- From: イアンフェッティ <ifette@google.com>
- Date: Wed, 27 Jun 2012 13:40:23 -0700
- To: Peter Cranstone <peter.cranstone@gmail.com>
- Cc: Mike Zaneis <mike@iab.net>, Chris Mejia <chris.mejia@iab.net>, Lauren Gelman <gelman@blurryedge.com>, Alan Chapell <achapell@chapellassociates.com>, "Aleecia M. McDonald - W3C WG Co-Chair" <aleecia@aleecia.com>, W3C DNT Working Group Mailing List <public-tracking@w3.org>, Brendan Riordan-Butterworth <Brendan@iab.net>, Marc Groman - NAI <mgroman@networkadvertising.org>, David Wainberg - NAI <david@networkadvertising.org>
- Message-ID: <CAF4kx8ey9JnrSa0N1FQpYUD6jyCEYXozKGt+UBxUbvDF7Ca+mQ@mail.gmail.com>
The spec speaks to a heck of a lot more than sending 1/0/unset. There's the mechanism for requesting exceptions, there's response codes from the server. Saying "you send 0/1 from the browser and you're done" is disingenuous. On Wed, Jun 27, 2012 at 11:59 AM, Peter Cranstone <peter.cranstone@gmail.com > wrote: > Mike, > > The spec talks to sending 1, 0 and unset. Nothing has changed there for > months and months. All major browsers (except one) currently support it. > > So what has changed? Why don't you tell us, and then explain why we cannot > yet begin to implement it? It's very convenient to say that a spec is a > "moving target" and yet nobody explains what the moving target is or why it > keeps moving. > > Why don't we start with a real list of what remains to be done to complete > the implementation of the spec. From Aleecia's list the other day ( > http://www.w3.org/2011/tracking-protection/) we're a few days away from > last call. Ignoring the missing (or maybe not) Call for Implementation > we're one month a way from a "Call for Review". > > So – in summary we're roughly 45 days away from shipping this spec out the > door and about 120 days from a final recommendation. Exactly how far off > can this spec be? > > Where's the final to do list – absent that all I see is delaying tactics. > > > Peter > ___________________________________ > Peter J. Cranstone > 720.663.1752 > > > From: Mike Zaneis <mike@iab.net> > Date: Wednesday, June 27, 2012 12:19 PM > > To: Peter Cranstone <peter.cranstone@gmail.com>, Chris Mejia < > chris.mejia@iab.net>, Lauren Gelman <gelman@blurryedge.com> > Cc: Alan Chapell <achapell@chapellassociates.com>, "Aleecia M. McDonald - > W3C WG Co-Chair" <aleecia@aleecia.com>, W3 Tracking < > public-tracking@w3.org>, Brendan Riordan-Butterworth <Brendan@iab.net>, > Marc Groman - NAI <mgroman@networkadvertising.org>, David Wainberg - NAI < > david@networkadvertising.org> > Subject: RE: f2f wrap up & next steps > > Peter, **** > > ** ** > > You are right, you can implement the “current state of the spec”. > However, that spec is changing. The technological implementation in that > spec is changing, per our hours of discussion last week. I’m sorry you > missed the meeting last week, but you should not misrepresent the facts > just because you are not aware of them or choose to ignore them. **** > > ** ** > > Mike Zaneis**** > > SVP & General Counsel**** > > Interactive Advertising Bureau**** > > (202) 253-1466**** > > ** ** > > Follow me on Twitter @mikezaneis**** > > ** ** > > ** ** > > *From:* Peter Cranstone [mailto:peter.cranstone@gmail.com<peter.cranstone@gmail.com>] > > *Sent:* Wednesday, June 27, 2012 2:16 PM > *To:* Mike Zaneis; Chris Mejia; Lauren Gelman > *Cc:* Alan Chapell; Aleecia M. McDonald - W3C WG Co-Chair; W3C DNT > Working Group Mailing List; Brendan Riordan-Butterworth; Marc Groman - NAI; > David Wainberg - NAI > *Subject:* Re: f2f wrap up & next steps**** > > ** ** > > I disagree. You can implement the current state of the spec this > afternoon. The W3 could not have made this spec any simpler than a 1, 0 or > unset (and those headers haven't changed forever). There can only be three > values to look for. That's the no brainer part. **** > > ** ** > > What you cannot know is the legal (policy) ramifications are from not > complying correctly with what you just implemented.