16:47:59 RRSAgent has joined #privacy 16:47:59 logging to http://www.w3.org/2015/01/15-privacy-irc 16:48:01 RRSAgent, make logs 263 16:48:03 Zakim, this will be 16:48:03 I don't understand 'this will be', trackbot 16:48:04 Meeting: Privacy Interest Group Teleconference 16:48:04 Date: 15 January 2015 16:48:06 rrsagent, make logs public 16:48:14 Zakim, this will be 7464 16:48:14 ok, npdoty; I see Team_(privacy)17:00Z scheduled to start in 12 minutes 16:48:28 npdoty has changed the topic to: Privacy Interest Group, 15 January, http://lists.w3.org/Archives/Public/public-privacy/2015JanMar/0002.html 16:52:32 moneill2 has joined #privacy 16:54:13 <__> __ has joined #privacy 16:55:10 Team_(privacy)17:00Z has now started 16:55:17 +[IPcaller] 16:55:36 zakim, [IPCaller] is me 16:55:36 +moneill2; got it 16:56:08 +??P0 16:57:36 +npdoty 16:58:04 Joanne has joined #privacy 16:58:23 fjh has joined #privacy 16:58:28 + +1.650.944.aaaa 16:58:48 +WSeltzer 16:58:53 zakim, aaaa is me 16:58:53 +tara; got it 16:58:56 Hannes has joined #privacy 16:59:35 + +44.793.550.aabb 16:59:35 zakim, who is on the phone? 16:59:35 On the phone I see moneill2, ??P0, npdoty, tara, WSeltzer, +44.793.550.aabb 17:00:08 hi Simon 17:00:27 rigo has joined #privacy 17:00:27 Zakim, aabb is SimonRice 17:00:27 +SimonRice; got it 17:00:28 +[IPcaller] 17:00:33 zakim, [ip is me 17:00:33 +chaals; got it 17:00:41 + +49.162.102.aacc 17:01:22 + +33.6.95.66.aadd 17:01:23 chair: tara 17:01:37 +Rigo 17:01:58 christine has joined #privacy 17:01:58 Just giving people a few more minutes... 17:02:03 +[IPcaller] 17:02:14 srice_ has joined #privacy 17:02:16 zakim, aacc is mkwst 17:02:16 +mkwst; got it 17:02:19 zakim, code? 17:02:19 the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), fjh 17:02:31 +[IPcaller.a] 17:02:32 +Joanne 17:02:41 zakim, ipcaller.a is me 17:02:41 +fjh; got it 17:02:44 zakim, [ip is Christine 17:02:44 +Christine; got it 17:03:07 zakim, aadd is Karima 17:03:07 +Karima; got it 17:03:15 zakim, who is here? 17:03:15 On the phone I see moneill2, ??P0, npdoty, tara, WSeltzer, SimonRice, chaals, mkwst, Karima, Rigo, Christine, fjh, Joanne 17:03:18 On IRC I see srice_, christine, rigo, Hannes, fjh, Joanne, moneill2, RRSAgent, tara, Zakim, npdoty, chaals, TallTed, terri, hadleybeeman, wseltzer, trackbot 17:03:38 Zakim, who is making noise? 17:03:43 zakim, who is Darth Vader? 17:03:43 I don't understand your question, rigo. 17:03:47 scribe: chaals 17:03:50 npdoty, listening for 10 seconds I heard sound from the following: ??P0 (14%), npdoty (57%), tara (3%), chaals (57%) 17:04:01 => Darth Doty 17:04:17 Thanks chaals! 17:04:41 agenda? 17:05:00 kboudaou has joined #privacy 17:05:02 1. Welcome and introductions 17:05:09 2. Article 29 WP Opinion regarding device fingerprinting [1] 17:05:21 + +1.415.341.aaee 17:05:24 Regrets, Frank Dawson 17:05:30 agenda+ Welcome / intros 17:05:34 + +1.609.535.aaff 17:05:37 agenda+ Article 29 17:05:41 aaee is Rebecca 17:05:50 agenda + Article 29 WP Opinion regarding device fingerprinting [1] 17:05:57 zakim, aaee is Rebecca 17:05:57 +Rebecca; got it 17:06:00 zakim, drop item 2 17:06:00 agendum 2, Article 29, dropped 17:06:01 +Katie_Haritos-Shea 17:06:02 agenda +Draft privacy and security questionnaire [2] 17:06:03 Present+ Frederick_Hirsch 17:06:12 christian has joined #privacy 17:06:13 agenda + TAG draft finding - Transitioning the Web to HTTPS [3] 17:06:15 Regrets+ Frank Dawson 17:06:19 Ryladog has joined #privacy 17:06:23 agenda + Recent developments in privacy - open discussion and information sharing 17:06:26 mkwst has joined #privacy 17:06:31 s/Frank Dawson/Frank_Dawson/ 17:06:32 Zakim, who is on the phone? 17:06:32 On the phone I see moneill2, ??P0, npdoty, tara, WSeltzer, SimonRice, chaals, mkwst, Karima, Rigo, Christine, fjh, Joanne, Rebecca, +1.609.535.aaff, Katie_Haritos-Shea 17:06:57 Thanks for tip! 17:07:07 Zakim, ??p0 is Hannes 17:07:07 +Hannes; got it 17:07:26 q+ 17:07:47 moneill2: Mike O’Neill 17:07:51 MO'N: Mark O'Neill, normally on TPG group and can't do these calls 17:07:59 s/Mark/Mike/ 17:07:59 s/Mark/Mike/ 17:08:09 ack me 17:08:56 zakim, who is making noise? 