W3C

- DRAFT -

Privacy Interest Group Teleconference

17 Sep 2015

See also: IRC log

Attendees

Present
npdoty, runnegar, tara, JoeHallCDT, LCPolan, KatieHS, Haritos-Shea, Katie
Regrets
wseltzer
Chair
tara
Scribe
JoeHallCDT, npdoty

Contents

<trackbot> Date: 17 September 2015

<JoeHallCDT> ah

<tara> Thanks!

<tara> You on the phone/Webex?

<JoeHallCDT> will be soon

<JoeHallCDT> it's very quiet

<JoeHallCDT> heh

<tara> I can hear you!

<npdoty> scribenick: JoeHallCDT

<tara> We're just getting the phone side set up...

christine: let's get started

tara: no intros as we're all familiar with one another

fingerprinting guidance to group note

tara: fingerprinting as a group note?

<npdoty> https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0121.html

<christine> +q

npdoty: sent out a msg in August about status of fpr document

… have resolved major document TODOs

… now complete, not perfect but not missing

… hoping to publish as a draft WG note

… will signal that has some support from PING

… and that it's stable enough for feedback

christine: totally agree that's what we should do...

… hoping wendy would be on the call

… what are the mechanisms to do that

… have some editorial comments but haven't finished yet

… will do so in the next couple of days

… goal would be to produce the final version as a PING group note by the end of the year

<Zakim> npdoty, you wanted to comment on process

npdoty: on process, I can probably answer

… different WGs handle consensus differently… but chairs are the ones that judge consensus

<christine> +q

… can do over email "please note objections/concerns by x date"

+q

christine: feeling is that the consensus would be that we should do this

… not enough people on this call to say we have consensus right now

(Katie joined, christine got her up to speed)

… should do it over email

… question: the email list has a population of people that is massive… bigger than formal PING group

tara: has to be of PING members

npdoty: we haven't had to make a sharp distinction between mailing list and signing forms to be members

<npdoty> scribenick: npdoty

JoeHallCDT: Christine, sounds like your goal is a Note by the end of the year that's no longer draft status?

christine: yes.

JoeHallCDT: what is a member/participant?
... formal, vs public where anyone can sign up on the mailing list

<JoeHallCDT> npdoty: members of the w3c are dues payers

<JoeHallCDT> … participants in groups like PING

<JoeHallCDT> … members of w3c and public people

<JoeHallCDT> … in order to be a formal member of the group you have to be a w3c member or an invited expert

<scribe> scribenick: JoeHallCDT

christine: tara, we have an action item to do the call for consensus on the email list and publish the note as a draft

… presume the usual period is 2 weeks

tara: and we'll wait until christine is done with editorial contribusions

npdoty: have gotten a few comments from the mailing list or offlist

… might want to start using github issue tracker

+q

<tara> GitHub for PING?

<tara> Is in the W3C account

tara: thanks a ton, npdoty!

<npdoty> thanks all for the feedback

… very grateful for moving this forward, we're proud of this accomplishment

privacy and security questionnaire

tara: now we're on to privacy and security questionnaire

<christine> +q

tara: have quite a lot of work done by CDT

-q

christine: reiterate that Joe and Greg have done a spectacular job of moving this forward

… on my list to do a read through and comment and additions

… what we need to think about is how can we at least get to the stage of giving consensus input from PING to the TAG

… and get to the point to publish a draft note on our complimentary document that would go into more detail

… TAG's goal is to have a succinct questionnairre, but we see value in having a document that gives context for the items in the questionnaire

… if we can do that this year, that would be a good thing to do

… we have TPAC coming up, maybe the plan should be to have a meeting on that Friday (maybe just the morning) to push this forward as a group

+q

<tara> Boo!

<tara> (to no CDT folks. But we understand.)

<npdoty> JoeHallCDT: CDT folks won't be in attendance at TPAC

<tara> I will have a speakerphone.

