IRC log of privacy on 2012-07-19

Timestamps are in UTC.

15:51:00 [RRSAgent]

RRSAgent has joined #privacy

15:51:00 [RRSAgent]

logging to http://www.w3.org/2012/07/19-privacy-irc

15:51:10 [npdoty]

rrsagent, make logs public

15:51:22 [npdoty]

Meeting: Privacy Interest Group July Teleconference

15:51:31 [matt]

zakim, ping me in 8 minutes

15:51:31 [Zakim]

ok, matt

15:52:01 [fjh]

fjh has joined #privacy

15:57:31 [christine]

christine has joined #privacy

15:58:11 [Zakim]

Priv_IG()12:00PM has now started

15:58:17 [Zakim]

+ +1.613.304.aaaa

15:58:24 [Zakim]

+ +33.4.92.96.aabb

15:58:36 [Zakim]

+npdoty

15:59:08 [Joanne]

Joanne has joined #privacy

15:59:21 [Zakim]

+??P11

15:59:30 [matt]

zakim, code?

15:59:30 [Zakim]

the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), matt

15:59:30 [npdoty]

Zakim, aaaa is probably tara

15:59:32 [Zakim]

+tara?; got it

15:59:32 [Zakim]

matt, you asked to be pinged at this time

15:59:48 [tara]

tara has joined #privacy

15:59:59 [alissa]

alissa has joined #privacy

16:00:36 [tara]

613.

16:00:47 [Zakim]

+justin

16:00:55 [Zakim]

+KevinT

16:00:58 [npdoty]

Zakim who is making noise?

16:01:08 [Zakim]

+ +358.504.87aacc

16:01:09 [Zakim]

+matt

16:01:10 [npdoty]

chair: tara

16:01:22 [Zakim]

+??P34

16:01:40 [npdoty]

Zakim, agenda+ Introductions

16:01:40 [Zakim]

agendum 1 added

16:01:40 [matt]

zakim, mute me

16:01:41 [Zakim]

matt should now be muted

16:01:52 [npdoty]

Zakim, agenda+ Dependencies (including Geo)

16:01:53 [Zakim]

agendum 2 added

16:01:59 [npdoty]

Zakim, agenda+ Liaisons

16:01:59 [Zakim]

agendum 3 added

16:01:59 [Joanne]

Zakim, Kevin T is really Joanne

16:02:00 [Zakim]

I don't understand 'Kevin T is really Joanne', Joanne

16:02:11 [npdoty]

Zakim, agenda+ Privacy Considerations

16:02:11 [Zakim]

agendum 4 added

16:02:24 [npdoty]

Zakim, KevinT is really Joanne

16:02:24 [Zakim]

+Joanne; got it

16:02:31 [christine]

We have received apologies from JC Canon, Trent Adams, Piero Bonatti, Susan Israel, Erin Kenneally

16:02:35 [MarkL]

MarkL has joined #privacy

16:02:48 [npdoty]

regrets+ JC, Trent, Piero, SusanIsrael, ErinKenneally

16:02:49 [robin]

robin has joined #privacy

16:02:53 [matt]

Regrets: JC Canon, Trent Adams, Piero Bonatti, Susan Israel, Erin Kenneally

16:02:54 [MarkL]

Hi Everyone!

16:03:29 [robin]

Hi all - apologies if I get this wrong: I am an IRC n00b <blush>

16:03:44 [tara]

No problem.

16:04:06 [npdoty]

Zakim, who is on the phone?

16:04:06 [Zakim]

On the phone I see tara?, +33.4.92.96.aabb, npdoty, ??P11, justin, Joanne, +358.504.87aacc, matt (muted), ??P34

16:04:09 [Zakim]

+bilcorry

16:04:17 [tara]

Let us know if you're on IRC but not on the phone so we can repeat things you might miss.

16:04:32 [robin]

thanks - am working on dialling in now...

16:04:40 [Ashok_Malhotra]

Ashok_Malhotra has joined #privacy

16:05:06 [fjh]

i'm on irc but not the phone

16:05:09 [bilcorry]

bilcorry has joined #privacy

16:05:27 [Zakim]

+ +1.202.379.aadd

16:05:37 [npdoty]

scribenick: Joanne

16:05:42 [bilcorry]

Zakim, who is on the call?

16:05:42 [Zakim]

On the phone I see tara?, +33.4.92.96.aabb, npdoty, ??P11, justin, Joanne, +358.504.87aacc, matt (muted), ??P34, bilcorry, +1.202.379.aadd

16:05:52 [bilcorry]

Zakim, mute me

16:05:52 [Zakim]

bilcorry should now be muted

16:05:56 [Zakim]

+James

16:05:56 [npdoty]

Zakim, agenda?