17:09:00 CMN: I am chaals, and that is a more or less unique personal identifier so you can find more about me. This is first call 17:09:06 wseltzer, listening for 10 seconds I heard sound from the following: tara (90%), SimonRice (30%) 17:09:19 zakim, mute chaaaaaaaaaaaaaaaaaaaaaals 17:09:19 sorry, rigo, I do not know which phone connection belongs to chaaaaaaaaaaaaaaaaaaaaaals 17:09:37 SR: Simon Rice. Group manager of technology team in data regulator in UK 17:09:43 mkwst: Mike West, Google chrome security team 17:09:51 … Advise the people who make the regulations, so we hope they are technically sound. 17:10:06 zakim, next item 17:10:07 agendum 1. "Welcome / intros" taken up [from chaals] 17:10:12 zakim, take up item 2 17:10:12 agendum 2. "Article 29" taken up [from chaals] 17:10:16 Topic: Article 29 17:10:20 http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp224_en.pdf 17:10:23 http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp224_en.pdf 17:10:37 SR: This is about device fingerprinting. In 2011 the European directive came into force. 17:11:02 … article 5.3 says accessing or storage on the user's device requires consent of the user - the so-called cookie law 17:11:06 s|http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp224_en.pdf|| 17:11:18 s|http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp224_en.pdf|-> http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2014/wp224_en.pdf the decision 17:11:48 … SO now there is improved attention to this, and to Do Not Track. But it is about information being stored on terminals, not just user data. 17:11:52 When there is time Simon, what is the name of the DPA in the UK where you work? 17:11:54 s/now/now in Europe/ 17:12:29 … In the last couple of years attention hass been drawn to device fingerprinting. Since it doesn't require storing information as a cookie, the cookie-law is thought not to apply. 17:12:40 … But our case is that this covers any storage, not just HTTP cookies 17:12:55 … So our intent is to clarify that device fingerprinting does require consent. 17:13:24 … The practice is perhaps even more intrusive or anti-user than cookies - at least cookies have a discoverable trace and can be changed. 17:13:45 … It is hard to change a device fingerprint. And it can be generated by different parties. 17:13:58 … So we see fingerprinting being perhaps more intrusive than tracking. 17:14:25 … There are valid exemptions to the requirement for consent under this bit of law. If the use is strictly necessary for something the user asked to do. 17:14:57 … We construe that very narrowly. E.g. If you use a cookie for a shopping basket, that is strictly necessary - and has been explicitly requested. 17:15:13 Simon, logging in (authentication) strictlt nec. also? 17:15:14 … Another exemption is if the storage is for the sole purpose of doing what people have asked to do. 17:16:01 … So we have put out a paper giving some practical guidance, both to site operators and people interested in the policy. 17:16:41 … We highlight things such as Mac addresses of network controllers being necessary and therefore exempt from consent requirements. 17:16:54 … Or if there is a specific requirement for identifying a specific user, such as a bank account. 17:17:09 q+ to ask if licensing needs to be disclosed 17:17:17 … And there are categories where we see requirements for consent, such as tracking for online behavioural advertising. 17:17:53 … Under the strict reading, the advertising isn't explicitly requested by the user, so consent is required. 17:18:29 … With Cookies there isn't a huge real risk in the case of 1st?? party tracking and analytics. Not clear if it is worse in the case of using device fingerprinting. 17:18:40 … So what might be interesting to this group? 17:18:54 s/1st??/1st/ 17:18:58 … How cookies, fingerprinting, etc can not be misused - how can we provide greater control for the users? 17:19:34 … The browser is a good place to manage cookie preferences. They are difficult to manage, if you have lots of them, but fingerprinting is still far less transparent. 17:20:05 … If we look at geolocation API, and you're asked if you want to let a site get location at will, that's an example of how we can help put users back in control of what is exported. 17:20:16 q? 17:20:18 +q 17:20:27 s/+q/q+/ 17:20:35 Tara: Thanks for that overview. 17:20:36 q+ 17:20:54 ack moneill 17:20:54 ack mon 17:21:27 MO'N: Wanted to ask how embedded 3rd parties are viewed. Is it the websites responsibility to get consent for fingerprinting done by the 1st party? 