15:51:00 <RRSAgent> RRSAgent has joined #privacy
15:51:00 <RRSAgent> logging to http://www.w3.org/2012/07/19-privacy-irc
15:51:10 <npdoty> rrsagent, make logs public
15:51:22 <npdoty> Meeting: Privacy Interest Group July Teleconference
15:51:31 <matt> zakim, ping me in 8 minutes
15:51:31 <Zakim> ok, matt
15:52:01 <fjh> fjh has joined #privacy
15:57:31 <christine> christine has joined #privacy
15:58:11 <Zakim> Priv_IG()12:00PM has now started
15:58:17 <Zakim> + +1.613.304.aaaa
15:58:24 <Zakim> + +33.4.92.96.aabb
15:58:36 <Zakim> +npdoty
15:59:08 <Joanne> Joanne has joined #privacy
15:59:21 <Zakim> +??P11
15:59:30 <matt> zakim, code?
15:59:30 <Zakim> the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), matt
15:59:30 <npdoty> Zakim, aaaa is probably tara
15:59:32 <Zakim> +tara?; got it
15:59:32 <Zakim> matt, you asked to be pinged at this time
15:59:48 <tara> tara has joined #privacy
15:59:59 <alissa> alissa has joined #privacy
16:00:36 <tara> 613.
16:00:47 <Zakim> +justin
16:00:55 <Zakim> +KevinT
16:00:58 <npdoty> Zakim who is making noise?
16:01:08 <Zakim> + +358.504.87aacc
16:01:09 <Zakim> +matt
16:01:10 <npdoty> chair: tara
16:01:22 <Zakim> +??P34
16:01:40 <npdoty> Zakim, agenda+ Introductions
16:01:40 <Zakim> agendum 1 added
16:01:40 <matt> zakim, mute me
16:01:41 <Zakim> matt should now be muted
16:01:52 <npdoty> Zakim, agenda+ Dependencies (including Geo)
16:01:53 <Zakim> agendum 2 added
16:01:59 <npdoty> Zakim, agenda+ Liaisons
16:01:59 <Zakim> agendum 3 added
16:01:59 <Joanne> Zakim, Kevin T is really Joanne
16:02:00 <Zakim> I don't understand 'Kevin T is really Joanne', Joanne
16:02:11 <npdoty> Zakim, agenda+ Privacy Considerations
16:02:11 <Zakim> agendum 4 added
16:02:24 <npdoty> Zakim, KevinT is really Joanne 
16:02:24 <Zakim> +Joanne; got it
16:02:31 <christine> We have received apologies from JC Canon, Trent Adams, Piero Bonatti, Susan Israel, Erin Kenneally
16:02:35 <MarkL> MarkL has joined #privacy
16:02:48 <npdoty> regrets+ JC, Trent, Piero, SusanIsrael, ErinKenneally
16:02:49 <robin> robin has joined #privacy
16:02:53 <matt> Regrets: JC Canon, Trent Adams, Piero Bonatti, Susan Israel, Erin Kenneally
16:02:54 <MarkL> Hi Everyone!
16:03:29 <robin> Hi all - apologies if I get this wrong: I am an IRC n00b <blush>
16:03:44 <tara> No problem.
16:04:06 <npdoty> Zakim, who is on the phone?
16:04:06 <Zakim> On the phone I see tara?, +33.4.92.96.aabb, npdoty, ??P11, justin, Joanne, +358.504.87aacc, matt (muted), ??P34
16:04:09 <Zakim> +bilcorry
16:04:17 <tara> Let us know if you're on IRC but not on the phone so we can repeat things you might miss.
16:04:32 <robin> thanks - am working on dialling in now...
16:04:40 <Ashok_Malhotra> Ashok_Malhotra has joined #privacy
16:05:06 <fjh> i'm on irc but not the phone
16:05:09 <bilcorry> bilcorry has joined #privacy
16:05:27 <Zakim> + +1.202.379.aadd
16:05:37 <npdoty> scribenick: Joanne
16:05:42 <bilcorry> Zakim, who is on the call?
16:05:42 <Zakim> On the phone I see tara?, +33.4.92.96.aabb, npdoty, ??P11, justin, Joanne, +358.504.87aacc, matt (muted), ??P34, bilcorry, +1.202.379.aadd
16:05:52 <bilcorry> Zakim, mute me
16:05:52 <Zakim> bilcorry should now be muted
16:05:56 <Zakim> +James
16:05:56 <npdoty> Zakim, agenda?