16:05:57 [Zakim]

I see 4 items remaining on the agenda:

16:06:00 [Zakim]

1. Introductions [from npdoty]

16:06:01 [Zakim]

2. Dependencies (including Geo) [from npdoty]

16:06:04 [Zakim]

3. Liaisons [from npdoty]

16:06:05 [Zakim]

4. Privacy Considerations [from npdoty]

16:06:08 [matt]

zakim, unmute me

16:06:17 [Zakim]

matt should no longer be muted

16:06:28 [Joanne]

I may not know who is talking . Please let me know who is speaking

16:06:48 [Joanne]

Christin: anyone here for the first time?

16:06:55 [npdoty]

s/Christin/Tara/

16:07:10 [robin]

I'm here for the first time...

16:07:15 [Joanne]

Tara: intros

16:07:26 [Joanne]

rudy: with Comcast global policy

16:07:44 [Zakim]

+Ashok_Malhotra

16:08:11 [Joanne]

Tara: next item looking at the dependencies

16:08:21 [kboudaou]

+33.4.92.96.aabb is : Karima :-)

16:08:25 [Ashok_Malhotra]

zakim, mute me

16:08:25 [Zakim]

Ashok_Malhotra should now be muted

16:08:31 [npdoty]

Zakim, aabb is kboudaou

16:08:31 [Zakim]

+kboudaou; got it

16:08:33 [Joanne]

Matt: part of W3C team with geo-locations WG

16:08:46 [npdoty]

Topic: Geo (with Matt)

16:08:52 [Joanne]

...first version of spec and will be released as recommendation soon

16:08:59 [matt]

-> http://www.w3.org/TR/geolocation-API/#security

16:09:31 [Joanne]

...spec provides bunch of info on how to prtect invidual privacy on sites that use the API

16:09:51 [Joanne]

...alissia can speak about the CDT proposal

16:09:58 [Patrick]

Patrick has joined #privacy

16:10:38 [Joanne]

...group came to consensus on section after much debate and now the hard part testing

16:10:39 [npdoty]

GEOPRIV, http://datatracker.ietf.org/wg/geopriv/charter/

16:10:53 [Joanne]

...found sites could conform to the requirements

16:10:58 [Joanne]

...not an easy task

16:11:46 [npdoty]

concept that "an API should never be allowed to lie!"

16:11:46 [Joanne]

...challenges is the API can lie about where you are and the API should not be able to lie. lots of conserns

16:11:52 [Joanne]

...looked at this for a long time

16:12:04 [christine]

+q

16:12:36 [Joanne]

Tara: are there things PNG can do to be useful to your WG? what can we learn?

16:12:44 [npdoty]

s/PNG/PING/

16:12:54 [Joanne]

Matt: right people involved from teh get-go is important

16:13:22 [alissa]

Richard Barnes from BBN was also involved

16:13:55 [npdoty]

... could actually see PING as a horizontal thing to get people involved across groups

16:13:59 [Joanne]

...PNG should be a horizontial thing and influence the work. Having privacy people involved from the beginning is important

16:14:18 [npdoty]

q+ to ask about TAG review

16:14:23 [npdoty]

ack christine

16:14:35 [Zakim]

-npdoty

16:14:41 [Joanne]

Christine: very helpful and couldn't agree more in having privacy people in the beginning

16:15:26 [Joanne]

...what are lessons learned in identifying privacy vulenbilities (sp). Example, how did the gropu think about privacy for that spec

16:15:27 [Zakim]

+npdoty

16:15:34 [christine]

-q

16:16:05 [Joanne]

Matt: lessons I learned - a lot of engineers don't necessarily look at the privacy implications

16:16:44 [npdoty]

... radically different legal requirements (mandated in one country, prohibited in another)

16:16:47 [Zakim]

+??P22

16:17:08 [Joanne]

...Vodafone involvement showed how laws vary across some countries. what is ok in one country may not be allowed in another country. how do you write a spec with varying laws and test that these things are possible to enforce

16:17:11 [Zakim]

-??P22

16:17:58 [Joanne]

...one way to test is to read the privacy policy and test against that. trust the company does what they say are they are doing

16:18:07 [matt]

-> http://www.w3.org/2008/geolocation/drafts/API/Implementation-Report.html#website-tests

16:18:08 [matt]

\

16:18:15 [Joanne]

...difficult to test and will link to test results

16:18:29 [Joanne]

...had more than just the three listed

16:18:44 [Joanne]

...non-trival task

16:18:46 [npdoty]

ack npdoty

16:18:46 [Zakim]

npdoty, you wanted to ask about TAG review

16:19:23 [Ashok_Malhotra]

zakim, unmute me

16:19:23 [Zakim]

Ashok_Malhotra should no longer be muted

16:19:32 [Joanne]

Nick: wanted to ask about tag management. was tag review useful for uncovering privacy issues, and what role tag can play in reviewing areas around privacy?

