15:55:58 <RRSAgent> RRSAgent has joined #privacy
15:55:58 <RRSAgent> logging to http://www.w3.org/2012/08/23-privacy-irc
15:56:08 <npdoty> Chair: christine, tara
15:56:16 <npdoty> Meeting: Privacy Interest Group teleconference
15:56:53 <npdoty> Agenda: http://lists.w3.org/Archives/Public/public-privacy/2012JulSep/0027.html
15:57:02 <christine> christine has joined #privacy
15:57:06 <rigo> rigo has joined #privacy
15:57:53 <rigo> zakim, code?
15:57:53 <Zakim> the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), rigo
15:58:49 <Zakim> +npdoty
15:59:00 <npdoty> Zakim, who is on the phone?
15:59:00 <Zakim> On the phone I see +358.504.87aaaa, ??P2, npdoty
15:59:34 <Zakim> + +1.613.304.aabb
16:00:32 <dsinger> dsinger has joined #privacy
16:00:39 <npdoty> Zakim, aabb is probably hannes
16:00:40 <Zakim> +hannes?; got it
16:00:44 <Zakim> +[Apple]
16:00:49 <npdoty> Zakim, aaaa is probably christine 
16:00:50 <Zakim> +christine?; got it
16:00:52 <dsinger> zakim, [apple] has dsinger
16:00:52 <Zakim> +dsinger; got it
16:00:57 <christine> regrets Karima Boudaoud, Erin Kennedy and maybe JC Cannon
16:01:00 <npdoty> Zakim, ??P2 is probably christine
16:01:00 <Zakim> +christine?; got it
16:01:16 <npdoty> regrets+ karima, erink
16:01:33 <christine> thanks nick
16:02:03 <Zakim> +[OpenLink]
16:02:10 <MacTed> Zakim, [OpenLink] is temporarily me
16:02:11 <Zakim> +MacTed; got it
16:02:11 <MacTed> Zakim, mute me
16:02:11 <Zakim> MacTed should now be muted
16:02:14 <christine> Please volunteer to scribe.
16:02:17 <MacTed> Zakim, who's here?
16:02:17 <Zakim> On the phone I see christine?, christine?.a, npdoty, hannes?, [Apple], MacTed (muted)
16:02:19 <Zakim> [Apple] has dsinger
16:02:19 <Zakim> On IRC I see dsinger, rigo, christine, RRSAgent, tara, Zakim, npdoty, MacTed, matt, wseltzer_away
16:02:22 <Zakim> + +44.163.551.aacc
16:02:24 <Kasey> Kasey has joined #privacy
16:02:43 <tara> Zakim, aabb is tara
16:02:43 <Zakim> sorry, tara, I do not recognize a party named 'aabb'
16:02:43 <npdoty> Zakim, aacc is probably Kasey 
16:02:44 <Zakim> +Kasey?; got it
16:03:26 <Zakim> +Narm_Gadiraju
16:03:44 <Zakim> -Narm_Gadiraju
16:03:48 <Zakim> +Rigo
16:03:55 <rigo> zakim, mute me
16:03:55 <Zakim> Rigo should now be muted
16:04:06 <MacTed> Zakim, hannes? is tara
16:04:06 <Zakim> +tara; got it
16:04:14 <Zakim> +Narm_Gadiraju
16:04:27 <rigo> zakim, pick a victim
16:04:27 <Zakim> Not knowing who is chairing or who scribed recently, I propose christine?.a
16:04:43 <rigo> zakim, pick another victim
16:04:43 <Zakim> I don't understand 'pick another victim', rigo
16:04:50 <rigo> zakim, pick a victim
16:04:50 <Zakim> Not knowing who is chairing or who scribed recently, I propose tara
16:04:56 <rigo> tara?
16:05:26 <rigo> tara, can you scribe?
16:05:27 <dsinger> q+
16:05:30 <npdoty> christine: get things started, trying to pick a scribe beyond just nick
16:05:34 <tara> Do my best! 
16:05:37 <npdoty> ... also, introductions
16:05:42 <rigo> we will fill in
16:05:50 <rigo> q+
16:05:54 <rigo> ack dsinger
16:06:07 <npdoty> ... Dave Singer from Apple, have been on the list for a while but joining the call for the first time
16:06:14 <npdoty> ack rigo 
16:06:14 <narm> narm has joined #privacy
16:06:31 <tara> New person: David Singer (sp?) from Apple.
