15:53:39 <RRSAgent> RRSAgent has joined #privacy
15:53:39 <RRSAgent> logging to http://www.w3.org/2017/05/18-privacy-irc
15:54:40 <tara> tara has joined #privacy
15:56:07 <npdoty> npdoty has joined #privacy
15:59:00 <keiji> present keiji, tara, npdoty
15:59:08 <npdoty> present+
15:59:46 <keiji> present: keiji, tara, npdoty
16:00:13 <christine> christine has joined #privacy
16:00:47 <wseltzer> present+
16:01:07 <weiler> present+
16:01:25 <npdoty> WebRTC FTW
16:01:58 <npdoty> present+ BenHayes
16:02:25 <npdoty> scribenick: npdoty
16:02:29 <npdoty> Topic: Introductions
16:02:35 <wseltzer> zakim, who is here?
16:02:41 <Zakim> Zakim has joined #privacy
16:02:41 <npdoty> runnegar: of ISOC, enough tech to be dangerous ;)
16:02:48 <npdoty> tara: engineering and privacy at Google
16:02:59 <weiler> present+ weiler
16:02:59 <wseltzer> present+ keiji, tara, npdoty, wseltzer, weiler, BenHayes
16:03:02 <wseltzer> zakim, who is here?
16:03:02 <Zakim> Present: weiler, keiji, tara, npdoty, wseltzer, BenHayes
16:03:04 <Zakim> On IRC I see christine, npdoty, tara, RRSAgent, keiji, weiler, chaals, fjh, anssik, yoav, dustinm, plinss, mkwst, terri, adrianba, jyasskin, hadleybeeman, mounir, wseltzer,
16:03:04 <Zakim> ... trackbot, schuki, Mek, dveditz, lukasz
16:03:25 <npdoty> npdoty: UC Berkeley, School of Information
16:03:37 <npdoty> weiler: W3C Security & Privacy
16:03:56 <npdoty> keiji: Keio University and W3C, Team Contact
16:04:10 <npdoty> benhayes: Chief Privacy Officer at Nielsen, a privacy lawyer
16:04:29 <npdoty> wseltzer: W3C Strategy, another lawyer :)
16:05:19 <weiler> present +christine
16:05:31 <wseltzer> Agenda: https://lists.w3.org/Archives/Public/public-privacy/2017AprJun/0027.html
16:06:45 <npdoty> christine: PING is trying to improve privacy in Web standards, work with groups to help make design decisions with a privacy and security perspective
16:07:02 <npdoty> ... inviting spec authors or others from the WG to talk about the functionality of the specification
16:07:52 <npdoty> ... also produce guidance so that Working Groups can do their own reviews and mitigations
16:08:35 <npdoty> ... fingerprinting mitigation guidance, and a more detailed annotated privacy questionnaire
16:09:03 <weiler>     https://mit.webex.com/mit/j.php?MTID=mfaf091b3c460e388fc7b609bb8f2b753
16:09:47 <npdoty> ... need to roll up our sleeves; suggest we raise a particular privacy issue/questionnaire each week
16:10:30 <npdoty> ... and share information on current Web privacy issues (e.g. header enrichment)
16:11:24 <npdoty> Topic: Fingerprinting guidance
16:11:24 <chaals> present+
16:11:25 <npdoty> http://w3c.github.io/fingerprinting-guidance/
16:11:59 <christine> yes please sam
16:12:03 <tara> Thanks, Sam!
16:12:07 <weiler> scribenick: weiler
16:12:28 <weiler> BenHayes: what you mean re: mitigating fingerprinting?
16:12:54 <weiler> npdoty: doc defines fingerprinting and impact on end users.  TAG has written more about this.
16:13:33 <weiler> ... tracking of users w/o controls.  mitigations are re: ways to, from our specs, limit impact on user privacy.
16:14:33 <npdoty> http://w3c.github.io/fingerprinting-guidance/#identifying
16:14:36 <weiler> ...  @@
16:15:10 <weiler> ... section 5's goal is explaining tradeoff between fingerprinting surface and impact.
16:15:31 <weiler> ... persistence of identifiers, availability of drive-by web, entropy....
16:15:46 <weiler> benhayes: what's this use of entropy?
16:16:03 <weiler> npdoty: how much randomness?
16:16:28 <weiler> weiler: is this close to 'anonymity set'?
16:16:36 <chaals> zakim, agenda?
16:16:36 <Zakim> I see nothing on the agenda
16:16:43 <weiler> npdoty: not quite
16:17:11 <weiler> npdoty: high entropy = high identifiability.
16:17:18 <weiler> [this seems odd to the audience]
16:17:34 <weiler> ... happy to have better language.
