote:****
>
>
>
>
> ****
>
> Well written Alan, thank you.  I'd like to further highlight one very
> important point you made below:****
>
>  ****
>
> *"Not to mention that any public representation that one is complying
> with DNT may subject a company to regulatory scrutiny."*****
>
>  ****
>
> Any company contemplating public committal to "honoring" DNT headers at
> this stage, before a specification has been agreed to, finalized and
> published, should carefully consider a few important points:****
>
>    - The DNT specification is not complete/final.  Finalization may be
>    many months away, and there is always a possibility that it is never
>    finalized (i.e. the spec creation *could* be abandoned pursuant to
>    intellectual property claims, for example).  Although we are all working to
>    a positive outcome, companies should consider ALL possible outcomes before
>    committing.****
>    - Committing your adherence publicly to a "moving target"
>    specification may bind/expose your company later to requirements that may
>    not be achievable once the specification is finalized.  In other words, why
>    would you commit to something when you don't know what that something will
>    be?  What if the technical requirements of the final spec are not
>    achievable, are cost prohibitive and/or not friendly to your business model
>    and thus your longevity as a company?  What if adherence to the final
>    specification means a significant drop in revenue for your company?****
>    - Be sure that at least here in the US, and possibly elsewhere,
>    regulatory authorities will likely exercise all their power to ensure that
>    you remain in compliance with the final specification, even though you may
>    have only committed to a preliminary version.  In bringing action against
>    your company, they may cite reasonable consumer expectations based on the
>    final specification and/or market confusion if you don't elect to comply
>    with the full specification later, having publicly committed to it
>    previously.****
>
> All in all, while it might seem like you are "doing the right thing" or
> "getting ahead of the game" by committing early to the unfinished
> specification, doing so may put your company at significant risk down the
> line.  Please make this decision carefully, and ensure you are well
> informed before committing.  The IAB, DAA, NAI and OPA are industry
> resources you may want to consult during your decision making process.
>  Again, we are all interested in protecting consumer privacy.****
>
>  ****
>
> Kind Regards,****
>
>  ****
>
> Chris Mejia, IAB****
>
>  ****
>
> Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group |
> Interactive Advertising Bureau - IAB | chris.mejia@iab.net |****
>
>  ****
>
>  ****
>
> *From: *Alan Chapell <achapell@chapellassociates.com>
> *Date: *Wed, 27 Jun 2012 11:34:35 -0400
> *To: *"Aleecia M. McDonald - W3C WG Co-Chair" <aleecia@aleecia.com>, W3C
> DNT Working Group Mailing List <public-tracking@w3.org>
> *Subject: *Re: f2f wrap up & next steps
> *Resent-From: *W3C DNT Working Group Mailing List <public-tracking@w3.org>
> *Resent-Date: *Wed, 27 Jun 2012 15:35:35 +0000****
>
>  ****
>
> Thanks Aleecia.****
>
>  ****
>
> I'm sure this wasn't your intent, but I'd caution the group against
> creating the impression that the marketplace should look to implement right
> now given that we haven't defined many of the key terms at this point.
> While it may make sense for some companies to expiriment and look through
> documentation as we create it, the reality is that many small to mid-sized
> companies may not have the resources to pour into understanding let along
> implementing a document where key terms are still in flux. Not to mention
> that any public representation that one is complying with DNT may subject a
> company to regulatory scrutiny.****
>
>  ****
>
> Also, I wanted to circle back regarding the group's charter. Thomas
> mentioned something about rechartering during the meeting, but I hadn't
> heard anything further. I'm wondering if this is an appropriate opportunity
> to re-evaluate what we're really trying to accomplish in this group ­ as
> there seemed to be a myriad of opinions raised to that effect in Bellevue.
> And to be clear, I'm not necessarily advocating specific changes to the
> charter. In any event, if the W3C is working under the assumption that
> rechartering should automatically take place without at least some group
> discussion, I would see that as problematic. I'm sure that's not the case.