**** > > ** ** > > For example – I look for a header, I see the header, I comply with the > header – what happens next if someone wants to audit what I just did? What > happens if somehow my code has bugs in it and instead of complying with a 1 > header I inadvertently send a 0 to all the third parties and violate > someone's privacy. What kind of legal costs could I incur from not being > perfectly compliant? **** > > ** ** > > Tech has never been the issue on this spec – because it's so simple. It's > just been used as an excuse to delay adding privacy controls for a consumer > which they may or may not "choose" to use. It's now becoming a > marketing/legal problem.**** > > ** ** > > > Peter > ___________________________________ > Peter J. Cranstone > 720.663.1752**** > > ** ** > > *From: *Mike Zaneis <mike@iab.net> > *Date: *Wednesday, June 27, 2012 12:07 PM > *To: *Peter Cranstone <peter.cranstone@gmail.com>, Chris Mejia < > chris.mejia@iab.net>, Lauren Gelman <gelman@blurryedge.com> > *Cc: *Alan Chapell <achapell@chapellassociates.com>, "Aleecia M. McDonald > - W3C WG Co-Chair" <aleecia@aleecia.com>, W3 Tracking < > public-tracking@w3.org>, Brendan Riordan-Butterworth <Brendan@iab.net>, > Marc Groman - NAI <mgroman@networkadvertising.org>, David Wainberg - NAI < > david@networkadvertising.org> > *Subject: *RE: f2f wrap up & next steps**** > > ** ** > > I don’t think we need to get into a protracted debate about this issue. > There is no W3C spec at this time, either a technical spec or a compliance > spec. These documents change on a weekly basis and will continue to do so > until they are completed. If a company wants to commit publically to > following a document that is in a constant state of flux, that is their > choice and the IAB will not try to dissuade them from doing so. However, > we will educate our members about the actual state of play with the W3C > documents, especially when there is messaging that indicates the technical > spec is complete and simple to implement, neither of which is true (by > definition it cannot be simple to implement a spec that is always subject > to change).**** > > **** > > In any case, the IAB does not provide legal advice and no messaging done > in this group should be construed as such.**** > > **** > > Mike Zaneis**** > > SVP & General Counsel**** > > Interactive Advertising Bureau**** > > (202) 253-1466**** > > **** > > Follow me on Twitter @mikezaneis**** > > **** > > **** > > *From:* Peter Cranstone [mailto:peter.cranstone@gmail.com<peter.cranstone@gmail.com>] > > *Sent:* Wednesday, June 27, 2012 1:45 PM > *To:* Chris Mejia; Lauren Gelman > *Cc:* Alan Chapell; Aleecia M. McDonald - W3C WG Co-Chair; W3C DNT > Working Group Mailing List; Mike Zaneis; Brendan Riordan-Butterworth; Marc > Groman - NAI; David Wainberg - NAI > *Subject:* Re: f2f wrap up & next steps**** > > **** > > Here's the technology part of the spec.**** > > **** > > Browser sends DNT:1**** > > Server accepts DNT: 1 (reads incoming header)**** > > Server sets a flag on the data for storage compliance reasons**** > > **** > > Technology issues are now over. It would just take few lines of code to > read that incoming header (Mod_DNT<http://www.5o9mm.com/mod_dnt_test_1.php>already does it, you can seen instantly if the header is present. Probably > took us an hour.) Everything that happens from that point on (costs, loss > or gain in revenue, compliance etc.) is now governed by policy. **** > > **** > > That's where things are going to get complicated regardless of how DNT is > implemented from a technology standpoint.**** > > **** > > > Peter > ___________________________________ > Peter J. Cranstone > 720.663.1752**** > > **** > > *From: *Chris Mejia <chris.mejia@iab.net> > *Date: *Wednesday, June 27, 2012 11:36 AM > *To: *Lauren Gelman <gelman@blurryedge.com> > *Cc: *Alan Chapell <achapell@chapellassociates.com>, "Aleecia M. McDonald > - W3C WG Co-Chair" <aleecia@aleecia.com>, W3 Tracking < > public-tracking@w3.org>, Mike Zaneis <mike@iab.net>, Brendan > Riordan-Butterworth <Brendan@iab.net>, Marc Groman - NAI < > mgroman@networkadvertising.org>, David Wainberg - NAI < > david@networkadvertising.org> > *Subject: *Re: f2f wrap up & next steps > *Resent-From: *W3 Tracking <public-tracking@w3.org> > *Resent-Date: *Wed, 27 Jun 2012 17:37:30 +0000**** > > **** > > Just to clarify, I have not provided any "legal advise" nor would I ever > propose to do so; I'm not a lawyer or even a public policy expert, I'm a > technologist. **** > > **** > > I simply balanced the assertion (from Aleecia's message: "*I believe we > will be far enough along for many potential early adopters to begin their > work on implementations without risk of redoing major work*") that > companies should proceed with implementing a specification that is not > final, with reasonable questions and points to consider before doing so. > Considering all points is not only fair, it's a responsible business > practice.