15:54:39 RRSAgent has joined #privacy 15:54:39 logging to http://www.w3.org/2013/04/25-privacy-irc 15:54:41 RRSAgent, make logs 263 15:54:42 Zakim has joined #privacy 15:54:43 Zakim, this will be 15:54:44 I don't understand 'this will be', trackbot 15:54:44 Meeting: Privacy Interest Group Teleconference 15:54:45 Date: 25 April 2013 15:54:56 rrsagent, make logs public 15:55:03 Zakim, this is PING 15:55:03 ok, npdoty; that matches Team_(privacy)16:00Z 15:55:11 Zakim, who is on the phone? 15:55:11 On the phone I see +1.469.242.aaaa, +358.504.87aabb 15:56:19 +[IPcaller] 15:56:38 christine has joined #privacy 15:57:05 yrlesru is Frank 15:57:06 + +33.4.92.96.aacc 15:57:31 +npdoty 15:58:53 we originally had Joe Hall down to scribe this session, but now I think he may be in hearings on the Hill 16:00:01 fjh has joined #privacy 16:00:23 +[IPcaller.a] 16:00:32 zakim, [IPcaller.a] is me 16:00:32 +fjh; got it 16:00:42 zakim, who is here> 16:00:42 I don't understand 'who is here>', fjh 16:00:46 zakim, who is here? 16:00:46 On the phone I see +1.469.242.aaaa, +358.504.87aabb, [IPcaller], +33.4.92.96.aacc, npdoty, fjh 16:00:49 On IRC I see fjh, christine, Zakim, RRSAgent, npdoty, yrlesru, tara, TallTed, Karima, mikeperry, trackbot, wseltzer 16:00:57 scribenick: npdoty 16:01:32 chair: christine 16:01:32 Agenda: 16:01:43 1. Welcome and introductions. 16:01:49 topic: introductions 16:01:55 Christine Runnegar, co-chair of PING 16:01:57 Nick Doty, W3C / UC Berkeley 16:02:01 Frank Dawson = yrlesru 16:02:07 Present+ Frederick_Hirsch(Nokia) 16:02:08 Hannes Tschofenig 16:02:09 Karima / University of Nice Sophia Antipolis - CNRS 16:02:19 Frank is also from Nokia, btw. 16:02:43 2. Status of EME privacy review 16:03:55 christine: npdoty, can you follow up with rigo? 16:04:07 npdoty: yes, wseltzer may be managing, since she's already doing EME work 16:04:30 christine: please volunteer, can contact rigo, wseltzer 16:04:31 3. Status of the getUserMedia privacy review 16:05:06 hannes: a little bit behind on the privacy review (worked on the privacy considerations document instead) 16:05:15 ... when do we need to have that ready? what timeframe? 16:05:58 christine: til the next call, but sooner is better because sooner makes it much more likely to have useful impact on a WG's deliverables 16:06:08 ... due on 16 May? 16:06:45 action-3? 16:06:45 ACTION-3 -- Hannes Tschofenig to lead privacy review on Media Capture -- due 2013-04-04 -- OPEN 16:06:45 http://www.w3.org/Privacy/track/actions/3 16:06:57 hannes: feel free to contact me to volunteer with help 16:07:04 christine: Joe Hall may be able to help from CDT 16:07:11 action-3: due 16 May 16:07:15 Notes added to ACTION-3 Lead privacy review on Media Capture. 16:07:21 Topic: Privacy Guidance Documents 16:09:18 This item: Frank Dawson - Specification Privacy Assessment 16:09:49 frank: thx to Nick, tried to put SPA into W3C format 16:10:09 ... status and purpose of the documentation, give specification authors an explanation why privacy assessment is important 16:10:21 ... when would this process be used (a series of three questions) 16:10:31 ... how to conduct an analysis of your specification 16:10:43 ... and what sort of content should be written in a Privacy Considerations section 16:11:01 ... methodology, threat analysis from Security Development Lifecycle 16:11:14 ... understand where the trust boundaries are 16:11:32 ... external interactors 16:12:06 ... kind of data in a protocol, understand what privacy principles might apply and what threats there might be 16:12:18 ... are there any privacy controls that might be put into the specification? 16:13:16 ... for Device API, rather than limit the kind of data available through the spec, instead assume that the deployers would have guidance on the privacy in implementation 16:13:47 ... looking at the stages of documents, what can you do as an editor / document team at each stage to identify and mitigate privacy issues? 16:14:30 ... Privacy Data Lifecycle, data collected by a sensor, how that data is transferred back to a server, etc. 16:14:52 ... ISO generalization of privacy principles (OECD, US FIPPs, proposed EU regulation), blending into a list of 11, and references to other lists 16:15:27 ... if using the logic of a three-step question, you find that there are no privacy considerations, standard boilerplate for the otherwise empty privacy considerations section 16:15:47 ... classification scheme (PII 2.0, Solove) 16:16:31 q+ 16:16:57 q- 16:17:08 npdoty: look at the 3 questions for whether review is necessary 16:17:46 frank: follow the data 16:18:02 ... first look at whether it will process personal data (definition of "personal data" important) 16:18:25 ... you might not be processing, but providing links to personal data elsewhere, which would also suffice 16:18:51 ... second, will it generate personal data? (in case you consider that separate than processing) 16:19:27 ... concern because we carry our mobile devices everywhere 16:19:52 ... third, will deployment be used in a network device by an individual? 