15:53:31 <RRSAgent> RRSAgent has joined #privacy
15:53:31 <RRSAgent> logging to http://www.w3.org/2012/06/14-privacy-irc
15:53:47 <npdoty> rrsagent, make logs public
15:53:54 <fjh> zakim, code?
15:53:54 <Zakim> sorry, fjh, I don't know what conference this is
15:54:00 <npdoty> Zakim, this is PING
15:54:00 <Zakim> npdoty, I see Priv_IG()12:00PM in the schedule but not yet started.  Perhaps you mean "this will be PING".
15:54:04 <fjh> zakim, code?
15:54:04 <Zakim> sorry, fjh, I don't know what conference this is
15:54:06 <npdoty> Zakim, this will be PING
15:54:06 <Zakim> ok, npdoty; I see Priv_IG()12:00PM scheduled to start in 6 minutes
15:54:10 <fjh> zakim, code?
15:54:10 <Zakim> the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), fjh
15:54:10 <npdoty> Zakim, code?
15:54:12 <Zakim> the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), npdoty
15:54:27 <fjh> Present+ Frederick_Hirsch
15:54:58 <Zakim> Priv_IG()12:00PM has now started
15:55:05 <Zakim> +npdoty
15:55:33 <Zakim> +??P19
15:55:54 <tara> tara has joined #privacy
15:56:36 <Christine> Christine has joined #privacy
15:56:38 <npdoty> Zakim, agenda+ Introductions (and scribing)
15:56:38 <Zakim> agendum 1 added
15:56:45 <Zakim> + +1.613.947.aaaa
15:56:49 <npdoty> Zakim, agenda+ Dependencies (reports on other groups)
15:56:49 <Zakim> agendum 2 added
15:56:56 <Zakim> +??P20
15:57:00 <npdoty> Zakim, agenda+ Liaisons (work outside W3C)
15:57:00 <Zakim> agendum 3 added
15:57:02 <James> James has joined #privacy
15:57:06 <fjh> zakim, ??P20 is me
15:57:06 <Zakim> +fjh; got it
15:57:09 <Zakim> + +1.508.380.aabb
15:57:12 <fjh> zakim, who is here?
15:57:12 <Zakim> On the phone I see npdoty, ??P19, +1.613.947.aaaa, fjh, +1.508.380.aabb
15:57:14 <npdoty> Zakim, agenda+ Privacy Considerations
15:57:14 <Zakim> On IRC I see James, Christine, tara, RRSAgent, Zakim, npdoty, fjh, jtrentadams, wseltzer
15:57:18 <Zakim> agendum 4 added
15:57:33 <Christine> Zakim, I may be ??P19
15:57:44 <npdoty> Zakim, agenda+ All other business
15:57:51 <Zakim> sorry, Christine, I do not understand your question
15:58:00 <Zakim> agendum 5 added
15:58:08 <npdoty> Agenda: http://lists.w3.org/Archives/Public/public-privacy/2012AprJun/0090.html
15:58:13 <Zakim> + +1.949.483.aacc
15:58:16 <npdoty> Meeting: Privacy Interest Group teleconference
15:58:19 <Christine> zakim, ??P19 is me
15:58:19 <Zakim> +Christine; got it
15:58:39 <peacekeep3r> peacekeep3r has joined #privacy
15:58:49 <Christine> Apologies from: Susan Israel, Karima Boudaoud, Sören Preibusch, JC Canon
15:58:50 <jtrentadams> zakim, +1.508.380.aabb is me
15:58:50 <Zakim> +jtrentadams; got it
15:58:55 <fjh> fjh has changed the topic to: privacy 7464  agenda http://lists.w3.org/Archives/Public/public-privacy/2012AprJun/0090.html (fjh)
15:59:45 <Zakim> +??P6
15:59:52 <Christine> Regrets+ Susan Israel, Karima Boudaoud, Sören Preibusch, JC Canon
16:00:15 <fjh> s/Apologies from: Susan Israel, Karima Boudaoud, Sören Preibusch, JC Canon//
16:00:21 <Zakim> + +1.203.436.aadd
16:00:25 <tara> zakim, +1.613.947.aaaa is me
16:00:28 <Zakim> +tara; got it
16:01:17 <alissa> alissa has joined #privacy
16:01:25 <Joanne> Joanne has joined #privacy
16:01:59 <Zakim> + +1.415.520.aaee
16:02:03 <Zakim> +justin_
16:02:12 <Joanne> Zakim, aaee is Joanne
16:02:19 <Zakim> +OpenLink_Software
16:02:19 <MacTed> MacTed has joined #privacy
16:02:21 <Zakim> +Joanne; got it
16:02:28 <MacTed> Zakim, OpenLink_Software is temporarily me
16:02:29 <MacTed> Zakim, mute me
16:02:34 <Zakim> +??P13
16:02:38 <npdoty> Zakim, agenda?
