15:49:42 <RRSAgent> RRSAgent has joined #privacy
15:49:42 <RRSAgent> logging to http://www.w3.org/2013/07/11-privacy-irc
15:49:44 <trackbot> RRSAgent, make logs 263
15:49:46 <trackbot> Zakim, this will be
15:49:46 <Zakim> I don't understand 'this will be', trackbot
15:49:47 <trackbot> Meeting: Privacy Interest Group Teleconference
15:49:47 <trackbot> Date: 11 July 2013
15:49:53 <npdoty> rrsagent, make logs public
15:49:58 <npdoty> Zakim, this will be PING
15:49:58 <Zakim> ok, npdoty; I see Team_(privacy)16:00Z scheduled to start in 11 minutes
15:50:47 <Christine> Christine has joined #privacy
15:51:59 <Zakim> Team_(privacy)16:00Z has now started
15:52:06 <Zakim> +[IPcaller]
15:52:23 <Christine> Zakim, +{IPcaller} is me
15:52:23 <Zakim> sorry, Christine, I do not recognize a party named '+{IPcaller}'
15:52:38 <Christine> Zakim, +{IPcaller] is me
15:52:38 <Zakim> sorry, Christine, I do not recognize a party named '+{IPcaller]'
15:53:02 <npdoty> Zakim, IPcaller is Christine
15:53:05 <Zakim> +Christine; got it
15:53:15 <Zakim> + +1.650.283.aaaa
15:53:49 <tara> Zakim, aaaa is me
15:53:49 <Zakim> +tara; got it
15:54:26 <npdoty> Zakim, code?
15:54:26 <Zakim> the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), npdoty
15:54:38 <Zakim> +npdoty
15:57:12 <rvaneijk> rvaneijk has joined #privacy
15:57:44 <rvaneijk> Hi Wendy, Tara, Christine ! Hope all is well.
15:57:50 <tara> Hi Rob!
15:57:55 <Christine> Hi
15:58:44 <JoeHallCDT> JoeHallCDT has joined #privacy
15:59:35 <fjh> fjh has joined #privacy
15:59:47 <npdoty> yeah, I think going over the document structures would be useful
15:59:59 <fjh> zakim, code?
16:00:00 <Zakim> the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), fjh
16:01:02 <Christine> Agenda - 1. Welcome and introductions 2. Discussion of privacy guidance documents (Privacy Considerations; Fingerprinting; Process) 3. Update re getUserMedia privacy review 4. Update re EME privacy review 5. AOB
16:01:15 <Zakim> +[CDT]
16:01:16 <npdoty> Zakim, who is on the phone?
16:01:16 <Zakim> On the phone I see Christine, tara, npdoty, [CDT]
16:01:22 <yrlesru> yrlesru has joined #privacy
16:01:38 <npdoty> Zakim, CDT has JoeHallCDT
16:01:38 <Zakim> +JoeHallCDT; got it
16:01:54 <npdoty> chair: tara
16:02:08 <Zakim> +[IPcaller]
16:02:10 <npdoty> scribenick: npdoty
16:02:13 <fjh> zakim, [IPcaller] is me
16:02:13 <Zakim> +fjh; got it
16:02:20 <fjh> Present+ Frederick_Hirsch
16:02:37 <Zakim> +rvaneijk
16:02:54 <npdoty> tara: welcome, know that many people are busy with intensive Tracking Protection work, but a good time to check in
16:03:14 <npdoty> ... anyone new to introduce themselves? welcome back Rob vE
16:03:23 <npdoty> ... overview of the agenda
16:03:42 <Christine> Who is on the call?
16:03:47 <npdoty> Topic: Privacy Considerations doc
16:03:52 <fjh> zakim, who is here?
