IRC log of privacy on 2013-07-11

Timestamps are in UTC.

15:49:42 [RRSAgent]
RRSAgent has joined #privacy
15:49:42 [RRSAgent]
logging to
15:49:44 [trackbot]
RRSAgent, make logs 263
15:49:46 [trackbot]
Zakim, this will be
15:49:46 [Zakim]
I don't understand 'this will be', trackbot
15:49:47 [trackbot]
Meeting: Privacy Interest Group Teleconference
15:49:47 [trackbot]
Date: 11 July 2013
15:49:53 [npdoty]
rrsagent, make logs public
15:49:58 [npdoty]
Zakim, this will be PING
15:49:58 [Zakim]
ok, npdoty; I see Team_(privacy)16:00Z scheduled to start in 11 minutes
15:50:47 [Christine]
Christine has joined #privacy
15:51:59 [Zakim]
Team_(privacy)16:00Z has now started
15:52:06 [Zakim]
15:52:23 [Christine]
Zakim, +{IPcaller} is me
15:52:23 [Zakim]
sorry, Christine, I do not recognize a party named '+{IPcaller}'
15:52:38 [Christine]
Zakim, +{IPcaller] is me
15:52:38 [Zakim]
sorry, Christine, I do not recognize a party named '+{IPcaller]'
15:53:02 [npdoty]
Zakim, IPcaller is Christine
15:53:05 [Zakim]
+Christine; got it
15:53:15 [Zakim]
+ +1.650.283.aaaa
15:53:49 [tara]
Zakim, aaaa is me
15:53:49 [Zakim]
+tara; got it
15:54:26 [npdoty]
Zakim, code?
15:54:26 [Zakim]
the conference code is 7464 (tel:+1.617.761.6200, npdoty
15:54:38 [Zakim]
15:57:12 [rvaneijk]
rvaneijk has joined #privacy
15:57:44 [rvaneijk]
Hi Wendy, Tara, Christine ! Hope all is well.
15:57:50 [tara]
Hi Rob!
15:57:55 [Christine]
15:58:44 [JoeHallCDT]
JoeHallCDT has joined #privacy
15:59:35 [fjh]
fjh has joined #privacy
15:59:47 [npdoty]
yeah, I think going over the document structures would be useful
15:59:59 [fjh]
zakim, code?
16:00:00 [Zakim]
the conference code is 7464 (tel:+1.617.761.6200, fjh
16:01:02 [Christine]
Agenda - 1. Welcome and introductions 2. Discussion of privacy guidance documents (Privacy Considerations; Fingerprinting; Process) 3. Update re getUserMedia privacy review 4. Update re EME privacy review 5. AOB
16:01:15 [Zakim]
16:01:16 [npdoty]
Zakim, who is on the phone?
16:01:16 [Zakim]
On the phone I see Christine, tara, npdoty, [CDT]
16:01:22 [yrlesru]
yrlesru has joined #privacy
16:01:38 [npdoty]
Zakim, CDT has JoeHallCDT
16:01:38 [Zakim]
+JoeHallCDT; got it
16:01:54 [npdoty]
chair: tara
16:02:08 [Zakim]
16:02:10 [npdoty]
scribenick: npdoty
16:02:13 [fjh]
zakim, [IPcaller] is me
16:02:13 [Zakim]
+fjh; got it
16:02:20 [fjh]
Present+ Frederick_Hirsch
16:02:37 [Zakim]
16:02:54 [npdoty]
tara: welcome, know that many people are busy with intensive Tracking Protection work, but a good time to check in
16:03:14 [npdoty]
... anyone new to introduce themselves? welcome back Rob vE
16:03:23 [npdoty]
... overview of the agenda
16:03:42 [Christine]
Who is on the call?
16:03:47 [npdoty]
Topic: Privacy Considerations doc
16:03:52 [fjh]
zakim, who is here?