16:07:06 <npdoty> ... multimedia standards at Apple, but now working on privacy as well, co-editing in DNT group
16:07:31 <tara> Rigo Wenning, Legal Counsel for W3C, longtime privacy staff (P3P & privacy research), now doing Do Not Track
16:07:33 <rigo> zakim, mute me
16:07:33 <Zakim> Rigo should now be muted
16:07:34 <npdoty> scribenick: tara
16:07:40 <rigo> q?
16:07:55 <npdoty> Topic: Privacy Considerations
16:09:29 <tara> Have been trying to move forward on guidance document for web standards development, like IAB program
16:09:36 <tara> But tailored for W3C context
16:09:40 <tara> So: how do we move this work forward?
16:09:52 <npdoty> q+
16:10:33 <tara> Nick: can start work by looking at specific topics, like data minimization.
16:11:14 <tara> Different stakeholders have different approaches.
16:11:17 <rigo> q+
16:11:21 <rigo> ack npdoty
16:11:23 <tara> So: what might work for different WGs.
16:11:43 <Zakim> +robsherman
16:11:59 <Ashok_Malhotra> Ashok_Malhotra has joined #privacy
16:12:39 <Zakim> + +1.212.508.aadd
16:12:45 <tara> Hannes: In the IAB work, we reviewed protocols from different groups. These efforts go on for a long time - but what specific form should the guidance take?
16:12:49 <Ashok_Malhotra> zakim, 212 is me
16:12:49 <Zakim> sorry, Ashok_Malhotra, I do not recognize a party named '212'
16:12:57 <npdoty> Zakim, aadd is Ashok_Malhotra 
16:12:57 <Zakim> +Ashok_Malhotra; got it
16:13:21 <robsherman> robsherman has joined #privacy
16:13:22 <rigo> hannes: mentioned topic, we went through IAB privacy consideration, activities go on for a long time, realized that people are doing zigzag kind of design, Perhaps need more guidance, what direction should the guidance go? Current guidance has strong focus on data minimization
16:13:48 <npdoty> ack rigo 
16:13:48 <tara> Hannes: Example - data minimization may work for IAB but not W3C.
16:13:56 <robsherman> zakim, who is here
16:13:56 <Zakim> robsherman, you need to end that query with '?'
16:14:00 <robsherman> zakim, who is here?
16:14:00 <Zakim> On the phone I see christine?, christine?.a, npdoty, tara, [Apple], MacTed (muted), Kasey?, Rigo, Narm_Gadiraju, robsherman, Ashok_Malhotra
16:14:02 <Zakim> [Apple] has dsinger
16:14:02 <Zakim> On IRC I see robsherman, Ashok_Malhotra, narm, Kasey, dsinger, rigo, christine, RRSAgent, tara, Zakim, npdoty, MacTed, matt, wseltzer_away
16:15:03 <tara> Rigo: two directions this group can take. Look at the technical implications of specifications for privacy implications. OneL can wait for specs to come and then review them and create a solution.
16:15:37 <tara> Then try to generalize from that work. Or: we can create rough guidance for web stuff, and then we can measure the spec against the guidance and evaluate it on those grounds.
16:16:29 <tara> Rigo: concerned about top-down approach (everyone having to follow our guidance). EU has many laws and directives that are impractical and were ignored. Would rather be practical.
16:16:52 <npdoty> yay for pragmatism! :)
16:16:54 <MacTed> +1 practicality, examine several until a larger pattern emerges, which gives shape to a general guidance
16:17:06 <tara> Christine: If we do the practical side, how would we do that (Rigo)?
16:17:35 <tara> Rigo: There are at least a dozen specs in development in W3C; start w/geolocation people. Get them to present it and tell us where the privacy sensitivities are and what they should do.
16:17:58 <tara> We can discuss this and perhaps learn and also instruct them on possible solutions.
16:18:15 <Kasey> perhaps look at past specs as well to see where problems arose?
16:18:41 <npdoty> +1 Kasey, we can review existing documents as well, finding both problems and solutions
16:19:24 <tara> Christine: Rigo, that is what we are doing. We had geo-loc people on previous call. We offered ourselves as a locus for discussion.
16:19:39 <tara> Christine: Also had other groups, like Crypto group, and made suggestions. Also Device API group, who got guidance on fingerprinting.
16:19:47 <Kasey> q+
16:22:25 <tara> Hannes: if there is no harm identified in the spec, then doubt that privacy solutions will arise either.
