IRC log of privacy on 2012-05-17

Timestamps are in UTC.

15:59:17 [RRSAgent]
RRSAgent has joined #privacy
15:59:17 [RRSAgent]
logging to
15:59:25 [Joanne]
Joanne has joined #privacy
15:59:25 [npdoty]
Chair: tara
15:59:31 [npdoty]
Meeting: Privacy Interest Group teleconference
15:59:52 [Zakim]
16:00:04 [Zakim]
16:00:11 [alissa]
Zakim, enewland is alissa
16:00:15 [Zakim]
+alissa; got it
16:00:26 [Zakim]
+ +1.650.353.aacc
16:00:41 [Christine]
I am probably ??17
16:00:44 [Joanne]
Nick - trying to dial in and I am getting a passcode not valid message
16:00:44 [Zakim]
16:00:49 [Ashok_Malhotra]
Ashok_Malhotra has joined #privacy
16:00:52 [npdoty]
Zakim, ??P17 is Christine
16:00:53 [Zakim]
+Christine; got it
16:01:03 [npdoty]
Hi Joanne, we had to change to 26631 today
16:01:03 [Joanne]
is the passcode still PING?
16:01:11 [Joanne]
16:01:17 [JC]
JC has joined #privacy
16:01:36 [npdoty]
tara: NB: If calling in, please use code 26631 (CONF1) today only.
16:01:37 [MarkLizar]
MarkLizar has joined #privacy
16:01:53 [Zakim]
+ +1.415.520.aadd
16:02:01 [npdoty]
agenda+ introductions
16:02:03 [robsherman]
robsherman has joined #privacy
16:02:11 [npdoty]
agenda+ plan of action for privacy considerations
16:02:16 [dsinger]
dsinger has joined #privacy
16:02:17 [Joanne]
akim, +1.415.520 is Joanne
16:02:21 [npdoty]
agenda+ dependencies and liaisons
16:02:26 [npdoty]
Zakim, aadd is Joanne
16:02:26 [Zakim]
+Joanne; got it
16:02:29 [Mlizar]
Mlizar has joined #Privacy
16:02:31 [Walt]
Walt has joined #privacy
16:02:34 [npdoty]
agenda+ new business
16:02:59 [narm_gadiraju]
narm_gadiraju has joined #privacy
16:03:04 [Zakim]
+ +44.163.551.aaee
16:03:35 [narm_gadiraju]
Is the conference passcode working? it says invalid for me!
16:03:38 [robsherman]
Trying to dial into Zakim and I'm getting a note that passcode 7464 doesn't work — can someone give me the right one?
16:03:43 [npdoty]
NB: If calling in, please use code 26631 (CONF1) today only.
16:04:06 [Zakim]
+ +1.650.308.aaff
16:04:13 [robsherman]
Zakim, aaff is robsherman
16:04:13 [Zakim]
+robsherman; got it
16:04:28 [Zakim]
16:04:45 [robsherman]
Thanks, Nick.
16:05:05 [Zakim]
16:05:16 [Zakim]
16:05:21 [Zakim]
16:05:47 [Christine]
Hi all. We received apologies from Sören Preibusch, Piero Bonatti, Wendy Seltzer, Rob van Eijk, Erin Kenneally.
16:05:58 [npdoty]
regrets+ Soren
16:06:02 [npdoty]
regrets+ Piero
16:06:03 [Christine]
Apologies. Wendy I see you made it.
16:06:16 [npdoty]
scribenick: npdoty
16:06:26 [npdoty]
Kasey Chapelle from Vodafone
16:06:32 [npdoty]
Rob Sherman from the privacy team at Facebook
16:06:42 [npdoty]
Walt __ from Nokia, working in our privacy group
16:06:56 [npdoty]
regrets+ wseltzer
16:07:00 [npdoty]
regrets+ rvaneijk
16:07:05 [npdoty]
regrets+ erinkenneally
16:07:25 [npdoty]
scribe: npdoty
16:07:33 [JC]
I have to drop at 9:25
16:07:41 [npdoty]
Zakim, agenda?
