IRC log of privacy on 2012-10-18

Timestamps are in UTC.

15:57:05 [RRSAgent]
RRSAgent has joined #privacy
15:57:05 [RRSAgent]
logging to
15:57:23 [npdoty]
rrsagent, make logs public
15:57:32 [npdoty]
slight delay on the call-in / Zakim slot, my apologies
15:57:35 [tara]
tara has joined #privacy
15:57:52 [npdoty]
meeting: Privacy Interest Group teleconference
15:57:54 [npdoty]
chair: tara
15:58:08 [christine]
christine has joined #privacy
15:58:11 [wseltzer]
wseltzer has joined #privacy
15:58:15 [npdoty]
15:58:24 [JoeHallCDT]
JoeHallCDT has joined #privacy
15:58:38 [rigo]
zakim, code
15:58:38 [Zakim]
I don't understand 'code', rigo
15:58:41 [rigo]
zakim, code?
15:58:41 [Zakim]
sorry, rigo, I don't know what conference this is
15:59:37 [npdoty]
Zakim, this will be 7464
15:59:37 [Zakim]
I do not see a conference matching that name scheduled within the next hour, npdoty
15:59:48 [JoeHallCDT]
(hmmm, the phone PIN of 7464 doesn't seem to be working)
15:59:50 [Joanne]
Joanne has joined #privacy
15:59:52 [tara]
Hm. I am getting "this passcode is not valid."
15:59:56 [JoeHallCDT]
16:00:02 [rigo]
wait a bit
16:00:07 [christine]
Regrets - Susan Israel, Karima Boudaoud, David Singer
16:00:19 [rigo]
nick needs to create the conference, because it seems there was some hickup
16:00:34 [npdoty]
Regrets: SusanIsrael, KarimaBoudaoud, DavidSinger
16:00:39 [tara]
Okay; we'll hold tight. Thanks.
16:00:52 [rigo]
look here for message from nick
16:01:20 [tara]
In the meatntime, any volunteers to scribe?
16:01:58 [bblfish]
bblfish has joined #privacy
16:02:09 [JoeHallCDT]
I would volunteer but this is only my 2nd w3c call, so not sure I know how to do it or do it well
16:02:09 [bblfish]
16:02:09 [jtrentadams]
jtrentadams has joined #privacy
16:02:14 [bblfish]
what is the code toay?
16:02:36 [bblfish]
7464 as code does not seem to work
16:02:47 [jtrentadams]
Apologies for bursting in... but the conference code "7464" doesn't seem to work.
16:02:52 [JoeHallCDT]
nick is creating a new code
16:02:55 [rigo]
hold on with calls
16:02:56 [tara]
We're working on it - thanks for your patience.
16:03:11 [bblfish]
ok. thanks
16:03:18 [npdoty]
Zakim, this will be 7464
16:03:18 [Zakim]
ok, npdoty; I see Priv_IG(PING)12:00PM scheduled to start 3 minutes ago
16:03:22 [npdoty]
Zakim, code?
16:03:22 [Zakim]
the conference code is 7464 (tel:+1.617.761.6200, npdoty
16:03:28 [npdoty]
okay, call-in should work now!
16:03:40 [Simon]
Simon has joined #privacy
16:04:23 [jtrentadams]
Success with 7464#
16:04:31 [jtrentadams]
16:04:44 [Simon]
Hello, This is Simon Krauss (CableLabs) seeing familiar names. My dial in info isn't working. please post. Thx.
16:04:50 [JoeHallCDT]
try again
16:05:20 [bblfish]
ok seems to be working
16:05:38 [Joanne]
I'm in
16:05:58 [MacTed]
Zakim, code?
16:05:58 [Zakim]
the conference code is 7464 (tel:+1.617.761.6200, MacTed
16:06:03 [npdoty]
Zakim, who is on the phone?
16:06:05 [Zakim]
Priv_IG(PING)12:00PM has not yet started, npdoty
16:06:05 [Zakim]
On IRC I see Simon, jtrentadams, bblfish, Joanne, JoeHallCDT, wseltzer, christine, tara, RRSAgent, Zakim, npdoty, yrlesru, rigo, MacTed
16:06:19 [MacTed]
Zakim, this is 7464
16:06:19 [Zakim]
ok, MacTed; that matches Priv_IG(PING)12:00PM
16:06:28 [MacTed]
Zakim, who's here?