16:22:26 <Zakim> -tara
16:22:48 <npdoty> hannes: IAB we tried to learn from the security work, identifying threats, as a model
16:23:21 <npdoty> ... experience with the security considerations after guidance in IETF
16:23:43 <npdoty> ... early on the Security Considerations sections tended to be boilerplate/checkbox
16:23:49 <npdoty> ... but then got better over time
16:24:07 <npdoty> npdoty: yes, that was our finding
16:24:12 <npdoty> ack Kasey 
16:24:18 <rigo> zakim, mute me
16:24:18 <Zakim> Rigo should now be muted
16:24:52 <npdoty> Kasey: a lot of overlap between DAP folks and the Vodafone-hosted workshop a couple years back
16:25:06 <npdoty> ... a lot of discussion then that we needed a higher-level overarching framework
16:25:24 <npdoty> ... worth looking back at that meeting and DAP discussions to identify what should be raised to a higher level
16:25:24 <rigo> q+
16:25:33 <npdoty> ack rigo 
16:25:33 <rigo> ack ri
16:25:47 <npdoty> http://www.w3.org/2010/api-privacy-ws/
16:26:15 <npdoty> rigo: I worry that API development will be finished before we develop guidance if we're starting too high-level
16:26:29 <npdoty> ... need another API privacy workshop where those people can talk again about their pain points
16:26:52 <Zakim> + +1.650.283.aaee
16:27:23 <tara> tara has joined #privacy
16:27:47 <tara> Sorry - my wifi just died so I missed about five min.
16:27:51 <rigo> zakim, who si making noise?
16:27:51 <Zakim> I don't understand your question, rigo.
16:27:53 <npdoty> christine: looking to add value to privacy in the development of W3C standards
16:27:58 <dsinger> zakim, who is making noise?
16:28:10 <npdoty> ... idea that a workshop could be a useful forum for moving this discussion forward
16:28:12 <Zakim> dsinger, listening for 11 seconds I heard sound from the following: christine?.a (65%)
16:28:20 <tara> Am on cell now to listen but might not be best scribe!
16:28:47 <MacTed> MacTed has joined #privacy
16:29:03 <npdoty> hannes: rigo is suggesting a workshop which always sounds nice, but what would such a workshop do specifically?
16:29:10 <Kasey> q+
16:29:13 <npdoty> q+
16:29:19 <npdoty> ack Kasey 
16:29:47 <npdoty> Kasey: looking at notes from previous workshops might help us identify those pain points
16:30:07 <Zakim> + +1.613.304.aaff - is perhaps tara
16:30:15 <Zakim> - +1.650.283.aaee
16:30:33 <npdoty> ... I can do that, with some help from someone who remembers more
16:30:39 <rigo> q+
16:30:43 <rigo> q-
16:31:30 <rigo> ack npdoty
16:31:39 <Kasey> +1 Nick
16:32:05 <rigo> q+
16:32:21 <rigo> ack ri
16:32:43 <npdoty> npdoty: think we can build on existing workshop and existing info that we've gathered from other groups... can start on guidance now from what we've learned
16:33:02 <npdoty> rigo: we can decide whether to split documents or have sections in a single document
16:33:22 <npdoty> ... everybody needs guidance, and can pool resources into this
16:34:03 <rigo> :-P
16:34:04 <npdoty> ... for PLING, eventually gave up for lack of input, need commitment of time to the document
16:34:28 <npdoty> consensus that dave singer is the best editor ever :)
16:35:15 <npdoty> dsinger: we all appreciate the goal, but in a way it's a thankless job; puzzled on how to get the scrutiny that these documents deserve
16:36:04 <npdoty> hannes: it is indeed tough; if you'd like to improve the security model, it's very difficult, and security is a subset of the privacy concept
16:36:30 <npdoty> ... no shortage of solutions, but providing guidance that is generic enough to be useful is difficult
16:37:11 <npdoty> christine: one idea: many people in the PING who also participate in other WGs that have privacy implications to them
16:37:42 <npdoty> ... can those people take responsibility to look at those issues and bring them forward to PING?
16:39:16 <npdoty> ... bring solutions, but also identify risks, threats, vulnerabilities
16:39:16 <rigo> q+
16:39:22 <npdoty> ack rigo
16:39:23 <rigo> ack ri
16:40:27 <npdoty> rigo: this is the consulting approach; could invite others doing horizontal work (richard, in i18n)
16:40:54 <npdoty> ... prefer other groups come to us for advice and sharing their pain, rather than our pushing privacy as a top-down model
16:41:12 <npdoty> "nobody likes to be told to eat their broccoli"
16:41:32 <npdoty> christine: +1 on i18n as someone to learn from
16:41:59 <dsinger> i18n is also good
16:42:13 <npdoty> npdoty: accessibility also a good horizontal model to learn from
16:42:59 <npdoty> hannes: agree that top-down is not preferred, but with some groups who don't have that interest, what mechanism should we use as a check/balance for such a group?