16:07:41 [Zakim]
I see 4 items remaining on the agenda:
16:07:42 [Zakim]
1. introductions [from npdoty]
16:07:43 [Zakim]
2. plan of action for privacy considerations [from npdoty]
16:07:43 [Zakim]
3. dependencies and liaisons [from npdoty]
16:07:43 [Zakim]
4. new business [from npdoty]
16:07:59 [npdoty]
Zakim, close agendum 1
16:07:59 [Zakim]
agendum 1, introductions, closed
16:08:01 [Zakim]
I see 3 items remaining on the agenda; the next one is
16:08:01 [Zakim]
2. plan of action for privacy considerations [from npdoty]
16:08:03 [Zakim]
16:08:05 [julian]
julian has joined #privacy
16:08:06 [npdoty]
tara: had our first call already
16:08:10 [npdoty]
... minutes available
16:08:11 [npdoty]
16:08:38 [npdoty]
... corrections very much welcome
16:09:02 [Zakim]
+ +1.425.225.aagg
16:09:06 [npdoty]
16:09:23 [npdoty]
tara: high level discussion of where we go
16:09:25 [npdoty]
... a lot of people had different ideas about that
16:09:36 [Zakim]
16:09:45 [npdoty]
... now thinking about converting high level goals into manageable goals
16:09:51 [Zakim]
16:09:52 [npdoty]
... any additional agenda items?
16:10:37 [npdoty]
npdoty: ideas about permissions on the Web for discussion at the end of the call
16:10:57 [npdoty]
tara: Tara Whalen, co-chair of the PING
16:11:08 [npdoty]
Joanne, TRUSTe
16:11:19 [npdoty]
Julian, Future of Privacy Forum
16:11:33 [npdoty]
JC from Microsoft
16:11:37 [npdoty]
Alissa from CDT
16:11:40 [npdoty]
Ashok from Oracle
16:11:42 [narm_gadiraju]
Narm Gadiraju from Intel
16:12:11 [npdoty]
we also have Christine Runnegar, our co-chair calling in from a crowded airport
16:12:15 [npdoty]
tara: thank you and welcome
16:12:20 [kboudaou]
Karima from university of nice sophia antipolis
16:12:20 [Christine]
Hi everyone
16:12:24 [npdoty]
Zakim, take up agendum 2
16:12:24 [Zakim]
agendum 2. "plan of action for privacy considerations" taken up [from npdoty]
16:12:38 [npdoty]
tara: one of the points from last time
16:12:48 [npdoty]
... how can we actually do/write the privacy considerations document
16:13:01 [npdoty]
... saw an interest from last time for developing that document
16:13:02 [Ashok_Malhotra]
16:13:10 [npdoty]
... what are the next steps for creating it?
16:13:12 [npdoty]
ack Ashok_Malhotra
16:13:35 [npdoty]
Ashok_Malhotra: already have a couple of documents
16:13:50 [npdoty]
... privacy/policy considerations for Internet protocols
16:14:01 [npdoty]
... how will this be different? what is the scope going to be?
16:14:06 [Christine]
16:14:23 [npdoty]
... start with IETF stuff and build upon them?
16:14:25 [npdoty]
ack Christine
16:15:05 [npdoty]
Christine: thanks for bringing this up, IETF and IAB privacy program has already done a lot of work for guidance for Internet protocol designers
16:15:22 [npdoty]
... envisaged in the charter is a similar document tailored to those developing W3C standards
16:15:40 [Zakim]
16:15:42 [npdoty]
... imagine there will be a lot of synergy, can learn a lot from the IETF experience
16:15:43 [Zakim]
16:15:52 [npdoty]
... have a number of people working in both places
16:16:19 [npdoty]
Ashok_Malhotra: one document that is about privacy for Internet protocols, an overlap, I think
16:16:45 [npdoty]
alissa: have been leading the privacy program and developing the documents there
16:17:06 [npdoty]
... agree that there's a substantial amount of overlap, would be useful to discuss the aspects of standardization that happen in W3C
16:17:23 [npdoty]
... API development, for example, more relevant at W3C
16:17:40 [npdoty]
... at IETF don't think about user interface considerations whatsoever
16:17:55 [npdoty]
... at W3C, a little bit more of an eye towards how specifications will effect user interface
16:18:14 [npdoty]
... while considerations/terminology are generic and can inform, there's more that can be done
16:18:22 [Zakim]
16:19:17 [npdoty]
npdoty: agree on the differences that would be at the application layer (like UI)
16:19:45 [npdoty]
... should we try applying the privacy considerations document to a W3C spec? or start a new, similar document at W3C?
