IRC log of privacy on 2012-08-23

Timestamps are in UTC.

15:55:58 [RRSAgent]
RRSAgent has joined #privacy
15:55:58 [RRSAgent]
logging to
15:56:08 [npdoty]
Chair: christine, tara
15:56:16 [npdoty]
Meeting: Privacy Interest Group teleconference
15:56:53 [npdoty]
15:57:02 [christine]
christine has joined #privacy
15:57:06 [rigo]
rigo has joined #privacy
15:57:53 [rigo]
zakim, code?
15:57:53 [Zakim]
the conference code is 7464 (tel:+1.617.761.6200, rigo
15:58:49 [Zakim]
15:59:00 [npdoty]
Zakim, who is on the phone?
15:59:00 [Zakim]
On the phone I see +358.504.87aaaa, ??P2, npdoty
15:59:34 [Zakim]
+ +1.613.304.aabb
16:00:32 [dsinger]
dsinger has joined #privacy
16:00:39 [npdoty]
Zakim, aabb is probably hannes
16:00:40 [Zakim]
+hannes?; got it
16:00:44 [Zakim]
16:00:49 [npdoty]
Zakim, aaaa is probably christine
16:00:50 [Zakim]
+christine?; got it
16:00:52 [dsinger]
zakim, [apple] has dsinger
16:00:52 [Zakim]
+dsinger; got it
16:00:57 [christine]
regrets Karima Boudaoud, Erin Kennedy and maybe JC Cannon
16:01:00 [npdoty]
Zakim, ??P2 is probably christine
16:01:00 [Zakim]
+christine?; got it
16:01:16 [npdoty]
regrets+ karima, erink
16:01:33 [christine]
thanks nick
16:02:03 [Zakim]
16:02:10 [MacTed]
Zakim, [OpenLink] is temporarily me
16:02:11 [Zakim]
+MacTed; got it
16:02:11 [MacTed]
Zakim, mute me
16:02:11 [Zakim]
MacTed should now be muted
16:02:14 [christine]
Please volunteer to scribe.
16:02:17 [MacTed]
Zakim, who's here?
16:02:17 [Zakim]
On the phone I see christine?, christine?.a, npdoty, hannes?, [Apple], MacTed (muted)
16:02:19 [Zakim]
[Apple] has dsinger
16:02:19 [Zakim]
On IRC I see dsinger, rigo, christine, RRSAgent, tara, Zakim, npdoty, MacTed, matt, wseltzer_away
16:02:22 [Zakim]
+ +44.163.551.aacc
16:02:24 [Kasey]
Kasey has joined #privacy
16:02:43 [tara]
Zakim, aabb is tara
16:02:43 [Zakim]
sorry, tara, I do not recognize a party named 'aabb'
16:02:43 [npdoty]
Zakim, aacc is probably Kasey
16:02:44 [Zakim]
+Kasey?; got it
16:03:26 [Zakim]
16:03:44 [Zakim]
16:03:48 [Zakim]
16:03:55 [rigo]
zakim, mute me
16:03:55 [Zakim]
Rigo should now be muted
16:04:06 [MacTed]
Zakim, hannes? is tara
16:04:06 [Zakim]
+tara; got it
16:04:14 [Zakim]
16:04:27 [rigo]
zakim, pick a victim
16:04:27 [Zakim]
Not knowing who is chairing or who scribed recently, I propose christine?.a
16:04:43 [rigo]
zakim, pick another victim
16:04:43 [Zakim]
I don't understand 'pick another victim', rigo
16:04:50 [rigo]
zakim, pick a victim
16:04:50 [Zakim]
Not knowing who is chairing or who scribed recently, I propose tara
16:04:56 [rigo]
16:05:26 [rigo]
tara, can you scribe?
16:05:27 [dsinger]
16:05:30 [npdoty]
christine: get things started, trying to pick a scribe beyond just nick
16:05:34 [tara]
Do my best!
16:05:37 [npdoty]
... also, introductions
16:05:42 [rigo]
we will fill in
16:05:50 [rigo]
16:05:54 [rigo]
ack dsinger
16:06:07 [npdoty]
... Dave Singer from Apple, have been on the list for a while but joining the call for the first time
16:06:14 [npdoty]
ack rigo
16:06:14 [narm]
narm has joined #privacy
16:06:31 [tara]
New person: David Singer (sp?) from Apple.
