IRC log of privacy on 2013-03-28

Timestamps are in UTC.

15:50:21 [RRSAgent]
RRSAgent has joined #privacy
15:50:21 [RRSAgent]
logging to
15:50:23 [trackbot]
RRSAgent, make logs 263
15:50:23 [Zakim]
Zakim has joined #privacy
15:50:25 [trackbot]
Zakim, this will be
15:50:25 [Zakim]
I don't understand 'this will be', trackbot
15:50:26 [trackbot]
Meeting: Privacy Interest Group Teleconference
15:50:26 [trackbot]
Date: 28 March 2013
15:50:30 [dom]
Zakim, ping me in 9 minutes
15:50:30 [Zakim]
ok, dom
15:50:49 [dom]
Zakim, this will be PING
15:50:49 [Zakim]
ok, dom; I see Team_(privacy)16:00Z scheduled to start in 10 minutes
15:53:41 [Zakim]
Team_(privacy)16:00Z has now started
15:53:49 [Zakim]
+ +358.504.87aaaa
15:54:20 [Zakim]
- +358.504.87aaaa
15:54:22 [Zakim]
Team_(privacy)16:00Z has ended
15:54:22 [Zakim]
Attendees were +358.504.87aaaa
15:55:05 [Zakim]
Team_(privacy)16:00Z has now started
15:55:11 [Zakim]
+ +1.613.304.aaaa
15:55:38 [Christine]
Christine has joined #privacy
15:56:11 [Zakim]
15:56:13 [Zakim]
15:56:26 [Christine]
Zakim, ??P8 is Christine
15:56:26 [Zakim]
+Christine; got it
15:56:34 [npdoty]
chair: Christine, tara
15:56:47 [Christine]
Apologies: Joe Hall
15:57:21 [Christine]
Agenda: Agenda: 1. Welcome and introductions. 2. Media Capture Task Force* - camera and microphone access (Dominique Hazael-Massieux) 3. Reports and discussion on open action items: (Nick re privacy considerations; Frank re process document; Rigo re EME privacy review) 4. AOB
15:57:21 [Zakim]
+ +358.504.87aabb
15:57:21 [tara]
zakim, aaaa is me
15:57:21 [Zakim]
+tara; got it
15:58:27 [npdoty]
Zakim, aabb is Hannes
15:58:27 [Zakim]
+Hannes; got it
15:59:16 [npdoty]
Zakim, who is on the phone?
15:59:17 [Zakim]
On the phone I see tara, npdoty, Christine, Hannes
15:59:31 [Zakim]
dom, you asked to be pinged at this time
15:59:50 [tara]
Too much management! :-)
16:00:43 [wseltzer]
zakim, code?
16:00:43 [Zakim]
the conference code is 7464 (tel:+1.617.761.6200, wseltzer
16:01:04 [Zakim]
16:01:27 [Christine]
Agenda item 1: Welcome and introductions
16:01:29 [npdoty]
Hannes Tschofenig, Nokia Siemens Networks
16:01:42 [Zakim]
16:01:59 [Zakim]
16:02:02 [npdoty]
scribenick: tara
16:02:33 [JC]
JC has joined #PRIVACY
16:02:33 [tara]
Tara Whalen in transition from Office of the Privacy Commisioner of Canada to Apple Inc. (on Monday).
16:02:40 [Christine]
Those on IRC people write your name and affiliation for the minutes.
16:02:49 [Christine]
Christine Runnegar - co-chair PING
16:03:00 [erin]
erin has joined #privacy
16:03:00 [tara]
And yes, Tara is also co-chair PING.
16:03:03 [Bert]
Bert has joined #privacy
16:03:04 [wseltzer]
Wendy Seltzer, W3C
16:03:07 [Zakim]
16:03:16 [Ashok_Malhotra]
Ashok_Malhotra has joined #privacy
16:03:18 [tara]
Dom can you type in your name + affiliation for the minutes?
16:03:18 [Zakim]
16:03:27 [dom]
Dominique Hazael-Massieux, W3C
16:03:30 [npdoty]
Nick Doty, W3C
16:03:34 [JC]
JC Cannon Microsoft
16:04:29 [Ashok_Malhotra]
Ashok Malhotra, Oracle
16:04:44 [npdoty]
Zakim, [IPcaller] may be Ashok_Malhotra
16:04:45 [Zakim]
+Ashok_Malhotra?; got it
16:04:48 [Ashok_Malhotra]
zakim, code?
16:04:48 [Zakim]
the conference code is 7464 (tel:+1.617.761.6200, Ashok_Malhotra
16:05:00 [Bert]
Bert Bos, W3C, Style Activity Lead, but here today for an EU project called STREWS about security in WebRTC.
