IRC log of privacy on 2012-05-17
Timestamps are in UTC.
- 15:59:17 [RRSAgent]
- RRSAgent has joined #privacy
- 15:59:17 [RRSAgent]
- logging to http://www.w3.org/2012/05/17-privacy-irc
- 15:59:25 [Joanne]
- Joanne has joined #privacy
- 15:59:25 [npdoty]
- Chair: tara
- 15:59:31 [npdoty]
- Meeting: Privacy Interest Group teleconference
- 15:59:52 [Zakim]
- +enewland
- 16:00:04 [Zakim]
- +??P17
- 16:00:11 [alissa]
- Zakim, enewland is alissa
- 16:00:15 [Zakim]
- +alissa; got it
- 16:00:26 [Zakim]
- + +1.650.353.aacc
- 16:00:41 [Christine]
- I am probably ??17
- 16:00:44 [Joanne]
- Nick - trying to dial in and I am getting a passcode not valid message
- 16:00:44 [Zakim]
- +[Microsoft]
- 16:00:49 [Ashok_Malhotra]
- Ashok_Malhotra has joined #privacy
- 16:00:52 [npdoty]
- Zakim, ??P17 is Christine
- 16:00:53 [Zakim]
- +Christine; got it
- 16:01:03 [npdoty]
- Hi Joanne, we had to change to 26631 today
- 16:01:03 [Joanne]
- is the passcode still PING?
- 16:01:11 [Joanne]
- thanks
- 16:01:17 [JC]
- JC has joined #privacy
- 16:01:36 [npdoty]
- tara: NB: If calling in, please use code 26631 (CONF1) today only.
- 16:01:37 [MarkLizar]
- MarkLizar has joined #privacy
- 16:01:53 [Zakim]
- + +1.415.520.aadd
- 16:02:01 [npdoty]
- agenda+ introductions
- 16:02:03 [robsherman]
- robsherman has joined #privacy
- 16:02:11 [npdoty]
- agenda+ plan of action for privacy considerations
- 16:02:16 [dsinger]
- dsinger has joined #privacy
- 16:02:17 [Joanne]
- akim, +1.415.520 is Joanne
- 16:02:21 [npdoty]
- agenda+ dependencies and liaisons
- 16:02:26 [npdoty]
- Zakim, aadd is Joanne
- 16:02:26 [Zakim]
- +Joanne; got it
- 16:02:29 [Mlizar]
- Mlizar has joined #Privacy
- 16:02:31 [Walt]
- Walt has joined #privacy
- 16:02:34 [npdoty]
- agenda+ new business
- 16:02:59 [narm_gadiraju]
- narm_gadiraju has joined #privacy
- 16:03:04 [Zakim]
- + +44.163.551.aaee
- 16:03:35 [narm_gadiraju]
- Is the conference passcode working? it says invalid for me!
- 16:03:38 [robsherman]
- Trying to dial into Zakim and I'm getting a note that passcode 7464 doesn't work — can someone give me the right one?
- 16:03:43 [npdoty]
- NB: If calling in, please use code 26631 (CONF1) today only.
- 16:04:06 [Zakim]
- + +1.650.308.aaff
- 16:04:13 [robsherman]
- Zakim, aaff is robsherman
- 16:04:13 [Zakim]
- +robsherman; got it
- 16:04:28 [Zakim]
- +Narm_Gadiraju
- 16:04:45 [robsherman]
- Thanks, Nick.
- 16:05:05 [Zakim]
- +Yigal
- 16:05:16 [Zakim]
- -Narm_Gadiraju
- 16:05:21 [Zakim]
- +Ashok_Malhotra
- 16:05:47 [Christine]
- Hi all. We received apologies from Sören Preibusch, Piero Bonatti, Wendy Seltzer, Rob van Eijk, Erin Kenneally.
- 16:05:58 [npdoty]
- regrets+ Soren
- 16:06:02 [npdoty]
- regrets+ Piero
- 16:06:03 [Christine]
- Apologies. Wendy I see you made it.