16:05:57 <Zakim> I see 4 items remaining on the agenda:
16:06:00 <Zakim> 1. Introductions [from npdoty]
16:06:01 <Zakim> 2. Dependencies (including Geo) [from npdoty]
16:06:04 <Zakim> 3. Liaisons [from npdoty]
16:06:05 <Zakim> 4. Privacy Considerations [from npdoty]
16:06:08 <matt> zakim, unmute me
16:06:17 <Zakim> matt should no longer be muted
16:06:28 <Joanne> I may not know who is talking .  Please let me know who is speaking
16:06:48 <Joanne> Christin:  anyone here for the first time?
16:06:55 <npdoty> s/Christin/Tara/
16:07:10 <robin> I'm here for the first time...
16:07:15 <Joanne> Tara:  intros
16:07:26 <Joanne> rudy:  with Comcast global policy
16:07:44 <Zakim> +Ashok_Malhotra
16:08:11 <Joanne> Tara:  next item looking at the dependencies
16:08:21 <kboudaou> +33.4.92.96.aabb is : Karima :-)
16:08:25 <Ashok_Malhotra> zakim, mute me
16:08:25 <Zakim> Ashok_Malhotra should now be muted
16:08:31 <npdoty> Zakim, aabb is kboudaou 
16:08:31 <Zakim> +kboudaou; got it
16:08:33 <Joanne> Matt:  part of W3C team with geo-locations WG
16:08:46 <npdoty> Topic: Geo (with Matt)
16:08:52 <Joanne> ...first version of spec and will be released as recommendation soon
16:08:59 <matt> -> http://www.w3.org/TR/geolocation-API/#security
16:09:31 <Joanne> ...spec provides bunch of info on how to prtect invidual privacy on sites that use the API
16:09:51 <Joanne> ...alissia can speak about the CDT proposal
16:09:58 <Patrick> Patrick has joined #privacy
16:10:38 <Joanne> ...group came to consensus on section after much debate and now the hard part testing
16:10:39 <npdoty> GEOPRIV, http://datatracker.ietf.org/wg/geopriv/charter/
16:10:53 <Joanne> ...found sites could conform to the requirements
16:10:58 <Joanne> ...not an easy task
16:11:46 <npdoty> concept that "an API should never be allowed to lie!"
16:11:46 <Joanne> ...challenges is the API can lie about where you are and the API should not be able to lie.  lots of conserns
16:11:52 <Joanne> ...looked at this for a long time
16:12:04 <christine> +q
16:12:36 <Joanne> Tara:  are there things PNG can do to be useful to your WG? what can we learn?
16:12:44 <npdoty> s/PNG/PING/
16:12:54 <Joanne> Matt:  right people involved from teh get-go is important
16:13:22 <alissa> Richard Barnes from BBN was also involved
16:13:55 <npdoty> ... could actually see PING as a horizontal thing to get people involved across groups
16:13:59 <Joanne> ...PNG should be a horizontial thing and influence the work.  Having privacy people involved from the beginning is important
16:14:18 <npdoty> q+ to ask about TAG review
16:14:23 <npdoty> ack christine 
16:14:35 <Zakim> -npdoty
16:14:41 <Joanne> Christine:  very helpful and couldn't agree more in having privacy people in the beginning
16:15:26 <Joanne> ...what are lessons learned in identifying privacy vulenbilities (sp).  Example, how did the gropu think about privacy for that spec
16:15:27 <Zakim> +npdoty
16:15:34 <christine> -q
16:16:05 <Joanne> Matt:  lessons I learned - a lot of engineers don't necessarily look at the privacy implications
16:16:44 <npdoty> ... radically different legal requirements (mandated in one country, prohibited in another)
16:16:47 <Zakim> +??P22
16:17:08 <Joanne> ...Vodafone involvement showed how laws vary across some countries.  what is ok in one country may not be allowed in another country.  how do you write a spec with varying laws and test that these things are possible to enforce
16:17:11 <Zakim> -??P22
16:17:58 <Joanne> ...one way to test is to read the privacy policy and test against that.  trust the company does what they say are they are doing
16:18:07 <matt> -> http://www.w3.org/2008/geolocation/drafts/API/Implementation-Report.html#website-tests
16:18:08 <matt> \
16:18:15 <Joanne> ...difficult to test and will link to test results
16:18:29 <Joanne> ...had more than just the three listed
16:18:44 <Joanne> ...non-trival task
16:18:46 <npdoty> ack npdoty 
16:18:46 <Zakim> npdoty, you wanted to ask about TAG review
16:19:23 <Ashok_Malhotra> zakim, unmute me
16:19:23 <Zakim> Ashok_Malhotra should no longer be muted
16:19:32 <Joanne> Nick:  wanted to ask about tag management.  was tag review useful for uncovering privacy issues, and what role tag can play in reviewing areas around privacy?