16:19:59 [npdoty]
alissa: we tried applying an early draft to reviews of several protocols
16:20:08 [tara]
16:20:11 [npdoty]
... helpful for identifying recurring themes
16:20:38 [npdoty]
... often people didn't consider identifiers and how they can be correlated unexpectedly
16:20:52 [npdoty]
... and so now have guidance particularly on identifiers and correlation
16:21:09 [Joanne]
16:21:22 [npdoty]
... might require reaching out to groups
16:21:43 [alissa]
These were the reviews I mentioned.
16:21:43 [tara]
Joe Alhadeff
16:21:49 [Zakim]
+ +1.503.705.aahh
16:22:04 [npdoty]
JoeAlhadeff: question of practical application, what needs the protocol is serving and how the protocol is used
16:22:13 [npdoty]
... not sure we do a particularly good job of that anywhere at the moment
16:22:36 [npdoty]
Joanne: IAB document is something we should draw from, identifying themes that the W3C groups have encountered would be helpful
16:23:57 [npdoty]
JoeAlhadeff: one thing we've seen from advocates or privacy fundamentalists (as in Westin) often think about privacy without considering the actual context
16:24:17 [npdoty]
... if the design is privacy-invasive from the start, then there's nothing you can do
16:24:32 [npdoty]
... what information can be provided in a privacy-sensitive context
16:24:45 [npdoty]
... analysis that takes need and use into account, as opposed to a neutral view of protocols
16:25:23 [npdoty]
npdoty: are the questions of use for the protocol or for the application?
16:25:45 [npdoty]
JoeAlhadeff: I think it applies to both, need to think about the use scenarios even at the protocol layer
16:26:06 [Zakim]
16:26:17 [Christine]
16:26:28 [npdoty]
... in the context of the protocol building safeguards in
16:26:42 [npdoty]
ack Joanne
16:26:43 [npdoty]
ack Christine
16:26:58 [npdoty]
<terminal announcements coming from Christine>
16:27:40 [npdoty]
Christine: perhaps Joe what you're talking about would fit into a companion document, like a best practices document
16:27:54 [npdoty]
... bridging the gap between standards design and application development
16:28:02 [Christine]
16:28:33 [npdoty]
JoeAlhadeff: an outline that suggested data minimization (a fundamental principle, for example), data minimization without understanding use is difficult
16:28:50 [npdoty]
... data should be minimized in accordance with its reasonable need and context
16:28:51 [alissa]
16:29:51 [npdoty]
... OECD-level guidelines may be useful, but
16:30:05 [tara]
ack alissa
16:30:07 [npdoty]
... the more we can get privacy wired in, the better
16:30:11 [kboudaou]
16:30:43 [npdoty]
alissa: I don't think there was a laser focus on minimization (the draft that Dan Appelquist had started on)
16:31:01 [npdoty]
... trying to deal broadly with all the aspects of privacy (from FIPPs and OECD)
16:31:19 [npdoty]
... minimization in particular seemed like low-hanging fruit, directly applicable to API design
16:31:46 [npdoty]
... in Device APIs giving access to these system-level properties, address book, etc.