<npdoty> ... could participate remotely?

<tara> I tried to ensure remote folks could join.

<npdoty> ... have been working to pull out the privacy stuff to have a distinct questionnaire. mkwest: it would be really great to contribute that back to the TAG document

<npdoty> ... to what extent do we want to have a PING-maintained privacy questionnaire?

<npdoty> ... vs. just giving feedback to the TAG on their questionnaire, and maintaining a document of contextual support

<npdoty> ... think we shouldn't combine privacy and security too closely

<npdoty> ... doing privacy reviews and making sure there is feedback to the questionnaire based on those reviews

<npdoty> ... for example, Greg has done that with the Presentation API experience

<npdoty> ... do we have other requests to do privacy reviews? a working understanding is most useful

<npdoty> ... Greg's email has meta questions about the questionnaire

<npdoty> tara: +1, useful to try out the questionnaire with reviews

tara: very beneficial to get experience reviewing documents with this one

npdoty: we should look at Greg's Presentations API email

… would be happy to have this merged with the security document that the TAG is working on

… having one document means it's more likely that people will use it

… and being TAG, people will pay attention to it

… so fine with having one document

… would like to do anything we can to get the feedback to tAG

+q

… whatever we need to do to get that feedback

christine: what we need to do is have another conversation with TAG

… what's the best way that both pieces of work get good traction

… the second screen working group have reached out to us

… will be having privacy discussion at TPAC in their own meeting

… if we can do a bit more work on our document, about what we think is important for the S&P questionnaire

… can take to TPAC and present to TAG our feedback

<Ryladog> +1

<tara> Yup, good idea!

<npdoty> JoeHallCDT: +1 to taking questionnaire to TPAC

<npdoty> ... understand npdoty on having one document/one place is good, connected to TAG sounds good

<npdoty> ... here are the pieces we think need to be updated with privacy-informed perspective

<npdoty> ... that could be formal input back to TAG

<npdoty> ... we (CDT) can work on that

<npdoty> ... when we have a discussion, Second Screen, more face to face feedback

<npdoty> ... there's no reason we PING couldn't be more ambassdors, going to other groups' calls

<npdoty> ... 1. go back to TAG with edits. 2. engage with groups, including at TPAC

tara: we can build bridges for the meeting, and support this at TPAC

<npdoty> are there any times that East Coast US and Japan meetings that easily overlap?

christine: you volunteered to try reviewing Presentation API?

<npdoty> https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0120.html

… for some reason, I didn't see that

<christine> +q

<npdoty> I've just updated the wiki page on privacy reviews with that link, and the fact that Greg has been looking at the Presentation API

<npdoty> JoeHallCDT: would be good to have a set of resources somewhere, not just in the mailing list

<npdoty> https://www.w3.org/wiki/Privacy/Privacy_Reviews#Requested_reviews

npdoty: we do have a wiki list of requested and finished reviews ^^^^

<Zakim> npdoty, you wanted to comment on list of reviews

… I am hopeful that this can be a semi-stable resource

… still need to send things to the mailing list

christine: to add to that, to Joe's point that also keeps the reviews so you don't have to look at the mailing list

… can we add to the wiki the actual detail of the reviews?

… ah you have… pointers to the emails?

… maybe that's all we need to do

… we should look at that and what's the best way to do it

<npdoty> I'm not sure if the email review style is the best possible, but it's definitely a good start

… one of the things I'd like to do is send a note out to the list encouraging people to look at the Presentation API review before turning over to 2nd screen WG

+q

<npdoty> JoeHallCDT: having a list on the wiki with pointers to emails where we go through a privacy review is great, but if there are multiple reviews, or follow-up pointers ... gets complicated

<npdoty> ... instead, could keep the review in a separate wiki page, and then update it on the wiki

npdoty: haven't included a link to every email in the list discussing something… just the final link to the WG

tara: presumably the next call we'd have is during TPAC

npdoty: do have some other business

<npdoty> https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0133.html

… Mike West has asked for more feedback on what's now called Secure Context (used to be powerful features)