16:07:06 [npdoty]
... multimedia standards at Apple, but now working on privacy as well, co-editing in DNT group
16:07:31 [tara]
Rigo Wenning, Legal Counsel for W3C, longtime privacy staff (P3P & privacy research), now doing Do Not Track
16:07:33 [rigo]
zakim, mute me
16:07:33 [Zakim]
Rigo should now be muted
16:07:34 [npdoty]
scribenick: tara
16:07:40 [rigo]
16:07:55 [npdoty]
Topic: Privacy Considerations
16:09:29 [tara]
Have been trying to move forward on guidance document for web standards development, like IAB program
16:09:36 [tara]
But tailored for W3C context
16:09:40 [tara]
So: how do we move this work forward?
16:09:52 [npdoty]
16:10:33 [tara]
Nick: can start work by looking at specific topics, like data minimization.
16:11:14 [tara]
Different stakeholders have different approaches.
16:11:17 [rigo]
16:11:21 [rigo]
ack npdoty
16:11:23 [tara]
So: what might work for different WGs.
16:11:43 [Zakim]
16:11:59 [Ashok_Malhotra]
Ashok_Malhotra has joined #privacy
16:12:39 [Zakim]
+ +1.212.508.aadd
16:12:45 [tara]
Hannes: In the IAB work, we reviewed protocols from different groups. These efforts go on for a long time - but what specific form should the guidance take?
16:12:49 [Ashok_Malhotra]
zakim, 212 is me
16:12:49 [Zakim]
sorry, Ashok_Malhotra, I do not recognize a party named '212'
16:12:57 [npdoty]
Zakim, aadd is Ashok_Malhotra
16:12:57 [Zakim]
+Ashok_Malhotra; got it
16:13:21 [robsherman]
robsherman has joined #privacy
16:13:22 [rigo]
hannes: mentioned topic, we went through IAB privacy consideration, activities go on for a long time, realized that people are doing zigzag kind of design, Perhaps need more guidance, what direction should the guidance go? Current guidance has strong focus on data minimization
16:13:48 [npdoty]
ack rigo
16:13:48 [tara]
Hannes: Example - data minimization may work for IAB but not W3C.
16:13:56 [robsherman]
zakim, who is here
16:13:56 [Zakim]
robsherman, you need to end that query with '?'
16:14:00 [robsherman]
zakim, who is here?
16:14:00 [Zakim]
On the phone I see christine?, christine?.a, npdoty, tara, [Apple], MacTed (muted), Kasey?, Rigo, Narm_Gadiraju, robsherman, Ashok_Malhotra
16:14:02 [Zakim]
[Apple] has dsinger
16:14:02 [Zakim]
On IRC I see robsherman, Ashok_Malhotra, narm, Kasey, dsinger, rigo, christine, RRSAgent, tara, Zakim, npdoty, MacTed, matt, wseltzer_away
16:15:03 [tara]
Rigo: two directions this group can take. Look at the technical implications of specifications for privacy implications. OneL can wait for specs to come and then review them and create a solution.
16:15:37 [tara]
Then try to generalize from that work. Or: we can create rough guidance for web stuff, and then we can measure the spec against the guidance and evaluate it on those grounds.
16:16:29 [tara]
Rigo: concerned about top-down approach (everyone having to follow our guidance). EU has many laws and directives that are impractical and were ignored. Would rather be practical.
16:16:52 [npdoty]
yay for pragmatism! :)
16:16:54 [MacTed]
+1 practicality, examine several until a larger pattern emerges, which gives shape to a general guidance
16:17:06 [tara]
Christine: If we do the practical side, how would we do that (Rigo)?
16:17:35 [tara]
Rigo: There are at least a dozen specs in development in W3C; start w/geolocation people. Get them to present it and tell us where the privacy sensitivities are and what they should do.
16:17:58 [tara]
We can discuss this and perhaps learn and also instruct them on possible solutions.
16:18:15 [Kasey]
perhaps look at past specs as well to see where problems arose?
16:18:41 [npdoty]
+1 Kasey, we can review existing documents as well, finding both problems and solutions
16:19:24 [tara]
Christine: Rigo, that is what we are doing. We had geo-loc people on previous call. We offered ourselves as a locus for discussion.
16:19:39 [tara]
Christine: Also had other groups, like Crypto group, and made suggestions. Also Device API group, who got guidance on fingerprinting.
16:19:47 [Kasey]
16:22:25 [tara]
Hannes: if there is no harm identified in the spec, then doubt that privacy solutions will arise either.
