IRC log of privacy on 2013-10-10

Timestamps are in UTC.

15:39:05 [RRSAgent]
RRSAgent has joined #privacy
15:39:05 [RRSAgent]
logging to
15:39:07 [trackbot]
RRSAgent, make logs 263
15:39:07 [Zakim]
Zakim has joined #privacy
15:39:09 [trackbot]
Zakim, this will be
15:39:09 [Zakim]
I don't understand 'this will be', trackbot
15:39:10 [trackbot]
Meeting: Privacy Interest Group Teleconference
15:39:10 [trackbot]
Date: 10 October 2013
15:39:13 [npdoty]
rrsagent, make logs public
15:39:18 [npdoty]
zakim, this will be 7464
15:39:18 [Zakim]
ok, npdoty; I see Team_(privacy)16:00Z scheduled to start in 21 minutes
15:50:56 [glenn]
glenn has joined #privacy
15:51:30 [npdoty]
npdoty has changed the topic to: agenda October 10:
15:55:02 [tara]
tara has joined #privacy
15:55:54 [Zakim]
Team_(privacy)16:00Z has now started
15:55:55 [Zakim]
15:56:01 [Zakim]
15:56:03 [Zakim]
15:56:03 [Zakim]
15:56:16 [rigo]
rigo has joined #privacy
15:56:24 [tara]
zakim, Apple is me
15:56:24 [Zakim]
+tara; got it
15:56:42 [Zakim]
15:56:53 [christine]
christine has joined #privacy
15:57:06 [Zakim]
15:57:06 [Zakim]
15:57:06 [Zakim]
15:57:33 [rigo]
bad line, too much NSA loopback echo, trying again
15:57:38 [Zakim]
15:57:41 [Zakim]
15:57:43 [Zakim]
15:57:43 [Zakim]
15:57:51 [Zakim]
15:58:10 [christine]
Zakim, [IPcaller] is me
15:58:10 [Zakim]
+christine; got it
15:58:15 [Zakim]
15:58:22 [Zakim]
15:58:44 [rigo]
zakim, mute me
15:58:44 [Zakim]
Rigo should now be muted
15:59:06 [christine]
Regrets from Joe and Hannes
15:59:27 [wseltzer]
Regrets+ JoeHall, Hannes
15:59:48 [christine]
Agenda: 1. Welcome and introductions 2. Discussion of the privacy reviews of the draft Web Cryptography API [1] and the draft WebCrypto Key Discovery [2] 3. Update re privacy guidance documents (Privacy Considerations; Fingerprinting; Process) 4. Update re getUserMedia privacy review 5. Update re EME privacy review 6. AOB
16:00:07 [npdoty]
chair: tara
16:00:29 [christine]
Regrets Robin
16:01:11 [wseltzer]
Regrets+ Robin
16:01:23 [tara]
Getting started in a moment...
16:01:28 [christine]
thanks, I will try to remember that
16:01:47 [wseltzer]
zakim, who is here?
16:01:47 [Zakim]
On the phone I see tara, christine, npdoty, Rigo (muted), Wendy
16:01:48 [Zakim]
On IRC I see christine, rigo, tara, glenn, Zakim, RRSAgent, npdoty, TallTed, fjh, wseltzer, trackbot
16:02:04 [christine]
We need a scribe
16:02:42 [christine]
Thank you Nick
16:02:43 [npdoty]
scribenick: npdoty
16:03:04 [npdoty]
Topic: Web Cryptography review
16:03:12 [christine]
Agenda item 2 - Discussion of the privacy reviews of the draft Web Cryptography API [1] and the draft WebCrypto Key Discovery [2]
16:03:28 [christine]
Many thanks to Robin for providing a privacy review
16:03:34 [npdoty]
Robin sent comments to the list about it
16:03:48 [tara]
16:03:58 [tara]
16:04:21 [wseltzer]
-> Robin Wilton's review
16:05:47 [npdoty]
christine: last call we had guests from Web Crypto to discuss their privacy conversations; Robin provided a privacy review, but haven't received comments on the list
16:05:58 [npdoty]
... Web Crypto is anxious to get their review
16:06:32 [npdoty]
... follow up with Crypto WG, noting that they want something in a couple of weeks
16:06:47 [Karima]
Karima has joined #privacy
16:06:47 [npdoty]
tara: useful to get some comments in at this stage, let them see a draft
16:08:30 [Zakim]
16:08:51 [Karima]
zakim, ++??13 is me
16:08:51 [Zakim]
sorry, Karima, I do not recognize a party named '++??13'
16:08:56 [npdoty]
npdoty: concern that most UAs couldn't implement it because of privacy concerns. should that be a blocking concern?
16:09:00 [npdoty]
Zakim, ??P13 is Karima
16:09:00 [Zakim]
+Karima; got it
16:09:11 [Karima]
zakim, mute me
16:09:11 [Zakim]
Karima should now be muted
16:09:50 [npdoty]
wseltzer: pre-provisioned keys spec split off because of implementer concerns
16:10:17 [npdoty]
npdoty: if implementations can't be built, should that be a blocker? what does w3c typically do in that situation?