16:06:28 [Zakim]
On the phone I see +1.206.910.aaaa, [IPcaller], +1.817.329.aacc, [CDT], +1.508.380.aadd, ??P30, +1.613.947.aaee, +1.916.641.aaff, Ashok_Malhotra, npdoty, bblfish, Rigo
16:06:28 [npdoty]
Zakim, who is on the phone?
16:06:32 [Zakim]
On IRC I see Simon, jtrentadams, bblfish, Joanne, JoeHallCDT, wseltzer, christine, tara, RRSAgent, Zakim, npdoty, yrlesru, rigo, MacTed
16:06:32 [Zakim]
On the phone I see +1.206.910.aaaa, [IPcaller], +1.817.329.aacc, [CDT], +1.508.380.aadd, ??P30, +1.613.947.aaee, +1.916.641.aaff, Ashok_Malhotra, npdoty, bblfish, Rigo
16:06:42 [Zakim]
+ +1.303.661.aagg
16:06:51 [Zakim]
16:06:55 [Joanne]
Zakim, aaff is Joanne
16:06:55 [Zakim]
+Joanne; got it
16:06:56 [Simon]
16:06:57 [MacTed]
Zakim, OpenLink_Software is temporarily me
16:06:57 [Zakim]
+MacTed; got it
16:06:57 [christine]
I am either IPcaller or ??P30
16:06:58 [MacTed]
Zakim, mute me
16:06:59 [Zakim]
MacTed should now be muted
16:06:59 [Zakim]
16:07:09 [JoeHallCDT]
zakim, [CDT] is me
16:07:10 [Zakim]
+JoeHallCDT; got it
16:07:32 [jtrentadams]
Zakim, aadd is jtrentadams
16:07:33 [Zakim]
+jtrentadams; got it
16:07:34 [tara]
zakim, aaee is me
16:07:34 [Zakim]
+tara; got it
16:07:48 [tara]
We have a scribe?
16:08:11 [npdoty]
Robin Wilton, here from the Internet Society, sitting in an OECD Paris meeting room
16:08:41 [npdoty]
Zakim, aaaa is JC
16:08:41 [Zakim]
+JC; got it
16:09:07 [npdoty]
Stephanie, information policy PhD student, DPI
16:09:25 [christine]
Hello Simon. Great to see you here.
16:09:28 [npdoty]
Simon Krauss, Cable Labs, R&D for cable industry
16:09:37 [npdoty]
Joe Hall, Center for Democracy and Technology
16:09:50 [npdoty]
Frank Dawson, Nokia, first call but following public-privacy
16:09:53 [bblfish]
Hi, it's Henry Story here ( ) working on
16:10:28 [christine]
Hello Frank and Henry. Is Fred Andrews here to (re agenda item 3)?
16:10:53 [npdoty]
any additional agenda items? hearing none...
16:11:04 [npdoty]
volunteers to scribe?
16:11:11 [JoeHallCDT]
16:11:20 [rigo]
zakim, pick a victim
16:11:20 [Zakim]
Not knowing who is chairing or who scribed recently, I propose ??P30
16:11:22 [npdoty]
Joe, if you want to start, I can support you
16:11:31 [JoeHallCDT]
16:11:39 [npdoty]
scribenick: JoeHallCDT
16:11:39 [christine]
Thank you Joe!!!
16:12:01 [JoeHallCDT]
First item, Frank Dawson on Specification of Privacy Assessment
16:12:17 [npdoty]
links available from here:
16:12:38 [ArtB]
ArtB has joined #privacy
16:12:58 [ArtB]
RRSAgent, make minutes
16:12:58 [RRSAgent]
I have made the request to generate ArtB
16:13:11 [JoeHallCDT]
Frank's background: software industry, standards particip., staring industry consortiums, last 12 years at Nokia in Mobile… new to w3c
16:13:14 [ArtB]
RRSAgent, make log Public
16:13:37 [JoeHallCDT]
Privacy officer within CTO group, responsibility for privacy standards in industry
16:13:46 [JoeHallCDT]
a PbD champ!
