See also: IRC log
<Christine> I am probably ??17
<Joanne> Nick - trying to dial in and I am getting a passcode not valid message
Hi Joanne, we had to change to 26631 today
<Joanne> is the passcode still PING?
<Joanne> thanks
tara: NB: If calling in, please use code 26631 (CONF1) today only.
<Joanne> akim, +1.415.520 is Joanne
<narm_gadiraju> Is the conference passcode working? it says invalid for me!
<robsherman> Trying to dial into Zakim and I'm getting a note that passcode 7464 doesn't work — can someone give me the right one?
NB: If calling in, please use code 26631 (CONF1) today only.
<robsherman> Thanks, Nick.
<Christine> Hi all. We received apologies from Sören Preibusch, Piero Bonatti, Wendy Seltzer, Rob van Eijk, Erin Kenneally.
<Christine> Apologies. Wendy I see you made it.
<scribe> scribenick: npdoty
Kasey Chapelle from Vodafone
Rob Sherman from the privacy team at Facebook
Walt __ from Nokia, working in our privacy group
<scribe> scribe: npdoty
<JC> I have to drop at 9:25
tara: had our first call
already
... minutes available
http://www.w3.org/2012/04/19-privacy-minutes.html
scribe: corrections very much welcome
http://www.w3.org/mid/68A163C8C36B4E44889BE42C91053C4E6F2346270A@EX-OPC-V4.ad.privcom.gc.ca
tara: high level discussion of
where we go
... a lot of people had different ideas about that
... now thinking about converting high level goals into
manageable goals
... any additional agenda items?
npdoty: ideas about permissions on the Web for discussion at the end of the call
tara: Tara Whalen, co-chair of the PING
Joanne, TRUSTe
Julian, Future of Privacy Forum
JC from Microsoft
Alissa from CDT
Ashok from Oracle
<narm_gadiraju> Narm Gadiraju from Intel
we also have Christine Runnegar, our co-chair calling in from a crowded airport
tara: thank you and welcome
<kboudaou> Karima from university of nice sophia antipolis
<Christine> Hi everyone
tara: one of the points from last
time
... how can we actually do/write the privacy considerations
document
... saw an interest from last time for developing that
document
... what are the next steps for creating it?
Ashok_Malhotra: already have a
couple of documents
... privacy/policy considerations for Internet protocols
... how will this be different? what is the scope going to
be?
... start with IETF stuff and build upon them?
Christine: thanks for bringing
this up, IETF and IAB privacy program has already done a lot of
work for guidance for Internet protocol designers
... envisaged in the charter is a similar document tailored to
those developing W3C standards
... imagine there will be a lot of synergy, can learn a lot
from the IETF experience
... have a number of people working in both places
Ashok_Malhotra: one document that is about privacy for Internet protocols, an overlap, I think
alissa: have been leading the
privacy program and developing the documents there
... agree that there's a substantial amount of overlap, would
be useful to discuss the aspects of standardization that happen
in W3C
... API development, for example, more relevant at W3C
... at IETF don't think about user interface considerations
whatsoever
... at W3C, a little bit more of an eye towards how
specifications will effect user interface
... while considerations/terminology are generic and can
inform, there's more that can be done
npdoty: agree on the differences
that would be at the application layer (like UI)
... should we try applying the privacy considerations document
to a W3C spec? or start a new, similar document at W3C?
alissa: we tried applying an
early draft to reviews of several protocols
... helpful for identifying recurring themes
... often people didn't consider identifiers and how they can
be correlated unexpectedly
... and so now have guidance particularly on identifiers and
correlation
<Joanne> +q
alissa: might require reaching out to groups
<alissa> These were the reviews I mentioned. http://www.iab.org/activities/programs/privacy-program/privacy-reviews/
<tara> Joe Alhadeff
JoeAlhadeff: question of
practical application, what needs the protocol is serving and
how the protocol is used
... not sure we do a particularly good job of that anywhere at
the moment
Joanne: IAB document is something we should draw from, identifying themes that the W3C groups have encountered would be helpful
JoeAlhadeff: one thing we've seen
from advocates or privacy fundamentalists (as in Westin) often
think about privacy without considering the actual
context
... if the design is privacy-invasive from the start, then
there's nothing you can do
... what information can be provided in a privacy-sensitive
context
... analysis that takes need and use into account, as opposed
to a neutral view of protocols
npdoty: are the questions of use for the protocol or for the application?
JoeAlhadeff: I think it applies
to both, need to think about the use scenarios even at the
protocol layer
... in the context of the protocol building safeguards in
<terminal announcements coming from Christine>
Christine: perhaps Joe what
you're talking about would fit into a companion document, like
a best practices document
... bridging the gap between standards design and application
development
JoeAlhadeff: an outline that
suggested data minimization (a fundamental principle, for
example), data minimization without understanding use is
difficult
... data should be minimized in accordance with its reasonable
need and context
<alissa> +q
JoeAlhadeff: OECD-level
guidelines may be useful, but
... the more we can get privacy wired in, the better
<kboudaou> +q
alissa: I don't think there was a
laser focus on minimization (the draft that Dan Appelquist had
started on)
... trying to deal broadly with all the aspects of privacy
(from FIPPs and OECD)
... minimization in particular seemed like low-hanging fruit,
directly applicable to API design
... in Device APIs giving access to these system-level
properties, address book, etc.
