This story was written by Keith Dawson for UBM DeusM’s community Web site Develop in the Cloud, sponsored by AT&T. It is archived here for informational purposes only because the Develop in the Cloud site is no more. This material is Copyright 2012 by UBM DeusM.

Is 'Do Not Track' Patented?

Three patents throw sand in the W3C's gears.

We take a closer look at the latest impediment to reaching an industry consensus on deploying and honoring a browser DNT flag.

User privacy matters to developers, as long as their apps handle any form of data that users consider private. One aspect of user privacy, tracking by advertising companies for purposes of targeting ads, is the subject of the Do Not Track working group of the World Wide Web Consortium (W3C).

We last visited DNT a month back -- see Heat, Not Light, on 'Do-Not-Track'. At the end of that blog post I referred to a patent challenge to the proposed standard that had just come to light. A technology company called 3PMobile has two issued patents (8,156,206, 7,873,710) and one pending patent. Claim 22 of the '206 patent reads in part:

22. A computer-implemented method comprising: providing an end user of an Internet-enabled device with an ability to selectively enable a current web browser privacy setting from among a plurality of web browser privacy settings...; causing [an HTTP] request to be generated, wherein a value associated with an HTTP header field of the HTTP request is set based on the current web browser privacy setting; and directing the web server to return to the web browser content associated with the navigation request tailored in accordance with the current web browser privacy setting by transmitting the HTTP request to the web server.

On a cursory reading, this sounds a lot like the DNT mechanism the W3C is working on. The reference to "navigation" is the only element that seems out of place.

The CEO of 3PMobile, Peter Cranstone, joined the discussion associated with my month-ago blog piece and added his perspective and some background and links.

3PMobile applied for the '206 patent in 2006, years before Do Not Track was being discussed. The patent application came out of work the company was doing on a browser now called Choice. A video explaining one of its use cases, narrated by Cranstone, shows that the ambitions of Choice and 3PMobile were much broader than sending a binary privacy preference to advertisers.

The patent was brought to the awareness of some members of the DNT working group by Cranstone, some time early in June of this year. On June 14, the W3C's Thomas Roessler asked the working group not to discuss patent issues any further on the public mailing list as a Patent Advisory Group (PAG) was going to be chartered to look into the issue, leaving the working group unburdened to continue its process.

The W3C's policies state that a PAG chartered in this way should have the same status of openness or confidentiality as the working group that spawned it. However, when the DNT PAG was chartered, its communications were declared to be confidential to W3C members, even though the DNT group itself is open to the public. Cranstone has questioned this discrepancy but no one at the W3C has explained it, as far as I know.

The PAG was chartered to expire on October 31 of this year, unless extended by the W3C's Director. Cranstone claims that the group has disbanded, but I have seen no confirmation of this. It has issued no public report. The chair of the PAG, Rigo Wenning, has not responded to my email inquiry about the status of the group.

Last June Mozilla had an outside expert analyze the claims of the '206 patent against the goals of the DNT working group and concluded that the patent does not cover DNT. The linked wiki page claims that Cranstone declined to pursue the W3C's standard approach to arriving at a royalty-free license for patents covering any part of one of its standards. For his part, Cranstone claimed in our forum that the W3C has been unresponsive to his attempts to discuss the matter.

If the working group comes to agreement -- far from a foregone conclusion -- and produces a DNT standard with which industry agrees, many developers working on the server side will be dealing with it. It's just one component of the complex privacy issues developers have to weigh every day, particularly in the mobile sphere.