16:22:26 [Zakim]
16:22:48 [npdoty]
hannes: IAB we tried to learn from the security work, identifying threats, as a model
16:23:21 [npdoty]
... experience with the security considerations after guidance in IETF
16:23:43 [npdoty]
... early on the Security Considerations sections tended to be boilerplate/checkbox
16:23:49 [npdoty]
... but then got better over time
16:24:07 [npdoty]
npdoty: yes, that was our finding
16:24:12 [npdoty]
ack Kasey
16:24:18 [rigo]
zakim, mute me
16:24:18 [Zakim]
Rigo should now be muted
16:24:52 [npdoty]
Kasey: a lot of overlap between DAP folks and the Vodafone-hosted workshop a couple years back
16:25:06 [npdoty]
... a lot of discussion then that we needed a higher-level overarching framework
16:25:24 [npdoty]
... worth looking back at that meeting and DAP discussions to identify what should be raised to a higher level
16:25:24 [rigo]
16:25:33 [npdoty]
ack rigo
16:25:33 [rigo]
ack ri
16:25:47 [npdoty]
16:26:15 [npdoty]
rigo: I worry that API development will be finished before we develop guidance if we're starting too high-level
16:26:29 [npdoty]
... need another API privacy workshop where those people can talk again about their pain points
16:26:52 [Zakim]
+ +1.650.283.aaee
16:27:23 [tara]
tara has joined #privacy
16:27:47 [tara]
Sorry - my wifi just died so I missed about five min.
16:27:51 [rigo]
zakim, who si making noise?
16:27:51 [Zakim]
I don't understand your question, rigo.
16:27:53 [npdoty]
christine: looking to add value to privacy in the development of W3C standards
16:27:58 [dsinger]
zakim, who is making noise?
16:28:10 [npdoty]
... idea that a workshop could be a useful forum for moving this discussion forward
16:28:12 [Zakim]
dsinger, listening for 11 seconds I heard sound from the following: christine?.a (65%)
16:28:20 [tara]
Am on cell now to listen but might not be best scribe!
16:28:47 [MacTed]
MacTed has joined #privacy
16:29:03 [npdoty]
hannes: rigo is suggesting a workshop which always sounds nice, but what would such a workshop do specifically?
16:29:10 [Kasey]
16:29:13 [npdoty]
16:29:19 [npdoty]
ack Kasey
16:29:47 [npdoty]
Kasey: looking at notes from previous workshops might help us identify those pain points
16:30:07 [Zakim]
+ +1.613.304.aaff - is perhaps tara
16:30:15 [Zakim]
- +1.650.283.aaee
16:30:33 [npdoty]
... I can do that, with some help from someone who remembers more
16:30:39 [rigo]
16:30:43 [rigo]
16:31:30 [rigo]
ack npdoty
16:31:39 [Kasey]
+1 Nick
16:32:05 [rigo]
16:32:21 [rigo]
ack ri
16:32:43 [npdoty]
npdoty: think we can build on existing workshop and existing info that we've gathered from other groups... can start on guidance now from what we've learned
16:33:02 [npdoty]
rigo: we can decide whether to split documents or have sections in a single document
16:33:22 [npdoty]
... everybody needs guidance, and can pool resources into this
16:34:03 [rigo]
16:34:04 [npdoty]
... for PLING, eventually gave up for lack of input, need commitment of time to the document
16:34:28 [npdoty]
consensus that dave singer is the best editor ever :)
16:35:15 [npdoty]
dsinger: we all appreciate the goal, but in a way it's a thankless job; puzzled on how to get the scrutiny that these documents deserve
16:36:04 [npdoty]
hannes: it is indeed tough; if you'd like to improve the security model, it's very difficult, and security is a subset of the privacy concept
16:36:30 [npdoty]
... no shortage of solutions, but providing guidance that is generic enough to be useful is difficult
16:37:11 [npdoty]
christine: one idea: many people in the PING who also participate in other WGs that have privacy implications to them
16:37:42 [npdoty]
... can those people take responsibility to look at those issues and bring them forward to PING?