16:02:39 <Zakim> +MacTed; got it
16:02:41 <Zakim> MacTed should now be muted
16:02:47 <Zakim> I see 5 items remaining on the agenda:
16:02:49 <Zakim> 1. Introductions (and scribing) [from npdoty]
16:02:52 <Zakim> 2. Dependencies (reports on other groups) [from npdoty]
16:02:53 <Zakim> 3. Liaisons (work outside W3C) [from npdoty]
16:02:56 <Zakim> 4. Privacy Considerations [from npdoty]
16:02:58 <Zakim> 5. All other business [from npdoty]
16:03:22 <Zakim> + +358.504.87aaff
16:03:41 <fjh> yes,
16:04:05 <fjh> zakim, who is here?
16:04:05 <Zakim> On the phone I see npdoty, Christine, tara, fjh, jtrentadams, +1.949.483.aacc, ??P6, wseltzer, Joanne, justin_, MacTed (muted), ??P13, +358.504.87aaff
16:04:07 <Zakim> On IRC I see MacTed, Joanne, alissa, peacekeep3r, James, Christine, tara, RRSAgent, Zakim, npdoty, fjh, jtrentadams, wseltzer
16:04:13 <erin> erin has joined #privacy
16:04:32 <MacTed> Zakim, unmute me
16:04:32 <Zakim> MacTed should no longer be muted
16:05:21 <MacTed> Zakim, mute me
16:05:21 <Zakim> MacTed should now be muted
16:05:32 <npdoty> Ted Thibodeau, Open Link Software, semantic web technologies, including access control
16:05:48 <MacTed> s/Open Link Software/OpenLink Software/
16:05:53 <wseltzer> q+
16:06:00 <Zakim> + +44.163.551.aagg
16:06:09 <npdoty> Frederick Hirsch, Nokia, DAP and working more on privacy
16:06:28 <fjh> s/DAP/DAP and XML Security/
16:06:38 <MacTed> we make the Virtuoso Universal Server (http://virtuoso.openlinksw.com/), OpenLink Data Spaces (http://ods.openlinksw.com/), and various other data access, management, and integration tools
16:06:47 <Christine> Virginie G will be joining us shortly
16:06:54 <wseltzer> q-
16:06:58 <npdoty> Wendy Seltzer, Web Cryptography working group and outside research on privacy and security
16:07:06 <peacekeep3r> Markus Sabadello of the Personal Data Ecosystem Consortium (http://personaldataecosystem.org/)
16:07:37 <Zakim> + +33.4.42.36.aahh
16:07:43 <Zakim> +Narm_Gadiraju
16:07:45 <npdoty> scribenick: npdoty
16:08:28 <npdoty> Virginie Galindo, Gemalto, company delivering digital security solutions, chair of Web Crypto WG
16:09:07 <virginie_galindo> virginie_galindo has joined #privacy
16:09:34 <npdoty> tara: overview of the agenda
16:09:35 <Zakim> +??P11
16:09:44 <npdoty> ... any other business to add?