16:20:07 <Joanne> Matt:  not real formal but did talk to tag for an hour or two.  not sure if we can call it a tag review or not
16:20:34 <Joanne> unknow:  this version of the spec a lot better.  thank you Matt
16:20:44 <Zakim> +??P31
16:20:52 <npdoty> s/unknow/Ashok/
16:21:44 <alissa> +q
16:21:46 <tara> q?
16:22:07 <Joanne> Hannes:  privacy experts wasn't really heard.  what do you think was done well around the privacy mechanisms.  somewhat negative about the development within the group and get them to listen
16:22:26 <Joanne> Matt:  did best to make sure all comments were responded to
16:22:27 <tara> ack alissa
16:22:36 <Joanne> ...Alissia may be able to comment more
16:23:11 <Joanne> Allisia (sp):  disagree with Hannes characteristication (sp).  
16:23:27 <matt> s/Allisia/Alissa/g
16:24:09 <Joanne> ....sending privacy rules around.  did end up with strong normative language.  Testing was difficult to make sure reqs in Sec 3 were meet
16:25:02 <npdoty> copying of sections of requirements on recipients wholesale into other specs, like device APIs, which might be advantageous
16:25:17 <Joanne> ...took some of this text wholesale and put them into their APIs.  Reqs around receipents getting geo-location info hard to enforce
16:25:42 <Joanne> Matt:  this did not just breeze right through.  
16:25:54 <Joanne> Tara:  last chance to comment
16:26:06 <npdoty> q+
16:26:08 <matt> Privacy was pretty much our biggest hurdle, the technical stuff was insignificant compared to privacy actually.
16:26:10 <Joanne> ...going once, going twice
16:26:13 <tara> ack npdoty
16:27:14 <Zakim> +[IPcaller]
16:27:21 <fjh> zakim, [IPcaller] is me
16:27:21 <Zakim> +fjh; got it
16:27:26 <Joanne> Nick:  on the ques on testibility.  we want to make it easy to test to determine conformance.  should we make reqs more technicla and make privacy reqs testable against the spec
16:28:20 <Joanne> Matt:  what is interesting about w3c testing people is we have to show that everything normative is implementable.  low bar.  not very strong.  we want above and beyond w3c reqs
16:28:49 <tara> q?
16:29:47 <Joanne> unknown:  how did deployment act in repsect to privacy?  did that lead to any improvements in deployments? is there truly privacy prtoections
16:29:55 <npdoty> s/unknown/Hannes/
16:30:50 <Joanne> Matt:  it changed on the browser side and the receipent side.  no one hasn't reporoted on redeployment since Nick wrote the paper
16:31:05 <npdoty> we thought about doing an updated study to see if there were deployment changes over time, but it's a hard thing to measure in a comparable way
16:31:36 <Joanne> ...browser is deployed with active consent to sharing location data.  not sure about reciepent <apologies for my bad spelling/typing>
16:31:39 <Zakim> -??P34
16:31:51 <fjh> zakim, who is here?
16:31:51 <Zakim> On the phone I see tara?, kboudaou, ??P11, justin, Joanne, +358.504.87aacc, matt, bilcorry (muted), +1.202.379.aadd, James, Ashok_Malhotra, npdoty, ??P31, fjh
16:31:54 <Zakim> On IRC I see Patrick, bilcorry, Ashok_Malhotra, robin, MarkL, alissa, tara, Joanne, christine, fjh, RRSAgent, Zakim, npdoty, kboudaou, MacTed, matt, wseltzer
16:32:18 <Zakim> +??P34
16:32:20 <Joanne> Tara:  that you Matt and hope we benfit from your experience and take advantage of that.
16:32:20 <christine> Zakim ??P11 is christine
16:32:35 <npdoty> Zakim, ??P11 is christine 
16:32:35 <Zakim> +christine; got it
16:32:50 <npdoty> Zakim, justin is really alissa
16:32:50 <Zakim> +alissa; got it
16:33:10 <Joanne> Matt:  love to help and am neutral about the deployments.  will love to help and Alissia can input based on her experience
16:33:22 <Joanne> Tara:  3rd item ont eh agenda
16:33:36 <npdoty> Topic: IAB Privacy Program
16:33:37 <alissa> http://tools.ietf.org/html/draft-iab-privacy-considerations-03
16:33:50 <Joanne> Tara:  moving to alissa
16:34:21 <Joanne> Alissa:  IAB protocols.  Look at ToC's and run through the doc
16:34:37 <Ashok_Malhotra> Worked for me!  Cool!