16:03:52 [Zakim]
On the phone I see Christine, tara, npdoty, [CDT], fjh, rvaneijk
16:03:53 [Zakim]
[CDT] has JoeHallCDT
16:03:53 [Zakim]
On IRC I see yrlesru, fjh, JoeHallCDT, rvaneijk, Christine, RRSAgent, tara, Zakim, npdoty, TallTed, glenn, trackbot, wseltzer
16:04:01 [Zakim]
+ +1.469.242.aabb
16:04:17 [JoeHallCDT]
zakim, [CDT] is me
16:04:17 [Zakim]
+JoeHallCDT; got it
16:04:28 [npdoty]
16:04:39 [yrlesru]
zakim +1.469.242.aabb is yrlesru
16:05:07 [yrlesru]
zakim, [aabb] is Frank
16:05:07 [Zakim]
sorry, yrlesru, I do not recognize a party named '[aabb]'
16:05:19 [yrlesru]
zakim, aabb is Frank
16:05:19 [Zakim]
+Frank; got it
16:05:23 [JoeHallCDT]
suggest Nick Weaver and Hovav Shacham's student (can't remember)
16:05:33 [yrlesru]
zakim, aabb is yrlesru
16:05:33 [Zakim]
sorry, yrlesru, I do not recognize a party named 'aabb'
16:05:46 [JoeHallCDT]
scribenick: JoeHallCDT
16:05:58 [JoeHallCDT]
[missed the beginning of npdoty's stuff]
16:06:28 [Zakim]
+ +358.504.87aacc
16:06:29 [JoeHallCDT]
npdoty: as the entropy of UA strings get more complicated, increased these fingerprintability
16:06:47 [JoeHallCDT]
… what are the use case that we are protecting for, and in which can we reduce entropy in UA strings?
16:07:04 [JoeHallCDT]
… who is it that we should be talking to about [passive fingerpting]?
16:07:09 [Christine]
That seems like a very sensible idea Nick
16:07:16 [JoeHallCDT]
… do we know which group or which body would be working on that?
16:07:26 [yrlesru]
Could Nick rephrase...
16:07:46 [npdoty]
JoeHallCDT: more familiar with the academic work, so I can help you there
16:08:21 [JoeHallCDT]
npdoty: Who are the right people to talk to about the use cases for the UA strings?
16:08:27 [Christine]
16:08:37 [JoeHallCDT]
… and if we want to address reducing entropy in in UA strings, who should we talk to?
16:09:03 [JoeHallCDT]
someone: Do you want to restrict the UA strings to make them less unique?
16:09:29 [JoeHallCDT]
… because I think the UA strings are widely used, e.g., in the mobile area, to understand what kind of device is accessing the site to do programmatic reformating, etc.
16:09:48 [JoeHallCDT]
… seems like the horse is out of the barn in trying to restrict the diversity of values in UA strings.
16:10:09 [JoeHallCDT]
npdoty: maybe not every browser is adding something to the end of the UA string...
16:10:23 [tara]
ack Christine
16:10:27 [JoeHallCDT]
… maybe if we have that use case down, we don't need such long UA strings.
16:10:28 [npdoty]
16:10:43 [JoeHallCDT]
Christine: Frank makes a great case about why this is useful.
16:11:01 [JoeHallCDT]
… Can we identify which groups in w3c are principally focused on using UA strings for this kind of functionality?
16:11:33 [JoeHallCDT]
npdoty: Wanted to see if anyone knew that off the top of their head. Will take as homework.
16:11:48 [JoeHallCDT]
tara: you could also throw it out on the list.
16:12:00 [JoeHallCDT]
… many of us would be interested to see what you find.
16:12:19 [JoeHallCDT]
rvaneijk: think the document is already a great aggregation of information about fingerprinting.
16:12:29 [npdoty]
will follow up with Joe about some of the academic work, and email public-privacy and w3c-internal lists about working groups that might affect UA
16:12:49 [JoeHallCDT]
… Would like to see things like… device optimization uses vs. for deriving a tracking identifier.
16:13:03 [JoeHallCDT]
… building up use cases would be very helpful.
16:13:26 [JoeHallCDT]
… I am writing up a [something] on fingerprinting, so this would be very useful. Would be willing to help expand use cases.
16:13:39 [npdoty]
great, thanks, rvaneijk
16:13:43 [JoeHallCDT]
16:14:05 [yrlesru]
I came into call a bit late. Was there anything before Fingerprinting.
16:14:18 [tara]
ack JoeHallCDT
16:15:32 [JoeHallCDT]
JoeHallCDT: asks about focus on passive fp?
16:15:46 [JoeHallCDT]
npdoty: more people think that active fp is a lost cause.
16:15:56 [JoeHallCDT]
… once you're running client side code, you're hosed.
16:16:18 [tara]
Joe, were you thinking of Keaton Mowery?
16:16:23 [JoeHallCDT]
… you might be able to detect or disable active fingerprinting.