16:10:16 <npdoty> ... Privacy Considerations doc, want to take some first steps towards that outline
16:10:28 <npdoty> Zakim, take up agendum 2
16:10:28 <Zakim> agendum 2. "Dependencies (reports on other groups)" taken up [from npdoty]
16:11:03 <npdoty> fjh: Device APIs WG, co-chaired with Robin Berjon
16:11:17 <npdoty> ... JavaScript device APIs that are related to HTML5, though not Geolocation
16:11:36 <npdoty> ... media capture from a device, for example; a variety of sensors (proximity, battery status, network info)
16:11:42 <npdoty> ... actuators (like vibration)
16:11:48 <npdoty> ... information (gallery, contacts, calendar)
16:12:04 <MarkLizar> MarkLizar has joined #privacy
16:12:06 <npdoty> ... a variety of information sources and actuators
16:12:13 <npdoty> ... several privacy issues
16:12:51 <npdoty> ... access to the info, unexpected actions, fingerprinting (like which codecs, etc.)
16:13:30 <npdoty> ... a mobile phone/device and a Web application (not necessarily through the browser) that legitimately wants to access a contact from your device's address book
16:13:48 <npdoty> ... an additional model of a device, a web page and then a third-party service somewhere on the Internet
16:14:05 <npdoty> ... maybe you want to edit your photos on another site, as a service; JavaScript mashups
16:14:35 <npdoty> ... did document requirements, principles and concerns related to privacy
16:14:53 <npdoty> http://www.w3.org/2009/dap/
16:15:04 <npdoty> http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/
16:15:22 <npdoty> ... some things can be handled by an API, some things really can't (like the secondary use or later distribution)
16:15:53 <npdoty> fjh: what I keep saying, and this keeps coming up in W3C workshops, that we don't have the entire system which makes it difficult to address privacy
16:16:24 <Zakim> +??P44
16:16:29 <npdoty> ... wrote a Web Application Privacy Best Practices, wanted to note privacy best practices that the application itself can handle (that we can't control in the API itself)
16:16:39 <npdoty> ... think this is all obvious to people on the call ;)
16:16:51 <npdoty> http://www.w3.org/TR/2011/WD-app-privacy-bp-20110804/
16:17:38 <npdoty> fjh: we also had an effort, via Alissa and John Morris, for users to communicate their privacy concerns to a site
16:17:58 <npdoty> ... we had a simple, clear list of rulesets, to be shared from the user to the server
16:18:11 <npdoty> ... don't expect it to progress in the Working Group because of a variety of concerns
16:18:27 <npdoty> ... potential liability, practical issues; not necessarily good or bad
16:18:44 <npdoty> ... an easier thing to do is minimization: design the API to return the minimum amount
16:18:54 <npdoty> ... you could with any system get more than you should by trying, but don't by default
16:19:01 <npdoty> ... should be a general practice, localized and doable
16:19:25 <npdoty> ... fingerprinting is a real trade-off, we don't have answers to that, I'm hearing that there's a tradeoff between privacy and utility and people tend towards utility
16:19:42 <npdoty> ... Web Intents Task Force and Media Task Force (joint with WebApps WG)
16:20:03 <npdoty> ... constraints to specify parameters for certain media (codecs, etc.)
