15:57:40 <RRSAgent> RRSAgent has joined #privacy
15:57:40 <RRSAgent> logging to http://www.w3.org/2014/06/26-privacy-irc
15:57:42 <trackbot> RRSAgent, make logs 263
15:57:42 <Zakim> Zakim has joined #privacy
15:57:44 <trackbot> Zakim, this will be
15:57:44 <Zakim> I don't understand 'this will be', trackbot
15:57:45 <trackbot> Meeting: Privacy Interest Group Teleconference
15:57:45 <trackbot> Date: 26 June 2014
15:57:49 <npdoty> rrsagent, make logs public
15:57:55 <npdoty> Zakim, this will be PING
15:57:56 <Zakim> ok, npdoty; I see Team_(privacy)16:00Z scheduled to start in 3 minutes
15:58:05 <npdoty> chair: christine
15:58:17 <npdoty> chair: christine, tara
15:58:24 <npdoty> volunteers to scribe?
15:59:37 <JoeHallCDT> i can
15:59:46 <tara> Thanks!
16:00:27 <tara> Phone is very quiet today...
16:01:50 <npdoty> npdoty has changed the topic to: agenda June 6: http://lists.w3.org/Archives/Public/public-privacy/2014AprJun/0021.html
16:01:53 <Hannes_Tschofenig> Hannes_Tschofenig has joined #privacy
16:01:56 <npdoty> agenda: http://lists.w3.org/Archives/Public/public-privacy/2014AprJun/0021.html
16:02:05 <npdoty> Zakim, who is on the phone?
16:02:05 <Zakim> Team_(privacy)16:00Z has not yet started, npdoty
16:02:06 <Zakim> On IRC I see Hannes_Tschofenig, Zakim, RRSAgent, npdoty, christine, Karima, tara, JoeHallCDT, TallTed, fjh, glenn, terri, trackbot, wseltzer
16:02:26 <Hannes_Tschofenig> Nick, did you notice that I sent you a pull request?
16:02:44 <JoeHallCDT> thanks for coming!
16:02:54 <npdoty> Zakim, this is PING
16:02:54 <Zakim> ok, npdoty; that matches Team_(privacy)16:00Z
16:03:03 <npdoty> Zakim, who is on the phone?
16:03:03 <Zakim> On the phone I see [Apple], [IPcaller], +33.6.95.66.aaaa, [CDT], +44.793.550.aabb, npdoty
16:03:16 <tara> http://www.w3.org/Privacy/
16:03:18 <JoeHallCDT> the privacy activity page for PING has been updated!
16:03:19 <christine> Zakim, [IPcaller] is me
16:03:19 <Zakim> +christine; got it
16:03:21 <JoeHallCDT> woo! thanks, Nick
16:03:31 <npdoty> (rebeccapurple logo for the time being)
16:03:54 <tara> https://w3c.github.io/privacy-considerations/
16:03:56 <JoeHallCDT> let the chairs know if you see things missing or that should be there
16:04:02 <JoeHallCDT> privacy considerations document is now in github
16:04:07 <npdoty> Hannes_Tschofenig, no, I didn't notice! sorry I missed that
16:04:33 <JoeHallCDT> Hannes, Nick, Joe and Christine will work in a privacy task force to hammer out this document over the yar
16:04:34 <JoeHallCDT> yea
16:04:39 <JoeHallCDT> s/yea/year/
16:04:43 <JoeHallCDT> s/yar/year/
16:05:07 <JoeHallCDT> Christine: please volunteer to join this task force to work on this document
16:05:21 <JoeHallCDT> … will be helpful to get your views now in the next couple of weeks
16:05:33 <JoeHallCDT> Tara: question about the SPA document
16:05:39 <npdoty> regrets+ Frank
16:06:42 <npdoty> yes,Frank's SPA document is on Github, fwiw: http://yrlesru.github.io/SPA/
16:07:05 <JoeHallCDT> hannes: a way to make these not overlap… one on process and one on substance
16:07:25 <npdoty> JoeHallCDT: one potentially confusing thing is that Frank's document is out there and Hannes's is out there too and not clear on the overlap
16:07:50 <christine> q+
16:07:55 <JoeHallCDT> … this might be a useful separation
16:08:08 <JoeHallCDT> … mimics the approach of IETF, with a privacy considerations document and a process document
16:08:52 <tara> ack
16:09:09 <npdoty> Hannes_Tschofenig, which is the IETF-specific process document related to privacy?
16:09:15 <npdoty> ack christine
16:09:16 <JoeHallCDT> Christine: in the Task Force on privacy considerations in the meeting at IETF we should try to triage these two documents...
