IRC log of privacy on 2013-04-25

Timestamps are in UTC.

15:54:39 [RRSAgent]
RRSAgent has joined #privacy
15:54:39 [RRSAgent]
logging to http://www.w3.org/2013/04/25-privacy-irc
15:54:41 [trackbot]
RRSAgent, make logs 263
15:54:42 [Zakim]
Zakim has joined #privacy
15:54:43 [trackbot]
Zakim, this will be
15:54:44 [Zakim]
I don't understand 'this will be', trackbot
15:54:44 [trackbot]
Meeting: Privacy Interest Group Teleconference
15:54:45 [trackbot]
Date: 25 April 2013
15:54:56 [npdoty]
rrsagent, make logs public
15:55:03 [npdoty]
Zakim, this is PING
15:55:03 [Zakim]
ok, npdoty; that matches Team_(privacy)16:00Z
15:55:11 [npdoty]
Zakim, who is on the phone?
15:55:11 [Zakim]
On the phone I see +1.469.242.aaaa, +358.504.87aabb
15:56:19 [Zakim]
+[IPcaller]
15:56:38 [christine]
christine has joined #privacy
15:57:05 [yrlesru]
yrlesru is Frank
15:57:06 [Zakim]
+ +33.4.92.96.aacc
15:57:31 [Zakim]
+npdoty
15:58:53 [npdoty]
we originally had Joe Hall down to scribe this session, but now I think he may be in hearings on the Hill
16:00:01 [fjh]
fjh has joined #privacy
16:00:23 [Zakim]
+[IPcaller.a]
16:00:32 [fjh]
zakim, [IPcaller.a] is me
16:00:32 [Zakim]
+fjh; got it
16:00:42 [fjh]
zakim, who is here>
16:00:42 [Zakim]
I don't understand 'who is here>', fjh
16:00:46 [fjh]
zakim, who is here?
16:00:46 [Zakim]
On the phone I see +1.469.242.aaaa, +358.504.87aabb, [IPcaller], +33.4.92.96.aacc, npdoty, fjh
16:00:49 [Zakim]
On IRC I see fjh, christine, Zakim, RRSAgent, npdoty, yrlesru, tara, TallTed, Karima, mikeperry, trackbot, wseltzer
16:00:57 [npdoty]
scribenick: npdoty
16:01:32 [npdoty]
chair: christine
16:01:32 [christine]
Agenda:
16:01:43 [christine]
1. Welcome and introductions.
16:01:49 [npdoty]
topic: introductions
16:01:55 [christine]
Christine Runnegar, co-chair of PING
16:01:57 [npdoty]
Nick Doty, W3C / UC Berkeley
16:02:01 [yrlesru]
Frank Dawson = yrlesru
16:02:07 [fjh]
Present+ Frederick_Hirsch(Nokia)
16:02:08 [christine]
Hannes Tschofenig
16:02:09 [Karima]
Karima / University of Nice Sophia Antipolis - CNRS
16:02:19 [yrlesru]
Frank is also from Nokia, btw.
16:02:43 [christine]
2. Status of EME privacy review
16:03:55 [npdoty]
christine: npdoty, can you follow up with rigo?
16:04:07 [npdoty]
npdoty: yes, wseltzer may be managing, since she's already doing EME work
16:04:30 [npdoty]
christine: please volunteer, can contact rigo, wseltzer
16:04:31 [christine]
3. Status of the getUserMedia privacy review
16:05:06 [npdoty]
hannes: a little bit behind on the privacy review (worked on the privacy considerations document instead)
16:05:15 [npdoty]
... when do we need to have that ready? what timeframe?
16:05:58 [npdoty]
christine: til the next call, but sooner is better because sooner makes it much more likely to have useful impact on a WG's deliverables
16:06:08 [npdoty]
... due on 16 May?
16:06:45 [npdoty]
action-3?
16:06:45 [trackbot]
ACTION-3 -- Hannes Tschofenig to lead privacy review on Media Capture -- due 2013-04-04 -- OPEN
16:06:45 [trackbot]
http://www.w3.org/Privacy/track/actions/3
16:06:57 [npdoty]
hannes: feel free to contact me to volunteer with help
16:07:04 [npdoty]
christine: Joe Hall may be able to help from CDT
16:07:11 [npdoty]
action-3: due 16 May
16:07:15 [trackbot]
Notes added to ACTION-3 Lead privacy review on Media Capture.