16:20:07 [Joanne]

Matt: not real formal but did talk to tag for an hour or two. not sure if we can call it a tag review or not

16:20:34 [Joanne]

unknow: this version of the spec a lot better. thank you Matt

16:20:44 [Zakim]

+??P31

16:20:52 [npdoty]

s/unknow/Ashok/

16:21:44 [alissa]

+q

16:21:46 [tara]

q?

16:22:07 [Joanne]

Hannes: privacy experts wasn't really heard. what do you think was done well around the privacy mechanisms. somewhat negative about the development within the group and get them to listen

16:22:26 [Joanne]

Matt: did best to make sure all comments were responded to

16:22:27 [tara]

ack alissa

16:22:36 [Joanne]

...Alissia may be able to comment more

16:23:11 [Joanne]

Allisia (sp): disagree with Hannes characteristication (sp).

16:23:27 [matt]

s/Allisia/Alissa/g

16:24:09 [Joanne]

....sending privacy rules around. did end up with strong normative language. Testing was difficult to make sure reqs in Sec 3 were meet

16:25:02 [npdoty]

copying of sections of requirements on recipients wholesale into other specs, like device APIs, which might be advantageous

16:25:17 [Joanne]

...took some of this text wholesale and put them into their APIs. Reqs around receipents getting geo-location info hard to enforce

16:25:42 [Joanne]

Matt: this did not just breeze right through.

16:25:54 [Joanne]

Tara: last chance to comment

16:26:06 [npdoty]

q+

16:26:08 [matt]

Privacy was pretty much our biggest hurdle, the technical stuff was insignificant compared to privacy actually.

16:26:10 [Joanne]

...going once, going twice

16:26:13 [tara]

ack npdoty

16:27:14 [Zakim]

+[IPcaller]

16:27:21 [fjh]

zakim, [IPcaller] is me

16:27:21 [Zakim]

+fjh; got it

16:27:26 [Joanne]

Nick: on the ques on testibility. we want to make it easy to test to determine conformance. should we make reqs more technicla and make privacy reqs testable against the spec

16:28:20 [Joanne]

Matt: what is interesting about w3c testing people is we have to show that everything normative is implementable. low bar. not very strong. we want above and beyond w3c reqs

16:28:49 [tara]

q?

16:29:47 [Joanne]

unknown: how did deployment act in repsect to privacy? did that lead to any improvements in deployments? is there truly privacy prtoections

16:29:55 [npdoty]

s/unknown/Hannes/

16:30:50 [Joanne]

Matt: it changed on the browser side and the receipent side. no one hasn't reporoted on redeployment since Nick wrote the paper

16:31:05 [npdoty]

we thought about doing an updated study to see if there were deployment changes over time, but it's a hard thing to measure in a comparable way

16:31:36 [Joanne]

...browser is deployed with active consent to sharing location data. not sure about reciepent <apologies for my bad spelling/typing>

16:31:39 [Zakim]

-??P34

16:31:51 [fjh]

zakim, who is here?

16:31:51 [Zakim]

On the phone I see tara?, kboudaou, ??P11, justin, Joanne, +358.504.87aacc, matt, bilcorry (muted), +1.202.379.aadd, James, Ashok_Malhotra, npdoty, ??P31, fjh

16:31:54 [Zakim]

On IRC I see Patrick, bilcorry, Ashok_Malhotra, robin, MarkL, alissa, tara, Joanne, christine, fjh, RRSAgent, Zakim, npdoty, kboudaou, MacTed, matt, wseltzer

16:32:18 [Zakim]

+??P34

16:32:20 [Joanne]

Tara: that you Matt and hope we benfit from your experience and take advantage of that.

16:32:20 [christine]

Zakim ??P11 is christine

16:32:35 [npdoty]

Zakim, ??P11 is christine

16:32:35 [Zakim]

+christine; got it

16:32:50 [npdoty]

Zakim, justin is really alissa

16:32:50 [Zakim]

+alissa; got it

16:33:10 [Joanne]

Matt: love to help and am neutral about the deployments. will love to help and Alissia can input based on her experience

16:33:22 [Joanne]

Tara: 3rd item ont eh agenda

16:33:36 [npdoty]

Topic: IAB Privacy Program

16:33:37 [alissa]

http://tools.ietf.org/html/draft-iab-privacy-considerations-03

16:33:50 [Joanne]

Tara: moving to alissa

16:34:21 [Joanne]

Alissa: IAB protocols. Look at ToC's and run through the doc

16:34:37 [Ashok_Malhotra]

Worked for me! Cool!