16:09:21 <JoeHallCDT> … and figure out what should go where
16:09:52 <npdoty> +1, sounds good
16:09:59 <JoeHallCDT> +1
16:10:02 <christine> Next agenda item - browser fingerprinting guidance
16:10:45 <christine> q+
16:10:45 <JoeHallCDT> Nick: no updates right now… getting feedback from experts on fingerprinting
16:10:47 <JoeHallCDT> q+
16:11:10 <JoeHallCDT> … if you know specific people that might want to talk with me (Nick) please reach out
16:11:11 <JoeHallCDT> ack
16:11:21 <npdoty> ack christine
16:11:37 <JoeHallCDT> Christine: wanted to ask about who could help… sounds like experts can
16:11:52 <JoeHallCDT> … would there be any of those people at the IETF… would it be worthwhile to set up a coffee meeting?
16:12:12 <JoeHallCDT> Nick: maybe so. the few people I've talked to, some of them are IETF security people.
16:12:28 <npdoty> ack JoeHallCDT
16:12:49 <npdoty> JoeHallCDT: @@@ doing his thesis, might be a good person to connect to
16:13:20 <npdoty> ... DKG, technologist at ACLU, may be at IETF
16:13:41 <npdoty> ... have been talking with Tom Ritter about SNI in TLS, and a concern about fingerprinting there
16:13:52 <christine> Hi. Joe please type in the names after you finishing speaking so we know who to follow up with, thanks
16:13:59 <JoeHallCDT> s/@@@/Keaton Mowery/
16:14:27 <tara>  http://www.w3.org/TR/2014/WD-indie-ui-context-20140626/
16:14:28 <christine> next agenda ite - IndieUI
16:14:32 <JoeHallCDT> and DKG of the ACLU and Tom Ritter of iSec Partners (have been working with then on SNI in TLS and fingerprinting/censorship
16:16:09 <npdoty> JoeHallCDT: at STRINT workshop, discussion about engineers and technical mechanisms for censorship
16:16:27 <npdoty> ... working on an I-D that might be relevant
16:16:52 <Hannes_Tschofenig> I would find it interesting to take a look at it
16:16:52 <npdoty> yeah, I'm interested!
16:16:58 <tara> Me too!
16:17:42 <npdoty> JoeHallCDT: guidance on the ways that these things have resulted in censorship, etc.
16:18:14 <christine> please do share on the list
16:18:21 <JoeHallCDT> cool!
16:18:28 <christine> next agenda item - IndieUI
16:18:34 <JoeHallCDT> We will share the draft for comment on PING list
16:19:02 <JoeHallCDT> IindieUI has proceeded to FPWD
16:19:08 <christine> q+
16:19:14 <JoeHallCDT> … has anyone looked at this or provided privacy feedback to them?
16:19:17 <JoeHallCDT> ack christine
16:19:34 <JoeHallCDT> Christine: would like someone to volunteer to look at this.
16:19:42 <JoeHallCDT> … 1) we want to do more privacy reviews…
16:19:53 <JoeHallCDT> … 2) this group is specifically interested in getting privacy issues right.
16:20:12 <JoeHallCDT> … James Craig posted a message on Geoloc and IndieUI WG email lists and continued the conversation we had
16:20:17 <tara> IndieUI email: http://lists.w3.org/Archives/Public/public-indie-ui/2014May/0045.html
16:20:31 <JoeHallCDT> … Geoloc API currently lacks the ability to specify why a geoloc data point is needed
16:20:53 <JoeHallCDT> … one of the concerns that was raised was a potential snooping risk and how do we know if the string comes from the right source
16:21:03 <JoeHallCDT> Tara: someone please volunteer!
16:21:19 <JoeHallCDT> I would be willing to take a shot at it… but not by myself
16:21:23 <npdoty> q+
16:21:30 <JoeHallCDT> ack npdoty
16:21:35 <JoeHallCDT> Nick: two thoughts
16:21:41 <tara> Thanks, Joe!
16:21:50 <tara> Let's see if we can get you some extra hands.
16:21:59 <JoeHallCDT> … one it might be useful to keep track somewhere… a list of documents we're working on and the relevant timeline and people
16:22:15 <JoeHallCDT> … the other thing, Christine brought up the geoloc debate
16:22:26 <JoeHallCDT> … Nick had this debate on the Geloc list 5 years ago
16:22:38 <JoeHallCDT> … Nick et al. had even done some research
16:22:45 <JoeHallCDT> … this seems to keep on coming up
16:23:01 <JoeHallCDT> is there any difference between now and then? Still no motivation to fix this?
16:23:18 <JoeHallCDT> … we should expect the same pushback when we talk about some of these recurring issues
16:23:25 <JoeHallCDT> q+
16:23:41 <npdoty> I think there are some differences, like some OS/platforms have implemented this feature in their native APIs
16:23:49 <JoeHallCDT> Tara: maybe have answers to provide on these questions? or is there a process you might recommend for de-ratholing?