16:10:50 [Zakim]
16:10:51 [npdoty]
wseltzer: let it go for a while through the process; at some point should PING give a comment, might eventually go to the Director, based on whether implementations can be made
16:11:07 [npdoty]
... could do privacy reviews at the implementation stage to see if concerns really were addressed
16:12:16 [npdoty]
christine: typically would think we would focus on specification rather than implementation, but could maybe give advance guidance on implementation/results
16:12:56 [npdoty]
wseltzer: easy to give advice on individual specs, but privacy concerns will be noted for the point of implementations and interactions between features
16:13:15 [npdoty]
... could note it earlier just to compare our expectations to the actual real world experience
16:15:18 [npdoty]
npdoty: question about implementers
16:15:37 [Zakim]
16:16:07 [Karima]
Zakim, ??P13 is me
16:16:07 [Zakim]
+Karima; got it
16:16:27 [npdoty]
... could note about feature-at-risk or risk of non-implementation
16:17:57 [npdoty]
Topic: privacy guidance documents
16:18:11 [npdoty]
tara: privacy considerations; fingerprinting; SPA
16:18:23 [wseltzer]
ACTION christine to share draft review of WebCrypto with Virginie Galindo
16:18:24 [trackbot]
Created ACTION-4 - Share draft review of webcrypto with virginie galindo [on Christine Runnegar - due 2013-10-17].
16:18:56 [npdoty]
... missing Frank and Hannes today, as an Interest Group, what should be done with the documents at this stage?
16:20:43 [wseltzer]
16:22:30 [rigo]
nick, do you have the link for the charter
16:22:36 [npdoty]
16:23:15 [rigo]
ack ri
16:23:30 [npdoty]
npdoty: expectation was to publish a Group Note, not sure if we have draft/review requirements in the meantime
16:23:36 [christine]
16:24:43 [tara]
16:24:45 [npdoty]
rigo: per the charter, we're allowed to make Group Notes
16:24:45 [rigo]
zakim, mute me
16:24:45 [Zakim]
Rigo should now be muted
16:25:04 [rigo]
ack ri
16:26:09 [christine]
So does that mean we call it Draft Group Note as at x date?
16:26:49 [rigo]
16:27:44 [npdoty]
npdoty: suggest we publish Editors' Drafts now, and internally decide on what level of review we're going to have within PING or based on feedback from other groups before we published a finalized Note
16:27:56 [npdoty]
tara: if other Interest Groups have gone through this, happy to hear feedback
16:28:03 [fjh]
fjh has joined #privacy
16:28:04 [rigo]
look at
16:28:06 [tara]
ack christine
16:28:11 [npdoty]
... not complex, but happy to hear we can move these forward without a formal process
16:28:18 [rigo]
and ask Frederick how he got there
16:28:33 [npdoty]
christine: happy to hear suggestions on how we can encourage contributions to these privacy documents
16:28:59 [npdoty]
... suffering a little bit from divided time, with TPWG taking a lot of focus
16:29:29 [fjh]
we got there through the work in DAP at the time, including CDC input, discussions, items that involved applications
16:29:43 [rigo]
ack ri
16:29:49 [npdoty]
... this is important work for W3C, enough so to charter work, if you have ideas on how to go faster, please let me know
16:30:02 [fjh]
zakim, code?
16:30:02 [Zakim]
the conference code is 7464 (tel:+1.617.761.6200, fjh
16:30:11 [Zakim]
16:30:21 [fjh]
zakim, [IPcaller] is me
16:30:21 [Zakim]
+fjh; got it
16:30:46 [tara]
16:31:09 [fjh]
rrsagent, generate minutes
16:31:09 [RRSAgent]
I have made the request to generate fjh
16:31:30 [npdoty]
npdoty: we've had success with individual volunteers doing privacy reviews, maybe we should ask individuals to do reviews of each guidance document
16:31:47 [npdoty]
rigo: input can be driven by process requirements
16:32:20 [npdoty]
christine: IETF is taking a much more obvious and active interest in data security
16:32:26 [npdoty]
... gives a lot of support to their ongoing privacy work
16:32:28 [fjh]
16:33:19 [christine]
thank you for joining us
16:33:22 [fjh]
rrsagent, generate minutes
16:33:22 [RRSAgent]
I have made the request to generate fjh
16:34:26 [christine]
16:34:47 [npdoty]
npdoty: based on our use of "fingerprinting" term in other privacy reviews, we might want to update the definition or recommend using a different term
16:34:51 [npdoty]
ack christine
16:35:00 [npdoty]
christine: reminded hannes on getusermedia review
16:35:35 [christine]
16:35:45 [npdoty]
wseltzer: joe and I still planning to do privacy review on EME
16:36:07 [npdoty]
16:36:11 [npdoty]
ack christine
16:37:00 [npdoty]
christine: there may have been some uncertainty about the forward progress/scope of EME
16:37:15 [npdoty]
... how would it fit into their schedule? do they have a particular deadline?