16:43:25 <npdoty> ... do we have external people who review documents for i18n?
16:43:47 <npdoty> rigo: if there are no pain points, then coming in with a requirement is just a nuisance
16:44:27 <npdoty> ... but that pain can come from regulators, consumer protection, or possibly from the Director who can add a step
16:45:02 <npdoty> ... but this is a dangerous pain point (industry can pop up new consortia any time)
16:45:06 <MacTed> q+
16:45:10 <MacTed> Zakim, unmute me
16:45:10 <Zakim> MacTed should no longer be muted
16:45:18 <tara> Hey! :-)
16:45:19 <npdoty> ... existing regulator pain is most useful for security and privacy
16:45:41 <npdoty> <debate about regulatory effectiveness>
16:47:14 <npdoty> rigo: it may be that we can convince the overall organization that they must have this as a process step, but thinking in pain points is already good
16:47:16 <npdoty> q?
16:47:28 <npdoty> ack MacTed 
16:48:08 <npdoty> MacTed: neither purely bottom-up or top-down will work here. regulators don't fully understand the technology and the engineers don't necessarily understand the law
16:48:34 <npdoty> ... something from this group can identify where technology is necessary and note that technology can't solve the problem perfectly
16:49:06 <npdoty> ... some privacy concerns without being tied to real problems
16:49:31 <npdoty> ... people are not always aware of the pain points, like the potential conflicts with regulation
16:50:02 <rigo> q+
16:50:03 <tara> q+
16:50:07 <rigo> q- later
16:50:16 <npdoty> MacTed: may be useful to pull what we can from the regulatory bodies
16:50:27 <npdoty> ... tech folks really don't understand the regulations that are there
16:50:48 <Kasey> cough - we have a few regulatory experts here ;-)
16:51:06 <npdoty> ... as a search engine provider, I need to track more data in order to provide a better service
16:51:37 <Kasey> q+
16:51:52 <Kasey> +1
16:51:54 <rigo> q- later
16:51:55 <npdoty> christine: is it useful to have those discussions in this group?
16:52:07 <npdoty> MacTed: yes, and useful to the group itself
16:52:27 <npdoty> tara: I'm a technologist as a regulator, so I might be a useful contact in determining those overlaps
16:53:21 <rigo> q?
16:53:23 <tara> Okay, sorry.
16:53:26 <rigo> ack tara
16:53:31 <npdoty> ack Kasey 
16:53:49 <Zakim> -robsherman
16:53:58 <tara> Just really backing up earlier comments on the value of docs for regulation.
16:53:59 <tara> Being a technologist at a regulator!
16:54:02 <npdoty> Kasey: maybe it would be useful to identify potential conflicts with regulation and raise those questions here; some of us who are experts in that area can help
16:54:09 <tara> So - we do have some expertise to draw on.
16:54:18 <npdoty> christine: sounds like a good idea!
16:54:23 <tara> And - there are some regulators who really need the help.
16:54:35 <tara> Will move to IRC.
16:54:35 <tara> (Apologies for terrible audio today.)
16:54:41 <Zakim> -tara
16:54:58 <npdoty> q+ to ask about guidance on regulations
16:55:03 <npdoty> ack rigo 
16:55:45 <Zakim> + +1.613.304.aagg - is perhaps tara
16:55:52 <npdoty> rigo: have a meeting, a possibility to brainstorm [missed some detail here, please fill in]
16:56:05 <npdoty> ... in some jurisdictions, everything is regulated
16:56:15 <npdoty> ... do this at a pointed basis in doing workshops
16:56:30 <rigo> q+
16:56:43 <npdoty> hannes: when inviting regulators, do you mean DPAs or legislators or others?