16:32:03 [npdoty]
... are you going to give access to the full address book or just parts of it? more granular capability
16:32:47 [npdoty]
... the seed that was planted about minimization, a realization that the API can let applications minimize, might be as far as we can go with API specifications
16:33:17 [npdoty]
... can give suggestions to application developers but they'll do what they're going to do, but definitely good to give tools that are useful
16:33:58 [npdoty]
JoeAlhadeff: just saying that thinking about use cases is important in coming up with what minimization tools we should have and what functionality we should enable
16:34:12 [npdoty]
... useful to look at the context of uses when you start to define the library of tools
16:34:15 [npdoty]
ack kboudaou
16:34:16 [tara]
ack kboudaou
16:35:10 [kboudaou]
Sorry for the echoes
16:35:17 [kboudaou]
I write on irc
16:36:55 [kboudaou]
Regarding the fact focussing on protocol vs applications, from my point of view we should start with the application level to help developers to take into account when designing for example mobile web appl
16:37:15 [npdoty]
npdoty: maybe we just give the advice to the api designers that we should often think about the potential applications in deciding exactly what kind of minimization/granularity
16:37:52 [npdoty]
JoeAlhadeff: help the protocol designer to think beyond just how they themselves would use the API to avoid something overly burdensome
16:38:09 [npdoty]
... get input of use cases from business perspectives which might otherwise be missed
16:38:42 [npdoty]
... give the tools to enable compliance, not a handcuffing that would enforce compliance
16:38:56 [npdoty]
... avoid developing protocols in just an academic space
16:40:19 [npdoty]
tara: chairs will try to summarize and send this back to the group
16:40:29 [npdoty]
... discussion on the mailing list since there's more than we can do in any single call
16:40:45 [npdoty]
... think about what we can actually write down
16:40:58 [npdoty]
... discussion on the mailing list or collecting documents/examples/use cases on the wiki
16:41:23 [npdoty]
topic: Dependencies and liaisons
16:41:36 [npdoty]
tara: collection of other groups that we've identified in the charter
16:41:41 [Christine]
16:41:50 [tara]
ack christine
16:41:56 [npdoty]
... if you're aware of any other groups we should liaise with, let us know
16:42:09 [npdoty]
Christine: had a very useful discussion with the IAB Privacy Program last week
16:42:10 [Zakim]
- +
16:42:36 [npdoty]
... keen to help us how they can, make sure both communities are aware of what's happening (alissa, feel free to add)
16:42:51 [npdoty]
... Tara and I also reached out to Chairs of other groups in the W3C
16:42:56 [Zakim]
+ +
16:43:17 [npdoty]
... whether they've encountered privacy issues in their work, how they've handled privacy, views and advice on what works best
16:43:34 [npdoty]
... in the charter we have a number of groups listed,
16:43:36 [vic_]
vic_ has joined #privacy
16:43:55 [npdoty]
... if anyone in this PING group is participating in those groups, you can help keep us up to date on their activities
16:43:56 [Christine]
16:44:11 [npdoty]
... Web Cryptography a new one to add the list
16:44:11 [kboudaou]
16:44:18 [npdoty]
ack kboudaou
16:45:14 [npdoty]
kboudaou: we have just started a new Working Group on Privacy and Security in the middle of June in Brussels, interdisciplinary working group to gather people from economics, pyschology, etc. to discuss privacy issues from different points of view
16:45:29 [npdoty]
... not focus on privacy just from the technologist's point of view
16:45:43 [npdoty]
... will keep you up to date on this group, give feedback
16:45:46 [npdoty]
... link on the wiki
16:45:54 [tara]
16:45:56 [tara]
16:45:58 [npdoty]
16:47:25 [npdoty]
npdoty: regarding liaisons, is it useful for us to look at privacy reviews of particular W3C specs
16:47:44 [npdoty]
... for example, concretely I was involved in Geolocation and Device APIs with privacy issues
16:47:54 [Christine]
16:48:00 [npdoty]
... should we look for people to have that conversation and do that review?
16:48:02 [npdoty]
16:48:16 [npdoty]
alissa: hard to find people, but can be substantively useful
16:48:38 [npdoty]
... still talking about user interface concerns, normative requirements
16:48:58 [npdoty]
... certainly want to do more than one, so that specifics of Geolocation don't override
16:49:01 [npdoty]
ack Christine
16:49:02 [tara]
ack christine
16:49:16 [npdoty]
Christine: challenge is always finding willing volunteers
16:49:44 [npdoty]
... a precursor that would be useful would be scheduling a time to have one or more groups to discuss the work that they're doing
16:50:05 [kboudaou]
16:50:17 [JVoracek]
JVoracek has joined #privacy
16:50:20 [npdoty]
npdoty: +1, if we can find chairs or participants in other groups that would join us
16:50:23 [Zakim]
- +1.503.705.aahh
16:53:12 [npdoty]
topic: Permissions on the Web
16:53:15 [Christine]
16:53:21 [npdoty]
npdoty: noticing this as a common issue
16:53:40 [npdoty]
... do we have substantive gains here? or a process to address this?
