IRC log of privacy on 2012-07-19

Timestamps are in UTC.

15:51:00 [RRSAgent]
RRSAgent has joined #privacy
15:51:00 [RRSAgent]
logging to
15:51:10 [npdoty]
rrsagent, make logs public
15:51:22 [npdoty]
Meeting: Privacy Interest Group July Teleconference
15:51:31 [matt]
zakim, ping me in 8 minutes
15:51:31 [Zakim]
ok, matt
15:52:01 [fjh]
fjh has joined #privacy
15:57:31 [christine]
christine has joined #privacy
15:58:11 [Zakim]
Priv_IG()12:00PM has now started
15:58:17 [Zakim]
+ +1.613.304.aaaa
15:58:24 [Zakim]
+ +
15:58:36 [Zakim]
15:59:08 [Joanne]
Joanne has joined #privacy
15:59:21 [Zakim]
15:59:30 [matt]
zakim, code?
15:59:30 [Zakim]
the conference code is 7464 (tel:+1.617.761.6200, matt
15:59:30 [npdoty]
Zakim, aaaa is probably tara
15:59:32 [Zakim]
+tara?; got it
15:59:32 [Zakim]
matt, you asked to be pinged at this time
15:59:48 [tara]
tara has joined #privacy
15:59:59 [alissa]
alissa has joined #privacy
16:00:36 [tara]
16:00:47 [Zakim]
16:00:55 [Zakim]
16:00:58 [npdoty]
Zakim who is making noise?
16:01:08 [Zakim]
+ +358.504.87aacc
16:01:09 [Zakim]
16:01:10 [npdoty]
chair: tara
16:01:22 [Zakim]
16:01:40 [npdoty]
Zakim, agenda+ Introductions
16:01:40 [Zakim]
agendum 1 added
16:01:40 [matt]
zakim, mute me
16:01:41 [Zakim]
matt should now be muted
16:01:52 [npdoty]
Zakim, agenda+ Dependencies (including Geo)
16:01:53 [Zakim]
agendum 2 added
16:01:59 [npdoty]
Zakim, agenda+ Liaisons
16:01:59 [Zakim]
agendum 3 added
16:01:59 [Joanne]
Zakim, Kevin T is really Joanne
16:02:00 [Zakim]
I don't understand 'Kevin T is really Joanne', Joanne
16:02:11 [npdoty]
Zakim, agenda+ Privacy Considerations
16:02:11 [Zakim]
agendum 4 added
16:02:24 [npdoty]
Zakim, KevinT is really Joanne
16:02:24 [Zakim]
+Joanne; got it
16:02:31 [christine]
We have received apologies from JC Canon, Trent Adams, Piero Bonatti, Susan Israel, Erin Kenneally
16:02:35 [MarkL]
MarkL has joined #privacy
16:02:48 [npdoty]
regrets+ JC, Trent, Piero, SusanIsrael, ErinKenneally
16:02:49 [robin]
robin has joined #privacy
16:02:53 [matt]
Regrets: JC Canon, Trent Adams, Piero Bonatti, Susan Israel, Erin Kenneally
16:02:54 [MarkL]
Hi Everyone!
16:03:29 [robin]
Hi all - apologies if I get this wrong: I am an IRC n00b <blush>
16:03:44 [tara]
No problem.
16:04:06 [npdoty]
Zakim, who is on the phone?
16:04:06 [Zakim]
On the phone I see tara?, +, npdoty, ??P11, justin, Joanne, +358.504.87aacc, matt (muted), ??P34
16:04:09 [Zakim]
16:04:17 [tara]
Let us know if you're on IRC but not on the phone so we can repeat things you might miss.
16:04:32 [robin]
thanks - am working on dialling in now...
16:04:40 [Ashok_Malhotra]
Ashok_Malhotra has joined #privacy
16:05:06 [fjh]
i'm on irc but not the phone
16:05:09 [bilcorry]
bilcorry has joined #privacy
16:05:27 [Zakim]
+ +1.202.379.aadd
16:05:37 [npdoty]
scribenick: Joanne
16:05:42 [bilcorry]
Zakim, who is on the call?
16:05:42 [Zakim]
On the phone I see tara?, +, npdoty, ??P11, justin, Joanne, +358.504.87aacc, matt (muted), ??P34, bilcorry, +1.202.379.aadd
16:05:52 [bilcorry]
Zakim, mute me
16:05:52 [Zakim]
bilcorry should now be muted
16:05:56 [Zakim]
16:05:56 [npdoty]
Zakim, agenda?