16:03:52 <Zakim> On the phone I see Christine, tara, npdoty, [CDT], fjh, rvaneijk
16:03:53 <Zakim> [CDT] has JoeHallCDT
16:03:53 <Zakim> On IRC I see yrlesru, fjh, JoeHallCDT, rvaneijk, Christine, RRSAgent, tara, Zakim, npdoty, TallTed, glenn, trackbot, wseltzer
16:04:01 <Zakim> + +1.469.242.aabb
16:04:17 <JoeHallCDT> zakim, [CDT] is me
16:04:17 <Zakim> +JoeHallCDT; got it
16:04:28 <npdoty> http://w3c.github.io/fingerprinting-guidance/
16:04:39 <yrlesru> zakim +1.469.242.aabb is yrlesru
16:05:07 <yrlesru> zakim, [aabb] is Frank
16:05:07 <Zakim> sorry, yrlesru, I do not recognize a party named '[aabb]'
16:05:19 <yrlesru> zakim, aabb is Frank
16:05:19 <Zakim> +Frank; got it
16:05:23 <JoeHallCDT> suggest Nick Weaver and Hovav Shacham's student (can't remember)
16:05:33 <yrlesru> zakim, aabb is yrlesru
16:05:33 <Zakim> sorry, yrlesru, I do not recognize a party named 'aabb'
16:05:46 <JoeHallCDT> scribenick: JoeHallCDT
16:05:58 <JoeHallCDT> [missed the beginning of npdoty's stuff]
16:06:28 <Zakim> + +358.504.87aacc
16:06:29 <JoeHallCDT> npdoty: as the entropy of UA strings get more complicated, increased these fingerprintability
16:06:47 <JoeHallCDT> … what are the use case that we are protecting for, and in which can we reduce entropy in UA strings?
16:07:04 <JoeHallCDT> … who is it that we should be talking to about [passive fingerpting]?
16:07:09 <Christine> That seems like a very sensible idea Nick
16:07:16 <JoeHallCDT> … do we know which group or which body would be working on that?
16:07:26 <yrlesru> Could Nick rephrase...
16:07:46 <npdoty> JoeHallCDT: more familiar with the academic work, so I can help you there
16:08:21 <JoeHallCDT> npdoty: Who are the right people to talk to about the use cases for the UA strings?
16:08:27 <Christine> Q+
16:08:37 <JoeHallCDT> … and if we want to address reducing entropy in in UA strings, who should we talk to?
16:09:03 <JoeHallCDT> someone: Do you want to restrict the UA strings to make them less unique?
16:09:29 <JoeHallCDT> … because I think the UA strings are widely used, e.g., in the mobile area, to understand what kind of device is accessing the site to do programmatic reformating, etc.
16:09:48 <JoeHallCDT> … seems like the horse is out of the barn in trying to restrict the diversity of values in UA strings.
16:10:09 <JoeHallCDT> npdoty: maybe not every browser is adding something to the end of the UA string...
16:10:23 <tara> ack Christine
16:10:27 <JoeHallCDT> … maybe if we have that use case down, we don't need such long UA strings.
16:10:28 <npdoty> s/someone/yrlesru/
16:10:43 <JoeHallCDT> Christine: Frank makes a great case about why this is useful.
16:11:01 <JoeHallCDT> … Can we identify which groups in w3c are principally focused on using UA strings for this kind of functionality?
16:11:33 <JoeHallCDT> npdoty: Wanted to see if anyone knew that off the top of their head. Will take as homework.
16:11:48 <JoeHallCDT> tara: you could also throw it out on the list.
16:12:00 <JoeHallCDT> … many of us would be interested to see what you find.
16:12:19 <JoeHallCDT> rvaneijk: think the document is already a great aggregation of information about fingerprinting.
16:12:29 <npdoty> will follow up with Joe about some of the academic work, and email public-privacy and w3c-internal lists about working groups that might affect UA
16:12:49 <JoeHallCDT> … Would like to see things like… device optimization uses vs. for deriving a tracking identifier.
16:13:03 <JoeHallCDT> … building up use cases would be very helpful.
16:13:26 <JoeHallCDT> … I am writing up a [something] on fingerprinting, so this would be very useful. Would be willing to help expand use cases.
16:13:39 <npdoty> great, thanks, rvaneijk
16:13:43 <JoeHallCDT> q+
16:14:05 <yrlesru> I came into call a bit late. Was there anything before Fingerprinting.
16:14:18 <tara> ack JoeHallCDT
16:15:32 <JoeHallCDT> JoeHallCDT: asks about focus on passive fp?
16:15:46 <JoeHallCDT> npdoty: more people think that active fp is a lost cause.
16:15:56 <JoeHallCDT> … once you're  running client side code, you're hosed.
16:16:18 <tara> Joe, were you thinking of Keaton Mowery? http://cseweb.ucsd.edu/~kmowery/
16:16:23 <JoeHallCDT> … you might be able to detect or disable active fingerprinting.
16:16:26 <JoeHallCDT> yes!
16:16:35 <JoeHallCDT> thanks, Nick!