16:24:28 <JoeHallCDT> … Joe has tentatively volunteered to work on the IndieUI review
16:24:32 <npdoty> ack JoeHallCDT
16:25:38 <npdoty> JoeHallCDT: having had these discussions over time... how have things changed?
16:25:50 <npdoty> ... having a resource to point to would be useful, but...
16:26:44 <npdoty> ... paper to be presented at USENIX, with Dan Boneh on using the accelerometer as a microphone
16:27:45 <npdoty> ... having a resource for recurring privacy debates is useful. but also, keeping a list of what needs to be changed for privacy issues to be improved
16:28:12 <JoeHallCDT> Nick: thanks, will think more
16:28:35 <npdoty> npdoty has changed the topic to: agenda June 26: http://lists.w3.org/Archives/Public/public-privacy/2014AprJun/0021.html
16:28:35 <christine> Web Security Interest Group
16:28:37 <JoeHallCDT> Tara: next agenda item, communications/contacts with Web Security Interest Group
16:28:54 <JoeHallCDT> Christine: the w3c has a super-group the Web Security Interest Group...
16:29:05 <JoeHallCDT> … in the process of trying to improve security in Web applications
16:29:05 <tara> Sister-group. :-)
16:29:20 <JoeHallCDT> … (missed some stuff there)
16:29:46 <christine> ➢	The W3C Web Security Interest Group reached out to PING to ask about our working methods. Christine reported that we are still developing our methodology and guidance documents. She also reported that calls with other WGs on particular specifications are very useful
16:29:50 <tara> Next item: Device APIs Working Group
16:30:02 <JoeHallCDT> Tara: LC WD of three specs
16:30:06 <tara>  http://www.w3.org/TR/2014/WD-vibration-20140619/
16:30:13 <tara> http://www.w3.org/TR/2014/WD-ambient-light-20140619/
16:30:19 <JoeHallCDT> … vibration, ambient light event, html media catpure
16:30:21 <tara> http://www.w3.org/TR/2014/WD-html-media-capture-20140619/
16:30:35 <JoeHallCDT> … returning from CR to LC
16:30:48 <JoeHallCDT> … review period ends on 24 July
16:30:57 <JoeHallCDT> … we had feedback, at least, for ambient light events
16:31:14 <JoeHallCDT> … html-media-capture does have guidance for UA implementation around privacy
16:31:15 <christine> q+
16:31:27 <JoeHallCDT> ack christine
16:31:42 <JoeHallCDT> Christine: in case you're wondering why this ion the agenda
16:31:56 <JoeHallCDT> s/ion/on/
16:32:25 <JoeHallCDT> … interesting to see how DAP has handled the privacy and security considerations in these documents
16:32:37 <JoeHallCDT> … we should try to take a look by the end of the review period
16:32:42 <npdoty> q+
16:33:22 <christine> q+
16:33:30 <npdoty> q-
16:33:37 <JoeHallCDT> Nick: did any of our advice stick? We should check.
16:33:41 <tara> ack christine
16:34:24 <JoeHallCDT> Christine: the privacy and security considerations for html-media-capture may have been normative...
16:34:35 <JoeHallCDT> … but a decision may have been made to make them non-normative
16:34:47 <JoeHallCDT> … would be useful to figure this out and figure out what happened.
16:34:56 <JoeHallCDT> … useful learning exercise.
16:35:13 <JoeHallCDT> … concerned personally about the privacy implications of media-capture, not sure what went on there.
16:35:35 <tara> Next item - TPAC
16:35:49 <JoeHallCDT> Tara: TPAC is upcoming and registration is open
16:35:56 <tara>  http://www.w3.org/2014/11/TPAC/
16:36:08 <JoeHallCDT> … we do have a meeting slot arranged for Friday at TPAC
16:36:29 <JoeHallCDT> … please get in touch with chairs for agenda items
16:36:46 <JoeHallCDT> … similarly, with IETF 90, may want to do another informal face-to-face
16:37:09 <JoeHallCDT> +1 on IETF f2f
16:37:10 <tara> - The IAB has created a combined Privacy and Security Program [8]
16:37:20 <tara>  http://www.iab.org/activities/programs/privacy-and-security-program/
16:37:24 <christine> q+
16:37:35 <JoeHallCDT> ack christine
16:37:51 <JoeHallCDT> Christine: the IAB already had a privacy program, which developed RFC 6973
16:38:05 <JoeHallCDT> … subsequently created a security program… decided to combine the two programs
16:38:25 <tara>  https://datatracker.ietf.org/meeting/90/agenda.html
16:38:32 <JoeHallCDT> Tara: preliminary agenda for IETF 90 is available ^^^
16:38:46 <npdoty> q+
16:38:49 <christine> Please send us an email if you would like to join a face-to-face at IETF
16:39:06 <npdoty> JoeHallCDT: Riley, 9-0, SCOTUS, yay!