16:05:01 [Zakim]
16:05:08 [dom]
-> Privacy & Media Capture
16:05:18 [tara]
Media Capture Task Force Agenda Item...
16:06:13 [wseltzer]
[slide 2]
16:06:26 [tara]
Dom presenting ongoing work - for web apps and sites to get access to camera + mikes on devices.
16:06:39 [tara]
Media Capture Task Force is doing this work.
16:07:03 [tara]
joint task force between Device APIs and WebRTC Working Groups
16:07:15 [tara]
Same API used for screen sharing
16:07:30 [tara]
This presentation mostly on camera and microphone
16:07:49 [Zakim]
16:07:52 [tara]
media stream can be used locally - like an application that can take picture of yourself.
16:08:09 [tara]
But can send audio/video stream to remote party
16:08:27 [tara]
"Skype inside the browser."
16:09:26 [tara]
Not only remote party that can get handle on media streams, but the service operator
16:09:36 [Robin_Wilton]
Robin_Wilton has joined #privacy
16:10:15 [tara]
Adding access control mode - if service operator provides option, you can have prevent access from that outside party.
16:11:23 [npdoty]
q+ wseltzer
16:11:28 [tara]
Q from Hannes: you couldn't know who you were sharing data with unless you knew implementation (? was this SIP?)
16:12:01 [tara]
How does this work in this context - how to provide right amount of detail to user?
16:13:13 [tara]
Hard part - how to determine that you are sending to the party you *think* it is (e.g., sending privately to attacker)
16:14:23 [npdoty]
(I can't find anything in the getUserMedia spec on HTTPS, SSL, TLS, encryption, key exchange...)
16:14:24 [tara]
Identity solution - third-party identity provider (like Facebook) provide assertion to verify identity; rely on identity mechanisms.
16:14:39 [npdoty]
ack wseltzer
16:15:26 [tara]
Wendy : key exchange with the other party in private mode to keep the intermediary out, is that right? Dom: Yes.
16:16:27 [tara]
In terms of how you would be exposed - service provider would allow opt-in to that mechanism; browser would allow extra confidentiality for communications.
16:16:44 [dom]
16:17:05 [wseltzer]
[Slide 3]
16:17:29 [tara]
Don't want just anyone getting access to your media stream; user confirms that they want to share access.
16:17:45 [tara]
Consent granted through browser chrome
16:18:09 [tara]
Can share multiple devices.
16:18:20 [tara]
Can specify which device to share.
16:18:28 [wseltzer]
[slide 4]
16:19:01 [npdoty]
q+ to ask about guidance on asking for permission
16:19:03 [tara]
browser will give unique ID for that device that remains constant across sessions.
16:20:11 [tara]
Reason for unique ID is to make it possible to automatically recreate same state as the last session.
16:20:37 [tara]
Same setup of cameras, etc (could be complex configuration)
16:21:02 [tara]
Fingerprinting risk? Recommend that the ID be scoped by origin.
16:21:22 [npdoty]
q+ to clarify on IDs at all
16:22:07 [tara]
Nick: what is purpose of the ID at all? Can't browser remember these details?
16:22:32 [tara]
Dom: Example why webapp needs to know: situation w/3 cameras.
16:22:57 [tara]
One each left, middle, right -- browser won't understand this type of detail.
16:23:04 [tara]
16:23:44 [tara]
Also can be much more complex in nature - mixing streams, etc.
16:24:06 [tara]
Can I get a temporary scribe for a minute?
16:25:01 [npdoty]
npdoty: couldn't you accomplish that with an ordered list instead?
16:25:02 [tara]
Dom: to be clear, am presenting current situation. Getting outside perspective will help and change the approach.
16:25:23 [tara]
(Nick, are you scribing for a moment?)
16:25:33 [tara]
16:25:37 [npdoty]
scribenick: npdoty
16:25:39 [wseltzer]
[slide 5]
16:26:33 [npdoty]
dom: mentioned unique ID per device, but also enable service operators to collect the name of every device, once the user has granted access to any device
16:26:58 [npdoty]
... a user has started using the video chat service, and you want to move to a separate camera in another part of the room
16:27:17 [npdoty]
... web app needs to know that there is another camera, and a name the user can relate to
16:27:54 [npdoty]
... screenshot of what it looks like in a Google Hangout, for example
16:28:25 [npdoty]
... need a list of all connected media capture devices
16:28:41 [npdoty]
... obviously has possible important privacy impact
16:28:53 [wseltzer]
[slide 6]
16:29:12 [npdoty]
dom: very early work on making the same API enable screen sharing
16:29:44 [npdoty]
... camera and microphone already potentially intrusive, sharing your screen has very interesting possible intrusions
16:29:56 [npdoty]
... violate the same-origin policy
16:30:34 [npdoty]
... likely come with different restrictions, but this is very early work
16:30:55 [npdoty]
christine: silence a sign that we're all listening very closely :)
16:30:57 [wseltzer]
[slide 7]
16:31:21 [npdoty]
dom: summary of privacy risks already identified and discussed (though perhaps not to our satisfaction)
16:31:37 [npdoty]
... risk of surveillance, spying on the user
16:32:04 [npdoty]
... important that the user understand that the camera/mic are in use, and that the other user and the service operator may have access
16:32:48 [npdoty]
... fingerprinting (common with device APIs), associating the attached devices to identify a particular user
16:33:36 [npdoty]
... have to have shared at least one device before this is possible, debated quite a bit in our group
16:34:23 [tara]
Thanks Nick - I can take back over.