16:16:39 <yrlesru> Can we assume we will use the term "passive" and "active" relative to consumer/user participation?
16:17:26 <JoeHallCDT> tara: sounds like this is going in a good direction.
16:17:32 <fjh> does user participate when javascript actively checks GPU etc?
16:17:36 <npdoty> yrlesru, I've tried to define "passive" and "active" in that document thus far, mostly to refer to whether local client-side code is involved
16:17:40 <JoeHallCDT> … let's move to SPA from yrlesru
16:17:54 <npdoty> http://yrlesru.github.io/SPA/
16:18:13 <JoeHallCDT> yrlesru: the SPA is out on github. Thanks to npdoty and [Art Bartsow?]
16:18:31 <JoeHallCDT> … have received some comments from bartsow and npdoty
16:18:33 <Christine> Would it be helpful to walk through the document today?
16:18:38 <JoeHallCDT> I sent you comments.
16:18:52 <fjh> s/Bartsow/Barstow/
16:19:31 <JoeHallCDT> yrlesru: Rationale… at Nokia, we have a number of people participating in consortia and standards groups and we've begun to understand the privacy impact on our work.
16:19:47 <JoeHallCDT> … we're designing bridges w/o asking a structural engineer about integrity of design.
16:20:00 <JoeHallCDT> … lots of standards were developed before people were thinking about privacy considerations.
16:20:10 <JoeHallCDT> … in IETF you have to have a security considerations sections.
16:20:35 <JoeHallCDT> … came from IETF management, who wanted to make sure security impact was recognized as important and incorporated into standards.
16:20:55 <JoeHallCDT> … in IETF they have a security directorate, beardos that are wise in security.
16:21:16 <JoeHallCDT> … they had some guidance about what this kind of section should look like in RFCs.
16:21:33 <JoeHallCDT> … occured to us at Nokia that a similar approach could be taken for privacy.
16:21:54 <JoeHallCDT> … wanted to avoid ineherent weaknesses wrt privacy.
16:22:10 <JoeHallCDT> … want to have a common process for how editors and contributors would go about looking at privacy impacts.
16:22:35 <JoeHallCDT> … if you look at IETF, it's an *ad hoc* approach… no systematic approach to look at privacy impact.
16:22:46 <JoeHallCDT> … simply having a set of use cases without understanding how they apply is not systematic.
16:22:54 <JoeHallCDT> … having a checklist is much more systematic.
16:23:12 <JoeHallCDT> … checklists are very important in health care and aviation contexts.
16:23:36 <JoeHallCDT> … having working in ISO on some of the management standards, and privacy impact methodologies, a PIA approach is gaining a lot of momentum.
16:23:58 <JoeHallCDT> … it could be that a PIA approach could be a good baseline to start a privacy impact section in a spec.
16:24:05 <JoeHallCDT> … about 7 steps that one would want to do.
16:24:16 <JoeHallCDT> … like security, privacy impact goes with the data
16:24:36 <JoeHallCDT> … by following the data, can figure out where the privacy impact is going to be.
16:24:46 <JoeHallCDT> … can then put in safeguards to mitigate those impacts.
16:25:03 <JoeHallCDT> … bascially I've just described what's in the SPA document.
16:25:31 <JoeHallCDT> … use cases help you understand primary and secondary uses.
16:25:37 <npdoty> q+ to be skeptical about data flows
16:25:51 <JoeHallCDT> … looking at data flow allows you to see how data affects those use cases.
16:26:38 <JoeHallCDT> … describes a spec that narrowed the request of contacts after such an examination.
16:27:05 <JoeHallCDT> … once you have an understanding of data flows and basic architecture, you can see where there are opportunities to put in controls and safeguards.
16:27:26 <JoeHallCDT> … latter element in SPA considers where the impact may be non-architectural but on deployment
16:27:38 <JoeHallCDT> … so privacy considerations should touch on deployment too.
16:28:02 <Christine> That was a superb overview Frank
16:28:06 <npdoty> +1
16:28:11 <JoeHallCDT> +1
16:28:31 <tara> ack npdoty
16:28:31 <Zakim> npdoty, you wanted to be skeptical about data flows
16:28:47 <JoeHallCDT> npdoty: have been mulling over questions...
16:29:02 <JoeHallCDT> … want to focus on whether to apply the process and when.
16:29:15 <JoeHallCDT> … want to be skeptical about data flows.
