15:53:34 <RRSAgent> RRSAgent has joined #privacy
15:53:34 <RRSAgent> logging to http://www.w3.org/2014/08/28-privacy-irc
15:53:36 <trackbot> RRSAgent, make logs 263
15:53:36 <Zakim> Zakim has joined #privacy
15:53:38 <trackbot> Zakim, this will be
15:53:38 <Zakim> I don't understand 'this will be', trackbot
15:53:39 <trackbot> Meeting: Privacy Interest Group Teleconference
15:53:39 <trackbot> Date: 28 August 2014
15:53:41 <npdoty> rrsagent, make logs public
15:53:46 <npdoty> Zakim, this will be ping
15:53:46 <Zakim> ok, npdoty; I see Team_(privacy)16:00Z scheduled to start in 7 minutes
15:55:29 <christine> christine has joined #privacy
15:56:12 <Zakim> Team_(privacy)16:00Z has now started
15:56:19 <Zakim> +[IPcaller]
15:57:09 <yrlesru> yrlesru has joined #privacy
15:57:21 <christine> Zakim. IPcaller is me
15:57:35 <christine> Zakim, [IPcaller] is me
15:57:35 <Zakim> +christine; got it
15:57:54 <Zakim> + +1.650.944.aaaa
15:58:14 <tara> tara has joined #privacy
15:58:40 <tara> Hullo! Trying to get connected by phone...
15:59:02 <Zakim> - +1.650.944.aaaa
15:59:25 <Zakim> + +1.650.944.aabb
15:59:39 <tara> Zakim, aabb is me.
15:59:39 <Zakim> +tara; got it
15:59:40 <wseltzer> zakim, call wendy-office
15:59:41 <Zakim> ok, wseltzer; the call is being made
15:59:41 <Zakim> +Wendy
15:59:45 <Zakim> +npdoty
16:00:48 <fjh> zakim, code?
16:00:49 <Zakim> the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), fjh
16:01:12 <Zakim> +[IPcaller]
16:01:14 <christine> Hi. We'll start soon.
16:01:15 <fjh> zakim, ipcaller is me
16:01:16 <Zakim> +fjh; got it
16:02:00 <Zakim> + +1.650.618.aacc
16:02:02 <fjh> zakim, who is here?
16:02:04 <Zakim> On the phone I see christine, tara, Wendy, npdoty, fjh, +1.650.618.aacc
16:02:04 <Zakim> On IRC I see tara, yrlesru, christine, Zakim, RRSAgent, fjh, npdoty, wuwei, TallTed, glenn, hiro, terri, schuki, wseltzer, trackbot
16:02:13 <yrlesru> zakim, aacc is me
16:02:13 <Zakim> +yrlesru; got it
16:02:14 <fjh> zakim, where is 650?
16:02:14 <Zakim> North American dialing code 1.650 is California
16:02:42 <fjh> Present+ Frederick_Hirsch
16:02:44 <npdoty> scribenick: npdoty
16:02:46 <Zakim> +Katie_Haritos-Shea
16:03:32 <npdoty> welcome back, Frank Dawson, from Nokia
16:03:42 <yrlesru> :-)
16:03:49 <christine> Thank you for scribing Nick
16:04:56 <christine> Agenda item: Privacy guidance and process documents
16:05:11 <npdoty> Topic: Privacy guidance and process documents
16:05:31 <npdoty> christine: had an informal meeting at last IETF on task force
16:05:55 <npdoty> ... planned out some steps, but still need to make progress, especially before TPAC
16:06:12 <npdoty> ... and help / reviews / comments are welcomed even from non-experts
16:06:29 <wseltzer> https://w3c.github.io/privacy-considerations/
16:06:37 <wseltzer> and http://yrlesru.github.io/SPA/
16:06:41 <npdoty> christine: Frank's document, haven't worked a lot on progressing that document
16:06:51 <yrlesru> http://yrlesru.github.io/SPA/
16:07:31 <npdoty> ... separate goals: guidance for improving privacy in specs vs. process for conducting reviews
16:07:56 <npdoty> Katie: like a privacy impact assessment of a spec and how to perform one?