16:34:54 <Joanne> ...terminology section around privacy and describes terms used in the protocals
16:35:32 <tara> tara has joined #privacy
16:35:43 <Joanne> ...tired to make link between abstract threats and how internet proptocals.  talk about ways threats can be mitigated
16:35:56 <Joanne> ...data minization
16:36:22 <Joanne> ...uyser participantion involving hte user in decisions about hisher data to minize threats
16:36:50 <Joanne> ...that is the setup to give designers who aren't use to think about privacy reasons to care about it
16:37:25 <Joanne> ...section 6 designed to give designers on how to think about privacy when designing protocoals
16:38:16 <Joanne> ...taks about difficulty around managing body list, etc. maxium utility of systems built using proptocals
16:38:26 <Joanne> ...love feedback on the doc
16:38:46 <Joanne> ...hoping to now get this to the folks out in th e ITF
16:38:47 <matt> zakim, mute me
16:38:47 <Zakim> matt should now be muted
16:38:51 <npdoty> ... section 7, an example, based on SIP, managing a buddy list, experience with all of the privacy problems that can appear in Internet protocols
16:38:51 <Joanne> ...main work item
16:39:10 <Joanne> ...privacy survey Hannes has been spreadheading
16:39:50 <Joanne> ...hoping to get feedback from people in the field
16:39:56 <tara> q?
16:40:15 <Joanne> Tara:  that is a lot.  impressive accomplishment
16:40:38 <Joanne> ...help out group ...feedback on survey items
16:40:43 <Joanne> ...questions?
16:40:46 <npdoty> q+
16:41:10 <Joanne> Christine:  compliments to Alissa and Hannes and others in the IAB program
16:41:13 <tara> ack npdoty
16:41:40 <Joanne> Nick:  curous whether there is any experience with  anyone trying to use the doc yet?
16:42:54 <Joanne> Alissa:  not aware of anyone yet.  I have pointed a few people to it working on early drafts and have gotten feedback.  It is overkill.  this was expected.  I have tired to use it
16:43:13 <Joanne> Hannes:  feedback has reulted in additional terminology and clarifications
16:43:21 <Joanne> Tata:  more questions?
16:43:29 <Joanne> ...thanks again Alissa
16:43:31 <npdoty> s/Tata/tara/
16:43:48 <Joanne> <bad typing>
16:44:35 <npdoty> Topic: Privacy Considerations
16:44:43 <npdoty> tara: open to comment on how this should go forward
16:44:46 <npdoty> q+
16:44:59 <Joanne> Tara:  we are trying to get a sense of the best way to move forward on the document.  Opening up for comment based upon experience on how to move forward
16:45:04 <tara> ack npdoty
16:46:29 <Joanne> Nick:  we have discussed the importance of having privacy policy involved.  write a guide for WG around when to seek out privacy expertise.  some of this may be architure <sp> issues
16:46:35 <rudy_> rudy_ has joined #privacy
16:46:38 <christine> +q
16:47:22 <tara> ack christine
16:47:24 <christine> -q
16:47:25 <Joanne> Tara: when to bring people in with research and look for commonailities across groups to provide guidance
16:47:34 <npdoty> * decisional tool (help authors when they're making authoring decisions)
16:47:53 <npdoty> * issue spotting (helping WGs find when they should seek out expertise in understanding the privacy issues)
16:48:30 <npdoty> * architectural considerations (common issues that turn up on the Web that we'd like to handle in a consistent way)
16:48:36 <Zakim> -Ashok_Malhotra
16:48:43 <tara> q?
16:48:46 <Joanne> Christine:  thank you Nick.  I agree and we seem to be in agreement.  A good way to make this happening is first provide guidance to WGs on when they need to invole PNG and TAG.  Then identify common problems across the groups
16:48:51 <alissa> +q
16:48:57 <tara> ack alissa
16:50:09 <robin> It could be that influencing a WG on privacy is a lot like influencing end users on privacy… i.e. hard. ;-)
16:50:09 <fjh> +1 to alissa re difficulty of adding-in privacy into WG later, needs to be part of WG overall
16:50:15 <Joanne> alissa:  might be controversial.  it is diff to have influence over the trajectory of a WG by inserting a random timeline.  you need to be involved the work of the group.  