17:21:34 +q 17:21:34 s/1st/3rd/ 17:21:40 s/+q/q+ 17:22:10 … And how do you characterise Google analytics, which uses a 1st party cookie then transmits it to another server. Does that require consent? 17:22:40 SR: On the first one, the advice is like the ITO's cookie guidance. It is the party who is processing teh data that has the legal requirement to get the consent, i.e. generally the 3rd party. 17:22:56 … But in most cases the 1st party will share responsibility because they have the interaction with the user. 17:23:05 q+ to ask about header enrichment 17:23:12 … So you expect them to say who the 3rd party is... 17:23:31 … If the 1st party incoroporated the 3rd party, it vbecomes the 1st party's responsibility. 17:23:51 … 1st and 3rd parties are not clear terms. Analytics we would view as being done by the website operator. 17:24:19 … It can be the case that Google Analytics does analysis of a single site, but if it is shared across sites we would treat it as a 3rd party. 17:24:26 ack wseltzer 17:24:26 wseltzer, you wanted to ask if licensing needs to be disclosed 17:25:09 WS: Interested in the second exception - use for licensing or security purposes. Is there required disclosure to the user that the fingerprint will be used? 17:25:32 SR: It is clear in the legislation that the exemption is from the requirement for consent, but the user must still be informed that this is taking place. 17:25:59 ack ryla 17:26:07 zakim, mute me 17:26:07 WSeltzer should now be muted 17:26:12 ack Ryladog 17:26:17 zakim, unmute khs 17:26:17 sorry, chaals, I do not know which phone connection belongs to khs 17:26:25 zakim, unmute katie 17:26:25 Katie_Haritos-Shea was not muted, chaals 17:26:38 KHS: (talking to myself) 17:26:48 s/(talking to myself)// 17:26:57 … Who is the DPA you work for? 17:26:58 https://ico.org.uk 17:27:26 KHS: Couldn't the first party use an SLA with a 3rd party? 17:27:34 SR: It's possible. 17:27:56 s|https://ico.org.uk|-> https://ico.org.uk Info commissioner's office| 17:28:06 rebecca has joined #privacy 17:28:15 … But the legislation isn't about a controller/processor relationship, anyone getting information has the obligations. 17:28:20 ack christine 17:28:53 CR: We're working on guidance for web spec authors about device fingerprinting. 17:29:09 ack npdoty 17:29:09 npdoty, you wanted to ask about header enrichment 17:29:40 ND: Especially interested in the opinion that accessing data on the device for fingerprinting would be the same as storing a cookie. 17:30:06 … My specific question was another way to accomp;ish this - there has been a lot of discussion about header enrichment, inserting data into outgoing traffic. 17:30:30 … which is then read by the webpage, who can correlate it with information stored by the ISP inserting it… 17:30:35 … is that covered? 17:30:54 SR: It isn't accessiing or storing information on the device, but it is interfering with the communications and changing the message. 17:31:23 … So it depends how you read the legislation. There may well be valid exemptions that can be applied there to allow such an operation - the most likely being with the consent of the user. 17:31:42 q+ 17:31:52 … But doing it without the user knowing, I suspect is in breach although I can't point to one off-hand in section 5.3 - think it would be in other parts of the legislation. 17:31:57 ack Hannes 17:32:06 Hannes: Wondering about enforcement actions for cookie laws. 17:32:15 … Are there any examples of enforcement action? 17:32:36 SR: On the cookie side there have been some fines issued, I believe in Spain. 17:32:42 alina has joined #privacy 17:32:42 I’m curious about that too. especially if fingerprinting is also considered under the same directive 17:33:10 … Not the same level as for other privacy infringements, but there has been enforcement action. We have also written strongly-worded letters to website operators and worked with them on making a sufficient effort to get it right. 17:33:13 q+ to ask how would one collect consent for fingerprinting and whether this is covered by the cookie banners 17:33:19 … So far the softer approach has had the right effect for us. 17:33:47 … Could also happen with device fingerprinting, but it is more difficult when things are done on the server to get evidence of what is happening. 