16:34:54 [Joanne]

...terminology section around privacy and describes terms used in the protocals

16:35:32 [tara]

tara has joined #privacy

16:35:43 [Joanne]

...tired to make link between abstract threats and how internet proptocals. talk about ways threats can be mitigated

16:35:56 [Joanne]

...data minization

16:36:22 [Joanne]

...uyser participantion involving hte user in decisions about hisher data to minize threats

16:36:50 [Joanne]

...that is the setup to give designers who aren't use to think about privacy reasons to care about it

16:37:25 [Joanne]

...section 6 designed to give designers on how to think about privacy when designing protocoals

16:38:16 [Joanne]

...taks about difficulty around managing body list, etc. maxium utility of systems built using proptocals

16:38:26 [Joanne]

...love feedback on the doc

16:38:46 [Joanne]

...hoping to now get this to the folks out in th e ITF

16:38:47 [matt]

zakim, mute me

16:38:47 [Zakim]

matt should now be muted

16:38:51 [npdoty]

... section 7, an example, based on SIP, managing a buddy list, experience with all of the privacy problems that can appear in Internet protocols

16:38:51 [Joanne]

...main work item

16:39:10 [Joanne]

...privacy survey Hannes has been spreadheading

16:39:50 [Joanne]

...hoping to get feedback from people in the field

16:39:56 [tara]

q?

16:40:15 [Joanne]

Tara: that is a lot. impressive accomplishment

16:40:38 [Joanne]

...help out group ...feedback on survey items

16:40:43 [Joanne]

...questions?

16:40:46 [npdoty]

q+

16:41:10 [Joanne]

Christine: compliments to Alissa and Hannes and others in the IAB program

16:41:13 [tara]

ack npdoty

16:41:40 [Joanne]

Nick: curous whether there is any experience with anyone trying to use the doc yet?

16:42:54 [Joanne]

Alissa: not aware of anyone yet. I have pointed a few people to it working on early drafts and have gotten feedback. It is overkill. this was expected. I have tired to use it

16:43:13 [Joanne]

Hannes: feedback has reulted in additional terminology and clarifications

16:43:21 [Joanne]

Tata: more questions?

16:43:29 [Joanne]

...thanks again Alissa

16:43:31 [npdoty]

s/Tata/tara/

16:43:48 [Joanne]

<bad typing>

16:44:35 [npdoty]

Topic: Privacy Considerations

16:44:43 [npdoty]

tara: open to comment on how this should go forward

16:44:46 [npdoty]

q+

16:44:59 [Joanne]

Tara: we are trying to get a sense of the best way to move forward on the document. Opening up for comment based upon experience on how to move forward

16:45:04 [tara]

ack npdoty

16:46:29 [Joanne]

Nick: we have discussed the importance of having privacy policy involved. write a guide for WG around when to seek out privacy expertise. some of this may be architure <sp> issues

16:46:35 [rudy_]

rudy_ has joined #privacy

16:46:38 [christine]

+q

16:47:22 [tara]

ack christine

16:47:24 [christine]

-q

16:47:25 [Joanne]

Tara: when to bring people in with research and look for commonailities across groups to provide guidance

16:47:34 [npdoty]

* decisional tool (help authors when they're making authoring decisions)

16:47:53 [npdoty]

* issue spotting (helping WGs find when they should seek out expertise in understanding the privacy issues)

16:48:30 [npdoty]

* architectural considerations (common issues that turn up on the Web that we'd like to handle in a consistent way)

16:48:36 [Zakim]

-Ashok_Malhotra

16:48:43 [tara]

q?

16:48:46 [Joanne]

Christine: thank you Nick. I agree and we seem to be in agreement. A good way to make this happening is first provide guidance to WGs on when they need to invole PNG and TAG. Then identify common problems across the groups

16:48:51 [alissa]

+q

16:48:57 [tara]

ack alissa

16:50:09 [robin]

It could be that influencing a WG on privacy is a lot like influencing end users on privacy… i.e. hard. ;-)

16:50:09 [fjh]

+1 to alissa re difficulty of adding-in privacy into WG later, needs to be part of WG overall

16:50:15 [Joanne]

alissa: might be controversial. it is diff to have influence over the trajectory of a WG by inserting a random timeline. you need to be involved the work of the group.