16:34:35 [npdoty]
... by having human friendly names, you learn about, for example, purchasing power
16:34:39 [npdoty]
scribenick: tara
16:34:54 [tara]
Those are the three main risks identified so far - are likely more.
16:35:27 [tara]
Giving access to came + mic is not something you would do lightly; is compromise to be made.
16:35:34 [tara]
[slide 8]
16:35:58 [tara]
Trying to develop means to tell user that they may be being recorded.
16:36:30 [tara]
Lot of issues are UI considerations - so not in scope directly of the WG.
16:36:42 [tara]
This is common issue with many APIs.
16:37:23 [tara]
How to provide indicator that you are being recorded; also this could be one of many indicators.
16:37:58 [tara]
Don't know how scalable this solution this is.
16:38:04 [Robin_Wilton]
And the mechanism is likely to rely on the good behaviour of the app/plugin/platform...
16:38:15 [tara]
The common tradeoff of UX versus privacy (information overload).
16:38:26 [tara]
[slide 9]
16:38:36 [tara]
What we want help on
16:38:55 [Robin_Wilton]
16:39:17 [tara]
Want expert insights from privacy community - who have good grasp of both the risks and the technological constraints.
16:39:17 [npdoty]
16:39:39 [tara]
No "privacy considerations" in this document yet, but that doesn't mean one is not planned.
16:40:18 [tara]
Fingerprinting was heavily discussed, for example.
16:40:56 [Bert]
q+ to ask if a UA can check if a WebApp is still the same version as last time it was used? Maybe you can avoid asking the user for permission unnecessarily that way. Or people can tell each other about good or buggy versions.
16:41:12 [tara]
Would like more explicit guidance on this issue.
16:41:14 [wseltzer]
zakim, mute Robin_Wilton
16:41:14 [Zakim]
sorry, wseltzer, I do not know which phone connection belongs to Robin_Wilton
16:41:21 [wseltzer]
zakim, who's making noise?
16:41:23 [Christine]
Please type your question in Robin
16:41:35 [Zakim]
wseltzer, listening for 11 seconds I heard sound from the following: dom (59%)
16:41:46 [Robin_Wilton]
Sorry about the audio, there :^(
16:42:25 [tara]
Nick: how were UI discussions included in discussion (out of scope?).
16:42:36 [Robin_Wilton]
My question: have you given thought to how "bad apps" can be prevented from activating camera/mic without giving the user any indication?
16:42:39 [glenn]
glenn has joined #privacy
16:43:09 [tara]
Dom: don't have anything formal; concerned that there may be no good identified solution available.
16:43:34 [tara]
At TPAC, was some discussion about turning a light on, for example.
16:43:42 [npdoty]
the light next to the camera is a *great* example, though
16:44:14 [tara]
Dom: response to Robin's Q:
16:44:35 [tara]
Right now, you simply cannot activate camera + mic w/out explicit user consent.
16:45:33 [tara]
Once consent is granted, then visual indicator turns green (e.g., to show camera access is on).
16:45:58 [Robin_Wilton]
OK - thanks Dom
16:45:59 [tara]
Use "pulsing" recording light, to get user attention.
16:46:15 [tara]
[slide 10]
16:46:37 [tara]
Schedule: last forecast call in June/July
16:47:24 [tara]
Firefox & Opera are working to this schedule [do I have that right?]
16:48:02 [dom]
s/Firefox & Opera are working to this schedule [do I have that right?]/Firefox, Chrome & Opera have already releases with that API/
16:48:08 [tara]
Hannes: this is being deployed, but the UI parts are not yet set.
16:48:39 [JC]
16:48:42 [tara]
There is a UI to show which devices you have granted access to?
16:48:59 [tara]
Ans: hasn't been quite worked out yet. Sharing camera with site is different from one user.
16:49:47 [tara]
In terms of "out of scope" - this is more something for [couldn't make out who?] to address.
