- From: Dan Auerbach <dan@eff.org>
- Date: Wed, 12 Jun 2013 12:33:25 -0700
- To: Chris Mejia <chris.mejia@iab.net>
- CC: W3C DNT Working Group Mailing List <public-tracking@w3.org>, David Wainberg - AppNexus <david@appnexus.com>, Mike Zaneis <mike@iab.net>, Marc Groman - NAI <mgroman@networkadvertising.org>, Lou Mastria - DAA <lou@aboutads.info>, "Nicholas \"Nick\" Doty - W3C" <npdoty@w3.org>, Peter Swire - W3C TPWG Co-Chair <peter@peterswire.net>
- Message-ID: <51B8CD05.1070305@eff.org>
We largely agree but Chris's text was not agreed to be the version we sent out. But here's my version, which I think is more precise, appropriately tailored, and less verbose: /6.2.2.6 Detection and Prevention //of Malicious or Invalid Activity// // //Information may be collected, retained and used to the extent reasonably necessary for detecting and preventing //malicious or invalid //activity. Information related to malicious or invalid activity may furthermore be retained if necessary for particular civil actions being pursued, or for particular criminal investigations that are in process. ///This// information may be used to alter the user's experience in order to reasonably keep a service secure //or prevent//malicious or invalid activity./ The term "malicious or invalid activity"//means: (a) //invalid Web traffic (for instance bot activity generating impressions or clicks), (b) bogus, malicious or automated sign ups or form submissions, (c) attacks intended to disrupt the availability of a service, (d) malicious intrusions into corporate networks, (e) fraud prevention, ///or (f) abuse of a service in a way that harms the integrity or security of a service or the security of the users of a service.// On 06/12/2013 09:17 AM, Chris Mejia wrote: > David Wainberg, Dan Auerbach and I worked on this draft text. I'm > submitting it now for consideration by the wider group, as there were > only small gaps between Dan and our text proposals. > */ > /* > */--/* > */ > /* > */ > > 6.2.2.6 Detection, Prevention or Prosecution of > Malicious, Nefarious or Invalid Activity > > > > Data may be collected, retained and used to the extent reasonably > necessary for detecting and/or > preventing malicious, nefarious or disingenuous activity. Additionally, data related > to malicious, nefarious or disingenuous activity may be > retained when reasonably necessary to support civil or criminal > prosecution of parties that conduct, support or perpetuate > malicious, nefarious or disingenuous activity. This data may also be > used to alter the user's experience in order to preserve or bolster > the security of a site/service/user(s), or to prevent malicious, > nefarious or disingenuous activity. > > > > The term "malicious, nefarious or disingenuous activity" means: > > (a) disingenuous Web traffic/server > requests (for example: non-human activity generating bogus server > requests, ad-impressions or clicks); > > (b) bogus, malicious, automated or non-human Web-form submissions; > > (c) attacks intended to disrupt a site, service or user experience; > > (d) malicious or nefarious intrusions, or attempts to > intrude into private or corporate networks; > > (e) fraudulent activity, including any activity that's purpose is > to defraud a site, service or users of a site or service; > > (f) any activity that's reasonably determined to abuse, or > attempts to abuse a site/service/user in any way. > > > > /*
Received on Wednesday, 12 June 2013 19:34:00 UTC