… limit certain features to secure origins

<npdoty> https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0051.html

… DNT asked for feedback

… the other thing was not so much a review as threads on clearing local data in private browsing mode

… now there is a proposal in WebAppSec

<npdoty> https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0134.html

+q

<npdoty> ack

christine: also has a feeling that there may be something else as well

… we need to figure out how to contribute to these requests

… I can try to spurring people into action via the email list

… really need to be looking at these things

<npdoty> I'll update the wiki. if anyone knows of an individual who would be good to request review one of these documents, that would be great

<christine> @ Joe,yes, I'll chase up

<npdoty> JoeHallCDT: could look at DNT with fresh eyes/PING perspective

<npdoty> ... otherwise, +1 to email reminders to prompt people, multiple people, to review

christine: header enrichment?

… nick and joe, still worthwhile doing anything else in this space

npdoty: rather than reviewing a document, could be a good thing for a convening function

+q

… privacy implications of header enrichment

christine: suggestion and question:

… suggestion in the part of the unconference TPAC, maybe PING could suggest a session on the privacy imps of header enrichment

… question: this is slightly different from what PING does traditionally

<npdoty> I think the unconference is still on the schedule; sounds like a reasonable idea to me

… could PING have a series of blog posts? statements?

tara: sounds interesting, not sure about the precedent

npdoty: there's a w3c blog, anyone can blog on their own

… if we think that's a good way to communicate on a topic, we should do it.

<npdoty> JoeHallCDT: Unsanctioned Tracking finding from TAG relevant to header enrichment

<npdoty> ... what would we say about header enrichment, separate from TAG finding?

<npdoty> ... not okay, except in these circumstances

npdoty: might be interesting to try to define exactly what circumstances might be privacy preserving in header enrichment

… we want to get the header enrichment and privacy people to talk

<npdoty> JoeHallCDT: concern about it not being end-to-end on any level, but could imagine some use cases

christine: who do we think the pro-enrichment people would be

Joe: Verizon and AT&T

christine: are there others that have been doing this?

JoeHallCDT: not sure

christine: would be worthwhile having a conversation

<npdoty> yeah, I should probably do that

christine: add to the list things that need to be done: organize TPAC session, send agenda around

npdoty: telecon in october? or just TPAC?

tara: arranged for there to be a phone so that we could do that

… time zones will be hard

npdoty: should have remote optoin, but separate call in October

+1

christine: inclined to think we should have a call separate from TPAC meeting

… keep the enthusiasm!

tara: quite a valid point

… just don't want folks to be overwhelmed.

… should we do it before TPAC? since TPAC is right before

… 22 would make sense?

<christine> 22 works

<npdoty> maybe we could check with our Geofencing presentation re: scheduling

tara: will assume we'll do it then, with the aim of making progress for the TPAC set of meetings

<npdoty> trackbot, end meeting

Summary of Action Items

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/09/17 17:04:03 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Found ScribeNick: JoeHallCDT
Found ScribeNick: npdoty
Found ScribeNick: JoeHallCDT
Inferring Scribes: JoeHallCDT, npdoty
Scribes: JoeHallCDT, npdoty
ScribeNicks: JoeHallCDT, npdoty
Default Present: npdoty, runnegar, tara, JoeHallCDT, LCPolan, KatieHS, Haritos-Shea
Present: npdoty runnegar tara JoeHallCDT LCPolan KatieHS Haritos-Shea Katie
Regrets: wseltzer
Found Date: 17 Sep 2015
Guessing minutes URL: http://www.w3.org/2015/09/17-privacy-minutes.html
People with action items: 

WARNING: Input appears to use implicit continuation lines.
You may need the "-implicitContinuations" option.
[End of scribe.perl diagnostic output]