16:50:46 <fjh> isn't that called "privacy by design" :)
16:50:53 <Joanne> ...advocate building this capability into those working across the w3c
16:51:18 <Joanne> Christine:  agree and if we can get there that would be fantastic
16:51:46 <Joanne> Alissa:  difficule, not necessarily controversal.  its how we get there
16:51:58 <fjh> q+
16:52:21 <robin> In both cases, it's a problem of persuading people to adopt different privacy-related behaviours (and people's motivation for changing behaviour is notoriously tricky)
16:52:22 <Joanne> Nick:  maybe that answers the question of when. having this integrated in the discussion from the beginning stages
16:52:45 <Joanne> Hannes:  it is easy to say you need to consider security at the beginning same for privacy
16:53:24 <robin> I should also clarify: this is Robin Wilton, not Robin Berjon (Hannes is referring to a doc by Robin B)
16:53:26 <Joanne> ...what is the foundation you want to rely on.  some people think data minization is the idea others think user consent is the best.  there are other design regimes
16:53:44 <tara> ack fjh
16:53:50 <Joanne> ....need to ask the bigger question otherwise difficult to adivse
16:54:26 <robin> Sorry, that got converted to an emoji. I meant "Hannes is referring to a document by Robin Berjon"
16:54:28 <Joanne> fjh:  it is a hard proble.  it can't be bolt on later and needs to be done at the beginning.  
16:54:36 <christine> +q
16:54:41 <npdoty> parties who aren't even in the Working Group may be relevant too; charter needs to get the right constituencies involved
16:54:42 <Joanne> Tara:  challenges to get the right people involved
16:54:44 <fjh> s/proble/problem/
16:55:04 <npdoty> s/parties who/fjh: parties who/
16:55:07 <christine> -q
16:55:10 <fjh> s/beginning/beginning, including getting involvement of various constituencies./
16:55:18 <tara> ack christine
16:55:40 <Joanne> Christine:  may not have the answers today.  
16:55:52 <Joanne> Hannes:  I believe you are asking my thoughts
16:57:17 <Joanne> ...if you start with something like js api.  if some scoping is included in the doc.  the most improtant qustions are - is asking the user consnet on the api.  sme other work that falls outside the js mechansim allow a much richer choice of approach to look into 
16:57:26 <Zakim> -bilcorry
16:57:34 <Joanne> ...not bound by design decisionsof of the past
16:58:17 <Joanne> Tara:  eye on the time.  lots of considerations and putting together task force to wrk on doc, plus best praitces
16:58:25 <Joanne> ...move to mailing list and next agenda
16:58:26 <npdoty> if when/how to integrate into the process sounds like a good starting point for writing, I'm happy to help with that
16:58:37 <npdoty> and that might be something that doesn't duplicate the IAB document
16:58:38 <Joanne> ...last thing - the next call
16:58:56 <christine> 16 August might be hard for me
16:58:58 <npdoty> Topic: Next call
16:59:10 <Joanne> ...week of Aug 16 around same time.  Is there a conflict? can move to the aug 23rd
16:59:14 <christine> Thank you
16:59:14 <npdoty> August 16th? August 23rd?
16:59:24 <npdoty> Aug 23rd fine with me
16:59:27 <Joanne> ..August 23rd at this same time
16:59:31 <robin> 16th *may* be an NSTIC meeting, according to OIX website...
16:59:56 <Joanne> ...tentative for Aug 23rd
17:00:11 <christine> Thanks Tara and Matt
17:00:18 <Zakim> -alissa
17:00:20 <fjh> thanks 
17:00:20 <Zakim> -christine
17:00:22 <Zakim> -Joanne
17:00:23 <Zakim> -npdoty
17:00:23 <Zakim> -fjh
17:00:25 <Zakim> - +358.504.87aacc
17:00:27 <kboudaou> Thanks.  Bye !
17:00:27 <Zakim> -??P34
17:00:27 <Zakim> -tara?
17:00:28 <Zakim> -James
17:00:29 <fjh> fjh has left #privacy
17:00:31 <tara> quit
17:00:35 <Zakim> - +1.202.379.aadd
17:00:36 <npdoty> rrsagent, draft minutes
17:00:36 <RRSAgent> I have made the request to generate http://www.w3.org/2012/07/19-privacy-minutes.html npdoty
17:00:37 <Zakim> -kboudaou
17:00:39 <robin> robin has left #privacy
17:00:47 <Zakim> -??P31
17:02:11 <npdoty> rrsagent, bye
17:02:11 <RRSAgent> I see no action items