16:05:57 [Zakim]
I see 4 items remaining on the agenda:
16:06:00 [Zakim]
1. Introductions [from npdoty]
16:06:01 [Zakim]
2. Dependencies (including Geo) [from npdoty]
16:06:04 [Zakim]
3. Liaisons [from npdoty]
16:06:05 [Zakim]
4. Privacy Considerations [from npdoty]
16:06:08 [matt]
zakim, unmute me
16:06:17 [Zakim]
matt should no longer be muted
16:06:28 [Joanne]
I may not know who is talking . Please let me know who is speaking
16:06:48 [Joanne]
Christin: anyone here for the first time?
16:06:55 [npdoty]
16:07:10 [robin]
I'm here for the first time...
16:07:15 [Joanne]
Tara: intros
16:07:26 [Joanne]
rudy: with Comcast global policy
16:07:44 [Zakim]
16:08:11 [Joanne]
Tara: next item looking at the dependencies
16:08:21 [kboudaou]
+ is : Karima :-)
16:08:25 [Ashok_Malhotra]
zakim, mute me
16:08:25 [Zakim]
Ashok_Malhotra should now be muted
16:08:31 [npdoty]
Zakim, aabb is kboudaou
16:08:31 [Zakim]
+kboudaou; got it
16:08:33 [Joanne]
Matt: part of W3C team with geo-locations WG
16:08:46 [npdoty]
Topic: Geo (with Matt)
16:08:52 [Joanne]
...first version of spec and will be released as recommendation soon
16:08:59 [matt]
16:09:31 [Joanne]
...spec provides bunch of info on how to prtect invidual privacy on sites that use the API
16:09:51 [Joanne]
...alissia can speak about the CDT proposal
16:09:58 [Patrick]
Patrick has joined #privacy
16:10:38 [Joanne] came to consensus on section after much debate and now the hard part testing
16:10:39 [npdoty]
16:10:53 [Joanne]
...found sites could conform to the requirements
16:10:58 [Joanne]
...not an easy task
16:11:46 [npdoty]
concept that "an API should never be allowed to lie!"
16:11:46 [Joanne]
...challenges is the API can lie about where you are and the API should not be able to lie. lots of conserns
16:11:52 [Joanne]
...looked at this for a long time
16:12:04 [christine]
16:12:36 [Joanne]
Tara: are there things PNG can do to be useful to your WG? what can we learn?
16:12:44 [npdoty]
16:12:54 [Joanne]
Matt: right people involved from teh get-go is important
16:13:22 [alissa]
Richard Barnes from BBN was also involved
16:13:55 [npdoty]
... could actually see PING as a horizontal thing to get people involved across groups
16:13:59 [Joanne]
...PNG should be a horizontial thing and influence the work. Having privacy people involved from the beginning is important
16:14:18 [npdoty]
q+ to ask about TAG review
16:14:23 [npdoty]
ack christine
16:14:35 [Zakim]
16:14:41 [Joanne]
Christine: very helpful and couldn't agree more in having privacy people in the beginning
16:15:26 [Joanne]
...what are lessons learned in identifying privacy vulenbilities (sp). Example, how did the gropu think about privacy for that spec
16:15:27 [Zakim]
16:15:34 [christine]
16:16:05 [Joanne]
Matt: lessons I learned - a lot of engineers don't necessarily look at the privacy implications
16:16:44 [npdoty]
... radically different legal requirements (mandated in one country, prohibited in another)
16:16:47 [Zakim]
16:17:08 [Joanne]
...Vodafone involvement showed how laws vary across some countries. what is ok in one country may not be allowed in another country. how do you write a spec with varying laws and test that these things are possible to enforce
16:17:11 [Zakim]
16:17:58 [Joanne] way to test is to read the privacy policy and test against that. trust the company does what they say are they are doing
16:18:07 [matt]
16:18:08 [matt]
16:18:15 [Joanne]
...difficult to test and will link to test results
16:18:29 [Joanne]
...had more than just the three listed
16:18:44 [Joanne]
...non-trival task
16:18:46 [npdoty]
ack npdoty
16:18:46 [Zakim]
npdoty, you wanted to ask about TAG review
16:19:23 [Ashok_Malhotra]
zakim, unmute me
16:19:23 [Zakim]
Ashok_Malhotra should no longer be muted
16:19:32 [Joanne]
Nick: wanted to ask about tag management. was tag review useful for uncovering privacy issues, and what role tag can play in reviewing areas around privacy?