- 16:06:16 [npdoty]
- scribenick: npdoty
- 16:06:26 [npdoty]
- Kasey Chapelle from Vodafone
- 16:06:32 [npdoty]
- Rob Sherman from the privacy team at Facebook
- 16:06:42 [npdoty]
- Walt __ from Nokia, working in our privacy group
- 16:06:56 [npdoty]
- regrets+ wseltzer
- 16:07:00 [npdoty]
- regrets+ rvaneijk
- 16:07:05 [npdoty]
- regrets+ erinkenneally
- 16:07:25 [npdoty]
- scribe: npdoty
- 16:07:33 [JC]
- I have to drop at 9:25
- 16:07:41 [npdoty]
- Zakim, agenda?
- 16:07:41 [Zakim]
- I see 4 items remaining on the agenda:
- 16:07:42 [Zakim]
- 1. introductions [from npdoty]
- 16:07:43 [Zakim]
- 2. plan of action for privacy considerations [from npdoty]
- 16:07:43 [Zakim]
- 3. dependencies and liaisons [from npdoty]
- 16:07:43 [Zakim]
- 4. new business [from npdoty]
- 16:07:59 [npdoty]
- Zakim, close agendum 1
- 16:07:59 [Zakim]
- agendum 1, introductions, closed
- 16:08:01 [Zakim]
- I see 3 items remaining on the agenda; the next one is
- 16:08:01 [Zakim]
- 2. plan of action for privacy considerations [from npdoty]
- 16:08:03 [Zakim]
- +Narm_Gadiraju
- 16:08:05 [julian]
- julian has joined #privacy
- 16:08:06 [npdoty]
- tara: had our first call already
- 16:08:10 [npdoty]
- ... minutes available
- 16:08:11 [npdoty]
- http://www.w3.org/2012/04/19-privacy-minutes.html
- 16:08:38 [npdoty]
- ... corrections very much welcome
- 16:09:02 [Zakim]
- + +1.425.225.aagg
- 16:09:06 [npdoty]
- http://www.w3.org/mid/68A163C8C36B4E44889BE42C91053C4E6F2346270A@EX-OPC-V4.ad.privcom.gc.ca
- 16:09:23 [npdoty]
- tara: high level discussion of where we go
- 16:09:25 [npdoty]
- ... a lot of people had different ideas about that
- 16:09:36 [Zakim]
- +Lia
- 16:09:45 [npdoty]
- ... now thinking about converting high level goals into manageable goals
- 16:09:51 [Zakim]
- +??P32
- 16:09:52 [npdoty]
- ... any additional agenda items?
- 16:10:37 [npdoty]
- npdoty: ideas about permissions on the Web for discussion at the end of the call
- 16:10:57 [npdoty]
- tara: Tara Whalen, co-chair of the PING
- 16:11:08 [npdoty]
- Joanne, TRUSTe
- 16:11:19 [npdoty]
- Julian, Future of Privacy Forum
- 16:11:33 [npdoty]
- JC from Microsoft
- 16:11:37 [npdoty]
- Alissa from CDT
- 16:11:40 [npdoty]
- Ashok from Oracle
- 16:11:42 [narm_gadiraju]
- Narm Gadiraju from Intel
- 16:12:11 [npdoty]
- we also have Christine Runnegar, our co-chair calling in from a crowded airport
- 16:12:15 [npdoty]
- tara: thank you and welcome
- 16:12:20 [kboudaou]
- Karima from university of nice sophia antipolis
- 16:12:20 [Christine]
- Hi everyone
- 16:12:24 [npdoty]
- Zakim, take up agendum 2
- 16:12:24 [Zakim]
- agendum 2. "plan of action for privacy considerations" taken up [from npdoty]
- 16:12:38 [npdoty]
- tara: one of the points from last time
- 16:12:48 [npdoty]
- ... how can we actually do/write the privacy considerations document
- 16:13:01 [npdoty]
- ... saw an interest from last time for developing that document
- 16:13:02 [Ashok_Malhotra]
- q+
- 16:13:10 [npdoty]
- ... what are the next steps for creating it?