16:39:16 [npdoty]
... bring solutions, but also identify risks, threats, vulnerabilities
16:39:16 [rigo]
16:39:22 [npdoty]
ack rigo
16:39:23 [rigo]
ack ri
16:40:27 [npdoty]
rigo: this is the consulting approach; could invite others doing horizontal work (richard, in i18n)
16:40:54 [npdoty]
... prefer other groups come to us for advice and sharing their pain, rather than our pushing privacy as a top-down model
16:41:12 [npdoty]
"nobody likes to be told to eat their broccoli"
16:41:32 [npdoty]
christine: +1 on i18n as someone to learn from
16:41:59 [dsinger]
i18n is also good
16:42:13 [npdoty]
npdoty: accessibility also a good horizontal model to learn from
16:42:59 [npdoty]
hannes: agree that top-down is not preferred, but with some groups who don't have that interest, what mechanism should we use as a check/balance for such a group?
16:43:25 [npdoty]
... do we have external people who review documents for i18n?
16:43:47 [npdoty]
rigo: if there are no pain points, then coming in with a requirement is just a nuisance
16:44:27 [npdoty]
... but that pain can come from regulators, consumer protection, or possibly from the Director who can add a step
16:45:02 [npdoty]
... but this is a dangerous pain point (industry can pop up new consortia any time)
16:45:06 [MacTed]
16:45:10 [MacTed]
Zakim, unmute me
16:45:10 [Zakim]
MacTed should no longer be muted
16:45:18 [tara]
Hey! :-)
16:45:19 [npdoty]
... existing regulator pain is most useful for security and privacy
16:45:41 [npdoty]
<debate about regulatory effectiveness>
16:47:14 [npdoty]
rigo: it may be that we can convince the overall organization that they must have this as a process step, but thinking in pain points is already good
16:47:16 [npdoty]
16:47:28 [npdoty]
ack MacTed
16:48:08 [npdoty]
MacTed: neither purely bottom-up or top-down will work here. regulators don't fully understand the technology and the engineers don't necessarily understand the law
16:48:34 [npdoty]
... something from this group can identify where technology is necessary and note that technology can't solve the problem perfectly
16:49:06 [npdoty]
... some privacy concerns without being tied to real problems
16:49:31 [npdoty]
... people are not always aware of the pain points, like the potential conflicts with regulation
16:50:02 [rigo]
16:50:03 [tara]
16:50:07 [rigo]
q- later
16:50:16 [npdoty]
MacTed: may be useful to pull what we can from the regulatory bodies
16:50:27 [npdoty]
... tech folks really don't understand the regulations that are there
16:50:48 [Kasey]
cough - we have a few regulatory experts here ;-)
16:51:06 [npdoty]
... as a search engine provider, I need to track more data in order to provide a better service
16:51:37 [Kasey]
16:51:52 [Kasey]
16:51:54 [rigo]
q- later
16:51:55 [npdoty]
christine: is it useful to have those discussions in this group?
16:52:07 [npdoty]
MacTed: yes, and useful to the group itself
16:52:27 [npdoty]
tara: I'm a technologist as a regulator, so I might be a useful contact in determining those overlaps
16:53:21 [rigo]
16:53:23 [tara]
Okay, sorry.
16:53:26 [rigo]
ack tara
16:53:31 [npdoty]
ack Kasey
16:53:49 [Zakim]
16:53:58 [tara]
Just really backing up earlier comments on the value of docs for regulation.
16:53:59 [tara]
Being a technologist at a regulator!
16:54:02 [npdoty]
Kasey: maybe it would be useful to identify potential conflicts with regulation and raise those questions here; some of us who are experts in that area can help
16:54:09 [tara]
So - we do have some expertise to draw on.
16:54:18 [npdoty]
christine: sounds like a good idea!
16:54:23 [tara]
And - there are some regulators who really need the help.
16:54:35 [tara]
Will move to IRC.
16:54:35 [tara]
(Apologies for terrible audio today.)
16:54:41 [Zakim]
16:54:58 [npdoty]
q+ to ask about guidance on regulations
16:55:03 [npdoty]
ack rigo
16:55:45 [Zakim]
+ +1.613.304.aagg - is perhaps tara
16:55:52 [npdoty]
rigo: have a meeting, a possibility to brainstorm [missed some detail here, please fill in]
16:56:05 [npdoty]
... in some jurisdictions, everything is regulated
16:56:15 [npdoty]
... do this at a pointed basis in doing workshops
16:56:30 [rigo]
16:56:43 [npdoty]
hannes: when inviting regulators, do you mean DPAs or legislators or others?