16:53:57 [npdoty]
@@: certainly agree that it's important and need the right process
16:54:04 [Zakim]
16:54:14 [Christine]
Yes Joe speaking
16:54:17 [tara]
Yes that is Joe (he is not on IRC)
16:54:25 [tara]
16:54:27 [npdoty]
Joe: permission certainly a very important issue right now in EU regarding questions of consent
16:54:37 [tara]
ack christine
16:54:50 [npdoty]
... would be tremendously beneficial to have something consistent for getting informed consent
16:55:16 [npdoty]
Christine: agree, maybe a case where knowing the use cases will be helpful
16:55:23 [npdoty]
<cut off by terminal announcements>
16:55:40 [npdoty]
tara: from user experience, I hear this issue come up quite a lot as well
16:55:44 [Zakim]
16:56:03 [npdoty]
... getting a lot of these perspectives out in one space would be productive (regulatory space, user experience space, etc.)
16:56:18 [tara]
16:56:21 [npdoty]
... benefit of a workshop (though it takes time to organize), have to hammer some of these things out in a f2f meeting
16:56:30 [Zakim]
- +44.163.551.aaee
16:58:06 [Christine]
Would 14 June 2012 same time be okay?
16:58:19 [npdoty]
npdoty: I'll follow up with TAG and others inside W3C and hopefully have something to discuss on the next call
16:58:34 [kboudaou]
Fine foe me
16:58:49 [Christine]
16:58:49 [Joanne]
DNT WG F2F is that week
16:58:56 [npdoty]
tara: any objections for this timeslot in general? -- no objections
17:00:06 [npdoty]
next tpwg f2f is June 20-22, at least as we've documented it as
17:00:31 [npdoty]
Christine: would like us to take on some concrete items before the next call
17:00:34 [npdoty]
... please volunteer
17:00:51 [Joanne]
nick - you are correct on DNT F2F
17:00:51 [npdoty]
tara: would like to see some movement on these items, since we have enthusiasm
17:01:33 [robsherman]
robsherman has joined #privacy
17:01:41 [Christine]
Yes, second what Nick says.
17:01:50 [robsherman]
robsherman has left #privacy
17:01:57 [Mlizar]
whats your email nick?
17:02:00 [npdoty]
npdoty: happy to help, work with someone on even one section
17:02:04 [npdoty]
17:02:17 [Christine]
Thanks Tara
17:02:17 [Mlizar]
17:02:17 [Zakim]
17:02:19 [Zakim]
17:02:21 [Zakim]
17:02:21 [Zakim]
- +1.425.225.aagg
17:02:23 [Zakim]
- +1.650.353.aacc
17:02:24 [npdoty]
tara: thanks for joining the call, making good progress which makes me happy, looking forward to talking next time
17:02:24 [Zakim]
- +
17:02:24 [Zakim]
17:02:25 [Zakim]
17:02:32 [npdoty]
17:02:35 [Zakim]
17:02:36 [Zakim]
17:02:41 [Zakim]
17:02:42 [npdoty]
rrsagent, make logs public
17:02:42 [Zakim]
Team_(dntchairs)16:00Z has ended
17:02:44 [Zakim]
Attendees were +1.613.947.aaaa, npdoty, tara, +, alissa, +1.650.353.aacc, [Microsoft], Christine, +1.415.520.aadd, Joanne, +44.163.551.aaee, +1.650.308.aaff,
17:02:47 [Zakim]
... robsherman, Narm_Gadiraju, Yigal, Ashok_Malhotra, +1.425.225.aagg, Lia, +1.503.705.aahh, +
17:02:52 [npdoty]
rrsagent, draft minutes
17:02:52 [RRSAgent]
I have made the request to generate npdoty
17:19:46 [patrickgage]
patrickgage has joined #privacy
18:13:53 [JVoracek]
JVoracek has joined #privacy
18:30:09 [JVoracek]
JVoracek has joined #privacy
19:24:19 [JVoracek]
JVoracek has joined #privacy
19:31:44 [JVoracek]
JVoracek has joined #privacy