16:08:12 <npdoty> yrlesru: yes, specification privacy assessment
16:08:23 <npdoty> ... for a high-level PIA, how should we do that as an editor of a spec
16:08:50 <npdoty> ... also submitted to OASIS and ISO (adopted as a standing document)
16:09:32 <npdoty> ... main difference from IETF work or Hannes' suggestion, those are more like checklists to use in a particular context
16:10:04 <npdoty> ... should be more systematic and less ad hoc
16:11:36 <npdoty> christine: would be useful to see what privacy considerations text is already out there
16:12:20 <fjh> q+
16:15:44 <npdoty> npdoty: I've been doing some data analysis on TRs and mentions of privacy
16:15:54 <npdoty> ... will have some data / list out to you all soon
16:16:17 <npdoty> fjh: what if we added to the ReSpec spec-editing tool a magical section for including privacy/security considerations section
16:16:23 <npdoty> npdoty: sounds like a cool idea
16:16:33 <npdoty> katie: we should coordinate with the security group as well
16:16:58 <wseltzer> [+1 from Security]
16:17:03 <npdoty> fjh: does seem like combining those sections is seeming more common
16:17:05 <fjh> action: fjh to propose update to ReSpec for security and privacy consideration section support
16:17:05 <trackbot> Created ACTION-7 - Propose update to respec for security and privacy consideration section support [on Frederick Hirsch - due 2014-09-04].
16:17:30 <christine> Agenda item: Privacy reviews
16:17:56 <npdoty> here is a list of 87 recommendation track documents that mention privacy: https://npdoty.name/tr-analysis/graphs/tr-list.html
16:18:17 <npdoty> Topic: Privacy reviews
16:18:26 <npdoty> christine: hopefully Katie and Joe can connect before our next call
16:19:34 <npdoty> Katie: going to look at media stream recording / IndieUI
16:20:13 <npdoty> christine: media task force definitely producing documents with privacy interest
16:20:36 <npdoty> fjh: I'm probably not the expert, talk to the group itself via the mailing list for the task force
16:21:07 <npdoty> ... there are generic issues related to streaming media
16:21:35 <npdoty> ... won't be a simple spec with a single context or a simple model
16:21:49 <yrlesru> Sounds like a good case for data flow diagramming to understand the interactors?
16:23:01 <npdoty> christine: outstanding discussion re encrypted media extensions
16:23:10 <npdoty> wseltzer: alas, it is still outstanding
16:23:32 <npdoty> ... would welcome any help with it
16:24:11 <christine> Agenda item: Privacy news
16:24:22 <npdoty> Topic: Privacy news
16:24:29 <fjh> s/there are generic issues related to streaming media/might want to consider generic streaming media threats first, then details related to spec/
16:24:31 <yrlesru> NIST Privacy Engineering Workshop in San Jose in September (not attending)
16:24:49 <npdoty> christine: just an agenda item for anything going on inside or outside regarding privacy
16:24:56 <fjh> s/won't be a simple spec with a single context or a simple model/this is not a minimal specfiication, it has a lot of detail such as constraints, tracks, streams etc/
16:25:10 <npdoty> Frank: two privacy engineering events: NIST having its second workshop
16:25:39 <npdoty> ... also IPEN (sp?) run by data protection agencies having a workshop in Berlin at the end of September
16:25:54 <npdoty> q+
16:26:11 <npdoty> ... if we wanted to hire a privacy engineer, what the requirements look like and what curricula would help
16:26:15 <fjh> s;mailing list for the task force;mailing list for the task force http://lists.w3.org/Archives/Public/public-media-capture/;
16:26:19 <fjh> rrsagent, generate minues
16:26:19 <RRSAgent> I'm logging. I don't understand 'generate minues', fjh.  Try /msg RRSAgent help
16:26:22 <npdoty> ... the professional slide of privacy engineering
16:26:24 <fjh> rrsagent, generate minutes
16:26:24 <RRSAgent> I have made the request to generate http://www.w3.org/2014/08/28-privacy-minutes.html fjh
16:26:50 <tara> Frank, is this is right link? https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/IPEN/14-08-14_IPEN_workshop_practical_information_EN.pdf
16:26:55 <christine> @ NIck -  EDPS IPEN  workshop is on 26 September 2014 in Berlin
16:27:22 <fjh> mailing list for the media capture task force http://lists.w3.org/Archives/Public/public-media-capture/
16:27:55 <fjh> http://www.w3.org/TR/2013/WD-mediacapture-streams-20130516/
16:28:05 <npdoty> Frank: some people looking at the top ten privacy risks in @@@
16:28:49 <fjh> re media capture, suggest asking the chairs if they have an overview, I believe there is one
16:28:51 <yrlesru> OWASP Top 10 Privcy Risks.
16:29:00 <npdoty> s/@@@/OWASP/
16:29:10 <fjh> q-
16:29:21 <wseltzer> ack npdoty
16:29:50 <tara> http://www.w3.org/2014/07/permissions/
16:30:00 <yrlesru> One of the principles is Stefan Burgmair <Stefan.Burgmair@msg-systems.com>. MSG Systems appears to be an ICT consulting firm for German/EU banking industry.