- 16:13:12 [npdoty]
- ack Ashok_Malhotra
- 16:13:35 [npdoty]
- Ashok_Malhotra: already have a couple of documents
- 16:13:50 [npdoty]
- ... privacy/policy considerations for Internet protocols
- 16:14:01 [npdoty]
- ... how will this be different? what is the scope going to be?
- 16:14:06 [Christine]
- q+
- 16:14:23 [npdoty]
- ... start with IETF stuff and build upon them?
- 16:14:25 [npdoty]
- ack Christine
- 16:15:05 [npdoty]
- Christine: thanks for bringing this up, IETF and IAB privacy program has already done a lot of work for guidance for Internet protocol designers
- 16:15:22 [npdoty]
- ... envisaged in the charter is a similar document tailored to those developing W3C standards
- 16:15:40 [Zakim]
- +??P39
- 16:15:42 [npdoty]
- ... imagine there will be a lot of synergy, can learn a lot from the IETF experience
- 16:15:43 [Zakim]
- -Yigal
- 16:15:52 [npdoty]
- ... have a number of people working in both places
- 16:16:19 [npdoty]
- Ashok_Malhotra: one document that is about privacy for Internet protocols, an overlap, I think
- 16:16:45 [npdoty]
- alissa: have been leading the privacy program and developing the documents there
- 16:17:06 [npdoty]
- ... agree that there's a substantial amount of overlap, would be useful to discuss the aspects of standardization that happen in W3C
- 16:17:23 [npdoty]
- ... API development, for example, more relevant at W3C
- 16:17:40 [npdoty]
- ... at IETF don't think about user interface considerations whatsoever
- 16:17:55 [npdoty]
- ... at W3C, a little bit more of an eye towards how specifications will effect user interface
- 16:18:14 [npdoty]
- ... while considerations/terminology are generic and can inform, there's more that can be done
- 16:18:22 [Zakim]
- -Narm_Gadiraju
- 16:19:17 [npdoty]
- npdoty: agree on the differences that would be at the application layer (like UI)
- 16:19:45 [npdoty]
- ... should we try applying the privacy considerations document to a W3C spec? or start a new, similar document at W3C?
- 16:19:59 [npdoty]
- alissa: we tried applying an early draft to reviews of several protocols
- 16:20:08 [tara]
- q?
- 16:20:11 [npdoty]
- ... helpful for identifying recurring themes
- 16:20:38 [npdoty]
- ... often people didn't consider identifiers and how they can be correlated unexpectedly
- 16:20:52 [npdoty]
- ... and so now have guidance particularly on identifiers and correlation
- 16:21:09 [Joanne]
- +q
- 16:21:22 [npdoty]
- ... might require reaching out to groups
- 16:21:43 [alissa]
- These were the reviews I mentioned. http://www.iab.org/activities/programs/privacy-program/privacy-reviews/
- 16:21:43 [tara]
- Joe Alhadeff
- 16:21:49 [Zakim]
- + +1.503.705.aahh
- 16:22:04 [npdoty]
- JoeAlhadeff: question of practical application, what needs the protocol is serving and how the protocol is used
- 16:22:13 [npdoty]
- ... not sure we do a particularly good job of that anywhere at the moment
- 16:22:36 [npdoty]
- Joanne: IAB document is something we should draw from, identifying themes that the W3C groups have encountered would be helpful
- 16:23:57 [npdoty]
- JoeAlhadeff: one thing we've seen from advocates or privacy fundamentalists (as in Westin) often think about privacy without considering the actual context
- 16:24:17 [npdoty]
- ... if the design is privacy-invasive from the start, then there's nothing you can do
- 16:24:32 [npdoty]
- ... what information can be provided in a privacy-sensitive context
- 16:24:45 [npdoty]
- ... analysis that takes need and use into account, as opposed to a neutral view of protocols
- 16:25:23 [npdoty]
- npdoty: are the questions of use for the protocol or for the application?