16:13:58 [Ashok_Malhotra]
Ashok_Malhotra has joined #privacy
16:13:58 [MacTed]
MacTed has changed the topic to: Privacy IG -- -- current agenda:
16:14:00 [JoeHallCDT]
has working on privacy by design for NFC applications
16:14:24 [JoeHallCDT]
16:14:56 [JoeHallCDT]
"How can we create protocols, standards that have privacy baked in for software engineers"
16:16:04 [JoeHallCDT]
this methodology is more of an Agile than Waterfall method
16:16:46 [JoeHallCDT]
How might PING better work with other WGs to promote privacy.
16:16:56 [npdoty]
Frank: what is the way of working we would use in working with other Working Groups?
16:16:59 [JoeHallCDT]
Frank advocates for adopting a w3c specification for privacy assessment.
16:17:09 [JoeHallCDT]
similar to PIAs
16:17:20 [JoeHallCDT]
have a clause in specificaitons that address privacy issues
16:17:42 [JoeHallCDT]
privacy assessment is somewhat standardized
16:18:34 [JoeHallCDT]
Frank would expect actors, flows, concerns, privacy threats within a WG
16:18:50 [JoeHallCDT]
Frank ices cakes before baking
16:19:33 [JoeHallCDT]
document "Specification Privacy Assessment":
16:19:47 [JoeHallCDT]
understand where data is being collected, for what purpose
16:19:52 [JoeHallCDT]
is it being stored, where?
16:20:13 [JoeHallCDT]
is it personally-identifiable at the granular level or with more linkages to other resources
16:20:16 [npdoty]
might be useful to diagram data flows, controllers, points where privacy might be impacted
16:20:39 [JoeHallCDT]
in a network environment can help to map out flows, points of controls and where the user can insert themselves
16:21:01 [JoeHallCDT]
helps to design safeguards and safeguarding reqs.
16:21:23 [JoeHallCDT]
from Frank's IETF experience, there is a security consideration section to RFCs
16:21:35 [JoeHallCDT]
for w3c Frank would like to see a privacy consideration section
16:21:40 [bblfish]
would be interesting to have a privacy consideration section in
16:21:59 [JoeHallCDT]
would include a brief summary where there are potential threats, what privacy prinicples apply and what kinds of recs/safeguards could apply to mitigate
16:22:11 [JoeHallCDT]
16:22:13 [npdoty]
threats and potential mitigations that implementers could use to address those threats
16:22:31 [rigo]
16:22:42 [JoeHallCDT]
not sure who is speaking
16:22:55 [JoeHallCDT]
Q: is there a document that I should use to build this into my spec?
16:22:56 [rigo]
16:23:01 [bblfish]
this one
16:23:09 [JoeHallCDT]
Frank: look at the two documents I've shared (links above)
16:23:12 [jtrentadams]
As a side note, the IETF is also ramping up increased support for a Privacy Considerations section added to RFCs that is akin to the Security Considerations.
16:23:53 [npdoty]
16:23:59 [JoeHallCDT]
Frank: also look at the IETF RFC catalog… that has privacy considerations… internet draft 03 (not yet an RFC)
16:24:04 [rigo]
q- later
16:24:04 [JoeHallCDT]
(not sure I have that right)
16:24:25 [bblfish]
Frank: one needs prior art draft 03 on privacy considerations. [ but Frank is saying these are are just thinking of the threats ]
16:24:26 [npdoty]
IAB Privacy Considerations draft:
16:24:40 [tara]
16:24:54 [Simon]
I look forward to reviewing the documents
16:24:55 [rigo]
ack npdoty
16:25:05 [JoeHallCDT]
Nick: responding to Henry, not sure that's exactly what we want to do in PING.
16:25:46 [JoeHallCDT]
We'd also like to help do reviews for different WGs.
16:25:47 [Simon]
16:26:10 [JoeHallCDT]
Henry: would appreciate that… get's dang complicated.
16:26:14 [rigo]
ack rigo
16:26:16 [npdoty]
npdoty: I think coming up with that guidance, a single document for protocol authors, is exactly what we're working on at PING
16:26:24 [JoeHallCDT]
16:26:33 [tara]
ack simon
16:26:52 [npdoty]
... and while PING might be doing reviews, we'd like to come up with a document for authors from within individual groups
16:27:18 [JoeHallCDT]
Q: Rigo is not sure if the right knowledge is yet present in the WG.