16:56:48 <npdoty> q- later
16:57:14 <rigo> ack ri
16:57:20 <npdoty> Kasey: on the EU front, some organizations play multiple roles, like the Article 29 WP, made up of DPAs, advise on interpretation and additional legislation
16:58:33 <npdoty> hannes: some regulators are not scoped with reaching out to technical groups; technologists only find out later that this is a big privacy violation and need to change a design around
16:58:54 <npdoty> Kasey: not necessarily talk to regulators about this, but we can identify places where we think the tech and regulation conflict
16:59:24 <npdoty> ... and then we can address those conflicts with regulators or in our considerations document
16:59:55 <npdoty> rigo: w3c does talk to regulators, EC, parliament, FTC, Japan, Australia; not unusual for us to go there, invite them to a meeting
17:00:00 <npdoty> ... really not a problem at all
17:00:23 <npdoty> ... Article 29 now has an official representative in the Do Not Track work
17:00:31 <npdoty> q-
17:00:52 <npdoty> ... and we have regulators (including tara!) who we can really cooperate with
17:01:21 <Zakim> -Narm_Gadiraju
17:01:38 <Kasey> +1 Nick
17:01:47 <Kasey> very important role too, for us
17:02:01 <rigo> +1 and worthwhile contribution 
17:02:14 <npdoty> npdoty: one other role we (PING) can play, help identify where a technical standard can help address a regulatory concern
17:02:32 <Zakim> -Ashok_Malhotra
17:02:33 <npdoty> christine: a very fruitful discussion, multiple possibilities that are not exclusive
17:02:43 <dsinger> thx!
17:02:44 <npdoty> ... suggest that we continue this discussion on the email list
17:02:46 <tara> Thanks!
17:02:48 <rigo> and Christine, thanks for chairing!
17:02:48 <Zakim> -christine?
17:02:50 <Zakim> -christine?.a
17:02:51 <Zakim> -[Apple]
17:02:53 <Zakim> -MacTed
17:02:55 <Zakim> -Rigo
17:02:57 <Zakim> -Kasey?
17:03:04 <Zakim> -npdoty
17:03:14 <npdoty> rrsagent, make logs public
17:03:18 <npdoty> rrsagent, draft minutes
17:03:18 <RRSAgent> I have made the request to generate http://www.w3.org/2012/08/23-privacy-minutes.html npdoty
17:03:40 <MacTed> rrsagent, make logs public
17:04:42 <MacTed> ah, we should invite trackbot next time.  it takes care of attendee lists and such...
17:06:04 <MacTed> present robsherman, npdoty, Rigo, Narm_Gadiraju, robsherman, Ashok_Malhotra, narm, Kasey, dsinger, christine, tara, MacTed, matt, wseltzer_away
17:06:13 <MacTed> present: robsherman, npdoty, Rigo, Narm_Gadiraju, robsherman, Ashok_Malhotra, narm, Kasey, dsinger, christine, tara, MacTed, matt, wseltzer_away
17:06:19 <MacTed> rrs, draft minutes
17:06:26 <MacTed> rrsagent, draft minutes
17:06:26 <RRSAgent> I have made the request to generate http://www.w3.org/2012/08/23-privacy-minutes.html MacTed
17:08:04 <Zakim> disconnecting the lone participant, tara, in Priv_IG(PING)12:00PM
17:08:05 <Zakim> Priv_IG(PING)12:00PM has ended
17:08:05 <Zakim> Attendees were +358.504.87aaaa, npdoty, +1.613.304.aabb, christine?, dsinger, MacTed, +44.163.551.aacc, Kasey?, Narm_Gadiraju, Rigo, tara, robsherman, +1.212.508.aadd,
17:08:05 <Zakim> ... Ashok_Malhotra, +1.650.283.aaee, +1.613.304.aaff, +1.613.304.aagg
17:08:06 <MacTed> Present: Ashok_Malhotra 
17:08:06 <MacTed> Present: Hannes 
17:08:06 <MacTed> Present: Kasey 
17:08:06 <MacTed> Present: MacTed 
17:08:06 <MacTed> Present: Narm_Gadiraju 
17:08:07 <MacTed> Present: Nick 
17:08:09 <MacTed> Present: Rigo
17:08:11 <MacTed> Present: christine
17:08:13 <MacTed> Present: dsinger
17:08:15 <MacTed> Present: matt 
17:08:17 <MacTed> Present: narm 
17:08:19 <MacTed> Present: npdoty
17:08:21 <MacTed> Present: robsherman
17:08:23 <MacTed> Present: tara
17:08:25 <MacTed> Present: wseltzer_away
17:08:27 <MacTed> rrsagent, draft minutes
17:08:27 <RRSAgent> I have made the request to generate http://www.w3.org/2012/08/23-privacy-minutes.html MacTed
17:08:59 <MacTed> Zakim, bye
17:08:59 <Zakim> Zakim has left #privacy
17:09:03 <MacTed> RRSAgent, bye
17:09:03 <RRSAgent> I see no action items