**** > > **** > > I also have not proposed that companies should not contemplate testing. > Testing and actual implementation are two different things.**** > > **** > > Kind Regards,**** > > **** > > Chris**** > > **** > > Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group | > Interactive Advertising Bureau - IAB | chris.mejia@iab.net |**** > > **** > > *From: *Lauren Gelman <gelman@blurryedge.com> > *Date: *Wed, 27 Jun 2012 10:23:10 -0700 > *To: *Chris Mejia - IAB <chris.mejia@iab.net> > *Cc: *Alan Chapell <achapell@chapellassociates.com>, "Aleecia M. McDonald > - W3C WG Co-Chair" <aleecia@aleecia.com>, W3C DNT Working Group Mailing > List <public-tracking@w3.org>, Mike Zaneis - IAB <mike@iab.net>, Brendan > Riordan-Butterworth - IAB <brendan@iab.net>, Marc Groman - NAI < > mgroman@networkadvertising.org>, David Wainberg - NAI < > david@networkadvertising.org> > *Subject: *Re: f2f wrap up & next steps**** > > **** > > **** > > It is inappropriate to offer this kind of generalized legal advise on this > list. It is up to individual businesses to decide how they want to > compete. It is these scare tactics that have made privacy policies > ineffective and created the demand for DNT. **** > > **** > > It is perfectly plausible to write a disclosure on any topic that > accurately informs a user of a company's policies and the costs/benefits > involved and does not create unreasonable risk to the business. I am > available to provide references to people who are happy to work with > companies who want to "do the right thing."**** > > **** > > And frankly, it is just insincere to criticize DNT because it has not been > tested in large scale implementation and simultaneously warn companies not > to attempt large scale implementations because DNT has not been finalized. > **** > > **** > > Lauren Gelman > BlurryEdge Strategies > 415-627-8512**** > > **** > > On Jun 27, 2012, at 9:57 AM, Chris Mejia wrote:**** > > > > > **** > > Well written Alan, thank you. I'd like to further highlight one very > important point you made below:**** > > **** > > *"Not to mention that any public representation that one is complying > with DNT may subject a company to regulatory scrutiny."***** > > **** > > Any company contemplating public committal to "honoring" DNT headers at > this stage, before a specification has been agreed to, finalized and > published, should carefully consider a few important points:**** > > - The DNT specification is not complete/final. Finalization may be > many months away, and there is always a possibility that it is never > finalized (i.e. the spec creation *could* be abandoned pursuant to > intellectual property claims, for example). Although we are all working to > a positive outcome, companies should consider ALL possible outcomes before > committing.**** > - Committing your adherence publicly to a "moving target" > specification may bind/expose your company later to requirements that may > not be achievable once the specification is finalized. In other words, why > would you commit to something when you don't know what that something will > be? What if the technical requirements of the final spec are not > achievable, are cost prohibitive and/or not friendly to your business model > and thus your longevity as a company? What if adherence to the final > specification means a significant drop in revenue for your company?**** > - Be sure that at least here in the US, and possibly elsewhere, > regulatory authorities will likely exercise all their power to ensure that > you remain in compliance with the final specification, even though you may > have only committed to a preliminary version. In bringing action against > your company, they may cite reasonable consumer expectations based on the > final specification and/or market confusion if you don't elect to comply > with the full specification later, having publicly committed to it > previously.