Re: Initial Work Plan on Change Proposals, including for next Wednesday from Dan Auerbach on 2013-06-29 (public-tracking@w3.org from June 2013)

From: Dan Auerbach <dan@eff.org>
Date: Fri, 28 Jun 2013 20:14:08 -0700
To: public-tracking@w3.org
Message-ID: <51CE5100.8090204@eff.org>
Hi Peter and everyone,

I'm unfortunately on vacation next week and won't be available for this
call. I have given a lot of thought and energy to the de-identification
and unique id issues, so would like the opportunity to further discuss
the following week once I'm back before any decisions are made. I will
catch up with the minutes. I'd love to get to agreement on these issues,
but they are tough and important, so we need to proceed carefully.

Below are some quick comments addressing some of your questions:

On 06/28/2013 02:56 PM, Peter Swire wrote:
>
> To the Working Group:
>
>  
>
>             W3C staff and I express appreciation for the hard and
> high-quality work that so many of you have put into submitting change
> proposals to the June Draft.  This email alerts you to the initial
> work plan, for the coming week.  We wanted to give you this
> information as soon as possible, and plan to circulate as soon as we
> can a more complete work plan through the end of July.
>
>  
>
>             For the call on Wednesday, July 3, we once again may go
> for up to 120 minutes if ittakes that long to complete the agenda.  We
> will attempt to keep the call to the usual 90 minutes if we can.  This
> email sets forth the current plan for the Wednesday call.
>
>  
>
>             _De-identification._      
>
>  
>
>             Perhaps not surprisingly in light of all the work done on
> the issue, the first topic will be to examine and discuss the multiple
> proposals on de-identification, as well as other provisions relating
> to identification.
>
>  
>
>             For this discussion, and comments on the list before
> Wednesday, we will address the change proposals, alphabetically from:
> Dan Auerbach, Rob van Eijk, Roy Fielding, and Thomas Schauf, as well
> as the DAA group.
>
>  
>
>             For the discussion, and comments prior to Wednesday, it
> would be helpful to comment on issues including: (1) how to choose
> between two- and three-stage proposals;
>

I think the 2 stage proposal is simpler. If we move to a 3 stage
proposal, the onus is on those advocating for this to (1) properly
define the yellow stage, and (2) prove that it is useful to the group to
have 3 stages.

Regarding (1), I do not think it has been sufficiently defined. For
example, what is a "suspect query string" in a URL? What are operational
controls? What granularity is the geo information that supplants IP
address? What rigorously defined properties does a yellow stage possess
with respect to risk towards privacy that a red stage lacks? These are
hard questions, and I'm not sure we will be able to answer them
rigorously enough.

Regarding (2), I don't think adding a stage has reduced our
disagreement, but rather just shifted it. Whereas in the two stage
process, we disagreed about the definition of de-identification and how
it would apply to non-normative examples, with a three stage process, we
now disagree with how much value the yellow stage has. Modulo
definitional issues, I'm comfortable with a yellow stage as stated,
provided it is used in an incredibly limited way and things move very
quickly to green. I suspect that Shane disagrees with this, and thinks
there is a lot of value in yellow. Given that we've just shifted
disagreement, I'm not sure it's really a step forward.

Also as a matter of politeness, since we agreed in Sunnyvale that we
would come up with a new name for "yellow" given that both
"de-identified" and "pseudonymous" were too contentious, I'd appreciate
it if we could avoid using the latter two terms when talking about the 3
state proposal. Let's just use the placeholder "yellow" until we agree
on what the state should be called.

> (2) the pros and cons of the DAA proposed changed language, compared
> to the longstanding focus on language similar to the FTC’s three-part
> test; (3) clarifying any similarities and differences between Rob’s
> approach and the other two; and (4) how to think about the use of
> non-normative text here inaddition to normative text.
>
On (4), I very much agree with Adrian's comment on a call that if we
can't begin to see close to eye to eye with respect to non-normative
examples, it would be unwise to fool ourselves into thinking we have
agreement. We have a concrete use case that is in contention that
doesn't strike me as an edge case: a browsing history tied together by
unique identifiers that stretches over a long time span, and has some
fields altered, for example IP->Geo. Is this de-identified or not? If we
can't answer that question, we don't have a good idea of what we are
trying to define by the term.

>  
>
>              _Identification and Unique Identifiers._
>
>  
>
>             Another issue on identification and de-identification
> concerns the June Draft text  that “Third parties MUST NOT rely on
> unique identifiers for users or devices if alternative solutions are
> reasonably available.”
>
>  
>
>             Amy Colando proposed a change to add “technically
> feasible” after “reasonably available.”
>
>  
>
>             The DAA group proposed deleting this provision entirely.
>
>  
>
>             For this discussion, it would be helpful to have comments
> and discussion on issues including: (1) the clarity (or lack thereof)
> of “reasonably available” and “technically feasible”; (2) evidence
> that such alternatives are available today or may soon be available;
> and (3) reasons for or against shifting to alternatives if they become
> “reasonably available” and/or “technically feasible.”
>
My biggest problem with this language is the lack of clarity regarding
"technically feasible" and "reasonably available", and it's puzzling
since no-unique-id solutions exist today. After discussion with various
people, I don't think that it's too high a bar to forego the use of
unique ids for DNT:1 users, except in one-off situations. For example,
large successful ad companies have existed which do not use unique ids.
I have yet to hear a compelling need, but for web companies that may
have one that hasn't been raised in this working group, they are free to
not implement this voluntary tracking standard.

>  
>
>              _The DAA Group proposal._
>
>  
>
>             After these discussions, the DAA group is invited to
> explain to the group its overall proposal for a path forward to Last
> Call.  As I understand it, the DAA group has presented an integrated,
> overall proposal, where it would support what essentially is a package
> of proposed changes to the June Draft. 
>
>  
>
>             With a presentation of this integrated package, the group
> can ask questions to clarify the multiple proposed changes, and begin
> a process of identifying areas where others in the group may agree to
> the proposal, or an amended version of theproposal, or else articulate
> reasons why they would not join a consensus on the proposal.
>
>  
>
>             In terms of work leading up to Wednesday’s call, please
> make proposed language changes directly to the wikis, while explaining
> the rationale for changes to the full list.
>
>  
>
>             Thank you, and information on other next steps will
> follow.  (I note, however, that I likely will have limited
> connectivity this weekend.)
>
>  
>
>             Peter
>
>
> P.S. Please feel free to be working on the other change issues as
> well, as a way to move forward as effectively as possible.  The point
> of this email is to highlight the group work in the coming days.
>
>  
>
>  
>
>  
>
>
>
> Prof. Peter P. Swire
> C. William O'Neill Professor of Law
> Ohio State University
> 240.994.4142
> www.peterswire.net
>
> Beginning August 2013:
> Nancy J. and Lawrence P. Huang Professor
> Law and Ethics Program
> Scheller College of Business
> Georgia Institute of Technology
>
Received on Saturday, 29 June 2013 03:14:38 UTC