- 16:25:45 [npdoty]
- JoeAlhadeff: I think it applies to both, need to think about the use scenarios even at the protocol layer
- 16:26:06 [Zakim]
- -[Microsoft]
- 16:26:17 [Christine]
- q+
- 16:26:28 [npdoty]
- ... in the context of the protocol building safeguards in
- 16:26:42 [npdoty]
- ack Joanne
- 16:26:43 [npdoty]
- ack Christine
- 16:26:58 [npdoty]
- <terminal announcements coming from Christine>
- 16:27:40 [npdoty]
- Christine: perhaps Joe what you're talking about would fit into a companion document, like a best practices document
- 16:27:54 [npdoty]
- ... bridging the gap between standards design and application development
- 16:28:02 [Christine]
- q-
- 16:28:33 [npdoty]
- JoeAlhadeff: an outline that suggested data minimization (a fundamental principle, for example), data minimization without understanding use is difficult
- 16:28:50 [npdoty]
- ... data should be minimized in accordance with its reasonable need and context
- 16:28:51 [alissa]
- +q
- 16:29:51 [npdoty]
- ... OECD-level guidelines may be useful, but
- 16:30:05 [tara]
- ack alissa
- 16:30:07 [npdoty]
- ... the more we can get privacy wired in, the better
- 16:30:11 [kboudaou]
- +q
- 16:30:43 [npdoty]
- alissa: I don't think there was a laser focus on minimization (the draft that Dan Appelquist had started on)
- 16:31:01 [npdoty]
- ... trying to deal broadly with all the aspects of privacy (from FIPPs and OECD)
- 16:31:19 [npdoty]
- ... minimization in particular seemed like low-hanging fruit, directly applicable to API design
- 16:31:46 [npdoty]
- ... in Device APIs giving access to these system-level properties, address book, etc.
- 16:32:03 [npdoty]
- ... are you going to give access to the full address book or just parts of it? more granular capability
- 16:32:47 [npdoty]
- ... the seed that was planted about minimization, a realization that the API can let applications minimize, might be as far as we can go with API specifications
- 16:33:17 [npdoty]
- ... can give suggestions to application developers but they'll do what they're going to do, but definitely good to give tools that are useful
- 16:33:58 [npdoty]
- JoeAlhadeff: just saying that thinking about use cases is important in coming up with what minimization tools we should have and what functionality we should enable
- 16:34:12 [npdoty]
- ... useful to look at the context of uses when you start to define the library of tools
- 16:34:15 [npdoty]
- ack kboudaou
- 16:34:16 [tara]
- ack kboudaou
- 16:35:10 [kboudaou]
- Sorry for the echoes
- 16:35:17 [kboudaou]
- I write on irc
- 16:36:55 [kboudaou]
- Regarding the fact focussing on protocol vs applications, from my point of view we should start with the application level to help developers to take into account when designing for example mobile web appl
- 16:37:15 [npdoty]
- npdoty: maybe we just give the advice to the api designers that we should often think about the potential applications in deciding exactly what kind of minimization/granularity
- 16:37:52 [npdoty]
- JoeAlhadeff: help the protocol designer to think beyond just how they themselves would use the API to avoid something overly burdensome
- 16:38:09 [npdoty]
- ... get input of use cases from business perspectives which might otherwise be missed
- 16:38:42 [npdoty]
- ... give the tools to enable compliance, not a handcuffing that would enforce compliance
- 16:38:56 [npdoty]
- ... avoid developing protocols in just an academic space
- 16:40:19 [npdoty]
- tara: chairs will try to summarize and send this back to the group
- 16:40:29 [npdoty]
- ... discussion on the mailing list since there's more than we can do in any single call
- 16:40:45 [npdoty]
- ... think about what we can actually write down
- 16:40:58 [npdoty]
- ... discussion on the mailing list or collecting documents/examples/use cases on the wiki
- 16:41:23 [npdoty]
- topic: Dependencies and liaisons
- 16:41:36 [npdoty]
- tara: collection of other groups that we've identified in the charter
- 16:41:41 [Christine]
- q+
- 16:41:50 [tara]