17:34:12 +q 17:34:18 Yu can view the traffic leaving the device, but is a screen resolution to optimise layout or fingerprint the device? You need to look into the server to find out, but it hasn't been ruled out.] 17:34:24 ack rigo 17:34:24 rigo, you wanted to ask how would one collect consent for fingerprinting and whether this is covered by the cookie banners 17:34:26 s/Yu/… You/ 17:35:01 RW: If fingerprinting gets through the 5.3 rule, how is consent handled? Is it sufficient to have it in general usage rules? And how will this change in the new regulation? 17:35:29 SR: In terms of practically getting consent, we don't want a banner to accept cookies, then another for a fingerprint, and another for some more fingerprinting... 17:36:04 … But there is no reason wy a website cannot include device fingerprinting in the same step as consent for cookies - e.g. by increasing the amount of information and scope of the existing request. 17:36:30 [why shouldn't it be a more onerous exercise, given the greater difficulty of clearing a device fingerprint?] 17:36:30 … In the new regulation, in the ePrivacy directive (europe), the commission are looking at that and may well start a review. 17:36:33 I guess it depends whether we expect “device fingerprinting” to be a common activity for web sites 17:36:47 … Once the data protection directive has gone through its reform process. 17:36:50 ack moneill 17:37:04 MO'N: Just pointing to ?? fingerprinting. 17:37:10 s/??/detecting/ 17:37:15 -tara 17:37:39 Sorry, my phone just cut off! Christine, can you step in until I show up again? 17:37:43 … Headers normally don't give enough to detect an individual. Normally you have Javascript in the page doing the work, and normally using cookies. 17:37:53 there is research being done on detecting fingerprinting (a lot in Belgium, for example, I think) 17:38:11 and we consider detectability of fingerprinting a level of success in mitigation 17:38:17 … So that comes clearly under the existing rules. If they didn't use cookies they would have to use e.g. XHR or send the data with a POST. Each of which is detectable. 17:38:41 moneill2, npdoty: Passive fingerprinting techniques (p0f, for example) are fairly advanced. 17:38:45 SR: Sure. You see the traffic going across the wire, or the processing in the browser. It isn't completely covert, but is more complex than looking for a cookie. 17:39:01 … Tying that to processing to determine if it is exempt is therefore also more complicated. 17:39:06 CR: Timecheck. 17:39:18 + +1.613.304.aagg 17:39:20 q+ 17:39:22 q? 17:39:38 zakim, aagg is tara 17:39:38 +tara; got it 17:39:39 p0f -> http://lcamtuf.coredump.cx/p0f3/ 17:39:42 q- 17:40:23 I guess it’s harder for us to measure whether purely passive fingerprinting is taking place as frequently :) 17:40:37 CMN: Finding out whether outbound traffic is for legitimate or exempt tracking is orders of magnitude harder than finding cookies 17:40:39 npdoty: harder -> impossible. :) 17:40:58 Tara: Thanks Simon. ANy questions from you to us? 17:41:16 SR: I have been lurking for a while, and wondering about the future. We should get a little more involved. Is there anything we can do there? 17:41:29 Tara: Yes, please participate further. 17:41:34 zakim, close this item 17:41:34 agendum 2 closed 17:41:36 I see 5 items remaining on the agenda; the next one is 17:41:36 1. Welcome / intros [from chaals] 17:41:41 zakim, take up item 3 17:41:41 agendum 3. "Article 29 WP Opinion regarding device fingerprinting" taken up [from 1 via tara] 17:41:42 zakim, close item 2 17:41:44 agendum 2, Article 29, closed 17:41:44 I see 5 items remaining on the agenda; the next one is 17:41:44 1. Welcome / intros [from chaals] 17:41:49 ack mkwst 17:41:52 zakim, close item 3 17:41:52 agendum 3, Article 29 WP Opinion regarding device fingerprinting, closed 17:41:54 I see 4 items remaining on the agenda; the next one is 17:41:54 1. Welcome / intros [from chaals] 17:41:58 zakim, close item 1 17:41:58 agendum 1, Welcome / intros, closed 17:41:59 I see 3 items remaining on the agenda; the next one is 17:41:59 4. Draft privacy and security questionnaire [from 2 via tara] 17:42:13 Topic: Privacy Security questionnaire draft 17:42:16 https://mikewest.github.io/spec-questionnaire/security-privacy/ 17:42:29 -Rebecca 17:42:45 MW: Believe you talked about this. It's a strawman questionnaire spec authors should read to understand some possible privacy/security issues their spec might run into. 17:42:54 … haven't touched this since November. 