**** > > All in all, while it might seem like you are "doing the right thing" or > "getting ahead of the game" by committing early to the unfinished > specification, doing so may put your company at significant risk down the > line. Please make this decision carefully, and ensure you are well > informed before committing. The IAB, DAA, NAI and OPA are industry > resources you may want to consult during your decision making process. > Again, we are all interested in protecting consumer privacy.**** > > **** > > Kind Regards,**** > > **** > > Chris Mejia, IAB**** > > **** > > Chris Mejia | Digital Supply Chain Solutions | Ad Technology Group | > Interactive Advertising Bureau - IAB | chris.mejia@iab.net |**** > > **** > > **** > > *From: *Alan Chapell <achapell@chapellassociates.com> > *Date: *Wed, 27 Jun 2012 11:34:35 -0400 > *To: *"Aleecia M. McDonald - W3C WG Co-Chair" <aleecia@aleecia.com>, W3C > DNT Working Group Mailing List <public-tracking@w3.org> > *Subject: *Re: f2f wrap up & next steps > *Resent-From: *W3C DNT Working Group Mailing List <public-tracking@w3.org> > *Resent-Date: *Wed, 27 Jun 2012 15:35:35 +0000**** > > **** > > Thanks Aleecia.**** > > **** > > I'm sure this wasn't your intent, but I'd caution the group against > creating the impression that the marketplace should look to implement right > now given that we haven't defined many of the key terms at this point. > While it may make sense for some companies to expiriment and look through > documentation as we create it, the reality is that many small to mid-sized > companies may not have the resources to pour into understanding let along > implementing a document where key terms are still in flux. Not to mention > that any public representation that one is complying with DNT may subject a > company to regulatory scrutiny.**** > > **** > > Also, I wanted to circle back regarding the group's charter. Thomas > mentioned something about rechartering during the meeting, but I hadn't > heard anything further. I'm wondering if this is an appropriate opportunity > to re-evaluate what we're really trying to accomplish in this group as > there seemed to be a myriad of opinions raised to that effect in Bellevue. > And to be clear, I'm not necessarily advocating specific changes to the > charter. In any event, if the W3C is working under the assumption that > rechartering should automatically take place without at least some group > discussion, I would see that as problematic. I'm sure that's not the case. > So, I'm simply asking if this will be on the July 11 agenda? I believe the > charter expires in July, correct?**** > > **** > > **** > > Cheers,**** > > **** > > Alan Chapell**** > > Chapell & Associates**** > > **** > > **** > > **** > > **** > > **** > > On 6/25/12 11:17 PM, "Aleecia M. McDonald" <aleecia@aleecia.com> wrote:*** > * > > **** > > Greetings,**** > > **** > > Thank you to the 60+ people who attended the Seattle meeting, many of whom > flew great distances to make it. We walked in with two Compliance proposals > that were far apart, with neither able to reach consensus in the form it > was in. As a group we decided we needed to move the proposals closer to the > center, and we did just that. We walked out with an overall direction that > everyone can live with for permitted business uses, including proposed text > for two of the five we discussed, and great new ideas. We can now see the > outline what DNT will look like and where we need to go. We took up some of > the most contentious remaining issues, on purpose, and we made solid > progress on the hardest stuff. **** > > **** > > I am particularly pleased with proposals that allow business uses to > continue while improving privacy, by doing things a little differently with > a low burden for implementation. That's a home run. That's exactly what we > are looking for, the point where everyone can live with the outcome. That > is the hope and promise for DNT, and what we are all working so hard to > realize. We still have a lot to do. There are many details to fit into > place, some of them quite important to some stakeholders. We will work > through them. I was encouraged hearing people say, "This is not what I > would choose, but I can live with it in order to move forward." Well done. > That's