- From: Lauren Gelman <gelman@blurryedge.com>
- Date: Wed, 17 Oct 2012 14:11:46 -0700
- To: Berin Szoka <bszoka@techfreedom.org>
- Cc: David Wainberg <david@networkadvertising.org>, "public-tracking@w3.org" <public-tracking@w3.org>
- Message-Id: <F57DC9AF-DB42-4E84-B0CB-28F457E12047@blurryedge.com>
Sorry I missed the call. Of course it would be much easier if you made all these Shoulds--Musts and I strongly support that if there if David and Shane are on-board. However I had thought that for the past year I have followed this Shane was the one who wanted to change all the musts--> shoulds in order to "get more companies to sign on." Which creates grey areas, which, like everything else in life as well as regulations, makes things murkier. But I think there is no more business risk in compliance with this than any other thing that lawyers advise clients on every day. Every single day I have companies ask me if they can do X and we look at law Y and figure it out. Frequently, I ask other lawyers what they are doing or attend conferences about it and thus develops a framework for what is "reasonable" (There was, in fact, even briefly a subgroup of this group that was working on compliance. ) Some companies are more risk averse, some willing to take risks. You will NEVER write that out of any legislation that is not going to become obsolete in 5 minutes. So I think, assuming in good faith that this is part of the discussion to move the process forward, you can assume that the lawyers and tech teams that want to "Go DNT:1" will muddle through and figure it out. Just write the spec that makes the most sense. Lauren Gelman BlurryEdge Strategies 415-627-8512 On Oct 17, 2012, at 1:38 PM, Berin Szoka wrote: > Well said, David. I didn't want to press the point on the call today (over the jeers of those on IRC who thought this was clear), but I was going to say something similar. > > No lawyer would ever have written these definitions—or at least, would assume that they suffice in a context as contentious as this one. Like David, I understand the words here, but not how they will actually be applied in the real world. The definition seems to put the burden on the party choosing not to do what "should" be done to explain its decision, but that's it. Is the party supposed to document its "understanding" of the "full implications" of its decision, and how it has "carefully weighed" the "different course" chosen? Who will judge that decision? Under what standard? > > The point David, Shane and I have been trying to make is that, without further clarification on these rather important questions, the highly contentious policy issues governed (yes, governed) by every aspect of our spec that uses the word "should" will tend to be resolved by lawyers advising their clients that this issue is awfully murky, involving significant litigation and political risks and the client should simply read "should" as "must." > > I'd love to hear from the other lawyers in this working group on this point. Counselors? > > On Wed, Oct 17, 2012 at 4:10 PM, David Wainberg <david@networkadvertising.org> wrote: > Hi all, > > From our call today, it seemed as if we are agreed that SHOULD=MUST. If that's the case, let's replace all the SHOULDs with MUSTs in order to avoid ambiguity. Otherwise, if we use both, the intent is ambiguous and implementers will be confused and sad. > > If it is not the case that we view them as equivalent, then as Berin suggested, we must get clear on what is our intent when using a SHOULD instead of a MUST. Despite the emphatic statements on the call today that it's perfectly clear, it is not so. > > From http://www.ietf.org/rfc/rfc2119.txt, these are the definitions of MUST and SHOULD: > > MUST This word, or the terms "REQUIRED" or "SHALL", mean that the > definition is an absolute requirement of the specification. > > SHOULD This word, or the adjective "RECOMMENDED", mean that there > may exist valid reasons in particular circumstances to ignore a > particular item, but the full implications must be understood and > carefully weighed before choosing a different course. > > > There is obviously quite a difference between these two. I understand how the difference makes sense in a technical specification. However, for lawyers who will be interpreting the compliance specification, this is guaranteed heartache. What are "valid reasons in particular circumstances to ignore" part of the compliance specification? Contractual requirements? Cost? Breaks our business model? Don't feel like it? Does this translate to a reasonableness standard? In other words, does it mean that for a SHOULD requirement, an implementer must do it if it is reasonable to do so, but may ignore it otherwise? Does that not apply to the whole standard? Or do we mean that MUSTs must be done whether reasonable or not? If something in the spec is unreasonable, then why is it in the spec? > > Best, > > David > > > > > > > > -- > Berin Szoka | President, TechFreedom | @TechFreedom > bszoka@techfreedom.org | @BerinSzoka >
Received on Wednesday, 17 October 2012 21:12:17 UTC