17:43:09 … Seems necessary when we write specs to do a better job reviewing specs early on. 17:43:34 … On Chromium we sometimes find we haven't seen a feature until it has already been implemented which is very late to successfully get changes made. 17:43:47 … Same applies to specs in working groups. 17:44:06 … So we are trying to help groups "self-evaluate" with the questions we would ask if we were doing the review. 17:44:18 are there examples of features that have been rejected for privacy reasons because of that too-late-in-the-process-to-change status? that is a sad outcome for all of us, I think 17:44:28 s|https://mikewest.github.io/spec-questionnaire/security-privacy/|-> https://mikewest.github.io/spec-questionnaire/security-privacy/ the draft questionnaire| 17:44:48 … The goal isn't to block features, but to help spec authors who aren't privacy experts think about issues. 17:45:23 … This often obviates the need for a review, because the developers figure out the issue before we get there, and ask us the right questions in advance. 17:46:29 q+ 17:46:29 q+ 17:46:33 … There are a couple of documents floating around with similar ideas. I am not bound to this document, but looking to collaborate, and get a feel for work happening and how we can get together to produce better understanding of impact of features put in specs, and getting the discussion/analysis to happen early in the process rather than when it is too late... 17:46:37 ack np 17:47:27 q- 17:47:29 ND: Think this is great work - thanks. Agree that the early review is good, and this is similar to work we have been doing here and collaborating would be good. Hannes has worked on a privacy considerations document. 17:47:49 … Frank Dawson was looking at process implications, and you talk about how to identify topics before the reviewers come along. 17:47:59 q+ 17:48:04 mkwst: Have you looked into http://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/privacy-and-data-protection-by-design ? 17:48:05 [+1 to Nick] 17:48:21 rigo: I haven't. But I will! 17:48:40 MW: Are there specific features that have ??? 17:48:57 rejected for implementation because of privacy issues 17:49:35 … There are. In the middle of last year, since blink has ?? mailing list blink-dev we ????. They proposed a feature @@a, that gave too much access to network an device info, useful for fingerprinting and targetting specific devices. 17:49:44 Network Service Discovery 17:49:46 My first impression was that the ENISA document is unfortunately not very relevant for this work. It is more a list of PET, which are not necessarily easy to apply at the level of what the W3C does in the specification work 17:49:58 q+ 17:50:03 … A mitigation we asked for was a @@b check to ensure the device was explicitly participating and *wanted* to be discovered. 17:50:13 s/@@b/CORS pre-flight/ 17:50:16 … That was a good example of how this was meant to work. 17:50:35 ND: Think we talked to the network service discovery group about these concerns too. 17:50:37 s/@@a/network service discovery/ 17:50:39 ack ch 17:50:50 Hannes: in the second half of the document, it becomes very concrete and asks the right questions 17:51:23 ack ha 17:51:33 CR: To reiterate, we decided this call would not have specific discussion of ongoing work items. In February we want to get back onto privacy considerations document and others. It would be useful to have you on that call Mike. 17:51:44 Hannes: I looked at Mike's document - has some good examples that would improve our document. 17:52:08 q+ 17:52:11 … happy to work together on stealing his ideas^W^W^W collaborative improvements. 17:52:28 Tara: We were hoping to have Mnot here, but not today. 17:52:35 zakim, close this item 17:52:35 I do not know what agendum had been taken up, chaals 17:52:39 zakim, agenda? 