16:30:16 <npdoty> npdoty: there is a workshop / meeting regarding permissions for web applications
16:30:25 <npdoty> wseltzer: will represent privacy (attending second day)
16:30:27 <yrlesru> Lastly, to report, CIPL has a Privacy Risk Management project that has produced a pretty informative report.
16:31:12 <fjh> zakim, who is here?
16:31:12 <Zakim> On the phone I see christine, tara, Wendy, npdoty, fjh, yrlesru, Katie_Haritos-Shea
16:31:15 <Zakim> On IRC I see tara, yrlesru, christine, Zakim, RRSAgent, fjh, npdoty, TallTed, glenn, hiro, terri, schuki, wseltzer, trackbot
16:31:15 <npdoty> christine: regarding TPAC, separate time to meet on Friday; unconference day on Wednesday; and a chance to chat with the chairs
16:31:17 <yrlesru> iPEN = https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/IPEN
16:31:24 <npdoty> ... please send any suggestions along
16:32:46 <wseltzer> q+
16:32:55 <npdoty> Frank: useful to have an agenda for our Friday meeting as early as possible, regarding scheduling
16:34:03 <npdoty> wseltzer: possible additional item is a breakfast meeting of the chairs of all groups. could take a moment of that time to discuss privacy reviews
16:34:45 <wseltzer> http://www.w3.org/2014/11/TPAC/
16:35:34 <npdoty> wseltzer: plenary day is unconference, not scheduled in advance, until 2:45pm; scheduled events after
16:36:35 <npdoty> frank: catch people at coffee breaks. could we have a table set up?
16:37:18 <npdoty> wseltzer: coffee breaks not as synchronized as at IETF
16:37:35 <npdoty> ... maybe a table tent at lunch to invite people to talk; not sure how well it will work
16:37:43 <npdoty> q- wseltzer
16:38:19 <npdoty> christine: 1) webappsec wg put out a FPWD of referrer policy
16:38:44 <npdoty> ... can set policy for how referer headers should work for outgoing requests
16:38:49 <wseltzer> action: wseltzer to propose TPAC review group "office hours" or hallway tables for future TPACs
16:38:49 <trackbot> Created ACTION-8 - Propose tpac review group "office hours" or hallway tables for future tpacs [on Wendy Seltzer - due 2014-09-04].
16:38:58 <npdoty> ... might be worth looking at the document to see how it would help with privacy
16:39:15 <npdoty> wseltzer: +1, worth looking at
16:39:50 <npdoty> christine: web and mobile interest group is gathering wake lock use cases
16:40:01 <npdoty> ... some of their requirements seem focused on user control
16:40:15 <npdoty> christine: finally, web apps working group is rechartered, with PING as a liaison
16:40:55 <npdoty> next meeting October 2?
16:41:06 <npdoty> next meeting: 2 October
16:41:19 <yrlesru> Regards to all. Bye.
16:41:25 <Zakim> -fjh
16:41:27 <Zakim> -christine
16:41:27 <Zakim> -tara
16:41:29 <Zakim> -Wendy
16:41:29 <Zakim> -npdoty
16:41:30 <yrlesru> quit
16:41:35 <Zakim> -Katie_Haritos-Shea
16:41:40 <npdoty> trackbot, end meeting
16:41:40 <trackbot> Zakim, list attendees
16:41:40 <Zakim> As of this point the attendees have been christine, +1.650.944.aaaa, +1.650.944.aabb, tara, Wendy, npdoty, fjh, +1.650.618.aacc, yrlesru, Katie_Haritos-Shea
16:41:48 <trackbot> RRSAgent, please draft minutes
16:41:48 <RRSAgent> I have made the request to generate http://www.w3.org/2014/08/28-privacy-minutes.html trackbot
16:41:49 <trackbot> RRSAgent, bye
16:41:49 <RRSAgent> I see 2 open action items saved in http://www.w3.org/2014/08/28-privacy-actions.rdf :
16:41:49 <RRSAgent> ACTION: fjh to propose update to ReSpec for security and privacy consideration section support [1]
16:41:49 <RRSAgent>   recorded in http://www.w3.org/2014/08/28-privacy-irc#T16-17-05
16:41:49 <RRSAgent> ACTION: wseltzer to propose TPAC review group "office hours" or hallway tables for future TPACs [2]
16:41:49 <RRSAgent>   recorded in http://www.w3.org/2014/08/28-privacy-irc#T16-38-49