16:20:07 [Joanne]
Matt: not real formal but did talk to tag for an hour or two. not sure if we can call it a tag review or not
16:20:34 [Joanne]
unknow: this version of the spec a lot better. thank you Matt
16:20:44 [Zakim]
16:20:52 [npdoty]
16:21:44 [alissa]
16:21:46 [tara]
16:22:07 [Joanne]
Hannes: privacy experts wasn't really heard. what do you think was done well around the privacy mechanisms. somewhat negative about the development within the group and get them to listen
16:22:26 [Joanne]
Matt: did best to make sure all comments were responded to
16:22:27 [tara]
ack alissa
16:22:36 [Joanne]
...Alissia may be able to comment more
16:23:11 [Joanne]
Allisia (sp): disagree with Hannes characteristication (sp).
16:23:27 [matt]
16:24:09 [Joanne]
....sending privacy rules around. did end up with strong normative language. Testing was difficult to make sure reqs in Sec 3 were meet
16:25:02 [npdoty]
copying of sections of requirements on recipients wholesale into other specs, like device APIs, which might be advantageous
16:25:17 [Joanne]
...took some of this text wholesale and put them into their APIs. Reqs around receipents getting geo-location info hard to enforce
16:25:42 [Joanne]
Matt: this did not just breeze right through.
16:25:54 [Joanne]
Tara: last chance to comment
16:26:06 [npdoty]
16:26:08 [matt]
Privacy was pretty much our biggest hurdle, the technical stuff was insignificant compared to privacy actually.
16:26:10 [Joanne]
...going once, going twice
16:26:13 [tara]
ack npdoty
16:27:14 [Zakim]
16:27:21 [fjh]
zakim, [IPcaller] is me
16:27:21 [Zakim]
+fjh; got it
16:27:26 [Joanne]
Nick: on the ques on testibility. we want to make it easy to test to determine conformance. should we make reqs more technicla and make privacy reqs testable against the spec
16:28:20 [Joanne]
Matt: what is interesting about w3c testing people is we have to show that everything normative is implementable. low bar. not very strong. we want above and beyond w3c reqs
16:28:49 [tara]
16:29:47 [Joanne]
unknown: how did deployment act in repsect to privacy? did that lead to any improvements in deployments? is there truly privacy prtoections
16:29:55 [npdoty]
16:30:50 [Joanne]
Matt: it changed on the browser side and the receipent side. no one hasn't reporoted on redeployment since Nick wrote the paper
16:31:05 [npdoty]
we thought about doing an updated study to see if there were deployment changes over time, but it's a hard thing to measure in a comparable way
16:31:36 [Joanne]
...browser is deployed with active consent to sharing location data. not sure about reciepent <apologies for my bad spelling/typing>
16:31:39 [Zakim]
16:31:51 [fjh]
zakim, who is here?
16:31:51 [Zakim]
On the phone I see tara?, kboudaou, ??P11, justin, Joanne, +358.504.87aacc, matt, bilcorry (muted), +1.202.379.aadd, James, Ashok_Malhotra, npdoty, ??P31, fjh
16:31:54 [Zakim]
On IRC I see Patrick, bilcorry, Ashok_Malhotra, robin, MarkL, alissa, tara, Joanne, christine, fjh, RRSAgent, Zakim, npdoty, kboudaou, MacTed, matt, wseltzer
16:32:18 [Zakim]
16:32:20 [Joanne]
Tara: that you Matt and hope we benfit from your experience and take advantage of that.
16:32:20 [christine]
Zakim ??P11 is christine
16:32:35 [npdoty]
Zakim, ??P11 is christine
16:32:35 [Zakim]
+christine; got it
16:32:50 [npdoty]
Zakim, justin is really alissa
16:32:50 [Zakim]
+alissa; got it
16:33:10 [Joanne]
Matt: love to help and am neutral about the deployments. will love to help and Alissia can input based on her experience
16:33:22 [Joanne]
Tara: 3rd item ont eh agenda
16:33:36 [npdoty]
Topic: IAB Privacy Program
16:33:37 [alissa]
16:33:50 [Joanne]
Tara: moving to alissa
16:34:21 [Joanne]
Alissa: IAB protocols. Look at ToC's and run through the doc
16:34:37 [Ashok_Malhotra]
Worked for me! Cool!