16:50:46 [fjh]

isn't that called "privacy by design" :)

16:50:53 [Joanne]

...advocate building this capability into those working across the w3c

16:51:18 [Joanne]

Christine: agree and if we can get there that would be fantastic

16:51:46 [Joanne]

Alissa: difficule, not necessarily controversal. its how we get there

16:51:58 [fjh]

q+

16:52:21 [robin]

In both cases, it's a problem of persuading people to adopt different privacy-related behaviours (and people's motivation for changing behaviour is notoriously tricky)

16:52:22 [Joanne]

Nick: maybe that answers the question of when. having this integrated in the discussion from the beginning stages

16:52:45 [Joanne]

Hannes: it is easy to say you need to consider security at the beginning same for privacy

16:53:24 [robin]

I should also clarify: this is Robin Wilton, not Robin Berjon (Hannes is referring to a doc by Robin B)

16:53:26 [Joanne]

...what is the foundation you want to rely on. some people think data minization is the idea others think user consent is the best. there are other design regimes

16:53:44 [tara]

ack fjh

16:53:50 [Joanne]

....need to ask the bigger question otherwise difficult to adivse

16:54:26 [robin]

Sorry, that got converted to an emoji. I meant "Hannes is referring to a document by Robin Berjon"

16:54:28 [Joanne]

fjh: it is a hard proble. it can't be bolt on later and needs to be done at the beginning.

16:54:36 [christine]

+q

16:54:41 [npdoty]

parties who aren't even in the Working Group may be relevant too; charter needs to get the right constituencies involved

16:54:42 [Joanne]

Tara: challenges to get the right people involved

16:54:44 [fjh]

s/proble/problem/

16:55:04 [npdoty]

s/parties who/fjh: parties who/

16:55:07 [christine]

-q

16:55:10 [fjh]

s/beginning/beginning, including getting involvement of various constituencies./

16:55:18 [tara]

ack christine

16:55:40 [Joanne]

Christine: may not have the answers today.

16:55:52 [Joanne]

Hannes: I believe you are asking my thoughts

16:57:17 [Joanne]

...if you start with something like js api. if some scoping is included in the doc. the most improtant qustions are - is asking the user consnet on the api. sme other work that falls outside the js mechansim allow a much richer choice of approach to look into

16:57:26 [Zakim]

-bilcorry

16:57:34 [Joanne]

...not bound by design decisionsof of the past

16:58:17 [Joanne]

Tara: eye on the time. lots of considerations and putting together task force to wrk on doc, plus best praitces

16:58:25 [Joanne]

...move to mailing list and next agenda

16:58:26 [npdoty]

if when/how to integrate into the process sounds like a good starting point for writing, I'm happy to help with that

16:58:37 [npdoty]

and that might be something that doesn't duplicate the IAB document

16:58:38 [Joanne]

...last thing - the next call

16:58:56 [christine]

16 August might be hard for me

16:58:58 [npdoty]

Topic: Next call

16:59:10 [Joanne]

...week of Aug 16 around same time. Is there a conflict? can move to the aug 23rd

16:59:14 [christine]

Thank you

16:59:14 [npdoty]

August 16th? August 23rd?

16:59:24 [npdoty]

Aug 23rd fine with me

16:59:27 [Joanne]

..August 23rd at this same time

16:59:31 [robin]

16th *may* be an NSTIC meeting, according to OIX website...

16:59:56 [Joanne]

...tentative for Aug 23rd

17:00:11 [christine]

Thanks Tara and Matt

17:00:18 [Zakim]

-alissa

17:00:20 [fjh]

thanks

17:00:20 [Zakim]

-christine

17:00:22 [Zakim]

-Joanne

17:00:23 [Zakim]

-npdoty

17:00:23 [Zakim]

-fjh

17:00:25 [Zakim]

- +358.504.87aacc

17:00:27 [kboudaou]

Thanks. Bye !

17:00:27 [Zakim]

-??P34

17:00:27 [Zakim]

-tara?

17:00:28 [Zakim]

-James

17:00:29 [fjh]

fjh has left #privacy

17:00:31 [tara]

quit

17:00:35 [Zakim]

- +1.202.379.aadd

17:00:36 [npdoty]

rrsagent, draft minutes

17:00:36 [RRSAgent]

I have made the request to generate http://www.w3.org/2012/07/19-privacy-minutes.html npdoty

17:00:37 [Zakim]

-kboudaou

17:00:39 [robin]

robin has left #privacy

17:00:47 [Zakim]

-??P31

17:02:11 [npdoty]

rrsagent, bye

17:02:11 [RRSAgent]

I see no action items