16:20:14 ... process may seem heavy, but it's the longest, ideal case, even if it won't always be used entirely 16:20:51 ... might (often) be the case that privacy considerations will be passed on to some other party, like the deploying party 16:21:45 ... steps may be useful for the trial privacy reviews we're doing right now 16:22:02 ... make sure you understand the spec itself, do a data flow diagram on the back of an envelope 16:23:26 ... identify what kinds of data 16:23:44 ... for each privacy principle, what safeguards would be necessary? 16:24:14 ... for DAP, they tried to minimize the amount (number of records, which fields) of data from the Contacts API 16:24:35 ... could use a checklist of threats, logical threats for different steps in a data flow 16:25:53 npdoty: for these questions, wouldn't every W3C spec qualify? (browsers in use on network devices by individual) 16:26:11 frank: could be, so maybe we need a lighter weight process to start 16:26:25 christine: thanks frank, a very useful introduction 16:26:42 SEVEN-Step Program For Privacy ... LOL! 16:27:04 christine: would be very good to see how it works in practice as we do privacy reviews 16:28:18 ... for example, could inform media capture reviews for hannes / wseltzer 16:29:04 christine: if no questions now, please all read through the document carefully and share comments on the mailing list 16:29:19 ... start with what frank has done, an amazing piece of work, and tinker to what we need 16:29:48 frank: take to the list, or feel free to contact me directly 16:30:15 http://www.tschofenig.priv.at/w3c-privacy-guidelines.html 16:30:22 Next item: Privacy Considerations for Web Protocols 16:31:02 hannes: frank has spoken about the process, guidelines together for how to write these privacy considerations 16:31:19 ... took the work from IETF/IAB to re-use aspects where possible 16:31:53 ... took from DAP Privacy Guidelines as well 16:32:10 ... for introduction and terminology, tried to re-use from the IAB document 16:33:09 ... fingerprinting, w3c has more context available now, so could put some references there, perhaps in place of these definitions 16:33:47 ... briefly highlighted the privacy threats (section 3) 16:34:27 ... list from Dan Solove, Understanding Privacy 16:34:41 ... Guidelines (section 4), taking from other documents 16:35:08 ... not telling you a particular solution, since those solutions will vary in different w3c specs 16:35:50 ... Data Minimization; Trade-offs; Defaults; User Participation 16:36:02 ... user participation gets at notice, consent, user control mechanisms 16:36:24 ... with minimization, provided examples, which originally were used in the TAG document 16:36:50 ... would like to add examples from w3c as we do our own reviews, make it more interesting to read 16:37:04 ... tried to keep it as short as possible 16:37:56 ... I believe I have captured the same concepts in the TAG document, but not the terminology of "privacy-by-design" or "privacy patterns" 16:38:13 ... tried to stay abstract with user participation 16:39:02 jeffh has joined #privacy 16:39:39 christine: might be able to provide short examples of how a privacy problem was identified and then mitigated (with an expression of how well it worked out) 16:40:03 ... for npdoty, does w3c already have a glossary of terminology? 16:41:27 npdoty: not aware of any glossary, not specific to privacy; but many specs themselves define terms, like "user agent" defined in an HTTP spec 16:41:51 hannes: yes, could replace when other documents have more specific terms, like with your separate fingerprinting document 16:42:18 ... useful to have these terms not just for use in this document, but when doing privacy reviews of another document, it's useful to have common terms, to avoid talking past 16:42:28 npd: +1 16:42:52 christine: might want to determine when there are terms-of-art that have a particular meaning to the W3C community 16:43:10 ... although ideally all standards communities would use the same terms, probably not possible 16:44:06 npdoty: just initially, what do we think about use of this in relation to what Frank presented? 