16:17:39 <chaals> [I find "high entropy = high identifiability" confusing. Can we find a word less confusing, like "identifiability"?]
16:18:56 <weiler> christine: in developing annotated privacy questionaire... compare to IETF privacy considerations... this is very different from what you'd give a pivacy officier.
16:19:18 <weiler> in stds area, we need to offer things that are meaningful to the spec writers.
16:19:32 <weiler> s/in stds/...in standards/
16:20:02 <weiler> ... we commonly ask re identifiers, since spec authors understand that.  then we talk about properties of identifiers that may have privacy implications
16:20:27 <weiler> benhayes: talked w/ folks this AM re: no longer PII but instead @2
16:21:14 <weiler> npdoty: we used 'entropy' for 'amount of distinguishedness'.
16:21:40 <weiler> benhayes: feel free to use terminology you like, but it may need to be explained.
16:22:01 <npdoty> nick will create an issue to better explain "entropy" somewhere in the text
16:22:25 <chaals> ["information resolution" might be a better term, since resolution is used in other contexts. But let's not spend this meeting looking for terminoology]
16:23:12 <christine> chaals, would you be willing to talk about microdata?
16:23:18 <weiler> npdoty: i need feedback on these five factors: are they useful indeciding what tradeoffs to make.
16:23:32 <christine> great, let's do that next
16:24:08 <weiler> christine: any feedback from other communities?
16:24:12 <weiler> npdoty: no.
16:24:42 <weiler> christine: want to get this done.  ideas for how to convince folks to give us feedback?
16:25:01 <weiler> [weiler has an idea.  will see what trees I can kick.]
16:25:22 <christine> thanks sam
16:25:42 <weiler> chaals: who did you ask?
16:25:54 <weiler> npdoty: EFF fingerpritning group  & PING list.
16:26:11 <weiler> chaals: you want to ask chairs & spec editors for feedback.
16:26:28 <weiler> scribenick: npdoty
16:26:47 <tara> Agenda item: Microdata
16:26:49 <npdoty> thanks. I think we've tried some to talk with chairs@ on earlier iterations, but might want to go back to that.
16:26:51 <npdoty> Topic: Microdata
16:27:01 <npdoty> chaals: microdata is a straightforward specification
16:27:12 <weiler> s/fingerpritning/fingerprinting/
16:27:14 <npdoty> https://w3c.github.io/microdata/#privacy-considerations
16:27:15 <chaals> -> https://w3c.github.io/microdata/#privacy-considerations Microdata privacy considerations
16:27:30 <npdoty> attributes that you can add into your HTML documents, to mark up the content in a machine-readable way
16:28:17 <npdoty> chaals: you could use it to publish information into RDF (a common use, with schema.org), telling crawlers what the document is about
16:28:45 <npdoty> ... not very clever, relies on vocabularies
16:29:04 <npdoty> ... microformats, rdfa, microdata -- microdata is most used if not the most expressive
16:29:21 <npdoty> ... goal is a recommendation that reflects what is actually implemented
16:29:35 <npdoty> ... few privacy implications
16:29:51 <christine> q
16:29:55 <christine> +q
16:30:01 <npdoty> ... could make information more explicit, but that's the only thing I can think of that happens
16:30:19 <npdoty> ack christine
16:30:29 <npdoty> christine: could microdata be used to enhance privacy?
16:30:48 <npdoty> ... improve transparency about privacy aspects of a page
16:31:29 <npdoty> chaals: by itself it wouldn't make a difference, but need to process microdata, which is typically done by third-party applications -- a browser extension or a search engine, say
16:32:09 <npdoty> ... could identify documents that shouldn't be read or shouldn't be published because they are privacy-sensitive
16:32:29 <npdoty> ... could identify parts of the HTML interface that are collecting sensitive form data
16:32:47 <npdoty> ... not specific to microdata, but microdata provides a mechanism to achieve it
16:33:17 <npdoty> chaals: microdata not especially expressive, so might not be the best option
16:34:33 <npdoty> chaals: most often used for search engines to provide rich snippets based on marked up pages
16:35:06 <npdoty> q+
16:37:10 <christine> ack nick
16:37:18 <christine> ack npdoty
16:38:25 <christine> most common use of microdata is to mark up personal data (e.g. author name) so need to fix privacy considerations
16:38:33 <chaals> NPD: Should we be recommending access control for personal information?
