Privacy Interest Group July Teleconference -- 19 Jul 2012

<tara> 613.

<npdoty> Zakim who is making noise?

<christine> We have received apologies from JC Canon, Trent Adams, Piero Bonatti, Susan Israel, Erin Kenneally

<MarkL> Hi Everyone!

<robin> Hi all - apologies if I get this wrong: I am an IRC n00b <blush>

<tara> No problem.

<tara> Let us know if you're on IRC but not on the phone so we can repeat things you might miss.

<robin> thanks - am working on dialling in now...

<fjh> i'm on irc but not the phone

<npdoty> scribenick: Joanne

I may not know who is talking . Please let me know who is speaking

Tara: anyone here for the first time?

<robin> I'm here for the first time...

Tara: intros

rudy: with Comcast global policy

Tara: next item looking at the dependencies

<kboudaou> +33.4.92.96.aabb is : Karima :-)

Matt: part of W3C team with geo-locations WG

Geo (with Matt)

Matt: first version of spec and will be released as recommendation soon

<matt>

Matt: spec provides bunch of info on how to prtect invidual privacy on sites that use the API
... alissia can speak about the CDT proposal
... group came to consensus on section after much debate and now the hard part testing

<npdoty> GEOPRIV, http://datatracker.ietf.org/wg/geopriv/charter/

Matt: found sites could conform to the requirements
... not an easy task

<npdoty> concept that "an API should never be allowed to lie!"

Matt: challenges is the API can lie about where you are and the API should not be able to lie. lots of conserns
... looked at this for a long time

<christine> +q

Tara: are there things PING can do to be useful to your WG? what can we learn?

Matt: right people involved from teh get-go is important

<alissa> Richard Barnes from BBN was also involved

<npdoty> ... could actually see PING as a horizontal thing to get people involved across groups

Matt: PNG should be a horizontial thing and influence the work. Having privacy people involved from the beginning is important

Christine: very helpful and couldn't agree more in having privacy people in the beginning
... what are lessons learned in identifying privacy vulenbilities (sp). Example, how did the gropu think about privacy for that spec

<christine> -q

Matt: lessons I learned - a lot of engineers don't necessarily look at the privacy implications

<npdoty> ... radically different legal requirements (mandated in one country, prohibited in another)

Matt: Vodafone involvement showed how laws vary across some countries. what is ok in one country may not be allowed in another country. how do you write a spec with varying laws and test that these things are possible to enforce
... one way to test is to read the privacy policy and test against that. trust the company does what they say are they are doing

<matt>

<matt> \

Matt: difficult to test and will link to test results
... had more than just the three listed
... non-trival task

<Zakim> npdoty, you wanted to ask about TAG review

Nick: wanted to ask about tag management. was tag review useful for uncovering privacy issues, and what role tag can play in reviewing areas around privacy?

Matt: not real formal but did talk to tag for an hour or two. not sure if we can call it a tag review or not

Ashok: this version of the spec a lot better. thank you Matt

<alissa> +q

Hannes: privacy experts wasn't really heard. what do you think was done well around the privacy mechanisms. somewhat negative about the development within the group and get them to listen

Matt: did best to make sure all comments were responded to
... Alissia may be able to comment more

Alissa (sp): disagree with Hannes characteristication (sp).

scribe: sending privacy rules around. did end up with strong normative language. Testing was difficult to make sure reqs in Sec 3 were meet

<npdoty> copying of sections of requirements on recipients wholesale into other specs, like device APIs, which might be advantageous

scribe: took some of this text wholesale and put them into their APIs. Reqs around receipents getting geo-location info hard to enforce

Matt: this did not just breeze right through.

Tara: last chance to comment

<matt> Privacy was pretty much our biggest hurdle, the technical stuff was insignificant compared to privacy actually.

Tara: going once, going twice

Nick: on the ques on testibility. we want to make it easy to test to determine conformance. should we make reqs more technicla and make privacy reqs testable against the spec

Matt: what is interesting about w3c testing people is we have to show that everything normative is implementable. low bar. not very strong. we want above and beyond w3c reqs

Hannes: how did deployment act in repsect to privacy? did that lead to any improvements in deployments? is there truly privacy prtoections

Matt: it changed on the browser side and the receipent side. no one hasn't reporoted on redeployment since Nick wrote the paper

<npdoty> we thought about doing an updated study to see if there were deployment changes over time, but it's a hard thing to measure in a comparable way

Matt: browser is deployed with active consent to sharing location data. not sure about reciepent <apologies for my bad spelling/typing>

Tara: that you Matt and hope we benfit from your experience and take advantage of that.

<christine> Zakim ??P11 is christine

Matt: love to help and am neutral about the deployments. will love to help and Alissia can input based on her experience

Tara: 3rd item ont eh agenda

IAB Privacy Program

<alissa> http://tools.ietf.org/html/draft-iab-privacy-considerations-03

Tara: moving to alissa

Alissa: IAB protocols. Look at ToC's and run through the doc

<Ashok_Malhotra> Worked for me! Cool!