16:27:43 [npdoty]
s/Q: Rigo is/rigo:/
16:28:04 [npdoty]
rigo: requires a lot of knowledge to translate down from the PbD principles all the way down to spec-writing
16:28:33 [JoeHallCDT]
Frank: from IETF, the first set of specs that did security considerations was a learning experience… will be the case here.
16:28:34 [Robin]
Robin has joined #privacy
16:28:36 [npdoty]
+1, the experience from security considerations is that early on it wasn't particularly comprehensive, but obviously improved over time
16:29:08 [npdoty]
q+ Simon
16:29:53 [tara]
ack simon
16:30:08 [JoeHallCDT]
Simon asks where do you see this going?
16:30:21 [Robin]
rigo: greetings (test)
16:30:27 [JoeHallCDT]
Is this a procedure or a seal of approval?
16:30:33 [rigo]
success: great back
16:31:06 [rigo]
q+ to tell the story about ipse
16:31:09 [JoeHallCDT]
Frank sees these as assessments but not audits.
16:31:57 [JoeHallCDT]
More about a cumulative feedback process.
16:32:03 [npdoty]
I imagine that's pretty familiar in the software engineering context: security reviews, performance reviews, even basic code reviews; not a post-facto audit but input during the process
16:32:05 [JoeHallCDT]
(scribe's wording)
16:33:25 [yrlesru]
yrlesru has joined #privacy
16:33:35 [yrlesru]
I am back on IRC, Tara.
16:33:48 [JoeHallCDT]
Simon is concerned about having a grey zone between privacy aspirations being documented re litigation threat.
16:34:05 [Robin]
jtrentadams: hi Trent - how's life?
16:35:21 [JoeHallCDT]
Frank says whatever your accountability model is, there needs to be someone who can sign off for the w3c publication process for spec text.
16:35:54 [npdoty]
I think better documentation (usually accompanied by improvement or mitigation) will be a net positive, rather than a risk of attack for the technology being imperfect
16:35:55 [JoeHallCDT]
Want to move from vague regulatory text to crystal clear technical text.
16:37:07 [JoeHallCDT]
Simon is wary of this serving as a w3c seal of approval.
16:37:07 [rigo]
ack rig
16:37:07 [Zakim]
rigo, you wanted to tell the story about ipse
16:37:53 [JoeHallCDT]
Rigo describes how w3c wants to have very solid technical sections… this is not concrete enough for w3c.
16:37:54 [npdoty]
Simon, I'm not sure the intent is a "seal" approach, but just having done and documented considerations
16:38:01 [JoeHallCDT]
Too high-level for w3c.
16:38:55 [JoeHallCDT]
Frank responds that the SPA document was intended to be submitted to the primary (in Nokia's view) web and technical standards settings.
16:39:10 [JoeHallCDT]
so it hasn't yet been translated to w3c context.
16:39:29 [npdoty]
rigo, I think we can use this framework as a starting point, and might be an outline to writing our document
16:39:53 [rigo]
nick, I agree, but we have to remain plumbers
16:40:07 [JoeHallCDT]
The w3c standards will be different from management standards for ISO 20 (something? didn't get it)
16:40:16 [rigo]
16:40:48 [rigo]
agenda+ CSP specification - privacy issues
16:40:57 [rigo]
zakim, take up next
16:40:57 [Zakim]
agendum 1. "CSP specification - privacy issues" taken up [from rigo]
16:41:15 [rigo]
16:41:16 [JoeHallCDT]
Tara: this has been on ongoing process to try and solidify what PING has been interested in into documentary form.
16:41:17 [npdoty]
agenda+ W3C Workshop
16:41:24 [npdoty]
agenda+ TPAC
16:41:36 [rigo]
16:41:44 [christine]
Is Fred here?
16:41:52 [JoeHallCDT]
haven't seen him
16:42:16 [rigo]
ack ri
16:42:19 [Zakim]
16:42:38 [JoeHallCDT]
who gave that man buttons?