16:39:13 <christine> Joe could you put a link to the judgment in IRC
16:39:30 <npdoty> "search incident to arrest"
16:39:47 <tara> This might help: http://www.scotusblog.com/2014/06/get-a-warrant-todays-cellphone-privacy-decision-in-plain-english/
16:41:39 <JoeHallCDT> and EPIC!
16:41:43 <JoeHallCDT> they were cited twice
16:41:47 <JoeHallCDT> us just once
16:41:49 <JoeHallCDT> thanks, Tara!
16:41:53 <JoeHallCDT> woo!
16:42:07 <JoeHallCDT> ack npdoty
16:42:20 <JoeHallCDT> Npdoty: the Web Perf WG, announced LC on beacon
16:42:20 <npdoty> http://www.w3.org/TR/2014/WD-beacon-20140624/
16:42:45 <JoeHallCDT> … there are lots of analytics code that watches what a user does
16:42:53 <JoeHallCDT> … when you leave the page, they send that back to the server
16:43:03 <JoeHallCDT> … have been using ad-hoc thing to prevent page from closing
16:43:12 <JoeHallCDT> … they want a "send this at some point" kind of functionality
16:43:19 <JoeHallCDT> … rather just on page close
16:43:35 <JoeHallCDT> … seems likely to get implemented and be better than the hacks used now
16:43:49 <christine> Q+
16:43:50 <JoeHallCDT> … there are no privacy and security considerations, seems like there might be some
16:44:07 <npdoty> LC comments are open until 29 July
16:44:19 <JoeHallCDT> Christine: would you feel comfortable sending a pointer to the spec and your notes to the email list
16:44:22 <JoeHallCDT> ?
16:44:37 <JoeHallCDT> … would be great to encourage PING discussion on this
16:44:41 <JoeHallCDT> npdoty: can do
16:45:12 <JoeHallCDT> Tara: defiinitely can encourage a bit more reflection and review
16:45:26 <JoeHallCDT> npdoty: html5 has gone back to LC
16:45:38 <JoeHallCDT> … was at LC, then they went to CR, now back to LC
16:46:34 <JoeHallCDT> … might be good to do a joint review with Web Security IG on this
16:46:47 <JoeHallCDT> Tara: how do we start to understand the HTML5?!
16:46:59 <JoeHallCDT> npdoty: it's big. there is a section on privacy concerns.
16:47:03 <JoeHallCDT> … start there
16:47:25 <npdoty> their "Privacy concerns" section: http://www.w3.org/TR/html5/introduction.html#fingerprint
16:47:34 <npdoty> as you can see from the fragment identifier, it refers a lot to fingerprinting considerations
16:47:49 <christine> Next call?
16:48:18 <christine> Could we do after IETF? 30 /7
16:48:18 <JoeHallCDT> 7/20-7/25 is IETF
16:48:19 <npdoty> IETF 90 is July 20-25
16:48:25 <christine> Oops 31/7
16:48:36 <JoeHallCDT> CDT staff retreat on 31 July
16:48:39 <JoeHallCDT> but I can skip
16:48:42 <JoeHallCDT> this call
16:48:44 <npdoty> 31 July sounds good to me
16:48:45 <JoeHallCDT> ::)
16:49:06 <JoeHallCDT> 31 July at regular time
16:49:17 <christine> thanks, bye
16:49:22 <Zakim> -[CDT]
16:49:24 <Zakim> - +44.793.550.aabb
16:49:24 <Zakim> -npdoty
16:49:26 <Karima> thanks bye !
16:49:29 <Zakim> -[Apple]
16:49:33 <Zakim> -christine
16:50:02 <Zakim> - +33.6.95.66.aaaa
16:50:04 <Zakim> Team_(privacy)16:00Z has ended
16:50:04 <Zakim> Attendees were [Apple], +33.6.95.66.aaaa, [CDT], +44.793.550.aabb, npdoty, christine
17:10:09 <Karima> Karima has joined #privacy
17:25:35 <Karima> Karima has joined #privacy
18:35:40 <Karima> Karima has joined #privacy
19:04:48 <npdoty> npdoty has joined #privacy
19:17:15 <npdoty> trackbot, end meeting
19:17:15 <trackbot> Zakim, list attendees
19:17:15 <Zakim> sorry, trackbot, I don't know what conference this is
19:17:23 <trackbot> RRSAgent, please draft minutes
19:17:23 <RRSAgent> I have made the request to generate http://www.w3.org/2014/06/26-privacy-minutes.html trackbot
19:17:24 <trackbot> RRSAgent, bye
19:17:24 <RRSAgent> I see no action items