how consensus happens. **** > > **** > > On TPE, editors will incorporate decisions that came out of the final day, > and then we will review the final text as a group to ensure all is as > agreed. Similarly on Compliance, the editors will write a strawman proposal > that incorporates text from four different documents (existing draft, > proposed combination draft, proposal from Shane et al, proposal from > Jonathan et al.) That strawman is already well in progress thanks to our > talented editors. My hope is for a Compliance strawman draft by the week of > July 2. As a group, we will then review all text that has not had consensus > (that is, no need to re-review text that was already agreed upon in prior > drafts, nor the text we agreed upon while Nick live-edited during the > Seattle meeting.) We need to publish new drafts soon, since it has been > several months since our last publications. We will evaluate the state of > the drafts to see if we are ready to ask for input as a First Last Call > document with major issues resolved, or if we are looking at a Third Public > Working Draft. **** > > **** > > Either way, I believe we will be far enough along for many potential early > adopters to begin their work on implementations without risk of redoing > major work, provided we are very clear about where work remains in flux. To > do that well, as Ian points out, we will need at least one user agent > developing a compliant implementation so we can test interoperability. We > have already worked through about half of the issues on user agent > compliance with one conference call and an hour in Seattle. We'll work > through the rest in the fairly near term. After we review the strawman > draft, if you are planning on doing an implementation soon and there are > specific unresolved Compliance issues that would get in your way, I'm open > to prioritizing them earlier. Just let me know so I can make informed > scheduling trade offs. **** > > **** > > Our next face-to-face meeting will be in Europe, likely in mid- to late > September. If you have a location that can handle about 70 people in that > time frame for three days, please let us know the details. We have a > generous standing offer to go back to Brussels, though we try to hold > meetings in varied locations to distribute the travel burden. Once we know > our options we will use an online Doodle poll to understand which > possibilities allow the greatest number of TPWG members to attend, just as > we have done for past meetings. **** > > **** > > Coming soon...**** > > - a new mailing list to receive external comments. By the time we get out > of Last Call, we'll have a few of those, plus comments from implementations. > **** > > - Rigo will begin to organize the first draft of the Global Considerations > document, which will be non-normative. **** > > **** > > To me, it felt like Seattle was the bumpiest f2f I've co-chaired. I am > thrilled to have new voices and a greater breadth of stakeholders, but it > is challenging with different levels of understanding of the work to date. > Next time, perhaps we need a mandatory in person pre-meeting for anyone who > has not attended a prior f2f. It's also hard to make progress with the > sheer number of people. I didn't scale with the group size as well as I'd > like. I have some ideas and will keep thinking about that. And I made it > harder on all of us than it had to be because I started to get frustrated. > We'd spent two months with radically different proposals and movement by > inches when we needed yards. What I learned last week is to have more faith > in the ability of the full group to get hard things done, and to trust the > process. We're making progress, moving toward the middle, and as Ed points > out, we can see where the final compromise needs to be. Let's make it > happen. **** > > **** > > Thank you again to Microsoft for the space, and for Facebook, Google, and > Yahoo! for hosting financially and feeding us. A special warm thank you to > JC for taking great care of us in his beautiful city of Seattle. If you > scribed last week - thank you! If you didn't - be ready to do so an > upcoming call. :-)**** > > **** > > Aleecia**** > > **** > > **** > > **** > >
Received on Wednesday, 27 June 2012 20:40:56 UTC