16:20:29 <npdoty> ... all of those constraints taken together can perform a fingerprinting function, but having them helps provide the service in the appropriate way
16:20:48 <npdoty> ... can accrete a lot of minor pieces and in the aggregate have a substantial impact on privacy
16:21:18 <npdoty> ... can't really have policy per se because who would determine the policy in the decentralized system
16:21:37 <npdoty> ... so we'll have user interaction instead (transparent, user will have a choice, which may be persisted)
16:21:57 <npdoty> ... do not mandate any user interface (a generally accepted principle), or even mandate a particular interaction, which is left to the implementation
16:22:12 <npdoty> ... relying on the market to decide, or legislation, or best practices or competition; not in the spec itself
16:22:54 <npdoty> ... on the UI question, mandating that is a mistake, makes more sense to insist on a particular UI paradigm
16:23:29 <npdoty> ... Web Intents (also Web Activities from Mozilla): the user mediates the selection of a service with some controls
16:23:44 <npdoty> ... in some cases we don't need the user interaction? leads to a potential privacy issue
16:24:00 <npdoty> ... will go to FPWD soon, doesn't have a privacy considerations section yet
16:24:29 <npdoty> ... our group handles only the Device APIs segment of an entire system which is a fundamental problem
16:24:41 <npdoty> ... but at least hope to alert people to the privacy issues at hand
16:24:52 <Christine> +q
16:25:01 <npdoty> ack Christine 
16:25:07 <Zakim> -??P11
16:25:30 <npdoty> present+ Kasey
16:25:42 <npdoty> Kasey: what is it that we can provide here? are there open issues we can advise on?
16:26:11 <npdoty> fjh: I was just coming today to inform on this. any input or help is welcome, although I don't want us to repeat any long debates.
16:26:28 <npdoty> ... the rulesets there's not much we can do with at this point, but any other suggestions are welcome
16:26:57 <wseltzer> q+
16:27:06 <npdoty> ... the political aspect we wore ourselves out over the course of a year. user mediation and then minimization and practical things
16:27:15 <James_> James_ has joined #privacy
16:27:30 <npdoty> ... an approach across all of W3C, but we need help with specifics
16:27:45 <tara> ack wseltzer
16:27:45 <npdoty> ... a way to handle fingerprinting, or balance against the usefulness
16:27:48 <npdoty> q+
16:28:27 <npdoty> wseltzer: work with Tor, which specifically works on preventing fingerprinting
16:28:35 <wseltzer> -> https://www.torproject.org/torbutton/en/design/#adversary
16:28:44 <npdoty> ... a standardized profile if you want to avoid fingerprinting, even across browsers, a larger anonymity set
16:29:39 <npdoty> fjh: why not, even in the media case, just define profiles, a great idea
16:29:54 <tara> ack npdoty
16:30:44 <wseltzer> [perhaps offer a standard "anonymity profile"]
16:32:24 <npdoty> npd: can we help a little with fingerprinting by making it easier for the browser (or a researcher) to detect?
16:32:45 <npdoty> fjh: do we have that documented somewhere to follow up? (not that I know of)
16:32:54 <fjh> thanks for the various ideas
16:33:04 <npdoty> virginie_galindo: started the Cryptography WG recently
16:33:30 <fjh> I will share profile idea on the media task force list, also follow up on fingerprinting detection. Can follow up on PING list if that helps
16:33:37 <wseltzer> [note Panopticlick, re fingerprinting detection: https://panopticlick.eff.org/ ]
16:33:54 <npdoty> ... some ideas inside W3C on Identity with a wide variety of topics, our scope is to develop APIs, cryptographic tools for developers
16:34:33 <npdoty> ... create key, encrypt/decrypt, sign/check signature, anything a developer needs to add cryptography to their application (end-to-end security)
16:34:59 <npdoty> ... developers using the Crypto API should be able to provide privacy, but we do not give one solution, just tools for developers to build their own solution
16:35:51 <npdoty> ... currently discussing the JavaScript API, how to handle the secrets, make sure that when the user generates a secret they won't be tracked by that secret
16:36:23 <npdoty> ... when you generate identifiers, shouldn't be associated with a particular user, a problem we are trying to solve
16:36:31 <fjh> q+
16:36:39 <npdoty> tara: looking for starting points to help with this problem?
16:36:47 <tara> ack fjh
16:37:14 <Zakim> -MacTed
16:37:37 <npdoty> fjh: sometime you want to know who the counterparty is (use a PKI), but for confidentiality you want to do key management in a way.... would think you would want to use symmetric keys
16:37:54 <npdoty> virginie_galindo: want to build the basic tools to use any model that they want
16:38:26 <npdoty> Kasey: can we circulate documents and get back to you with comments?
