FW: clarifying distinctions on ISSUE-24 (security/fraud)

>A lot of people assume that DNT is only going to affect advertising.
>While that is certainly where the money has been talking, my
>concerns are about third party subrequests in general, including
>the use of shared UI frameworks at well-known locations (e.g.,
>common URIs for CSS or jQuery that are shared by many sites to
>reduce average initial latency) and the use of security services
>that do not qualify as service providers because they use patterns
>derived from data sent to multiple unaffiliated sites.
>The extent of what is reasonably necessary tracking for the
>permitted use of security is going to vary depending on what
>service is being protected and what attacks are encountered,
>which in turn will vary over time.  I don't think it is useful
>for the WG to claim that can be further limited by DNT.

Following up on Roy's comment:

For "third party subrequests in general", how much could an overall
short-term collection provision in DNT take care of those requests?

The June Draft allows "short-term, transient collection and use of data."
The Short Term change proposal page has several approaches, including a
two-week limit or David Singer's permitted use.

I'm trying to understand this issue better, but combining the security
language with the short-term language, it would seem:

(1) Data gets collected under the short term rules, helping with "third
party sub requests in general".
(2) Data relevant to the security permitted use would then be governed by
the permitted use rules.

Thank you for helping others and me understand this better.


Prof. Peter P. Swire
C. William O'Neill Professor of Law
	Ohio State University

Beginning August 2013:
Nancy J. and Lawrence P. Huang Professor
Law and Ethics Program
Scheller College of Business
Georgia Institute of Technology


Received on Wednesday, 17 July 2013 13:06:59 UTC