W3C

- DRAFT -

Privacy Interest Group teleconference

14 Jun 2012

Agenda

See also: IRC log

Attendees

Present
npdoty, fjh, +1.949.483.aacc, Christine, jtrentadams, +1.203.436.aadd, tara, wseltzer, +1.415.520.aaee, justin_, Joanne, MacTed, +358.504.87aaff, +44.163.551.aagg, +33.4.42.36.aahh, Narm_Gadiraju, virginie_galindo, Frederick_Hirsch, Kasey
Regrets
Susan_Israel, Karima_Boudaoud, Sören_Preibusch, JC_Canon
Chair
SV_MEETING_CHAIR
Scribe
npdoty

Contents


<fjh> yes,

Ted Thibodeau, OpenLink Software, semantic web technologies, including access control

Frederick Hirsch, Nokia, DAP and XML Security and working more on privacy

<MacTed> we make the Virtuoso Universal Server (http://virtuoso.openlinksw.com/), OpenLink Data Spaces (http://ods.openlinksw.com/), and various other data access, management, and integration tools

<Christine> Virginie G will be joining us shortly

Wendy Seltzer, Web Cryptography working group and outside research on privacy and security

<peacekeep3r> Markus Sabadello of the Personal Data Ecosystem Consortium (http://personaldataecosystem.org/)

<scribe> scribenick: npdoty

Virginie Galindo, Gemalto, company delivering digital security solutions, chair of Web Crypto WG

tara: overview of the agenda
... any other business to add?
... Privacy Considerations doc, want to take some first steps towards that outline

Dependencies (reports on other groups)

fjh: Device APIs WG, co-chaired with Robin Berjon
... JavaScript device APIs that are related to HTML5, though not Geolocation
... media capture from a device, for example; a variety of sensors (proximity, battery status, network info)
... actuators (like vibration)
... information (gallery, contacts, calendar)
... a variety of information sources and actuators
... several privacy issues
... access to the info, unexpected actions, fingerprinting (like which codecs, etc.)
... a mobile phone/device and a Web application (not necessarily through the browser) that legitimately wants to access a contact from your device's address book
... an additional model of a device, a web page and then a third-party service somewhere on the Internet
... maybe you want to edit your photos on another site, as a service; JavaScript mashups
... did document requirements, principles and concerns related to privacy

http://www.w3.org/2009/dap/

http://www.w3.org/TR/2010/NOTE-dap-privacy-reqs-20100629/

scribe: some things can be handled by an API, some things really can't (like the secondary use or later distribution)

fjh: what I keep saying, and this keeps coming up in W3C workshops, that we don't have the entire system which makes it difficult to address privacy
... wrote a Web Application Privacy Best Practices, wanted to note privacy best practices that the application itself can handle (that we can't control in the API itself)
... think this is all obvious to people on the call ;)

http://www.w3.org/TR/2011/WD-app-privacy-bp-20110804/

fjh: we also had an effort, via Alissa and John Morris, for users to communicate their privacy concerns to a site
... we had a simple, clear list of rulesets, to be shared from the user to the server
... don't expect it to progress in the Working Group because of a variety of concerns
... potential liability, practical issues; not necessarily good or bad
... an easier thing to do is minimization: design the API to return the minimum amount
... you could with any system get more than you should by trying, but don't by default
... should be a general practice, localized and doable
... fingerprinting is a real trade-off, we don't have answers to that, I'm hearing that there's a tradeoff between privacy and utility and people tend towards utility
... Web Intents Task Force and Media Task Force (joint with WebApps WG)
... constraints to specify parameters for certain media (codecs, etc.)
... all of those constraints taken together can perform a fingerprinting function, but having them helps provide the service in the appropriate way
... can accrete a lot of minor pieces and in the aggregate have a substantial impact on privacy
... can't really have policy per se because who would determine the policy in the decentralized system
... so we'll have user interaction instead (transparent, user will have a choice, which may be persisted)
... do not mandate any user interface (a generally accepted principle), or even mandate a particular interaction, which is left to the implementation
... relying on the market to decide, or legislation, or best practices or competition; not in the spec itself
... on the UI question, mandating that is a mistake, makes more sense to insist on a particular UI paradigm
... Web Intents (also Web Activities from Mozilla): the user mediates the selection of a service with some controls
... in some cases we don't need the user interaction? leads to a potential privacy issue
... will go to FPWD soon, doesn't have a privacy considerations section yet
... our group handles only the Device APIs segment of an entire system which is a fundamental problem
... but at least hope to alert people to the privacy issues at hand

<Christine> +q

Kasey: what is it that we can provide here? are there open issues we can advise on?

fjh: I was just coming today to inform on this. any input or help is welcome, although I don't want us to repeat any long debates.
... the rulesets there's not much we can do with at this point, but any other suggestions are welcome
... the political aspect we wore ourselves out over the course of a year. user mediation and then minimization and practical things
... an approach across all of W3C, but we need help with specifics
... a way to handle fingerprinting, or balance against the usefulness

wseltzer: work with Tor, which specifically works on preventing fingerprinting

<wseltzer>

wseltzer: a standardized profile if you want to avoid fingerprinting, even across browsers, a larger anonymity set

fjh: why not, even in the media case, just define profiles, a great idea

<wseltzer> [perhaps offer a standard "anonymity profile"]

npd: can we help a little with fingerprinting by making it easier for the browser (or a researcher) to detect?

fjh: do we have that documented somewhere to follow up? (not that I know of)

<fjh> thanks for the various ideas

virginie_galindo: started the Cryptography WG recently

<fjh> I will share profile idea on the media task force list, also follow up on fingerprinting detection. Can follow up on PING list if that helps