... are you going to give access to the full address book or
just parts of it? more granular capability
... the seed that was planted about minimization, a realization
that the API can let applications minimize, might be as far as
we can go with API specifications
... can give suggestions to application developers but they'll
do what they're going to do, but definitely good to give tools
that are useful
JoeAlhadeff: just saying that
thinking about use cases is important in coming up with what
minimization tools we should have and what functionality we
should enable
... useful to look at the context of uses when you start to
define the library of tools
<kboudaou> Sorry for the echoes
<kboudaou> I write on irc
<kboudaou> Regarding the fact focussing on protocol vs applications, from my point of view we should start with the application level to help developers to take into account when designing for example mobile web appl
npdoty: maybe we just give the advice to the api designers that we should often think about the potential applications in deciding exactly what kind of minimization/granularity
JoeAlhadeff: help the protocol
designer to think beyond just how they themselves would use the
API to avoid something overly burdensome
... get input of use cases from business perspectives which
might otherwise be missed
... give the tools to enable compliance, not a handcuffing that
would enforce compliance
... avoid developing protocols in just an academic space
tara: chairs will try to
summarize and send this back to the group
... discussion on the mailing list since there's more than we
can do in any single call
... think about what we can actually write down
... discussion on the mailing list or collecting
documents/examples/use cases on the wiki
tara: collection of other groups
that we've identified in the charter
... if you're aware of any other groups we should liaise with,
let us know
Christine: had a very useful
discussion with the IAB Privacy Program last week
... keen to help us how they can, make sure both communities
are aware of what's happening (alissa, feel free to add)
... Tara and I also reached out to Chairs of other groups in
the W3C
... whether they've encountered privacy issues in their work,
how they've handled privacy, views and advice on what works
best
... in the charter we have a number of groups listed,
... if anyone in this PING group is participating in those
groups, you can help keep us up to date on their
activities
... Web Cryptography a new one to add the list
<kboudaou> +q
kboudaou: we have just started a
new Working Group on Privacy and Security in the middle of June
in Brussels, interdisciplinary working group to gather people
from economics, pyschology, etc. to discuss privacy issues from
different points of view
... not focus on privacy just from the technologist's point of
view
... will keep you up to date on this group, give feedback
... link on the wiki
<tara> w?
npdoty: regarding liaisons, is it
useful for us to look at privacy reviews of particular W3C
specs
... for example, concretely I was involved in Geolocation and
Device APIs with privacy issues
... should we look for people to have that conversation and do
that review?
alissa: hard to find people, but
can be substantively useful
... still talking about user interface concerns, normative
requirements
... certainly want to do more than one, so that specifics of
Geolocation don't override
Christine: challenge is always
finding willing volunteers
... a precursor that would be useful would be scheduling a time
to have one or more groups to discuss the work that they're
doing
<kboudaou> +1
npdoty: +1, if we can find chairs or participants in other groups that would join us
npdoty: noticing this as a common
issue
... do we have substantive gains here? or a process to address
this?
@@: certainly agree that it's important and need the right process
<Christine> Yes Joe speaking
<tara> Yes that is Joe (he is not on IRC)
Joe: permission certainly a very
important issue right now in EU regarding questions of
consent
... would be tremendously beneficial to have something
consistent for getting informed consent
Christine: agree, maybe a case where knowing the use cases will be helpful
<cut off by terminal announcements>
tara: from user experience, I
hear this issue come up quite a lot as well
... getting a lot of these perspectives out in one space would
be productive (regulatory space, user experience space,
etc.)
... benefit of a workshop (though it takes time to organize),
have to hammer some of these things out in a f2f meeting
<Christine> Would 14 June 2012 same time be okay?
npdoty: I'll follow up with TAG and others inside W3C and hopefully have something to discuss on the next call
<kboudaou> Fine foe me
<Joanne> DNT WG F2F is that week
tara: any objections for this timeslot in general? -- no objections
next tpwg f2f is June 20-22, at least as we've documented it as http://www.w3.org/2011/tracking-protection/
Christine: would like us to take
on some concrete items before the next call
... please volunteer
<Joanne> nick - you are correct on DNT F2F
tara: would like to see some movement on these items, since we have enthusiasm
<Christine> Yes, second what Nick says.
<Mlizar> whats your email nick?
npdoty: happy to help, work with someone on even one section
I'm npdoty@w3.org
<Christine> Thanks Tara
<Mlizar> thanks
tara: thanks for joining the call, making good progress which makes me happy, looking forward to talking next time
adjourned.
This is scribe.perl Revision: 1.136 of Date: 2011/05/12 12:01:43 Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/ Guessing input format: RRSAgent_Text_Format (score 1.00) Found ScribeNick: npdoty Found Scribe: npdoty Inferring ScribeNick: npdoty Default Present: +1.613.947.aaaa, npdoty, tara, +33.9.53.61.aabb, alissa, +1.650.353.aacc, [Microsoft], Christine, +1.415.520.aadd, Joanne, +44.163.551.aaee, +1.650.308.aaff, robsherman, Narm_Gadiraju, Yigal, Ashok_Malhotra, +1.425.225.aagg, Lia, +1.503.705.aahh, +33.9.53.61.aaii Present: +1.613.947.aaaa npdoty tara +33.9.53.61.aabb alissa +1.650.353.aacc [Microsoft] Christine +1.415.520.aadd Joanne +44.163.551.aaee +1.650.308.aaff robsherman Narm_Gadiraju Yigal Ashok_Malhotra +1.425.225.aagg Lia +1.503.705.aahh +33.9.53.61.aaii Regrets: Soren Piero wseltzer rvaneijk erinkenneally Got date from IRC log name: 17 May 2012 Guessing minutes URL: http://www.w3.org/2012/05/17-privacy-minutes.html People with action items:[End of scribe.perl diagnostic output]