16:29:34 <JoeHallCDT> … going through a set of [FIPS-like] principles is very valuable
16:29:50 <JoeHallCDT> … less certain how useful it would be to identify specific data flows or to id which information is personal or not.
16:29:51 <yrlesru> FIPP
16:30:38 <JoeHallCDT> … some of the questions are less about what kind of data but more about how these principals work.
16:31:01 <JoeHallCDT> yrlesru: I heard 1) skepticism about data flows, and 2) the logic diagram that outlines whether or not a specific assessment is needed.
16:31:07 <JoeHallCDT> … they're kind of tied together.
16:31:37 <JoeHallCDT> … has talked to sensor engineers who don't work with software so much.
16:32:06 <JoeHallCDT> … from them, the guidance I got, was "if you could privacy into a set of equations, these people can grok it"
16:32:12 <JoeHallCDT> … I came up with four equations.
16:32:29 <JoeHallCDT> … they were bored until I showed the equations.
16:32:51 <JoeHallCDT> … this enlightened me: engineers will understand privacy a bit better if we can make privacy quantifiable and measurable.
16:33:07 <JoeHallCDT> … first equation: what do you mean by data? if you don't have data, you don't have privacy.
16:33:24 <JoeHallCDT> … second eq.: breaks down identifiability, observability and linkability
16:33:35 <JoeHallCDT> … the point being that it's very important to understand the data flow.
16:33:44 <JoeHallCDT> … if there is no flow, there is no or minimal privacy impact.
16:33:57 <JoeHallCDT> … under the SUR [? frank likes acros]
16:34:14 <npdoty> "specification under review"
16:34:37 <JoeHallCDT> … for me, once I mapped data flows, I had a much better understand of privacy impacts.
16:34:45 <JoeHallCDT> … npdoty doesn't need no data flows.
16:35:09 <JoeHallCDT> … so this is more for engineers, rather than seasoned privacy experts who know FIPs/FIPPs.
16:35:29 <JoeHallCDT> … and this is very simple data flows in a uses case to understand the trust boundaries.
16:35:54 <JoeHallCDT> … e.g., if a sensor is collecting information but the data never leaves the sensor register, then there's probably minimal to no impact.
16:36:10 <JoeHallCDT> … might not understand that without mapping flows.
16:37:02 <JoeHallCDT> [hannes?]: The main part of the specification is entirely about the data flows.
16:37:14 <npdoty> I think Frank is making two points: both that to do a privacy review you need to deeply understand the functionality
16:37:29 <npdoty> and that you need to identify where the data is flowing to explain whether privacy is impacted at all
16:37:46 <JoeHallCDT> … I don't think it's good advice to have people write up a summary of the protocol in the privacy considerations section.
16:38:05 <npdoty> (and I'm generally more supportive of the first than of the second, which I fear can be misleading)
16:38:06 <yrlesru> Please, Hannes, read the SPA. THere is no request to put DFD in Privacy Considerations.
16:38:19 <JoeHallCDT> Isn't the SPA an instrument for creating a privacy considerations section?
16:38:28 <yrlesru> The DFD is needed for assessor, not to put in PC section.
16:39:13 <JoeHallCDT> … [havig a hard time scribing Hannes]
16:39:20 <JoeHallCDT> s/havig/having/
16:39:37 <JoeHallCDT> yrlesru: SPA says there are only two or three things that go in privacy considerations section.
16:39:48 <JoeHallCDT> … where is personal information being collected and processed.
16:39:56 <JoeHallCDT> … where is privacy being impacted
16:40:05 <JoeHallCDT> … how has this been addressed
16:40:11 <JoeHallCDT> … [one other thing Joe missed]
16:40:22 <npdoty> hannes: specifications tend to be very generic, APIs aren't used only in a single place, in the home, but used generally
16:40:33 <JoeHallCDT> hannes: need to outline what's the responsiblity of spec writers vs. deployers.
16:40:59 <JoeHallCDT> … e.g., a protocl dev can't say anything about a retention period.
16:41:16 <JoeHallCDT> … no way to enforce a recommended retention period.
16:41:31 <JoeHallCDT> … requiring protocol authors to write anything meaningful about deployment is very challenging.
16:42:07 <JoeHallCDT> yrlesru: however, for the person deploying the spec, if the service designers haven't thought about, e.g., retention, they might be impacted by this being in the spec.