16:42:38 [npdoty]
16:42:43 [Zakim]
16:42:48 [Zakim]
- +1.817.329.aacc
16:43:04 [Zakim]
16:43:50 [JoeHallCDT]
16:44:55 [JoeHallCDT]
16:45:03 [npdoty]
q+ to ask about the use case for 'phoning home' violation reports
16:45:15 [tara]
ack npdoty
16:45:15 [Zakim]
npdoty, you wanted to ask about the use case for 'phoning home' violation reports
16:45:19 [rigo]
zakim, mute me
16:45:19 [Zakim]
Rigo should now be muted
16:45:40 [Zakim]
16:45:43 [rigo]
ack ri
16:45:56 [JoeHallCDT]
Nick asks if anyone has a good grasp on the use cases for when this would be invoked.
16:46:08 [yrlesru]
CSP? Use case?
16:46:11 [christine]
16:46:13 [npdoty]
npdoty: does someone know the precise use cases for when a violation report is sent? is it likely to reveal information that might be sensitive?
16:46:46 [npdoty]
ack christine
16:46:47 [rigo]
zakim, mute me
16:46:47 [Zakim]
Rigo should now be muted
16:47:05 [JoeHallCDT]
Christine asks what could/shound PING do here that would be useful?
16:47:19 [rigo]
ack ri
16:47:52 [JoeHallCDT]
Nick says that maybe we can understand or communicate the concerns in a more useful way.
16:47:56 [JoeHallCDT]
16:48:12 [jtrentadams]
16:48:17 [npdoty]
ack JoeHallCDT
16:48:17 [rigo]
ack Joe
16:49:19 [rigo]
ack jtrentadams
16:49:22 [npdoty]
JoeHallCDT: one helpful function of PING can be in deducing a core concern, best delivery
16:49:41 [christine]
Thank you Trent.
16:49:42 [rigo]
16:49:59 [JoeHallCDT]
jtrentadams takes this as an item to unravel and help lucidify
16:50:02 [JoeHallCDT]
(my words)
16:50:21 [Zakim]
16:50:32 [npdoty]
jtrentadams ++
16:50:38 [JoeHallCDT]
(I have to hop off at 13:00 EDT, so need to pass the scribe pen at that time)
16:51:06 [npdoty]
jtrentadams, if it's helpful to loop one of us in, feel free
16:51:23 [Robin]
Robin has joined #privacy
16:51:40 [npdoty]
Zakim, agenda?
16:51:40 [Zakim]
I see 3 items remaining on the agenda:
16:51:41 [Zakim]
1. CSP specification - privacy issues [from rigo]
16:51:41 [Zakim]
2. W3C Workshop [from npdoty]
16:51:41 [Zakim]
3. TPAC [from npdoty]
16:51:49 [jtrentadams]
No problem.... I hope we're able to uncover the true issues and ensure they're addressed as appropriate.
16:51:59 [rigo]
zakim, take up agendum 2
16:51:59 [Zakim]
agendum 2. "W3C Workshop" taken up [from npdoty]
16:52:15 [Zakim]
16:52:32 [JoeHallCDT]
Impetus behind DNT and Beyond is to figure out how w3c should chart a future course in this flavor of privacy expression.
16:53:06 [JoeHallCDT]
want to have quite a few people to talk about privacy techniques and issues
16:53:09 [JoeHallCDT]
16:53:22 [JoeHallCDT]
very short position papers, due Monday
16:53:37 [JoeHallCDT]
Berkeley is great!
16:53:45 [rigo]
ack Joe
16:53:52 [Robin]
Robin has joined #privacy
16:54:47 [JoeHallCDT]
There is an implicit scope for this for web work, coming from the w3c.
16:54:59 [christine]
Or I can?
16:55:13 [npdoty]
Zakim, next agendum
16:55:13 [Zakim]
agendum 1. "CSP specification - privacy issues" taken up [from rigo]
16:55:17 [JoeHallCDT]
zakim, take up agendum 3
16:55:17 [Zakim]
agendum 3. "TPAC" taken up [from npdoty]
16:55:19 [npdoty]
Zakim, take up agendum 3
16:55:19 [Zakim]
agendum 3. "TPAC" taken up [from npdoty]
16:55:41 [JoeHallCDT]
Fingerprinting breakout session at TPAC
16:55:47 [npdoty]
16:56:07 [JoeHallCDT]
where is the bar on trackability?
16:56:15 [JoeHallCDT]
lessons from browser modes and protections?