16:07:21 [npdoty]
Topic: Privacy Guidance Documents
16:09:18 [christine]
This item: Frank Dawson - Specification Privacy Assessment
16:09:49 [npdoty]
frank: thx to Nick, tried to put SPA into W3C format
16:10:09 [npdoty]
... status and purpose of the documentation, give specification authors an explanation why privacy assessment is important
16:10:21 [npdoty]
... when would this process be used (a series of three questions)
16:10:31 [npdoty]
... how to conduct an analysis of your specification
16:10:43 [npdoty]
... and what sort of content should be written in a Privacy Considerations section
16:11:01 [npdoty]
... methodology, threat analysis from Security Development Lifecycle
16:11:14 [npdoty]
... understand where the trust boundaries are
16:11:32 [npdoty]
... external interactors
16:12:06 [npdoty]
... kind of data in a protocol, understand what privacy principles might apply and what threats there might be
16:12:18 [npdoty]
... are there any privacy controls that might be put into the specification?
16:13:16 [npdoty]
... for Device API, rather than limit the kind of data available through the spec, instead assume that the deployers would have guidance on the privacy in implementation
16:13:47 [npdoty]
... looking at the stages of documents, what can you do as an editor / document team at each stage to identify and mitigate privacy issues?
16:14:30 [npdoty]
... Privacy Data Lifecycle, data collected by a sensor, how that data is transferred back to a server, etc.
16:14:52 [npdoty]
... ISO generalization of privacy principles (OECD, US FIPPs, proposed EU regulation), blending into a list of 11, and references to other lists
16:15:27 [npdoty]
... if using the logic of a three-step question, you find that there are no privacy considerations, standard boilerplate for the otherwise empty privacy considerations section
16:15:47 [npdoty]
... classification scheme (PII 2.0, Solove)
16:16:31 [npdoty]
q+
16:16:57 [npdoty]
q-
16:17:08 [npdoty]
npdoty: look at the 3 questions for whether review is necessary
16:17:46 [npdoty]
frank: follow the data
16:18:02 [npdoty]
... first look at whether it will process personal data (definition of "personal data" important)
16:18:25 [npdoty]
... you might not be processing, but providing links to personal data elsewhere, which would also suffice
16:18:51 [npdoty]
... second, will it generate personal data? (in case you consider that separate than processing)
16:19:27 [npdoty]
... concern because we carry our mobile devices everywhere
16:19:52 [npdoty]
... third, will deployment be used in a network device by an individual?
16:20:14 [npdoty]
... process may seem heavy, but it's the longest, ideal case, even if it won't always be used entirely
16:20:51 [npdoty]
... might (often) be the case that privacy considerations will be passed on to some other party, like the deploying party
16:21:45 [npdoty]
... steps may be useful for the trial privacy reviews we're doing right now
16:22:02 [npdoty]
... make sure you understand the spec itself, do a data flow diagram on the back of an envelope
16:23:26 [npdoty]
... identify what kinds of data
16:23:44 [npdoty]
... for each privacy principle, what safeguards would be necessary?
16:24:14 [npdoty]
... for DAP, they tried to minimize the amount (number of records, which fields) of data from the Contacts API
16:24:35 [npdoty]
... could use a checklist of threats, logical threats for different steps in a data flow
16:25:53 [npdoty]
npdoty: for these questions, wouldn't every W3C spec qualify? (browsers in use on network devices by individual)
16:26:11 [npdoty]
frank: could be, so maybe we need a lighter weight process to start
16:26:25 [npdoty]
christine: thanks frank, a very useful introduction
16:26:42 [yrlesru]
SEVEN-Step Program For Privacy ... LOL!