> So, I'm simply asking if this will be on the July 11 agenda? I believe the
> charter expires in July, correct?****
>
>  ****
>
>  ****
>
> Cheers,****
>
>  ****
>
> Alan Chapell****
>
> Chapell & Associates****
>
>  ****
>
>  ****
>
>  ****
>
>  ****
>
>  ****
>
> On 6/25/12 11:17 PM, "Aleecia M. McDonald" <aleecia@aleecia.com> wrote:***
> *
>
>  ****
>
> Greetings,****
>
>  ****
>
> Thank you to the 60+ people who attended the Seattle meeting, many of whom
> flew great distances to make it. We walked in with two Compliance proposals
> that were far apart, with neither able to reach consensus in the form it
> was in. As a group we decided we needed to move the proposals closer to the
> center, and we did just that. We walked out with an overall direction that
> everyone can live with for permitted business uses, including proposed text
> for two of the five we discussed, and great new ideas. We can now see the
> outline what DNT will look like and where we need to go. We took up some of
> the most contentious remaining issues, on purpose, and we made solid
> progress on the hardest stuff. ****
>
>  ****
>
> I am particularly pleased with proposals that allow business uses to
> continue while improving privacy, by doing things a little differently with
> a low burden for implementation. That's a home run. That's exactly what we
> are looking for, the point where everyone can live with the outcome. That
> is the hope and promise for DNT, and what we are all working so hard to
> realize. We still have a lot to do. There are many details to fit into
> place, some of them quite important to some stakeholders. We will work
> through them. I was encouraged hearing people say, "This is not what I
> would choose, but I can live with it in order to move forward." Well done.
> That's how consensus happens. ****
>
>  ****
>
> On TPE, editors will incorporate decisions that came out of the final day,
> and then we will review the final text as a group to ensure all is as
> agreed. Similarly on Compliance, the editors will write a strawman proposal
> that incorporates text from four different documents (existing draft,
> proposed combination draft, proposal from Shane et al, proposal from
> Jonathan et al.) That strawman is already well in progress thanks to our
> talented editors. My hope is for a Compliance strawman draft by the week of
> July 2. As a group, we will then review all text that has not had consensus
> (that is, no need to re-review text that was already agreed upon in prior
> drafts, nor the text we agreed upon while Nick live-edited during the
> Seattle meeting.) We need to publish new drafts soon, since it has been
> several months since our last publications. We will evaluate the state of
> the drafts to see if we are ready to ask for input as a First Last Call
> document with major issues resolved, or if we are looking at a Third Public
> Working Draft. ****
>
>  ****
>
> Either way, I believe we will be far enough along for many potential early
> adopters to begin their work on implementations without risk of redoing
> major work, provided we are very clear about where work remains in flux. To
> do that well, as Ian points out, we will need at least one user agent
> developing a compliant implementation so we can test interoperability. We
> have already worked through about half of the issues on user agent
> compliance with one conference call and an hour in Seattle. We'll work
> through the rest in the fairly near term. After we review the strawman
> draft, if you are planning on doing an implementation soon and there are
> specific unresolved Compliance issues that would get in your way, I'm open
> to prioritizing them earlier. Just let me know so I can make informed
> scheduling trade offs.  ****
>
>  ****
>
> Our next face-to-face meeting will be in Europe, likely in mid- to late
> September. If you have a location that can handle about 70 people in that
> time frame for three days, please let us know the details. We have a
> generous standing offer to go back to Brussels, though we try to hold
> meetings in varied locations to distribute the travel burden. Once we know
> our options we will use an online Doodle poll to understand which
> possibilities allow the greatest number of TPWG members to attend, just as
> we have done for past meetings. ****
>
>  ****
>
> Coming soon...****
>
> - a new mailing list to receive external comments. By the time we get out
> of Last Call, we'll have a few of those, plus comments from implementations.
> ****
>
> - Rigo will begin to organize the first draft of the Global Considerations
> document, which will be non-normative. ****
>
>  ****
>
> To me, it felt like Seattle was the bumpiest f2f I've co-chaired. I am
> thrilled to have new voices and a greater breadth of stakeholders, but it
> is challenging with different levels of understanding of the work to date.
> Next time, perhaps we need a mandatory in person pre-meeting for anyone who
> has not attended a prior f2f. It's also hard to make progress with the
> sheer number of people. I didn't scale with the group size as well as I'd
> like. I have some ideas and will keep thinking about that. And I made it
> harder on all of us than it had to be because I started to get frustrated.
> We'd spent two months with radically different proposals and movement by
> inches when we needed yards. What I learned last week is to have more faith
> in the ability of the full group to get hard things done, and to trust the
> process. We're making progress, moving toward the middle, and as Ed points
> out, we can see where the final compromise needs to be. Let's make it
> happen. ****
>
>  ****
>
> Thank you again to Microsoft for the space, and for Facebook, Google, and
> Yahoo! for hosting financially and feeding us. A special warm thank you to
> JC for taking great care of us in his beautiful city of Seattle. If you
> scribed last week - thank you! If you didn't - be ready to do so an
> upcoming call. :-)****
>
>  ****
>
> Aleecia****
>
>  ****
>
>  ****
>
>  ****
>
>