17:52:39 I see 3 items remaining on the agenda: 17:52:39 +1, thanks mkwst and SimonRice 17:52:40 4. Draft privacy and security questionnaire [from 2 via tara] 17:52:40 5. TAG draft finding - Transitioning the Web to HTTPS [from 3 via tara] 17:52:40 6. Recent developments in privacy - open discussion and information sharing [from tara] 17:52:50 zakim, close item 4 17:52:50 agendum 4, Draft privacy and security questionnaire, closed 17:52:51 I see 2 items remaining on the agenda; the next one is 17:52:51 5. TAG draft finding - Transitioning the Web to HTTPS [from 3 via tara] 17:52:59 q+ 17:53:01 Topic: TAG draft finding on HTTP and HTTPS. 17:53:25 -Joanne 17:53:28 I'd also suggest that folks take a look at https://w3c.github.io/webappsec/specs/powerfulfeatures/ in the context of Mark/TAG's document. 17:53:32 CR: Maybe Mark will be available for next call, There has been a lot of discussion on the email list - would be nice if someone can try to gather a summary and work to developing a consensus view... 17:53:38 what is the timing on the TAG item? 17:53:49 ack wseltzer 17:54:00 q- 17:54:22 q+ 17:54:32 WS: Believe the TAG wants to wrap this document before the next PING call. Would urge individuals with comments to share them directly with Mark and the TAG. 17:54:52 MW: TAG document is a relatively high-level position statement. 17:55:22 … Technical implications are being outlined in the Requirements for Powerful Features doc in teh WebApSec document, which will take more time to finish - and feedback on that would be welcome too. 17:55:35 but the HTTPS transition is going to important for privacy, not just on JavaScript APIs 17:55:48 +q 17:55:49 Topic: Hot items in the last minute? 17:55:55 ack mk 17:55:58 ack mo 17:56:10 q+ 17:56:18 npdoty: certainly. but there are certainly privacy implications of APIs like geolocation, which feeds into the desire to restrict them to secure connections. 17:56:38 MO'N: Connected to HTTPS everywhere, there seems to be something going on with a clash between a need for security/privacy and the need for police etc to be able to detect bad things happening. 17:56:52 q+ 17:56:53 q? 17:57:10 … can see a train coming through the tunnel 17:58:00 moneill2: In order to monitor a device's communications, the device's owner should exert administrative control and install a trusted root certificate. 17:58:07 (imho) 17:58:08 Yes, I saw that (Cameron)! 17:58:10 ND: Thinking about related things - Cameron talking about outlawing certain types of encryption out of security fears. 17:58:31 … TAG has talked about this, but there is a question of integrity as well as confidentiality. 17:59:13 … It's also useful for e.g. Header enrichment and the like. Had the discussion in DNT where people are worried about headers being introduced that way. 17:59:27 ack np 17:59:47 ack ch 17:59:53 chaals: social/society making their own decisions, rather than enforced by technologists externally 18:00:08 … important to look at what different societies are trying to achieve, and not make decisions that limit their ability to do so 18:00:29 Topic: Next call… 18:00:29 wise words to wrap up for us, chaals 18:00:47 Tara: In about a month, end of February? I am not available mid-Feb. Last week of Feb? 18:01:03 February 19? 18:01:04 wseltzer: "Requirements for Powerful Public Servants"? 18:01:20 mkwst++ 18:01:21 wseltzer: Perhaps we can add a quick deliverable to the webappsec charter? :) 18:01:22 February 26? 18:01:25 CR: Any objections to 26 Feb? 18:01:41 bye 18:01:43 -chaals 18:01:44 -mkwst 18:01:44 -Katie_Haritos-Shea 18:01:46 -Rigo 18:01:47 -npdoty 18:01:47 -tara 18:01:48 -Hannes 18:01:48 -Karima 18:01:50 -WSeltzer 18:01:50 -SimonRice 18:01:52 -fjh 18:01:52 -Christine 18:01:55 bye 18:02:00 rrsagent, please draft minutes 18:02:00 I have made the request to generate http://www.w3.org/2015/01/15-privacy-minutes.html rigo 18:02:07 rrsagent, set log public 18:02:42 trackbot, end meeting 18:02:42 Zakim, list attendees 18:02:42 As of this point the attendees have been moneill2, npdoty, +1.650.944.aaaa, WSeltzer, tara, +44.793.550.aabb, SimonRice, [IPcaller], chaals, +49.162.102.aacc, +33.6.95.66.aadd, 18:02:45 ... Rigo, mkwst, Joanne, fjh, Christine, Karima, +1.415.341.aaee, +1.609.535.aaff, Rebecca, Katie_Haritos-Shea, Hannes, +1.613.304.aagg 18:02:50 RRSAgent, please draft minutes 18:02:50 I have made the request to generate http://www.w3.org/2015/01/15-privacy-minutes.html trackbot 18:02:51 RRSAgent, bye 18:02:51 I see no action items