RE: Issue 24 - Consensus

Carl,

I've historically shared our concerns with the heavy focus on graduated responses when we've repeatedly demonstrated how, for the vast majority of security scenarios, this won't be possible.  It creates a strange optic that so much weight of the language is committed to "graduated response" when in reality this concept will likely be applied to a very small percentage of traffic.  If anything, the graduation more likely works in reverse from a data minimization perspective in that more data is collected up front for security purposes and as its discovered the traffic is not suspect it is removed more quickly.

I would respectfully request the second paragraph be dropped and we stick with the initial paragraph only as this covers the issue completely, mentions "graduated response" but doesn't over-emphasis that perspective.

"Regardless of the tracking preference expressed, data MAY be collected, retained, and used to the extent reasonably necessary to  detect security incidents, protect the service against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for such activity, provided that such data is not used for operational behavior (profiling or personalization) beyond what is reasonably necessary to protect the service or institute a graduated response."

Thank you,
Shane

From: Carl Cargill [mailto:cargill@adobe.com]
Sent: Tuesday, October 22, 2013 6:41 PM
To: public-tracking@w3.org (public-tracking@w3.org)
Subject: Issue 24 - Consensus


All -

On the teleconference on October 9th we found consensus on a change proposal for issue-24 related to security and fraud prevention, including acceptance from the authors of the other change proposals on that topic.

http://www.w3.org/wiki/Privacy/TPWG/Change_Proposal_Security#Proposal_.282.29:_Add_retention_for_prosecution.2C_but_exclude_from_operational_use
https://www.w3.org/2011/tracking-protection/track/issues/24

Change proposal includes the following replacement text:

> Regardless of the tracking preference expressed, data MAY be collected, retained, and used to the extent reasonably necessary to  detect security incidents, protect the service against malicious, deceptive, fraudulent, or illegal activity, and prosecute those responsible for such activity, provided that such data is not used for operational behavior (profiling or personalization) beyond what is reasonably necessary to protect the service or institute a graduated response.
>
> When feasible, a graduated response to a detected security incident is preferred over widespread data collection. An example would be recording all use from a given IP address range, regardless of DNT signal, if the party believes it is seeing a coordinated attack on its service (such as click fraud) from that IP address range. Similarly, if an attack shared some other identifiable fingerprint, such as a combination of User Agent and other protocol information, the party could retain logs on all transactions matching that fingerprint until it can be determined that they are not associated with such an attack or such retention is no longer necessary to support prosecution.

Editors, please update the document with this proposal. The issue is marked pending review and we plan to close the issue in two weeks (November 5th).

Sincerely,


Carl

Carl Cargill
Principal Scientist, Standards
Adobe Systems
Cargill@adobe.com<mailto:Cargill@adobe.com>
Office: +1 541 488 0040
Mobile: +1 650 759 9803
@AdobeStandards
http://blogs.adobe.com/standards

Received on Wednesday, 23 October 2013 16:14:23 UTC