16:38:49 <npdoty> npdoty: think it's incorrect to say that it's not generally personally identifying, because an extremely common use is marking up name/author information for search engine publishing
16:39:28 <npdoty> chaals: enabling easier machine processing of potential information about people
16:39:46 <npdoty> ... so might want to recommend that users take care when marking it up that way
16:40:15 <npdoty> christine: changing the privacy implications of the personal data that's in that page, because it's easier to find or easier to consume/process
16:40:30 <chaals> [point to the need to consider what information is being collected, or made more collectble, and what are the implcations of doing so.]
16:40:42 <npdoty> chaals: will file an issue on that point.
16:41:01 <npdoty> ... helpful feedback
16:41:34 <npdoty> Topic: AOB
16:41:43 <npdoty> christine: need to move forward with the privacy questionnaire
16:41:51 <npdoty> ... what's a good discrete question to start with on the email list?
16:42:12 <npdoty> chaals: went looking for privacy questionnaires, and I found 3!
16:42:33 <npdoty> ... would be very helpful if we went through our own documentation to point to 1 or 2, but in a consistent manner
16:42:47 <tara> Thanks, chaals.
16:42:51 <npdoty> keiji and weiler, can you help us fix the documentation?
16:43:21 <npdoty> christine: point to TAG sec/priv questionnaire
16:43:47 <npdoty> ... and make it clear that work-in-progress one at Greg's longer questionnaire
16:44:08 <npdoty> chaals: for me, the questions in the wiki were easier to understand around privacy issues (rather than just security issues, or more technical points)
16:44:51 <weiler> rrsagent, draft minutes
16:44:51 <RRSAgent> I have made the request to generate http://www.w3.org/2017/05/18-privacy-minutes.html weiler
16:46:01 <weiler> zakim, list participants
16:46:01 <Zakim> As of this point the attendees have been weiler, keiji, tara, npdoty, wseltzer, BenHayes, chaals
16:46:18 <npdoty> chaals: could split security and privacy questionnaires
16:46:33 <npdoty> npdoty: my impression was that tag document could become shorter, and point to longer documents
16:47:00 <wseltzer> q+
16:47:01 <npdoty> christine: hoping we'll have some staff/volunteers back and more accessible
16:47:27 <weiler> present +christine
16:47:30 <npdoty> wseltzer: we can publish whatever we have consensus on, not seeing active work on sec/priv questionnaire
16:47:40 <weiler> s/ present +christine//
16:47:45 <weiler> s/present +christine//
16:47:49 <weiler> present+ christine
16:48:08 <npdoty> wseltzer: incremental improvement, decide where the best pointer is to a single document
16:48:26 <npdoty> ... leaving it as 3 documents where no one is working on any of them is causing confusion
16:48:40 <weiler> wseltzer++
16:48:46 <npdoty> christine: +1, let's sort that offline
16:49:06 <tara> https://www.w3.org/2017/11/TPAC/
16:49:33 <npdoty> do a questionnaire walkthrough at TPAC?
16:49:39 <npdoty> would need a pretty solid draft by then
16:49:41 <weiler> maybe more than one?  open invitation?
16:50:06 <npdoty> chaals: don't expect it to ever be totally finished because we'll keep learning things
16:50:58 <npdoty> christine: should try to identify a good test case early
16:51:02 <npdoty> npd: +1
16:51:15 <tara> Sounds good for TPAC plan!
16:52:25 <npdoty> christine: npdoty, do you have a list of specs with privacy considerations?
16:52:30 <npdoty> npdoty: will try to come up with that offline
16:53:25 <npdoty> tentatively planning on June 29th for next meeting
16:54:09 <npdoty> [adjourned]
16:54:51 <keiji> yes, thank you nick!
16:55:39 <keiji> rrsagent, draft minutes
16:55:39 <RRSAgent> I have made the request to generate http://www.w3.org/2017/05/18-privacy-minutes.html keiji
16:56:09 <keiji> RRSAgent, make logs team
16:56:55 <keiji> Chair tara
16:57:35 <keiji> Meeting: Privacy Interest Group Monthly Meeting May 2017
16:57:46 <keiji> rrsagent, draft minutes
16:57:46 <RRSAgent> I have made the request to generate http://www.w3.org/2017/05/18-privacy-minutes.html keiji
16:58:20 <weiler> chair: tara, christine
16:58:54 <keiji> 6-10 NOVEMBER 2017?
16:59:34 <keiji> rrsagent, draft minutes
16:59:34 <RRSAgent> I have made the request to generate http://www.w3.org/2017/05/18-privacy-minutes.html keiji
17:00:49 <keiji> rrsagent, make minutes
17:00:49 <RRSAgent> I have made the request to generate http://www.w3.org/2017/05/18-privacy-minutes.html keiji
17:01:10 <keiji> RRSAgent, make logs public
17:01:43 <keiji> rrsagent, bye
17:01:43 <RRSAgent> I see no action items