Alissa: terminology section around privacy and describes terms used in the protocals
... tired to make link between abstract threats and how internet proptocals. talk about ways threats can be mitigated
... data minization
... uyser participantion involving hte user in decisions about hisher data to minize threats
... that is the setup to give designers who aren't use to think about privacy reasons to care about it
... section 6 designed to give designers on how to think about privacy when designing protocoals
... taks about difficulty around managing body list, etc. maxium utility of systems built using proptocals
... love feedback on the doc
... hoping to now get this to the folks out in th e ITF

<npdoty> ... section 7, an example, based on SIP, managing a buddy list, experience with all of the privacy problems that can appear in Internet protocols

Alissa: main work item
... privacy survey Hannes has been spreadheading
... hoping to get feedback from people in the field

Tara: that is a lot. impressive accomplishment
... help out group ...feedback on survey items
... questions?

Christine: compliments to Alissa and Hannes and others in the IAB program

Nick: curous whether there is any experience with anyone trying to use the doc yet?

Alissa: not aware of anyone yet. I have pointed a few people to it working on early drafts and have gotten feedback. It is overkill. this was expected. I have tired to use it

Hannes: feedback has reulted in additional terminology and clarifications

tara: more questions?
... thanks again Alissa

Privacy Considerations

<npdoty> tara: open to comment on how this should go forward

Tara: we are trying to get a sense of the best way to move forward on the document. Opening up for comment based upon experience on how to move forward

Nick: we have discussed the importance of having privacy policy involved. write a guide for WG around when to seek out privacy expertise. some of this may be architure <sp> issues

<christine> +q

<christine> -q

Tara: when to bring people in with research and look for commonailities across groups to provide guidance

<npdoty> * decisional tool (help authors when they're making authoring decisions)

<npdoty> * issue spotting (helping WGs find when they should seek out expertise in understanding the privacy issues)

<npdoty> * architectural considerations (common issues that turn up on the Web that we'd like to handle in a consistent way)

Christine: thank you Nick. I agree and we seem to be in agreement. A good way to make this happening is first provide guidance to WGs on when they need to invole PNG and TAG. Then identify common problems across the groups

<alissa> +q

<robin> It could be that influencing a WG on privacy is a lot like influencing end users on privacy… i.e. hard. ;-)

<fjh> +1 to alissa re difficulty of adding-in privacy into WG later, needs to be part of WG overall

alissa: might be controversial. it is diff to have influence over the trajectory of a WG by inserting a random timeline. you need to be involved the work of the group.

<fjh> isn't that called "privacy by design" :)

alissa: advocate building this capability into those working across the w3c

Christine: agree and if we can get there that would be fantastic

Alissa: difficule, not necessarily controversal. its how we get there

<robin> In both cases, it's a problem of persuading people to adopt different privacy-related behaviours (and people's motivation for changing behaviour is notoriously tricky)

Nick: maybe that answers the question of when. having this integrated in the discussion from the beginning stages

Hannes: it is easy to say you need to consider security at the beginning same for privacy

<robin> I should also clarify: this is Robin Wilton, not Robin Berjon (Hannes is referring to a doc by Robin B)

Hannes: what is the foundation you want to rely on. some people think data minization is the idea others think user consent is the best. there are other design regimes
... need to ask the bigger question otherwise difficult to adivse

<robin> Sorry, that got converted to an emoji. I meant "Hannes is referring to a document by Robin Berjon"

fjh: it is a hard problem. it can't be bolt on later and needs to be done at the beginning, including getting involvement of various constituencies..

<christine> +q

<npdoty> fjh: parties who aren't even in the Working Group may be relevant too; charter needs to get the right constituencies involved

Tara: challenges to get the right people involved

<christine> -q

Christine: may not have the answers today.

Hannes: I believe you are asking my thoughts
... if you start with something like js api. if some scoping is included in the doc. the most improtant qustions are - is asking the user consnet on the api. sme other work that falls outside the js mechansim allow a much richer choice of approach to look into
... not bound by design decisionsof of the past

Tara: eye on the time. lots of considerations and putting together task force to wrk on doc, plus best praitces
... move to mailing list and next agenda

<npdoty> if when/how to integrate into the process sounds like a good starting point for writing, I'm happy to help with that

<npdoty> and that might be something that doesn't duplicate the IAB document

Tara: last thing - the next call

<christine> 16 August might be hard for me

Next call

Tara: week of Aug 16 around same time. Is there a conflict? can move to the aug 23rd

<christine> Thank you

<npdoty> August 16th? August 23rd?

<npdoty> Aug 23rd fine with me

Tara: August 23rd at this same time

<robin> 16th *may* be an NSTIC meeting, according to OIX website...

Tara: tentative for Aug 23rd

<christine> Thanks Tara and Matt

<fjh> thanks

<kboudaou> Thanks. Bye !

<tara> quit

- DRAFT -

Privacy Interest Group July Teleconference

19 Jul 2012

Attendees

Contents

Geo (with Matt)

IAB Privacy Program

Privacy Considerations

Next call

Summary of Action Items

Scribe.perl diagnostic output