16:38:31 <npdoty> q+
16:38:39 <fjh> it seems that if you use public key crypto and PKI it might be hard to keep identity information secret?
16:38:51 <npdoty> virginie_galindo: can send you a link, but discussion ongoing very actively on the mailing list
16:38:55 <wseltzer> -> http://www.w3.org/2012/webcrypto/ Web Cryptography WG
16:38:56 <tara> ack npdoty
16:39:10 <wseltzer> -> http://www.w3.org/2012/webcrypto/WebCryptoAPI/ Editor's Draft
16:39:56 <fjh> ndoty: why is there a privacy problem with crypto, what is the tracking problem?
16:40:13 <fjh> s/ndoty/npdoty/
16:41:50 <fjh> cviriginie_galindo: oncern of leakage of service use through leakage of key information - want to maintain privacy around use of service
16:41:59 <fjh> s/cvirginie/virginie/
16:42:12 <fjh> s/ oncern/concern/
16:42:26 <fjh> s/key information/crypto key information/
16:42:35 <virginie_galindo> Web Crypto WG wiki is : http://www.w3.org/2012/webcrypto/
16:42:43 <npdoty> heard warnings from vendors (and from Wendy on fingerprinting)
16:43:11 <fjh> npdoty: tracking protection WG started in April
16:43:45 <wseltzer> -> http://www.w3.org/2011/tracking-protection/ Tracking Protection WG
16:43:56 <fjh> npdoty: web services can track user activity so do not track DNT which has been focus
16:44:13 <fjh> npdoty: user expresses preference then this is followed by service
16:44:41 <fjh> npdoty: not enforcement, user expressing preferences, service needs to respect it
16:45:28 <fjh> npdoty: new work in W3C on defining what it means to "comply"
16:45:42 <fjh> npdoty: heated debate
16:46:13 <fjh> npdoty:  F2F next week, trying to get to last call
16:46:54 <tara> Thanks, Frederick!
16:47:03 <fjh> npdoty: focus is 3rd party tracking
16:47:59 <fjh> q+
16:49:23 <tara> ack fjh
16:51:06 <Zakim> -Narm_Gadiraju
16:51:51 <npdoty> http://www.w3.org/2011/tracking-protection/
16:52:07 <Christine> Thank you very much Frederick, Virginie, Nick.
16:52:13 <npdoty> npdoty: some challenges we've had with handling press coverage
16:52:42 <npdoty> +1, take it up next call
16:52:51 <npdoty> Zakim, take up agendum 4
16:52:51 <Zakim> agendum 4. "Privacy Considerations" taken up [from npdoty]
16:52:59 <npdoty> tara: needs to move forward
16:53:09 <npdoty> ... lots of conversation last time what such a document might entail
16:53:13 <npdoty> ... sufficient interest to begin work on this
16:53:21 <Zakim> -fjh
16:53:26 <npdoty> ... need volunteers, people who are able to write text
16:53:34 <npdoty> ... and content, what an outline would look like
16:53:47 <Christine> +q
16:53:48 <npdoty> Kasey: to what extent can we take into account prior art?
16:54:39 <npdoty> tara: yes, would certain like to coordinate with other groups' work
16:54:44 <npdoty> Kasey: happy to help
16:54:55 <npdoty> ack Christine 
16:55:15 <npdoty> Christine: please bring what pieces are relevant to the table
16:55:23 <Joanne> happy to help where I can
16:55:33 <npdoty> ... keep in mind that this is for those who write W3C specifications in particular
16:55:43 <Christine> q-
16:56:00 <Christine> +q
16:56:07 <Zakim> -??P6
16:56:27 <Christine> q-
16:56:34 <Christine> +q
16:56:44 <npdoty> Christine: can organize these resources on the wiki
16:56:45 <npdoty> http://www.w3.org/wiki/Privacy/Privacy_Considerations
16:56:55 <npdoty> Kasey: how are these usually structured? is there something else we can look at?