16:27:04 [npdoty]
christine: would be very good to see how it works in practice as we do privacy reviews
16:28:18 [npdoty]
... for example, could inform media capture reviews for hannes / wseltzer
16:29:04 [npdoty]
christine: if no questions now, please all read through the document carefully and share comments on the mailing list
16:29:19 [npdoty]
... start with what frank has done, an amazing piece of work, and tinker to what we need
16:29:48 [npdoty]
frank: take to the list, or feel free to contact me directly
16:30:15 [npdoty]
http://www.tschofenig.priv.at/w3c-privacy-guidelines.html
16:30:22 [christine]
Next item: Privacy Considerations for Web Protocols
16:31:02 [npdoty]
hannes: frank has spoken about the process, guidelines together for how to write these privacy considerations
16:31:19 [npdoty]
... took the work from IETF/IAB to re-use aspects where possible
16:31:53 [npdoty]
... took from DAP Privacy Guidelines as well
16:32:10 [npdoty]
... for introduction and terminology, tried to re-use from the IAB document
16:33:09 [npdoty]
... fingerprinting, w3c has more context available now, so could put some references there, perhaps in place of these definitions
16:33:47 [npdoty]
... briefly highlighted the privacy threats (section 3)
16:34:27 [npdoty]
... list from Dan Solove, Understanding Privacy
16:34:41 [npdoty]
... Guidelines (section 4), taking from other documents
16:35:08 [npdoty]
... not telling you a particular solution, since those solutions will vary in different w3c specs
16:35:50 [npdoty]
... Data Minimization; Trade-offs; Defaults; User Participation
16:36:02 [npdoty]
... user participation gets at notice, consent, user control mechanisms
16:36:24 [npdoty]
... with minimization, provided examples, which originally were used in the TAG document
16:36:50 [npdoty]
... would like to add examples from w3c as we do our own reviews, make it more interesting to read
16:37:04 [npdoty]
... tried to keep it as short as possible
16:37:56 [npdoty]
... I believe I have captured the same concepts in the TAG document, but not the terminology of "privacy-by-design" or "privacy patterns"
16:38:13 [npdoty]
... tried to stay abstract with user participation
16:39:02 [jeffh]
jeffh has joined #privacy
16:39:39 [npdoty]
christine: might be able to provide short examples of how a privacy problem was identified and then mitigated (with an expression of how well it worked out)
16:40:03 [npdoty]
... for npdoty, does w3c already have a glossary of terminology?
16:41:27 [npdoty]
npdoty: not aware of any glossary, not specific to privacy; but many specs themselves define terms, like "user agent" defined in an HTTP spec
16:41:51 [npdoty]
hannes: yes, could replace when other documents have more specific terms, like with your separate fingerprinting document
16:42:18 [npdoty]
... useful to have these terms not just for use in this document, but when doing privacy reviews of another document, it's useful to have common terms, to avoid talking past
16:42:28 [npdoty]
npd: +1
16:42:52 [npdoty]
christine: might want to determine when there are terms-of-art that have a particular meaning to the W3C community
16:43:10 [npdoty]
... although ideally all standards communities would use the same terms, probably not possible
16:44:06 [npdoty]
npdoty: just initially, what do we think about use of this in relation to what Frank presented?
16:44:31 [npdoty]
hannes: a process aspect (how is the machinery done), and instead what is the actual content
16:45:17 [npdoty]
... left out process on the understanding that that would be covered by Frank's document; for example, who does the reviews, who makes decisions, how are the results framed in the spec
16:45:41 [yrlesru]
And hopefully some examples, too!
16:46:05 [npdoty]
christine: may end up with one or two documents at the end; Frank's doc would provide the process; Hannes's doc would provide more detailed guidance about how they might be mitigated
16:46:14 [Karima]
+q
16:46:23 [npdoty]
ack Karima
16:46:24 [yrlesru]
I am also interested in seeing catalog of threats to privacy being developed over a very long period.
16:46:49 [npdoty]
Karima: very useful to have a glossary, because usually there is no one definition
16:47:04 [npdoty]
... even if we can't have one for all standards, if we have one for what we're doing, it will be useful
16:47:04 [yrlesru]
There are some good glossaries out in internet on privacy.
16:47:22 [npdoty]
... we developed a glossary for one project in France, and now it's been in use by the government
16:47:32 [yrlesru]
ISO SC27/WG5 has one. I think that others maybe could contribute to that also.