16:50:12 [Christine]
Time check - we have 10 minutes left
16:50:39 [npdoty]
I think dom's point is that it may be more likely to provide best practices to implementers, rather than the WG specifying it
16:51:05 [npdoty]
ack Robin_Wilton
16:51:34 [tara]
[slide 11]
16:51:34 [npdoty]
q+ Robin_Wilton
16:51:39 [Robin_Wilton]
16:52:17 [tara]
Recording captured media streams mayhave additional privacy impact.
16:52:45 [tara]
Also P2P communication across browsers raises its own set of issues (e.g., backchannels).
16:53:03 [tara]
But focusing on media capture to get some feedback.
16:53:35 [tara]
Christine: Have identified need to PING to help w/ this emerging issue.
16:53:50 [JC]
Can you elaborate on work Chrome, Safari and Firefox have done?
16:53:55 [JC]
You can send an email as well
16:54:04 [tara]
Christine: as with Device API specs (ambient light) - get group of volunteers to review the specs
16:54:15 [tara]
Also consider what questions might be included in privacy considerations.
16:54:28 [tara]
Hannes volunteered.
16:54:34 [tara]
Any other volunteers?
16:54:41 [npdoty]
action: hannes to lead privacy review on Media Capture
16:54:41 [trackbot]
Created ACTION-3 - Lead privacy review on Media Capture [on Hannes Tschofenig - due 2013-04-04].
16:54:47 [JC]
Not sure of question, but can help
16:54:58 [tara]
Will be followup emails about this - to gather more reviewers.
16:55:00 [npdoty]
action-3: JC may be able to help
16:55:00 [trackbot]
Notes added to ACTION-3 Lead privacy review on Media Capture.
16:55:23 [Robin_Wilton]
Tara - "recording" is a point at which control *may* be impossible to retain... (for instance, if I point an offline video camera at the screen which is displaying the webcam feed...) :^(
16:55:31 [tara]
Bert's question will be addressed on email list.
16:55:46 [npdoty]
Topic: Action items
16:56:07 [tara]
Thanks, Dom!
16:56:15 [Zakim]
16:56:15 [npdoty]
16:56:17 [tara]
Frank: update by email
16:56:24 [tara]
Rigo not on call...
16:56:33 [tara]
Report from others?
16:56:45 [tara]
Tracker instance has been opened (see link from Nick).
16:57:15 [npdoty]
16:57:17 [tara]
NIck is tracking item already - gathering list of questions for Hannes....
16:57:28 [npdoty]
16:57:39 [tara]
Also Nick is working on the fingerprinting guidance (see github link).
16:57:52 [tara]
You can work with github to contribute.
16:58:24 [tara]
See TAG document on fingerprinting - in github (may fork as document evolves).
16:59:23 [Christine]
Here is the link from Hannes -
16:59:40 [tara]
Hannes: have been talking about what would go into guidance document; has provided initial thoughts (see above link).
16:59:43 [yrlesru]
yrlesru has joined #privacy
16:59:44 [Zakim]
17:00:21 [npdoty]
we may want to share these links and provide a chance for feedback on the mailing list
17:00:21 [tara]
Need call for next month.
17:00:24 [tara]
April 25?
17:00:24 [Zakim]
17:00:38 [npdoty]
April 25 works for me
17:00:46 [tara]
I have a program committee meeting that day.
17:00:51 [npdoty]
dom++, thank you
17:00:56 [tara]
(But I am but one person.)
17:01:08 [tara]
+1 to domthanks.
17:01:36 [tara]
Christine: we need to push forward discussions on the documents under development before next call.
17:01:43 [tara]
17:02:01 [tara]
Thanks all, until next month - and please volunteer!
17:02:03 [Robin_Wilton]
Thanks everyone
17:02:10 [Zakim]
17:02:11 [Zakim]
17:02:11 [Zakim]
17:02:13 [Zakim]
17:02:16 [Zakim]
17:02:17 [Zakim]
17:02:21 [Zakim]
17:02:22 [Zakim]
17:02:22 [Zakim]
Team_(privacy)16:00Z has ended
17:02:22 [Zakim]
Attendees were +1.613.304.aaaa, npdoty, Christine, +358.504.87aabb, tara, Hannes, wseltzer, dom, [Microsoft], Bert, Ashok_Malhotra?, Ashok_Malhotra
17:02:30 [Robin_Wilton]
Robin_Wilton has left #privacy
17:02:46 [npdoty]
rrsagent, please draft the minutes
17:02:46 [RRSAgent]
I have made the request to generate npdoty
17:02:58 [npdoty]
rrsagent, make logs public
17:15:42 [yrlesru]
yrlesru has left #privacy
17:36:30 [Bert]
Bert has left #privacy
18:47:45 [glenn]
glenn has joined #privacy
18:58:27 [Zakim]
Zakim has left #privacy
19:31:10 [glenn]
glenn has joined #privacy