- ack christine
- 16:41:56 [npdoty]
- ... if you're aware of any other groups we should liaise with, let us know
- 16:42:09 [npdoty]
- Christine: had a very useful discussion with the IAB Privacy Program last week
- 16:42:10 [Zakim]
- - +33.9.53.61.aabb
- 16:42:36 [npdoty]
- ... keen to help us how they can, make sure both communities are aware of what's happening (alissa, feel free to add)
- 16:42:51 [npdoty]
- ... Tara and I also reached out to Chairs of other groups in the W3C
- 16:42:56 [Zakim]
- + +33.9.53.61.aaii
- 16:43:17 [npdoty]
- ... whether they've encountered privacy issues in their work, how they've handled privacy, views and advice on what works best
- 16:43:34 [npdoty]
- ... in the charter we have a number of groups listed,
- 16:43:36 [vic_]
- vic_ has joined #privacy
- 16:43:55 [npdoty]
- ... if anyone in this PING group is participating in those groups, you can help keep us up to date on their activities
- 16:43:56 [Christine]
- q-
- 16:44:11 [npdoty]
- ... Web Cryptography a new one to add the list
- 16:44:11 [kboudaou]
- +q
- 16:44:18 [npdoty]
- ack kboudaou
- 16:45:14 [npdoty]
- kboudaou: we have just started a new Working Group on Privacy and Security in the middle of June in Brussels, interdisciplinary working group to gather people from economics, pyschology, etc. to discuss privacy issues from different points of view
- 16:45:29 [npdoty]
- ... not focus on privacy just from the technologist's point of view
- 16:45:43 [npdoty]
- ... will keep you up to date on this group, give feedback
- 16:45:46 [npdoty]
- ... link on the wiki
- 16:45:54 [tara]
- w?
- 16:45:56 [tara]
- q?
- 16:45:58 [npdoty]
- q+
- 16:47:25 [npdoty]
- npdoty: regarding liaisons, is it useful for us to look at privacy reviews of particular W3C specs
- 16:47:44 [npdoty]
- ... for example, concretely I was involved in Geolocation and Device APIs with privacy issues
- 16:47:54 [Christine]
- q+
- 16:48:00 [npdoty]
- ... should we look for people to have that conversation and do that review?
- 16:48:02 [npdoty]
- q-
- 16:48:16 [npdoty]
- alissa: hard to find people, but can be substantively useful
- 16:48:38 [npdoty]
- ... still talking about user interface concerns, normative requirements
- 16:48:58 [npdoty]
- ... certainly want to do more than one, so that specifics of Geolocation don't override
- 16:49:01 [npdoty]
- ack Christine
- 16:49:02 [tara]
- ack christine
- 16:49:16 [npdoty]
- Christine: challenge is always finding willing volunteers
- 16:49:44 [npdoty]
- ... a precursor that would be useful would be scheduling a time to have one or more groups to discuss the work that they're doing
- 16:50:05 [kboudaou]
- +1
- 16:50:17 [JVoracek]
- JVoracek has joined #privacy
- 16:50:20 [npdoty]
- npdoty: +1, if we can find chairs or participants in other groups that would join us
- 16:50:23 [Zakim]
- - +1.503.705.aahh
- 16:53:12 [npdoty]
- topic: Permissions on the Web
- 16:53:15 [Christine]
- q+
- 16:53:21 [npdoty]
- npdoty: noticing this as a common issue
- 16:53:40 [npdoty]
- ... do we have substantive gains here? or a process to address this?
- 16:53:57 [npdoty]
- @@: certainly agree that it's important and need the right process
- 16:54:04 [Zakim]
- -robsherman
- 16:54:14 [Christine]
- Yes Joe speaking
- 16:54:17 [tara]
- Yes that is Joe (he is not on IRC)
- 16:54:25 [tara]
- q?
- 16:54:27 [npdoty]
- Joe: permission certainly a very important issue right now in EU regarding questions of consent
- 16:54:37 [tara]
- ack christine
- 16:54:50 [npdoty]
- ... would be tremendously beneficial to have something consistent for getting informed consent
- 16:55:16 [npdoty]
- Christine: agree, maybe a case where knowing the use cases will be helpful
- 16:55:23 [npdoty]
- <cut off by terminal announcements>
- 16:55:40 [npdoty]
- tara: from user experience, I hear this issue come up quite a lot as well
- 16:55:44 [Zakim]
- -Ashok_Malhotra
- 16:56:03 [npdoty]
- ... getting a lot of these perspectives out in one space would be productive (regulatory space, user experience space, etc.)