16:56:56 <Christine> q-
16:57:59 <tara> W3C document to use as model? Accessibility.
16:58:06 <virginie_galindo> q+
16:58:21 <npdoty> npdoty: Security Considerations at IETF, but also Accessibility work at W3C
16:58:40 <npdoty> tara: seeing some volunteers here, and will also canvass on the mailing list
16:58:53 <tara> See also IETF security considerations documents
16:59:08 <npdoty> ... a subgroup that can compile those resources and start working on an outline
16:59:25 <npdoty> virginie_galindo: the privacy topic raised by the TAG as well, Robin Berjon and @torgo
16:59:37 <virginie_galindo> http://darobin.github.com/api-design-privacy/api-design-privacy.html
16:59:48 <alissa> IETF security considerations doc: http://tools.ietf.org/html/rfc3552
17:00:19 <npdoty> Christine: have been in conversation with the TAG, hope to sort out how the two groups can work together
17:00:54 <Christine> +1
17:00:59 <npdoty> July 19th, at the same time?
17:01:02 <Joanne> +1
17:01:03 <npdoty> works for me
17:01:16 <jtrentadams> conflicts with me, but not a deal-breaker
17:01:25 <erin> copy on my end
17:01:36 <npdoty> this time again on Thursday, July 19th
17:01:46 <Christine> AOB: Pär Lannerö would like comments on the Common Terms Project (see the email dated 19 April 2012).
17:01:48 <npdoty> tara: hope to have some progress on these documents to discuss next time
17:01:54 <Zakim> -Joanne
17:01:55 <Zakim> -justin_
17:01:56 <Zakim> -virginie_galindo
17:01:58 <Zakim> - +44.163.551.aagg
17:01:58 <Zakim> - +358.504.87aaff
17:01:59 <Zakim> -??P13
17:02:00 <Zakim> -npdoty
17:02:00 <Christine> Reports on OECD and APEC moved to next meeting
17:02:00 <Zakim> -wseltzer
17:02:02 <Zakim> -tara
17:02:03 <Zakim> -jtrentadams
17:02:09 <MarkLizar> thanks, 
17:02:09 <Zakim> -Christine
17:02:12 <npdoty> Zakim, list attendees
17:02:12 <Zakim> As of this point the attendees have been npdoty, fjh, +1.949.483.aacc, Christine, jtrentadams, +1.203.436.aadd, tara, wseltzer, +1.415.520.aaee, justin_, Joanne, MacTed,
17:02:16 <Zakim> ... +358.504.87aaff, +44.163.551.aagg, +33.4.42.36.aahh, Narm_Gadiraju, virginie_galindo
17:02:21 <jtrentadams> jtrentadams has left #privacy
17:02:30 <npdoty> RRSAgent, draft minutes
17:02:30 <RRSAgent> I have made the request to generate http://www.w3.org/2012/06/14-privacy-minutes.html npdoty
17:02:37 <Zakim> -??P44
17:03:04 <James_> James_ has left #privacy
17:03:14 <erin> erin has left #privacy
17:03:15 <npdoty> chair: tara
17:03:24 <npdoty> Zakim, bye
17:03:24 <Zakim> leaving.  As of this point the attendees were npdoty, fjh, +1.949.483.aacc, Christine, jtrentadams, +1.203.436.aadd, tara, wseltzer, +1.415.520.aaee, justin_, Joanne, MacTed,
17:03:24 <Zakim> Zakim has left #privacy
17:03:27 <Zakim> ... +358.504.87aaff, +44.163.551.aagg, +33.4.42.36.aahh, Narm_Gadiraju, virginie_galindo
17:03:34 <npdoty> RRSAgent, bye
17:03:34 <RRSAgent> I see no action items