16:16:26 [JoeHallCDT]
16:16:35 [JoeHallCDT]
thanks, Nick!
16:16:39 [yrlesru]
Can we assume we will use the term "passive" and "active" relative to consumer/user participation?
16:17:26 [JoeHallCDT]
tara: sounds like this is going in a good direction.
16:17:32 [fjh]
does user participate when javascript actively checks GPU etc?
16:17:36 [npdoty]
yrlesru, I've tried to define "passive" and "active" in that document thus far, mostly to refer to whether local client-side code is involved
16:17:40 [JoeHallCDT]
… let's move to SPA from yrlesru
16:17:54 [npdoty]
16:18:13 [JoeHallCDT]
yrlesru: the SPA is out on github. Thanks to npdoty and [Art Bartsow?]
16:18:31 [JoeHallCDT]
… have received some comments from bartsow and npdoty
16:18:33 [Christine]
Would it be helpful to walk through the document today?
16:18:38 [JoeHallCDT]
I sent you comments.
16:18:52 [fjh]
16:19:31 [JoeHallCDT]
yrlesru: Rationale… at Nokia, we have a number of people participating in consortia and standards groups and we've begun to understand the privacy impact on our work.
16:19:47 [JoeHallCDT]
… we're designing bridges w/o asking a structural engineer about integrity of design.
16:20:00 [JoeHallCDT]
… lots of standards were developed before people were thinking about privacy considerations.
16:20:10 [JoeHallCDT]
… in IETF you have to have a security considerations sections.
16:20:35 [JoeHallCDT]
… came from IETF management, who wanted to make sure security impact was recognized as important and incorporated into standards.
16:20:55 [JoeHallCDT]
… in IETF they have a security directorate, beardos that are wise in security.
16:21:16 [JoeHallCDT]
… they had some guidance about what this kind of section should look like in RFCs.
16:21:33 [JoeHallCDT]
… occured to us at Nokia that a similar approach could be taken for privacy.
16:21:54 [JoeHallCDT]
… wanted to avoid ineherent weaknesses wrt privacy.
16:22:10 [JoeHallCDT]
… want to have a common process for how editors and contributors would go about looking at privacy impacts.
16:22:35 [JoeHallCDT]
… if you look at IETF, it's an *ad hoc* approach… no systematic approach to look at privacy impact.
16:22:46 [JoeHallCDT]
… simply having a set of use cases without understanding how they apply is not systematic.
16:22:54 [JoeHallCDT]
… having a checklist is much more systematic.
16:23:12 [JoeHallCDT]
… checklists are very important in health care and aviation contexts.
16:23:36 [JoeHallCDT]
… having working in ISO on some of the management standards, and privacy impact methodologies, a PIA approach is gaining a lot of momentum.
16:23:58 [JoeHallCDT]
… it could be that a PIA approach could be a good baseline to start a privacy impact section in a spec.
16:24:05 [JoeHallCDT]
… about 7 steps that one would want to do.
16:24:16 [JoeHallCDT]
… like security, privacy impact goes with the data
16:24:36 [JoeHallCDT]
… by following the data, can figure out where the privacy impact is going to be.
16:24:46 [JoeHallCDT]
… can then put in safeguards to mitigate those impacts.
16:25:03 [JoeHallCDT]
… bascially I've just described what's in the SPA document.
16:25:31 [JoeHallCDT]
… use cases help you understand primary and secondary uses.
16:25:37 [npdoty]
q+ to be skeptical about data flows
16:25:51 [JoeHallCDT]
… looking at data flow allows you to see how data affects those use cases.
16:26:38 [JoeHallCDT]
… describes a spec that narrowed the request of contacts after such an examination.
16:27:05 [JoeHallCDT]
… once you have an understanding of data flows and basic architecture, you can see where there are opportunities to put in controls and safeguards.
16:27:26 [JoeHallCDT]
… latter element in SPA considers where the impact may be non-architectural but on deployment
16:27:38 [JoeHallCDT]
… so privacy considerations should touch on deployment too.
16:28:02 [Christine]
That was a superb overview Frank
16:28:06 [npdoty]
16:28:11 [JoeHallCDT]
16:28:31 [tara]
ack npdoty
16:28:31 [Zakim]
npdoty, you wanted to be skeptical about data flows
16:28:47 [JoeHallCDT]
npdoty: have been mulling over questions...
16:29:02 [JoeHallCDT]
… want to focus on whether to apply the process and when.