16:42:13 <npdoty> fjh may have some experience with providing guidance to implementers, and how useful they might be
16:42:47 <JoeHallCDT> … the underlying fundamental point is that if you're creating protocols/specs, it behooves us from the beginning to take into account S&P in a systematic and considered manner.
16:43:03 <JoeHallCDT> … need to map the protocol into how it will be used.
16:43:27 <npdoty> q+
16:44:21 <JoeHallCDT> hannes: IAB published "writing protocol models" that goes into some depth about how to write protocols to be analyzeable from security folks.
16:44:36 <JoeHallCDT> … challenge is that people are super-busy, now you're throwing another piece of work on them.
16:44:46 <JoeHallCDT> … they won't be able to do everything that your asking.
16:44:50 <yrlesru> Challenging part of the privacy work is to mature the privacy maturity of the group. We are at a primitive stage.
16:44:50 <JoeHallCDT> … what do you want them to do?
16:45:01 <JoeHallCDT> … I would like to focus them on something else?
16:45:07 <JoeHallCDT> ack npdoty
16:45:07 <tara> ack npdoty
16:45:49 <JoeHallCDT> npdoty: Frank is saying if you're doing a privacy review but did not write the spec, you need to do these things to understand how it's working.
16:46:21 <JoeHallCDT> … curious if privacy requirements are more productive than data flow?
16:46:32 <JoeHallCDT> yrlesru: how do you know what to apply if you don't know what it's doing?
16:46:41 <JoeHallCDT> … notice and consent, e.g., may not even apply.
16:47:16 <JoeHallCDT> … how do you know what to apply without knowing what the spec is doing?
16:47:53 <JoeHallCDT> … doesn't want to see privacy principle opportunism.
16:48:04 <JoeHallCDT> … agrees with Hannes that we don't want to make undue work for folks.
16:48:30 <fjh> +1 need to be pragmatic and reasonable work for those producing work products
16:48:43 <rvaneijk> rvaneijk has joined #privacy
16:49:01 <JoeHallCDT> … look at the intent of the processes and can then consider if you need to put in back up processes.
16:49:14 <JoeHallCDT> npdoty: wanted to understand why the data flow is useful.
16:49:28 <JoeHallCDT> yrlesru: in some of the less systematic approaches, people just have a set of threats.
16:49:32 <Christine> Q+
16:49:37 <rvaneijk> q+
16:49:39 <JoeHallCDT> … e.g., unauth. access… how do you know that applies?
16:49:46 <JoeHallCDT> … you don't unless you understand the process.
16:49:49 <fjh> if done right, systematic approach could be less work?
16:50:05 <JoeHallCDT> less work than copy+paste? :)
16:50:29 <JoeHallCDT> … editors will be in a better place as they already understand flows
16:50:41 <JoeHallCDT> … but for assessors, the flows will be key.
16:51:00 <JoeHallCDT> … for ISO 90001 [?] and the associated assessors, this will be important.
16:51:03 <tara> ack Christine
16:51:05 <npdoty> I'm personally a little concerned that "oh, there's no data" may be misleading; some of the privacy concerns we've identified on event notification and correlation might not identify a set of new data that's flowing
16:51:08 <fjh> q+
16:51:27 <JoeHallCDT> Christine: my understanding is that we have two privacy reviews in the queue
16:51:28 <fjh> q-
16:51:49 <JoeHallCDT> … yrlesru is doing something like the SPA process in GetUserMedia
16:52:02 <JoeHallCDT> … might help to see an example of a SPA applied to a real spec.
16:52:19 <tara> ack rvaneijk
16:52:38 <Christine> Re Nick - yes - Hannes leading GetUserMedia and Wendy leading EME
16:52:49 <JoeHallCDT> rvaneijk: concur with frank that flows are important and understanding is too.
16:53:02 <JoeHallCDT> … from a DPA perspective, I have to look at lot of implementations of that policy
16:53:08 <JoeHallCDT> … have a set of questions that I ask.
16:53:10 <fjh> q+
16:53:21 <JoeHallCDT> … flows are key for me. I always ask for a diagram or summary.
16:53:41 <Christine> Rob is speaking
16:53:41 <JoeHallCDT> … this Q&A helps a lot to understand if there is a processing, collection of personal information.
16:54:07 <npdoty> thanks, rvaneijk, that's great input
16:54:09 <JoeHallCDT> hannes: you get to review a subset of a service.