16:56:48 [npdoty]
q- later
16:57:14 [rigo]
ack ri
16:57:20 [npdoty]
Kasey: on the EU front, some organizations play multiple roles, like the Article 29 WP, made up of DPAs, advise on interpretation and additional legislation
16:58:33 [npdoty]
hannes: some regulators are not scoped with reaching out to technical groups; technologists only find out later that this is a big privacy violation and need to change a design around
16:58:54 [npdoty]
Kasey: not necessarily talk to regulators about this, but we can identify places where we think the tech and regulation conflict
16:59:24 [npdoty]
... and then we can address those conflicts with regulators or in our considerations document
16:59:55 [npdoty]
rigo: w3c does talk to regulators, EC, parliament, FTC, Japan, Australia; not unusual for us to go there, invite them to a meeting
17:00:00 [npdoty]
... really not a problem at all
17:00:23 [npdoty]
... Article 29 now has an official representative in the Do Not Track work
17:00:31 [npdoty]
17:00:52 [npdoty]
... and we have regulators (including tara!) who we can really cooperate with
17:01:21 [Zakim]
17:01:38 [Kasey]
+1 Nick
17:01:47 [Kasey]
very important role too, for us
17:02:01 [rigo]
+1 and worthwhile contribution
17:02:14 [npdoty]
npdoty: one other role we (PING) can play, help identify where a technical standard can help address a regulatory concern
17:02:32 [Zakim]
17:02:33 [npdoty]
christine: a very fruitful discussion, multiple possibilities that are not exclusive
17:02:43 [dsinger]
17:02:44 [npdoty]
... suggest that we continue this discussion on the email list
17:02:46 [tara]
17:02:48 [rigo]
and Christine, thanks for chairing!
17:02:48 [Zakim]
17:02:50 [Zakim]
17:02:51 [Zakim]
17:02:53 [Zakim]
17:02:55 [Zakim]
17:02:57 [Zakim]
17:03:04 [Zakim]
17:03:14 [npdoty]
rrsagent, make logs public
17:03:18 [npdoty]
rrsagent, draft minutes
17:03:18 [RRSAgent]
I have made the request to generate npdoty
17:03:40 [MacTed]
rrsagent, make logs public
17:04:42 [MacTed]
ah, we should invite trackbot next time. it takes care of attendee lists and such...
17:06:04 [MacTed]
present robsherman, npdoty, Rigo, Narm_Gadiraju, robsherman, Ashok_Malhotra, narm, Kasey, dsinger, christine, tara, MacTed, matt, wseltzer_away
17:06:13 [MacTed]
present: robsherman, npdoty, Rigo, Narm_Gadiraju, robsherman, Ashok_Malhotra, narm, Kasey, dsinger, christine, tara, MacTed, matt, wseltzer_away
17:06:19 [MacTed]
rrs, draft minutes
17:06:26 [MacTed]
rrsagent, draft minutes
17:06:26 [RRSAgent]
I have made the request to generate MacTed
17:08:04 [Zakim]
disconnecting the lone participant, tara, in Priv_IG(PING)12:00PM
17:08:05 [Zakim]
Priv_IG(PING)12:00PM has ended
17:08:05 [Zakim]
Attendees were +358.504.87aaaa, npdoty, +1.613.304.aabb, christine?, dsinger, MacTed, +44.163.551.aacc, Kasey?, Narm_Gadiraju, Rigo, tara, robsherman, +1.212.508.aadd,
17:08:05 [Zakim]
... Ashok_Malhotra, +1.650.283.aaee, +1.613.304.aaff, +1.613.304.aagg
17:08:06 [MacTed]
Present: Ashok_Malhotra
17:08:06 [MacTed]
Present: Hannes
17:08:06 [MacTed]
Present: Kasey
17:08:06 [MacTed]
Present: MacTed
17:08:06 [MacTed]
Present: Narm_Gadiraju
17:08:07 [MacTed]
Present: Nick
17:08:09 [MacTed]
Present: Rigo
17:08:11 [MacTed]
Present: christine
17:08:13 [MacTed]
Present: dsinger
17:08:15 [MacTed]
Present: matt
17:08:17 [MacTed]
Present: narm
17:08:19 [MacTed]
Present: npdoty
17:08:21 [MacTed]
Present: robsherman
17:08:23 [MacTed]
Present: tara
17:08:25 [MacTed]
Present: wseltzer_away
17:08:27 [MacTed]
rrsagent, draft minutes
17:08:27 [RRSAgent]
I have made the request to generate MacTed
17:08:59 [MacTed]
Zakim, bye
17:08:59 [Zakim]
Zakim has left #privacy
17:09:03 [MacTed]
RRSAgent, bye
17:09:03 [RRSAgent]
I see no action items