16:44:31 hannes: a process aspect (how is the machinery done), and instead what is the actual content 16:45:17 ... left out process on the understanding that that would be covered by Frank's document; for example, who does the reviews, who makes decisions, how are the results framed in the spec 16:45:41 And hopefully some examples, too! 16:46:05 christine: may end up with one or two documents at the end; Frank's doc would provide the process; Hannes's doc would provide more detailed guidance about how they might be mitigated 16:46:14 +q 16:46:23 ack Karima 16:46:24 I am also interested in seeing catalog of threats to privacy being developed over a very long period. 16:46:49 Karima: very useful to have a glossary, because usually there is no one definition 16:47:04 ... even if we can't have one for all standards, if we have one for what we're doing, it will be useful 16:47:04 There are some good glossaries out in internet on privacy. 16:47:22 ... we developed a glossary for one project in France, and now it's been in use by the government 16:47:32 ISO SC27/WG5 has one. I think that others maybe could contribute to that also. 16:47:53 yrlesru, can you email us your list, or whatever glossaries you know of that we should be considering? 16:48:14 Will queue that up! 16:48:39 christine: again, ask that people look at the content of this document over the next week, and start feedback on the mailing list 16:48:40 4. Fingerprinting guidance 16:48:47 http://w3c.github.io/fingerprinting-guidance/ 16:48:50 OK. It is not a privacy glossary, more a security glossary 16:49:30 nick: a few short updates on the document since the last discussion - now Github hosted 16:49:58 nick: written in HTML - can see repository - can edit using Github 16:50:12 nick: changes will go into the centralised repository 16:50:32 nick: if not comfortable using Github, can send proposed changes on email 16:51:02 nick: defn of browser fingerprinting similiar to priv consid - but seems we need passive, active, cookie-type defins 16:51:40 nick: passive is harder to identify; browser does not run code; efficient; can be done offline without visibility to the user 16:52:13 nick: active is where a lot of work has been done recently - add function to API - add more characteristics to identify uniquely browsers 16:52:37 nick: graphical rendering to look at output of ??? [nick to fill this in] 16:53:18 nick: some argue too hard to solve ... but there might be some indication that is occurring and the ability to do something about it 16:53:50 nick: so we might say no new specfications should increase ability to passive fingerprinting 16:54:00 In older mobile platform (Symbian), the call log had information like MSISDN called, duration of call, etc. Some researchers were analyzing this data to assess the social profile of users. I guess that is kind of like fingerprinting :-) 16:54:18 nick: but less stringent on active as it might be inevitable if functionality is desired 16:54:28 nick: cookie-type fingerprinting 16:54:35 nick: welcome feedback on definitions 16:54:53 nick: also input on what to do to mitigate fingerprinting 16:54:58 scribenick: npdoty 16:55:11 christine: thanks. any questions? 16:55:46 hannes: regarding conversation at last TPAC meeting, and lots of publications, how far would you like to go? 16:56:38 nick: the distinction on defn could help - may be able to make more progress with passive than active - don't share the view that it is so bad nothing can be done 16:57:16 npd: maybe I'm being incorrectly optimistic, I would welcome corrections 16:57:38 Will be leaving meeting IRC. I have some reading to do. Thank you Nick and Hannes for my reading list. Ciao. 16:57:46 christine: again, ask folks to look closely at the document, provide feedback -- either pull request in github or discussion on the mailing list 16:57:52 ... any other business? 16:58:10 ... thanks for joining, and for work on these documents 16:58:35 propose next call for 23rd May 16:59:00 christine: hoping to have draft reviews on getUserMedia and EME a week ahead of the next call 16:59:20 -fjh 16:59:21 - +33.4.92.96.aacc 16:59:23 - +1.469.242.aaaa 16:59:23 fjh has left #privacy 16:59:23 -npdoty 16:59:26 - +358.504.87aabb 16:59:26 thanks Christine and all ! 16:59:27 -[IPcaller] 16:59:27 Team_(privacy)16:00Z has ended 16:59:27 Attendees were +1.469.242.aaaa, +358.504.87aabb, [IPcaller], +33.4.92.96.aacc, npdoty, fjh 17:08:13 rrsagent, please draft the minutes 17:08:13 I have made the request to generate http://www.w3.org/2013/04/25-privacy-minutes.html npdoty 17:25:50 jeffh has joined #privacy 18:07:09 Karima has joined #privacy 18:52:06 Zakim has left #privacy