<wseltzer> [note Panopticlick, re fingerprinting detection: https://panopticlick.eff.org/ ]

virginie_galindo: some ideas inside W3C on Identity with a wide variety of topics, our scope is to develop APIs, cryptographic tools for developers
... create key, encrypt/decrypt, sign/check signature, anything a developer needs to add cryptography to their application (end-to-end security)
... developers using the Crypto API should be able to provide privacy, but we do not give one solution, just tools for developers to build their own solution
... currently discussing the JavaScript API, how to handle the secrets, make sure that when the user generates a secret they won't be tracked by that secret
... when you generate identifiers, shouldn't be associated with a particular user, a problem we are trying to solve

tara: looking for starting points to help with this problem?

fjh: sometime you want to know who the counterparty is (use a PKI), but for confidentiality you want to do key management in a way.... would think you would want to use symmetric keys

virginie_galindo: want to build the basic tools to use any model that they want

Kasey: can we circulate documents and get back to you with comments?

<fjh> it seems that if you use public key crypto and PKI it might be hard to keep identity information secret?

virginie_galindo: can send you a link, but discussion ongoing very actively on the mailing list

<wseltzer> Web Cryptography WG

<wseltzer> Editor's Draft

<fjh> npdoty: why is there a privacy problem with crypto, what is the tracking problem?

<fjh> cviriginie_galindo:concern of leakage of service use through leakage of crypto key information - want to maintain privacy around use of service

<fjh> s/cvirginie/virginie/

<virginie_galindo> Web Crypto WG wiki is : http://www.w3.org/2012/webcrypto/

heard warnings from vendors (and from Wendy on fingerprinting)

<fjh> npdoty: tracking protection WG started in April

<wseltzer> Tracking Protection WG

<fjh> npdoty: web services can track user activity so do not track DNT which has been focus

<fjh> npdoty: user expresses preference then this is followed by service

<fjh> npdoty: not enforcement, user expressing preferences, service needs to respect it

<fjh> npdoty: new work in W3C on defining what it means to "comply"

<fjh> npdoty: heated debate

<fjh> npdoty: F2F next week, trying to get to last call

<tara> Thanks, Frederick!

<fjh> npdoty: focus is 3rd party tracking

http://www.w3.org/2011/tracking-protection/

<Christine> Thank you very much Frederick, Virginie, Nick.

npdoty: some challenges we've had with handling press coverage

+1, take it up next call

Privacy Considerations

tara: needs to move forward
... lots of conversation last time what such a document might entail
... sufficient interest to begin work on this
... need volunteers, people who are able to write text
... and content, what an outline would look like

<Christine> +q

Kasey: to what extent can we take into account prior art?

tara: yes, would certain like to coordinate with other groups' work

Kasey: happy to help

Christine: please bring what pieces are relevant to the table

<Joanne> happy to help where I can

Christine: keep in mind that this is for those who write W3C specifications in particular

<Christine> +q

<Christine> +q

Christine: can organize these resources on the wiki

http://www.w3.org/wiki/Privacy/Privacy_Considerations

Kasey: how are these usually structured? is there something else we can look at?

<tara> W3C document to use as model? Accessibility.

npdoty: Security Considerations at IETF, but also Accessibility work at W3C

tara: seeing some volunteers here, and will also canvass on the mailing list

<tara> See also IETF security considerations documents

tara: a subgroup that can compile those resources and start working on an outline

virginie_galindo: the privacy topic raised by the TAG as well, Robin Berjon and @torgo

<virginie_galindo> http://darobin.github.com/api-design-privacy/api-design-privacy.html

<alissa> IETF security considerations doc: http://tools.ietf.org/html/rfc3552

Christine: have been in conversation with the TAG, hope to sort out how the two groups can work together

<Christine> +1

July 19th, at the same time?

<Joanne> +1

works for me

<jtrentadams> conflicts with me, but not a deal-breaker

<erin> copy on my end

this time again on Thursday, July 19th

<Christine> AOB: Pär Lannerö would like comments on the Common Terms Project (see the email dated 19 April 2012).

tara: hope to have some progress on these documents to discuss next time

<Christine> Reports on OECD and APEC moved to next meeting

<MarkLizar> thanks,

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.136 (CVS log)
$Date: 2012/06/14 17:02:36 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.136  of Date: 2011/05/12 12:01:43  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/Apologies from: Susan Israel, Karima Boudaoud, Sören Preibusch, JC Canon//
Succeeded: s/Open Link Software/OpenLink Software/
Succeeded: s/DAP/DAP and XML Security/
Succeeded: s/ndoty/npdoty/
FAILED: s/cvirginie/virginie/
Succeeded: s/ oncern/concern/
Succeeded: s/key information/crypto key information/
Found ScribeNick: npdoty
Inferring Scribes: npdoty
Default Present: npdoty, fjh, +1.949.483.aacc, Christine, jtrentadams, +1.203.436.aadd, tara, wseltzer, +1.415.520.aaee, justin_, Joanne, MacTed, +358.504.87aaff, +44.163.551.aagg, +33.4.42.36.aahh, Narm_Gadiraju, virginie_galindo
Present: npdoty fjh +1.949.483.aacc Christine jtrentadams +1.203.436.aadd tara wseltzer +1.415.520.aaee justin_ Joanne MacTed +358.504.87aaff +44.163.551.aagg +33.4.42.36.aahh Narm_Gadiraju virginie_galindo Frederick_Hirsch Kasey
Regrets: Susan_Israel Karima_Boudaoud Sören_Preibusch JC_Canon
Agenda: http://lists.w3.org/Archives/Public/public-privacy/2012AprJun/0090.html

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Got date from IRC log name: 14 Jun 2012
Guessing minutes URL: http://www.w3.org/2012/06/14-privacy-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]