16:29:15 [JoeHallCDT]
… want to be skeptical about data flows.
16:29:34 [JoeHallCDT]
… going through a set of [FIPS-like] principles is very valuable
16:29:50 [JoeHallCDT]
… less certain how useful it would be to identify specific data flows or to id which information is personal or not.
16:29:51 [yrlesru]
16:30:38 [JoeHallCDT]
… some of the questions are less about what kind of data but more about how these principals work.
16:31:01 [JoeHallCDT]
yrlesru: I heard 1) skepticism about data flows, and 2) the logic diagram that outlines whether or not a specific assessment is needed.
16:31:07 [JoeHallCDT]
… they're kind of tied together.
16:31:37 [JoeHallCDT]
… has talked to sensor engineers who don't work with software so much.
16:32:06 [JoeHallCDT]
… from them, the guidance I got, was "if you could privacy into a set of equations, these people can grok it"
16:32:12 [JoeHallCDT]
… I came up with four equations.
16:32:29 [JoeHallCDT]
… they were bored until I showed the equations.
16:32:51 [JoeHallCDT]
… this enlightened me: engineers will understand privacy a bit better if we can make privacy quantifiable and measurable.
16:33:07 [JoeHallCDT]
… first equation: what do you mean by data? if you don't have data, you don't have privacy.
16:33:24 [JoeHallCDT]
… second eq.: breaks down identifiability, observability and linkability
16:33:35 [JoeHallCDT]
… the point being that it's very important to understand the data flow.
16:33:44 [JoeHallCDT]
… if there is no flow, there is no or minimal privacy impact.
16:33:57 [JoeHallCDT]
… under the SUR [? frank likes acros]
16:34:14 [npdoty]
"specification under review"
16:34:37 [JoeHallCDT]
… for me, once I mapped data flows, I had a much better understand of privacy impacts.
16:34:45 [JoeHallCDT]
… npdoty doesn't need no data flows.
16:35:09 [JoeHallCDT]
… so this is more for engineers, rather than seasoned privacy experts who know FIPs/FIPPs.
16:35:29 [JoeHallCDT]
… and this is very simple data flows in a uses case to understand the trust boundaries.
16:35:54 [JoeHallCDT]
… e.g., if a sensor is collecting information but the data never leaves the sensor register, then there's probably minimal to no impact.
16:36:10 [JoeHallCDT]
… might not understand that without mapping flows.
16:37:02 [JoeHallCDT]
[hannes?]: The main part of the specification is entirely about the data flows.
16:37:14 [npdoty]
I think Frank is making two points: both that to do a privacy review you need to deeply understand the functionality
16:37:29 [npdoty]
and that you need to identify where the data is flowing to explain whether privacy is impacted at all
16:37:46 [JoeHallCDT]
… I don't think it's good advice to have people write up a summary of the protocol in the privacy considerations section.
16:38:05 [npdoty]
(and I'm generally more supportive of the first than of the second, which I fear can be misleading)
16:38:06 [yrlesru]
Please, Hannes, read the SPA. THere is no request to put DFD in Privacy Considerations.
16:38:19 [JoeHallCDT]
Isn't the SPA an instrument for creating a privacy considerations section?
16:38:28 [yrlesru]
The DFD is needed for assessor, not to put in PC section.
16:39:13 [JoeHallCDT]
… [havig a hard time scribing Hannes]
16:39:20 [JoeHallCDT]
16:39:37 [JoeHallCDT]
yrlesru: SPA says there are only two or three things that go in privacy considerations section.
16:39:48 [JoeHallCDT]
… where is personal information being collected and processed.
16:39:56 [JoeHallCDT]
… where is privacy being impacted
16:40:05 [JoeHallCDT]
… how has this been addressed
16:40:11 [JoeHallCDT]
… [one other thing Joe missed]
16:40:22 [npdoty]
hannes: specifications tend to be very generic, APIs aren't used only in a single place, in the home, but used generally
16:40:33 [JoeHallCDT]
hannes: need to outline what's the responsiblity of spec writers vs. deployers.
16:40:59 [JoeHallCDT]
… e.g., a protocl dev can't say anything about a retention period.
16:41:16 [JoeHallCDT]
… no way to enforce a recommended retention period.
16:41:31 [JoeHallCDT]
… requiring protocol authors to write anything meaningful about deployment is very challenging.