16:34:54 [Joanne]
...terminology section around privacy and describes terms used in the protocals
16:35:32 [tara]
tara has joined #privacy
16:35:43 [Joanne]
...tired to make link between abstract threats and how internet proptocals. talk about ways threats can be mitigated
16:35:56 [Joanne] minization
16:36:22 [Joanne]
...uyser participantion involving hte user in decisions about hisher data to minize threats
16:36:50 [Joanne]
...that is the setup to give designers who aren't use to think about privacy reasons to care about it
16:37:25 [Joanne]
...section 6 designed to give designers on how to think about privacy when designing protocoals
16:38:16 [Joanne]
...taks about difficulty around managing body list, etc. maxium utility of systems built using proptocals
16:38:26 [Joanne] feedback on the doc
16:38:46 [Joanne]
...hoping to now get this to the folks out in th e ITF
16:38:47 [matt]
zakim, mute me
16:38:47 [Zakim]
matt should now be muted
16:38:51 [npdoty]
... section 7, an example, based on SIP, managing a buddy list, experience with all of the privacy problems that can appear in Internet protocols
16:38:51 [Joanne]
...main work item
16:39:10 [Joanne]
...privacy survey Hannes has been spreadheading
16:39:50 [Joanne]
...hoping to get feedback from people in the field
16:39:56 [tara]
16:40:15 [Joanne]
Tara: that is a lot. impressive accomplishment
16:40:38 [Joanne] out group on survey items
16:40:43 [Joanne]
16:40:46 [npdoty]
16:41:10 [Joanne]
Christine: compliments to Alissa and Hannes and others in the IAB program
16:41:13 [tara]
ack npdoty
16:41:40 [Joanne]
Nick: curous whether there is any experience with anyone trying to use the doc yet?
16:42:54 [Joanne]
Alissa: not aware of anyone yet. I have pointed a few people to it working on early drafts and have gotten feedback. It is overkill. this was expected. I have tired to use it
16:43:13 [Joanne]
Hannes: feedback has reulted in additional terminology and clarifications
16:43:21 [Joanne]
Tata: more questions?
16:43:29 [Joanne]
...thanks again Alissa
16:43:31 [npdoty]
16:43:48 [Joanne]
<bad typing>
16:44:35 [npdoty]
Topic: Privacy Considerations
16:44:43 [npdoty]
tara: open to comment on how this should go forward
16:44:46 [npdoty]
16:44:59 [Joanne]
Tara: we are trying to get a sense of the best way to move forward on the document. Opening up for comment based upon experience on how to move forward
16:45:04 [tara]
ack npdoty
16:46:29 [Joanne]
Nick: we have discussed the importance of having privacy policy involved. write a guide for WG around when to seek out privacy expertise. some of this may be architure <sp> issues
16:46:35 [rudy_]
rudy_ has joined #privacy
16:46:38 [christine]
16:47:22 [tara]
ack christine
16:47:24 [christine]
16:47:25 [Joanne]
Tara: when to bring people in with research and look for commonailities across groups to provide guidance
16:47:34 [npdoty]
* decisional tool (help authors when they're making authoring decisions)
16:47:53 [npdoty]
* issue spotting (helping WGs find when they should seek out expertise in understanding the privacy issues)
16:48:30 [npdoty]
* architectural considerations (common issues that turn up on the Web that we'd like to handle in a consistent way)
16:48:36 [Zakim]
16:48:43 [tara]
16:48:46 [Joanne]
Christine: thank you Nick. I agree and we seem to be in agreement. A good way to make this happening is first provide guidance to WGs on when they need to invole PNG and TAG. Then identify common problems across the groups
16:48:51 [alissa]
16:48:57 [tara]
ack alissa
16:50:09 [robin]
It could be that influencing a WG on privacy is a lot like influencing end users on privacy… i.e. hard. ;-)
16:50:09 [fjh]
+1 to alissa re difficulty of adding-in privacy into WG later, needs to be part of WG overall
16:50:15 [Joanne]
alissa: might be controversial. it is diff to have influence over the trajectory of a WG by inserting a random timeline. you need to be involved the work of the group.