- 16:56:18 [tara]
- q?
- 16:56:21 [npdoty]
- ... benefit of a workshop (though it takes time to organize), have to hammer some of these things out in a f2f meeting
- 16:56:30 [Zakim]
- - +44.163.551.aaee
- 16:58:06 [Christine]
- Would 14 June 2012 same time be okay?
- 16:58:19 [npdoty]
- npdoty: I'll follow up with TAG and others inside W3C and hopefully have something to discuss on the next call
- 16:58:34 [kboudaou]
- Fine foe me
- 16:58:49 [Christine]
- q+
- 16:58:49 [Joanne]
- DNT WG F2F is that week
- 16:58:56 [npdoty]
- tara: any objections for this timeslot in general? -- no objections
- 17:00:06 [npdoty]
- next tpwg f2f is June 20-22, at least as we've documented it as http://www.w3.org/2011/tracking-protection/
- 17:00:31 [npdoty]
- Christine: would like us to take on some concrete items before the next call
- 17:00:34 [npdoty]
- ... please volunteer
- 17:00:51 [Joanne]
- nick - you are correct on DNT F2F
- 17:00:51 [npdoty]
- tara: would like to see some movement on these items, since we have enthusiasm
- 17:01:33 [robsherman]
- robsherman has joined #privacy
- 17:01:41 [Christine]
- Yes, second what Nick says.
- 17:01:50 [robsherman]
- robsherman has left #privacy
- 17:01:57 [Mlizar]
- whats your email nick?
- 17:02:00 [npdoty]
- npdoty: happy to help, work with someone on even one section
- 17:02:04 [npdoty]
- I'm npdoty@w3.org
- 17:02:17 [Christine]
- Thanks Tara
- 17:02:17 [Mlizar]
- thanks
- 17:02:17 [Zakim]
- -Lia
- 17:02:19 [Zakim]
- -Joanne
- 17:02:21 [Zakim]
- -alissa
- 17:02:21 [Zakim]
- - +1.425.225.aagg
- 17:02:23 [Zakim]
- - +1.650.353.aacc
- 17:02:24 [npdoty]
- tara: thanks for joining the call, making good progress which makes me happy, looking forward to talking next time
- 17:02:24 [Zakim]
- - +33.9.53.61.aaii
- 17:02:24 [Zakim]
- -tara
- 17:02:25 [Zakim]
- -??P32
- 17:02:32 [npdoty]
- adjourned.
- 17:02:35 [Zakim]
- -Christine
- 17:02:36 [Zakim]
- -??P39
- 17:02:41 [Zakim]
- -npdoty
- 17:02:42 [npdoty]
- rrsagent, make logs public
- 17:02:42 [Zakim]
- Team_(dntchairs)16:00Z has ended
- 17:02:44 [Zakim]
- Attendees were +1.613.947.aaaa, npdoty, tara, +33.9.53.61.aabb, alissa, +1.650.353.aacc, [Microsoft], Christine, +1.415.520.aadd, Joanne, +44.163.551.aaee, +1.650.308.aaff,
- 17:02:47 [Zakim]
- ... robsherman, Narm_Gadiraju, Yigal, Ashok_Malhotra, +1.425.225.aagg, Lia, +1.503.705.aahh, +33.9.53.61.aaii
- 17:02:52 [npdoty]
- rrsagent, draft minutes
- 17:02:52 [RRSAgent]
- I have made the request to generate http://www.w3.org/2012/05/17-privacy-minutes.html npdoty
- 17:19:46 [patrickgage]
- patrickgage has joined #privacy
- 18:13:53 [JVoracek]
- JVoracek has joined #privacy
- 18:30:09 [JVoracek]
- JVoracek has joined #privacy
- 19:24:19 [JVoracek]
- JVoracek has joined #privacy
- 19:31:44 [JVoracek]
- JVoracek has joined #privacy