”Machine Readable User Asserted Terms for Privacy” An IEEE Standard Working Group

From IIW

Machine Readable Asserted Terms for Privacy – an IEEEE Standards Working Group (SA 7012)


Thursday 5F

Convener: Doc Searls, Joyce Searls

Notes-taker(s): Scott Mace


Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:


7012 – Standard for Machine Readable Personal Privacy Terms.


Joyce: How one joins. About to go up publicly, will be announced to all IEEE members as a person. Our committee is three people – me, Doc and David Reed.


Doc: All the smarts in the Internet are the end points. He has a PhD in IT.


Phil: And wrote Reed’s Law.


Joyce: The network effect.


Doc: He has some of the most brilliant and sometimes withering emails ever written. This language is crafted so as not to replicate any other standards effort going on. It’s also confined to just hearing and agreeing to not address privacy policies. Terms require agreement. Privacy policies do not. Maybe privacy policies could be expressed in a machine readable form, but it won’t be this.


Joyce: David brilliantly said we want to do this low-level thing. Once that channel is open, you can say whatever you want to say. It’s on the title but the idea is to build something super low-level, not in email, to an enterprise machine.


Doc: Jlinc has a protocol that is a way to record provenance onto servers which they call the A server and the B server. Left open whether it’s on a blockchain. The protocol itself has a GitHub thing. Not a whole lot on it so far. Committed to open sourcing the parts that matter.


Joyce: To be clear, that’s not the standard. Just they will show up. Eve Maler will show up with UMA and her BLT stack.


Wendell: What is the scheme under which you’re licensing this? Patent licenses?


Joyce: It’s IEEE whatever their standard terms are.


Wendell: They don’t do open source. They all people to standardize on patented stuff. That would be helpful if super open open, not patent stuff.


Doc: A big part of the protocol is the moment you sit down in the WG you have to put your patents on the table. There is still a regime for doing that.


Joyce: Commitment is a meeting a month, plus subgroups.


Q: Possible to lurk?


Joyce: Make sure the people on the WG want to contribute. The chair needs to say contribute. Chair perogative to kick people out. The WG puts out a progress report quarterly.


Q: This is a protocol?


Doc: No. David hopes a protocol will come out of it. Will be a functional specification, may include a data model. Deliverables. Serialization. Ontologies?


Q: Who wants this and why will they want it?


Doc: The carrot is better signaling from demand side of the market. Signal to the sites and services of the world. This is a way to do it.


Joyce: I can imagine I will request something and somebody can build a way to listen for a certain type of request.


Joe: The real opportunity is flipping the DNT conversation. This is about how to create value.


Phil: Somebody has to write this in software on both sides.


Q: We have a company that talks to customers and retailers.


Q: You as a consumer launch a request, I found this cute pair of shoes, where can I get it for the cheapest price.


Q: How does that fall under the word privacy?


Joyce: We described it to the IEEE as do not retarget. It’s really about how to signal from machine to machine.


Wendell: That’s an automated RFP process. That’s great but seems expansive for what you are going to attempt here. A set of matching criteria. This is not about privacy but it will be hard to get away from that.


Joyce: It’s not a policy. It’s a term not a policy.


Doc: This comes down from our legal folks as a distinction that needs to be made. [Points to “The new frontier for CRM is CDL: Customer Driven Leads, post 10/6/16]. When the customer themselves qualify themselves as a lead. Glengarry Glen Ross. If you declare yourself a lead, that ideally comes with some terms for the use of the data that qualifies you. Basically making verified claims I suppose.


Q: Shut up and take my money.


Doc: A casual assumption no one is going to ask you for your name. This is one scenario in which this applies.


Wendell: This is what search engine marketing does. How to specify your interest and ranges for your RFPs by giving search keywords, price ranges, little expressions like that. A whole industry that would love standards. A little surprised IEEE would be a venue, but there’s a thing there. I’ll send you stuff.


Doc: Project VRM is an evangelical thing. John Haymond, Sean Bohan, behind this, they pursued us. Before we called it intentcasting we called it a personal RFP.


Joyce: Drummond came up with intentcasting. We want standards because we want to do it one way as an individual.


Wendell: SEO tend to have proprietary ways to do this. There aren’t standards there. There’s bilateral integrations. Google can dictate things. Nexttag. Amazon. Have their own ways. It doesnt mean you couldnt facilitate--


Joyce: Outside all those silos. If I’m going to buy a refrigerator, the search is from hunger. I start with the size of my space. Then I can look at any machine that’s available.


Joe: There’s a big conflation that might make this standard harder to do. Ventana Shopper, was working with Wendell and intentcasting. If you flip back to the other page, that’s focused on terms, which is not about what washing machine I want to buy. It’s a natural next step to get into intentcasting, but that’s not what this is.


Wendell: Legal, or commercial?


Joyce: David just says do it low enough, machine responding to machine, the use cases can flow.


Wendell: You will have a dictionary of possible commercial terms and conditions, and a protocol that gets from one side to the other. The user can write this up and they will submit this.


Joe: If I were rigorous about what you just said, headers in HTTP does that you just said.


Doc: One of the reasons we have avoided headers is they’re all occupied.


Wendell: They’re extensible. In response, the server responds back to you, I understand you, but I gave you these things. There is that conversation there. Once you have a conversation, you have a protocol for how it has to happen. We’re doing intentcasting, above the level he’s at.


Joe: There is the transport of headers that happens.


Wendell: This happens in ad targeting through real time bidding all the time. There’s a protocol for that, and a thing called deals for the seller and an equivalent thing for product/user. You may do the same thing with user as principal (not product). I want a refrigerator, white, 36 inches tall with a blockchain.


Joyce: RTB is where it could all happen. I’m happy to take ads on this, don’t send me anything else. And it expires. We’ve been talking about it for 3-4 years.


Doc: A friend wanted to create project VRM and created largest RTB system in the U.K. His solution is can we make this apparatus that I’ve already built work the other way? What we’re talking about here, a larger context in which this is happening, we’re trying to stand up the non-guesswork side of commerce, hopefully through existing channels already built that have guesswork in them.


Wendell: Amazon syndicates out their catalog, order book to many other marketplaces to help them out with purchasing. Products like these. Preferences individuals have. All of the ad tech apparatus could begin doing this intentcast response stuff. Now you’ve got a seller getting their order book, preferences ready to go. That’s a match there.


Joe: That was the whole play with Ventana Shopper. The publishers don’t even have to be part of the dialog.


Yogi: Profile matching could be the thing.


Nathan: Vocabulary becomes a problem. Enumerating all entities. The semantic Web tried. It’s more of a best fit approach. I say my idea and you give me back what you think that means.


Wendell: That’s the basic way search information retrieval works. What crushed other suppliers is Google applied all that matching tech to intentcasting based on search terms you typed in. In 2010 they let the algorithms slide. People larded up first few pages with same product. You could have a protocol that looks very much like search. Profiles are matched but it’s a search information retrieval model. Maybe that’s what you want to work again, doesnt solve other use cases such as health, but intentcasting about ecommerce and experiences is well known in the search industry. You’re codifying what’s already known.


Yogi: The Jlinc could be the profile for GDPR things.


Nathan: Another way out, limit the vocabulary. If you try to define it as generic search, the evolution of terms isn’t tenable.


Joe: If users can express arbitary terms...the reason the Web works, users can’t express arbitrary terms.


Yogi: That’s the idea behind Customer Commons.


Nathan: How do you bind the scope of what can be asked when.