16:50:46 [fjh]
isn't that called "privacy by design" :)
16:50:53 [Joanne]
...advocate building this capability into those working across the w3c
16:51:18 [Joanne]
Christine: agree and if we can get there that would be fantastic
16:51:46 [Joanne]
Alissa: difficule, not necessarily controversal. its how we get there
16:51:58 [fjh]
16:52:21 [robin]
In both cases, it's a problem of persuading people to adopt different privacy-related behaviours (and people's motivation for changing behaviour is notoriously tricky)
16:52:22 [Joanne]
Nick: maybe that answers the question of when. having this integrated in the discussion from the beginning stages
16:52:45 [Joanne]
Hannes: it is easy to say you need to consider security at the beginning same for privacy
16:53:24 [robin]
I should also clarify: this is Robin Wilton, not Robin Berjon (Hannes is referring to a doc by Robin B)
16:53:26 [Joanne]
...what is the foundation you want to rely on. some people think data minization is the idea others think user consent is the best. there are other design regimes
16:53:44 [tara]
ack fjh
16:53:50 [Joanne]
....need to ask the bigger question otherwise difficult to adivse
16:54:26 [robin]
Sorry, that got converted to an emoji. I meant "Hannes is referring to a document by Robin Berjon"
16:54:28 [Joanne]
fjh: it is a hard proble. it can't be bolt on later and needs to be done at the beginning.
16:54:36 [christine]
16:54:41 [npdoty]
parties who aren't even in the Working Group may be relevant too; charter needs to get the right constituencies involved
16:54:42 [Joanne]
Tara: challenges to get the right people involved
16:54:44 [fjh]
16:55:04 [npdoty]
s/parties who/fjh: parties who/
16:55:07 [christine]
16:55:10 [fjh]
s/beginning/beginning, including getting involvement of various constituencies./
16:55:18 [tara]
ack christine
16:55:40 [Joanne]
Christine: may not have the answers today.
16:55:52 [Joanne]
Hannes: I believe you are asking my thoughts
16:57:17 [Joanne]
...if you start with something like js api. if some scoping is included in the doc. the most improtant qustions are - is asking the user consnet on the api. sme other work that falls outside the js mechansim allow a much richer choice of approach to look into
16:57:26 [Zakim]
16:57:34 [Joanne]
...not bound by design decisionsof of the past
16:58:17 [Joanne]
Tara: eye on the time. lots of considerations and putting together task force to wrk on doc, plus best praitces
16:58:25 [Joanne]
...move to mailing list and next agenda
16:58:26 [npdoty]
if when/how to integrate into the process sounds like a good starting point for writing, I'm happy to help with that
16:58:37 [npdoty]
and that might be something that doesn't duplicate the IAB document
16:58:38 [Joanne]
...last thing - the next call
16:58:56 [christine]
16 August might be hard for me
16:58:58 [npdoty]
Topic: Next call
16:59:10 [Joanne]
...week of Aug 16 around same time. Is there a conflict? can move to the aug 23rd
16:59:14 [christine]
Thank you
16:59:14 [npdoty]
August 16th? August 23rd?
16:59:24 [npdoty]
Aug 23rd fine with me
16:59:27 [Joanne]
..August 23rd at this same time
16:59:31 [robin]
16th *may* be an NSTIC meeting, according to OIX website...
16:59:56 [Joanne]
...tentative for Aug 23rd
17:00:11 [christine]
Thanks Tara and Matt
17:00:18 [Zakim]
17:00:20 [fjh]
17:00:20 [Zakim]
17:00:22 [Zakim]
17:00:23 [Zakim]
17:00:23 [Zakim]
17:00:25 [Zakim]
- +358.504.87aacc
17:00:27 [kboudaou]
Thanks. Bye !
17:00:27 [Zakim]
17:00:27 [Zakim]
17:00:28 [Zakim]
17:00:29 [fjh]
fjh has left #privacy
17:00:31 [tara]
17:00:35 [Zakim]
- +1.202.379.aadd
17:00:36 [npdoty]
rrsagent, draft minutes
17:00:36 [RRSAgent]
I have made the request to generate npdoty
17:00:37 [Zakim]
17:00:39 [robin]
robin has left #privacy
17:00:47 [Zakim]
17:02:11 [npdoty]
rrsagent, bye
17:02:11 [RRSAgent]
I see no action items