16:37:31 [npdoty]
wseltzer: they have published Working Drafts, it would be useful to have privacy review now
16:38:12 [npdoty]
christine: might be able to capitalize on the recent press coverage, reminder that wseltzer is managing a privacy review of this spec
16:39:01 [npdoty]
wseltzer: would be happy to forward that email to the restricted media community group
16:39:19 [npdoty]
16:39:30 [tara]
ack npdoty
16:40:40 [christine]
16:40:51 [tara]
ack christine
16:41:09 [npdoty]
topic: standards and surveillance concerns
16:42:09 [npdoty]
npdoty: what should we do in response to reports of sabotage of security standards? know IETF/IAB is working on some privacy-related rfcs
16:42:24 [christine]
16:42:28 [npdoty]
christine: know it's been an active topic of discussion in internet governance
16:42:29 [wseltzer]
16:42:38 [npdoty]
... don't want to comment on what w3c is doing internally
16:43:09 [npdoty]
tara: on a broader scale, what can we do to provide transparency around process to address that concern
16:43:10 [npdoty]
ack wseltzer
16:43:11 [tara]
ack christine
16:43:40 [npdoty]
wseltzer: one statement has been from OpenStand, open standards process to resist that kind of infiltration, a very high-level response
16:43:59 [christine]
16:44:22 [npdoty]
16:44:35 [npdoty]
wseltzer: what should we do now that we know more about this kind of threat?
16:45:10 [npdoty]
... TAG (technical architecture group) and domain talking about what responses are necessary on security in standards development
16:45:12 [wseltzer]
-> OpenStand statement
16:45:17 [npdoty]
tara: will this be a topic at TPAC?
16:45:39 [npdoty]
wseltzer: it should be discussed there, yes. we should propose it on the unconference day if it's not already on the schedule
16:45:45 [npdoty]
16:45:54 [tara]
ack npdoty
16:45:55 [wseltzer]
-> TPAC Wiki
16:46:12 [rigo]
16:46:21 [rigo]
ack ri
16:46:25 [tara]
ack rigo
16:46:37 [npdoty]
npdoty: can also talk at IETF in Vancouver, good for coordinating between w3c and ietf
16:48:35 [christine]
agree with Nick
16:48:59 [npdoty]
tara: hearing general support for making statements. is there anything on the other side, concerns against making a statement?
16:48:59 [npdoty]
fjh: might be a w3c thing, not a PING thing
16:49:32 [Karima]
I think it is a PING thing
16:49:33 [wseltzer]
16:50:07 [wseltzer]
16:50:30 [npdoty]
16:50:36 [christine]
16:50:39 [Karima]
16:50:46 [npdoty]
q- later
16:51:26 [tara]
ack npdoty
16:52:43 [tara]
ack christine
16:53:12 [npdoty]
npdoty: organizations as a whole can make larger statements, but PING or IAB privacy program can publish documents that would actually implement those priorities
16:53:41 [npdoty]
christine: had hoped to have further progress on privacy considerations, but glad we've been doing privacy reviews
16:54:10 [npdoty]
... still maturing, but hope we can get to the point where we can say, there is a group that is developing guidance and coordinating privacy reviews of specifications
16:54:24 [npdoty]
... question may be asked of standards bodies: what are you doing to protect us?
16:54:31 [npdoty]
ack Karima
16:55:57 [npdoty]
Karima: congress on privacy, launch debate on what happens at the NSA; videos have been posted, including a discussion of standardization
16:56:03 [npdoty]
... could be helpful in making a responsible statement
16:56:23 [christine]
16:56:58 [npdoty]
ack christine
16:57:08 [npdoty]
christine: pointing out charter date inconsistency
16:57:15 [christine]
christine will be
16:57:28 [tara]
I will not be, sadly.
16:57:36 [npdoty]
npdoty: my fault, will follow up internally
16:58:29 [npdoty]
tara: if you'll be in Vancouver, let us know, so we can get together and discuss
16:58:54 [christine]
when is thanksgiving?
16:59:08 [npdoty]
us thanksgiving is thursday the 28th of November
16:59:10 [christine]
I can't do 21
16:59:20 [rigo]
all W3C will be absent for TPAC until 19 Nov
16:59:36 [christine]
first week of dec?
17:00:00 [christine]
I will be hoping outstanding privacy reviews are completed by then - 5 dec
17:00:12 [christine]
thank you tara
17:00:18 [christine]
and nick and all
17:00:20 [npdoty]
December 5th likely works for next call
17:00:26 [Zakim]
17:00:29 [Zakim]
17:00:31 [rigo]
regrets on 5 th of December, conflicting meeting
17:00:35 [Zakim]
17:00:36 [Zakim]
17:00:36 [Zakim]
17:00:38 [Zakim]
17:00:43 [npdoty]
Zakim, list attendees
17:00:43 [Zakim]
As of this point the attendees have been npdoty, tara, Rigo, christine, Wendy, Karima, fjh
17:00:47 [npdoty]
rrsagent, please draft the minutes
17:00:47 [RRSAgent]
I have made the request to generate npdoty
17:00:54 [npdoty]
rrsagent, bye
17:00:54 [RRSAgent]
I see no action items