16:56:42 [JoeHallCDT]
TPAC will have an informal PING get together… drinks!
16:56:47 [rigo]
I am going
16:56:49 [bblfish]
I'll be there.
16:56:57 [npdoty]
+1, informal get-together
16:57:03 [JoeHallCDT]
Alissa from our shop I think will be around
16:57:04 [bblfish]
note that related on the SEssion Ideas page there is
16:57:06 [JoeHallCDT]
(I think)
16:57:17 [christine]
Can we do the next call on 22 Nov?
16:57:21 [npdoty]
email Christine if you'll be around at TPAC and want to gather for drinks
16:57:34 [JoeHallCDT]
that is american thanksgiving
16:57:35 [JoeHallCDT]
16:57:43 [npdoty]
US Thanksgiving, yeah
16:58:03 [JoeHallCDT]
the 29th is close
16:58:04 [christine]
I'm booked 15 and 29
16:58:08 [npdoty]
Nov 15 or Nov 29?
16:58:10 [JoeHallCDT]
to the w3c thing,… traveling
16:58:13 [christine]
but can try to fit it in
16:58:17 [JoeHallCDT]
11/15 WFM
16:58:22 [rigo]
Nov 29 in Berkeley
16:58:28 [yrlesru]
I submitted a position paper (SPA) but no reply.
16:58:33 [npdoty]
either day works for me, or we can look at Fridays
16:58:35 [rigo]
what about 22 Nov? or early Dec
16:58:52 [Joanne]
either day works for me
16:58:54 [JoeHallCDT]
we'll be cooking and getting fatter that day, rigo
16:59:08 [npdoty]
December 6th?
16:59:12 [npdoty]
works for me
16:59:13 [christine]
okay for me
16:59:15 [JoeHallCDT]
wfm 12/6
16:59:18 [Joanne]
okay for me
16:59:33 [Robin]
Dec 6th... St Nick's Day
16:59:42 [christine]
Apologies to Henry that we did not have time for your item today. We can add to next call if you like.
16:59:51 [Zakim]
- +1.303.661.aagg
16:59:57 [bblfish]
hope to see you at TPAC in Lyon
16:59:58 [npdoty]
tara: excellent discussion today
17:00:04 [Zakim]
17:00:05 [Zakim]
17:00:05 [Zakim]
17:00:06 [Zakim]
17:00:06 [jtrentadams]
Thanks all!
17:00:06 [Zakim]
17:00:08 [npdoty]
thanks, good talking with you all
17:00:08 [Zakim]
17:00:14 [Zakim]
17:00:30 [tara]
Thanks Joe for scribing! Bye!
17:00:40 [yrlesru]
Thanks, Tara (Frank = yrlesru)
17:00:42 [MacTed]
MacTed has changed the topic to: Privacy IG -- -- latest agenda: -- next call 2012-12-06
17:01:42 [npdoty]
Zakim, list attendees
17:01:42 [Zakim]
As of this point the attendees have been +1.206.910.aaaa, +44.208.123.aabb, [IPcaller], +1.817.329.aacc, +1.508.380.aadd, +1.613.947.aaee, +1.916.641.aaff, Ashok_Malhotra, npdoty,
17:01:46 [Zakim]
... bblfish, Rigo, +1.303.661.aagg, Joanne, MacTed, JoeHallCDT, jtrentadams, tara, JC
17:01:56 [npdoty]
rrsagent, draft minutes
17:01:56 [RRSAgent]
I have made the request to generate npdoty
17:02:14 [JoeHallCDT]
17:03:39 [tara]
17:06:09 [Zakim]
17:08:22 [Zakim]
17:15:11 [Zakim]
17:17:56 [Zakim]
17:17:57 [Zakim]
Priv_IG(PING)12:00PM has ended
17:17:57 [Zakim]
Attendees were +1.206.910.aaaa, +44.208.123.aabb, [IPcaller], +1.817.329.aacc, +1.508.380.aadd, +1.613.947.aaee, +1.916.641.aaff, Ashok_Malhotra, npdoty, bblfish, Rigo,
17:17:57 [Zakim]
... +1.303.661.aagg, Joanne, MacTed, JoeHallCDT, jtrentadams, tara, JC
18:10:04 [ArtB]
ArtB has left #privacy