16:54:18 <JoeHallCDT> … not a spec.
16:54:27 <JoeHallCDT> … data model may be more obvious in a spec.
16:55:04 <Christine> Time monitor: 5 mins to the hour
16:55:55 <JoeHallCDT> … while I agree that flows are important, what is the responsibility of the editors?
16:56:21 <JoeHallCDT> fjh: if you have a little piece from a car, does the manuf. have to worry about the impact of that little piece or the whole care?
16:56:40 <npdoty> s/whole care/whole car/
16:56:54 <npdoty> s/fjh/rvaneijk/
16:56:55 <JoeHallCDT> hannes: parts for the care are very specific, but here we're definiing very specific contexts.
16:57:04 <tara> Thanks, Christine...we should wrap this up.
16:57:39 <tara> Thanks, Joe!
16:57:42 <npdoty> scribenick: npdoty
16:57:45 <JoeHallCDT> JoeHallCDT has left #privacy
16:57:57 <Zakim> -JoeHallCDT
16:58:05 <npdoty> hannes: very difficult, because specifications are very generic, to be applied to many different types of applications
16:58:08 <yrlesru> I believe that it is good to have such as process, even if today (2013) the privacy maturity of W3C is not sufficient to leverage every step in the process.
16:58:31 <fjh> I'll share my comment on the list
16:58:39 <fjh> q-
16:59:10 <npdoty> hannes: HTTP cookies, for example, some applications needed state management, but hard to see all the implications at that time
16:59:20 <npdoty> tara: hate to cut off, but running out of time
16:59:30 <Christine> We need people to work with Frank, Hannes and Nick on the 3 privacy guidance documents. Please volunteers.
16:59:51 <npdoty> yrlesru: both general and specific comments are welcome; this discussion is important regarding maturity levels of the process
16:59:53 <Christine> We also need volunteers to help Hannes and Wendy with the GetUserMedia and EME specs
17:00:30 <npdoty> ... work in progress (with GitHub); tried to apply to getUserMedia but found the high-level API difficult so falling back on use cases for now
17:00:31 <Christine> Next call?
17:00:39 <Christine> 22 August?
17:00:59 <npdoty> tara: any conflicts for 22 August? (let tara and christine know)
17:00:59 <fjh> thanks
17:01:06 <yrlesru> No conflict with 22.8.
17:01:15 <fjh> fjh has left #privacy
17:01:18 <Christine> Thanks Frank! Joe! Hannes! Tara! Everyone!
17:01:18 <Zakim> -fjh
17:01:20 <yrlesru> Thanks to all for lively discussion!
17:01:27 <Zakim> -npdoty
17:01:28 <npdoty> tara: thanks all for joining, and to Joe for scribing
17:01:29 <Zakim> -rvaneijk
17:01:30 <Zakim> -Christine
17:01:30 <Zakim> -tara
17:01:32 <Zakim> -Frank
17:01:37 <npdoty> Zakim, list attendees
17:01:37 <Zakim> As of this point the attendees have been Christine, +1.650.283.aaaa, tara, npdoty, JoeHallCDT, fjh, rvaneijk, +1.469.242.aabb, Frank, +358.504.87aacc
17:01:42 <npdoty> rrsagent, please draft the minutes
17:01:42 <RRSAgent> I have made the request to generate http://www.w3.org/2013/07/11-privacy-minutes.html npdoty
17:01:53 <yrlesru> +358 was Hannes.
17:02:08 <npdoty> Zakim, aacc is Hannes
17:02:08 <Zakim> +Hannes; got it
17:02:10 <Zakim> -Hannes
17:02:10 <Zakim> Team_(privacy)16:00Z has ended
17:02:10 <Zakim> Attendees were Christine, +1.650.283.aaaa, tara, npdoty, JoeHallCDT, fjh, rvaneijk, +1.469.242.aabb, Frank, +358.504.87aacc, Hannes
17:02:18 <yrlesru> +1-469 was yrlesru/Frank
17:02:32 <npdoty> rrsagent, please draft the minutes
17:02:32 <RRSAgent> I have made the request to generate http://www.w3.org/2013/07/11-privacy-minutes.html npdoty
17:02:57 <yrlesru> quit
18:03:01 <fjh> fjh has joined #privacy
19:05:36 <Zakim> Zakim has left #privacy
19:36:39 <npdoty> npdoty has joined #privacy
20:43:39 <fjh> fjh has joined #privacy