16:47:53 [npdoty]
yrlesru, can you email us your list, or whatever glossaries you know of that we should be considering?
16:48:14 [yrlesru]
Will queue that up!
16:48:39 [npdoty]
christine: again, ask that people look at the content of this document over the next week, and start feedback on the mailing list
16:48:40 [christine]
4. Fingerprinting guidance
16:48:47 [npdoty]
http://w3c.github.io/fingerprinting-guidance/
16:48:50 [Karima]
OK. It is not a privacy glossary, more a security glossary
16:49:30 [christine]
nick: a few short updates on the document since the last discussion - now Github hosted
16:49:58 [christine]
nick: written in HTML - can see repository - can edit using Github
16:50:12 [christine]
nick: changes will go into the centralised repository
16:50:32 [christine]
nick: if not comfortable using Github, can send proposed changes on email
16:51:02 [christine]
nick: defn of browser fingerprinting similiar to priv consid - but seems we need passive, active, cookie-type defins
16:51:40 [christine]
nick: passive is harder to identify; browser does not run code; efficient; can be done offline without visibility to the user
16:52:13 [christine]
nick: active is where a lot of work has been done recently - add function to API - add more characteristics to identify uniquely browsers
16:52:37 [christine]
nick: graphical rendering to look at output of ??? [nick to fill this in]
16:53:18 [christine]
nick: some argue too hard to solve ... but there might be some indication that is occurring and the ability to do something about it
16:53:50 [christine]
nick: so we might say no new specfications should increase ability to passive fingerprinting
16:54:00 [yrlesru]
In older mobile platform (Symbian), the call log had information like MSISDN called, duration of call, etc. Some researchers were analyzing this data to assess the social profile of users. I guess that is kind of like fingerprinting :-)
16:54:18 [christine]
nick: but less stringent on active as it might be inevitable if functionality is desired
16:54:28 [christine]
nick: cookie-type fingerprinting
16:54:35 [christine]
nick: welcome feedback on definitions
16:54:53 [christine]
nick: also input on what to do to mitigate fingerprinting
16:54:58 [npdoty]
scribenick: npdoty
16:55:11 [npdoty]
christine: thanks. any questions?
16:55:46 [npdoty]
hannes: regarding conversation at last TPAC meeting, and lots of publications, how far would you like to go?
16:56:38 [christine]
nick: the distinction on defn could help - may be able to make more progress with passive than active - don't share the view that it is so bad nothing can be done
16:57:16 [npdoty]
npd: maybe I'm being incorrectly optimistic, I would welcome corrections
16:57:38 [yrlesru]
Will be leaving meeting IRC. I have some reading to do. Thank you Nick and Hannes for my reading list. Ciao.
16:57:46 [npdoty]
christine: again, ask folks to look closely at the document, provide feedback -- either pull request in github or discussion on the mailing list
16:57:52 [npdoty]
... any other business?
16:58:10 [npdoty]
... thanks for joining, and for work on these documents
16:58:35 [npdoty]
propose next call for 23rd May
16:59:00 [npdoty]
christine: hoping to have draft reviews on getUserMedia and EME a week ahead of the next call
16:59:20 [Zakim]
-fjh
16:59:21 [Zakim]
- +33.4.92.96.aacc
16:59:23 [Zakim]
- +1.469.242.aaaa
16:59:23 [fjh]
fjh has left #privacy
16:59:23 [Zakim]
-npdoty
16:59:26 [Zakim]
- +358.504.87aabb
16:59:26 [Karima]
thanks Christine and all !
16:59:27 [Zakim]
-[IPcaller]
16:59:27 [Zakim]
Team_(privacy)16:00Z has ended
16:59:27 [Zakim]
Attendees were +1.469.242.aaaa, +358.504.87aabb, [IPcaller], +33.4.92.96.aacc, npdoty, fjh
17:08:13 [npdoty]
rrsagent, please draft the minutes
17:08:13 [RRSAgent]
I have made the request to generate http://www.w3.org/2013/04/25-privacy-minutes.html npdoty
17:25:50 [jeffh]
jeffh has joined #privacy
18:07:09 [Karima]
Karima has joined #privacy
18:52:06 [Zakim]
Zakim has left #privacy