See also: IRC log
<trackbot> Date: 09 April 2015
possible topics: TPAC scheduling
<tara> I am echoing into the call somehow...
<tara> And so is Nick!
<tara> Yes, I thought as much. Hence going quiet for a moment until we sort it out! If they are on IRC...
<Kepeng> OK, IPCaller is me. I am muted now. --Kepeng
<tara> Thanks!
for the minutes, Rigo proposes renaming the Privacy Interest Group "CYBERping"
<christine> GCCS - https://www.gccs2015.com/programme
Berkeley has received grant funding for Long-Term Cybersecurity center: http://www.ischool.berkeley.edu/cltc
<christine> Do we have a scribe?
rigo: legal debate in France about data retention
<tara> Thanks!
rigo: indiscriminate retention
not useful, struck down by ECJ
... but how to resolve privacy/human rights issues in
prediction aspects of big data
... as opposed to the privacy concerns about computer
decisionmaking in the 1970s
npdoty: Berkeley has grant funding, along with other universities, for a Center for Long-Term Cybersecurity
<christine> +q
gregnorcie: Greg Norcie,
technologist at CDT, finishing dissertation with Jean
Camp
... embedding human rights into Web standards, so working with
PING and a few other organizations to make sure that
happens
tara: welcome
... today a call with less agenda than usual, just sharing
items
rigo: gave a talk at Frankfurt
law firm about connected cars and security/privacy
... a car with a valet mode to record audio/video inside and
outside the car
... received some criticism, and some features have been
removed
... concern about hacking into cars and remote control
... W3C has an Automotive Business Group with many of the
organizations involved
... remote deployment of hotfixes
christine: postponed item previously was ISPs injecting headers, is it worth talking about that?
tara: header enrichment
npdoty: summary of header enrichment, privacy issues of identifiers embedded in network traffic
http://known.npdoty.name/2014/header-enrichment
(nick's list of links about header enrichment)
npdoty: is there W3C work that could be done to help? or could we broker a conversation with interested parties to document how this affects a Web privacy model?
christine: could we issue statements as a group on particular issues, smaller than a Recommendation or Group Note, but could be posted on a blog or with TAG, etc.
rigo: if we could have a
presentation on header enrichment, and invite @mnot, chair of
relevant IETF HTTP WG
... how should software react when it encounters such
enrichment?
... are there technical as well as legal restrictions?
christine: will circulate summary
from meeting at IETF, to send out shortly.
... header enrichment not particularly discussed at that
time
npdoty: was header enrichment discussed at other IETF wgs?
we're not sure.
<wseltzer> [ it came up as a counter-example in SPUD ]
https://tools.ietf.org/html/draft-hardie-spud-use-cases-01
<tara> Thanks Wendy!
Substrate Protocol for User Datagrams (SPUD)
rigo: similarly, Opera Mini
browser is a sort of proxy browser, where all the requests are
handled by the server and then rendered and returned as an
image to your device
... SPDY / HTTP/2 can also use a sort of caching where a server
handles subrequests on your behalf
... could be used as an anonymizing proxy or a central point to
facilitate surveillance
npdoty: I had been thinking about header enrichment of identifiers that could match the Web privacy model, for example, origin-specific identifiers and a way for user agents to communicate with the network to clear identifiers
rigo: Workshop on User-Centric Controls in Berlin saw support for more transparency mechanisms, but that evercookies may always be a problem
npdoty: seems like there are some mitigations to an evercookie, and so that new technologies shouldn't introduce trivial new evercookie functionality
tara: summarizing: could have some discussions with mnot/IETF HTTP; we have some documents to review; could release a statement of some kind as a group
rigo: economic concerns about
privacy and the cost of building countermeasures and
mitigations
... creating research projects?
tara: will take to the mailing list as well. had a f2f meeting for PING at the last TPAC in Santa Clara which went well. should we plan for that in Japan this year?
<rigo> [note that all the great mental supporters of PING are normally at TPAC]
rigo: lots of interested people would come to PING at TPAC
npdoty: +1, and useful because some coordination possible with IETF
<tara> TAG is meeting two weeks from now-- F2F in SF
npdoty: TAG interested in discussing privacy and security reviews
<tara> Other advantage of TPAC is being able to sit in on other group's meetings and see privacy issues in those grou[s
npdoty: will meet with TAG and discuss mkwest questionnaire and our experience with privacy reviews
Kepeng: conference call time is difficult for Chinese participants
<rigo> 7am in Silicon Valley is hard :)
npdoty: we could have separate calls / alternating, for people to talk Asian morning / US afternoon
rigo: has been tried, but not sure what our attendance would be
tara: can look at alternate times
christine: May 14th?
14th looks good to me
tara: same time for next call, but will look at other options
trackbot, end meeting
This is scribe.perl Revision: 1.140 of Date: 2014-11-06 18:16:30 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Succeeded: i/Kepeng/Topic: call time No ScribeNick specified. Guessing ScribeNick: npdoty Inferring Scribes: npdoty Default Present: +1.613.304.aaaa, tara, christine, Rigo, Kepeng, +1.202.407.aabb, gregnorcie Present: +1.613.304.aaaa tara christine Rigo Kepeng +1.202.407.aabb gregnorcie Found Date: 09 Apr 2015 Guessing minutes URL: http://www.w3.org/2015/04/09-privacy-minutes.html People with action items:[End of scribe.perl diagnostic output]