16:42:07 [JoeHallCDT]
yrlesru: however, for the person deploying the spec, if the service designers haven't thought about, e.g., retention, they might be impacted by this being in the spec.
16:42:13 [npdoty]
fjh may have some experience with providing guidance to implementers, and how useful they might be
16:42:47 [JoeHallCDT]
… the underlying fundamental point is that if you're creating protocols/specs, it behooves us from the beginning to take into account S&P in a systematic and considered manner.
16:43:03 [JoeHallCDT]
… need to map the protocol into how it will be used.
16:43:27 [npdoty]
16:44:21 [JoeHallCDT]
hannes: IAB published "writing protocol models" that goes into some depth about how to write protocols to be analyzeable from security folks.
16:44:36 [JoeHallCDT]
… challenge is that people are super-busy, now you're throwing another piece of work on them.
16:44:46 [JoeHallCDT]
… they won't be able to do everything that your asking.
16:44:50 [yrlesru]
Challenging part of the privacy work is to mature the privacy maturity of the group. We are at a primitive stage.
16:44:50 [JoeHallCDT]
… what do you want them to do?
16:45:01 [JoeHallCDT]
… I would like to focus them on something else?
16:45:07 [JoeHallCDT]
ack npdoty
16:45:07 [tara]
ack npdoty
16:45:49 [JoeHallCDT]
npdoty: Frank is saying if you're doing a privacy review but did not write the spec, you need to do these things to understand how it's working.
16:46:21 [JoeHallCDT]
… curious if privacy requirements are more productive than data flow?
16:46:32 [JoeHallCDT]
yrlesru: how do you know what to apply if you don't know what it's doing?
16:46:41 [JoeHallCDT]
… notice and consent, e.g., may not even apply.
16:47:16 [JoeHallCDT]
… how do you know what to apply without knowing what the spec is doing?
16:47:53 [JoeHallCDT]
… doesn't want to see privacy principle opportunism.
16:48:04 [JoeHallCDT]
… agrees with Hannes that we don't want to make undue work for folks.
16:48:30 [fjh]
+1 need to be pragmatic and reasonable work for those producing work products
16:48:43 [rvaneijk]
rvaneijk has joined #privacy
16:49:01 [JoeHallCDT]
… look at the intent of the processes and can then consider if you need to put in back up processes.
16:49:14 [JoeHallCDT]
npdoty: wanted to understand why the data flow is useful.
16:49:28 [JoeHallCDT]
yrlesru: in some of the less systematic approaches, people just have a set of threats.
16:49:32 [Christine]
16:49:37 [rvaneijk]
16:49:39 [JoeHallCDT]
… e.g., unauth. access… how do you know that applies?
16:49:46 [JoeHallCDT]
… you don't unless you understand the process.
16:49:49 [fjh]
if done right, systematic approach could be less work?
16:50:05 [JoeHallCDT]
less work than copy+paste? :)
16:50:29 [JoeHallCDT]
… editors will be in a better place as they already understand flows
16:50:41 [JoeHallCDT]
… but for assessors, the flows will be key.
16:51:00 [JoeHallCDT]
… for ISO 90001 [?] and the associated assessors, this will be important.
16:51:03 [tara]
ack Christine
16:51:05 [npdoty]
I'm personally a little concerned that "oh, there's no data" may be misleading; some of the privacy concerns we've identified on event notification and correlation might not identify a set of new data that's flowing
16:51:08 [fjh]
16:51:27 [JoeHallCDT]
Christine: my understanding is that we have two privacy reviews in the queue
16:51:28 [fjh]
16:51:49 [JoeHallCDT]
… yrlesru is doing something like the SPA process in GetUserMedia
16:52:02 [JoeHallCDT]
… might help to see an example of a SPA applied to a real spec.
16:52:19 [tara]
ack rvaneijk
16:52:38 [Christine]
Re Nick - yes - Hannes leading GetUserMedia and Wendy leading EME
16:52:49 [JoeHallCDT]
rvaneijk: concur with frank that flows are important and understanding is too.
16:53:02 [JoeHallCDT]
… from a DPA perspective, I have to look at lot of implementations of that policy
16:53:08 [JoeHallCDT]
… have a set of questions that I ask.
16:53:10 [fjh]
16:53:21 [JoeHallCDT]
… flows are key for me. I always ask for a diagram or summary.
16:53:41 [Christine]
Rob is speaking
16:53:41 [JoeHallCDT]
… this Q&A helps a lot to understand if there is a processing, collection of personal information.
16:54:07 [npdoty]
thanks, rvaneijk, that's great input
16:54:09 [JoeHallCDT]
hannes: you get to review a subset of a service.
16:54:18 [JoeHallCDT]
… not a spec.
16:54:27 [JoeHallCDT]
… data model may be more obvious in a spec.
16:55:04 [Christine]
Time monitor: 5 mins to the hour
16:55:55 [JoeHallCDT]
… while I agree that flows are important, what is the responsibility of the editors?
16:56:21 [JoeHallCDT]
fjh: if you have a little piece from a car, does the manuf. have to worry about the impact of that little piece or the whole care?
16:56:40 [npdoty]
s/whole care/whole car/
16:56:54 [npdoty]
16:56:55 [JoeHallCDT]
hannes: parts for the care are very specific, but here we're definiing very specific contexts.
16:57:04 [tara]
Thanks, Christine...we should wrap this up.
16:57:39 [tara]
Thanks, Joe!
16:57:42 [npdoty]
scribenick: npdoty
16:57:45 [JoeHallCDT]
JoeHallCDT has left #privacy
16:57:57 [Zakim]
16:58:05 [npdoty]
hannes: very difficult, because specifications are very generic, to be applied to many different types of applications
16:58:08 [yrlesru]
I believe that it is good to have such as process, even if today (2013) the privacy maturity of W3C is not sufficient to leverage every step in the process.
16:58:31 [fjh]
I'll share my comment on the list
16:58:39 [fjh]
16:59:10 [npdoty]
hannes: HTTP cookies, for example, some applications needed state management, but hard to see all the implications at that time
16:59:20 [npdoty]
tara: hate to cut off, but running out of time
16:59:30 [Christine]
We need people to work with Frank, Hannes and Nick on the 3 privacy guidance documents. Please volunteers.
16:59:51 [npdoty]
yrlesru: both general and specific comments are welcome; this discussion is important regarding maturity levels of the process
16:59:53 [Christine]
We also need volunteers to help Hannes and Wendy with the GetUserMedia and EME specs
17:00:30 [npdoty]
... work in progress (with GitHub); tried to apply to getUserMedia but found the high-level API difficult so falling back on use cases for now
17:00:31 [Christine]
Next call?
17:00:39 [Christine]
22 August?
17:00:59 [npdoty]
tara: any conflicts for 22 August? (let tara and christine know)
17:00:59 [fjh]
17:01:06 [yrlesru]
No conflict with 22.8.
17:01:15 [fjh]
fjh has left #privacy
17:01:18 [Christine]
Thanks Frank! Joe! Hannes! Tara! Everyone!
17:01:18 [Zakim]
17:01:20 [yrlesru]
Thanks to all for lively discussion!
17:01:27 [Zakim]
17:01:28 [npdoty]
tara: thanks all for joining, and to Joe for scribing
17:01:29 [Zakim]
17:01:30 [Zakim]
17:01:30 [Zakim]
17:01:32 [Zakim]
17:01:37 [npdoty]
Zakim, list attendees
17:01:37 [Zakim]
As of this point the attendees have been Christine, +1.650.283.aaaa, tara, npdoty, JoeHallCDT, fjh, rvaneijk, +1.469.242.aabb, Frank, +358.504.87aacc
17:01:42 [npdoty]
rrsagent, please draft the minutes
17:01:42 [RRSAgent]
I have made the request to generate npdoty
17:01:53 [yrlesru]
+358 was Hannes.
17:02:08 [npdoty]
Zakim, aacc is Hannes
17:02:08 [Zakim]
+Hannes; got it
17:02:10 [Zakim]
17:02:10 [Zakim]
Team_(privacy)16:00Z has ended
17:02:10 [Zakim]
Attendees were Christine, +1.650.283.aaaa, tara, npdoty, JoeHallCDT, fjh, rvaneijk, +1.469.242.aabb, Frank, +358.504.87aacc, Hannes
17:02:18 [yrlesru]
+1-469 was yrlesru/Frank
17:02:32 [npdoty]
rrsagent, please draft the minutes
17:02:32 [RRSAgent]
I have made the request to generate npdoty
17:02:57 [yrlesru]
18:03:01 [fjh]
fjh has joined #privacy
19:05:36 [Zakim]
Zakim has left #privacy
19:36:39 [npdoty]
npdoty has joined #privacy
20:43:39 [fjh]
fjh has joined #privacy