W3C

- DRAFT -

Privacy Interest Group Teleconference

09 Apr 2015

See also: IRC log

Attendees

Present
+1.613.304.aaaa, tara, christine, Rigo, Kepeng, +1.202.407.aabb, gregnorcie
Regrets
Chair
tara
Scribe
npdoty

Contents


<trackbot> Date: 09 April 2015

possible topics: TPAC scheduling

<tara> I am echoing into the call somehow...

<tara> And so is Nick!

<tara> Yes, I thought as much. Hence going quiet for a moment until we sort it out! If they are on IRC...

<Kepeng> OK, IPCaller is me. I am muted now. --Kepeng

<tara> Thanks!

for the minutes, Rigo proposes renaming the Privacy Interest Group "CYBERping"

<christine> GCCS - https://www.gccs2015.com/programme

Berkeley has received grant funding for Long-Term Cybersecurity center: http://www.ischool.berkeley.edu/cltc

<christine> Do we have a scribe?

rigo: legal debate in France about data retention

<tara> Thanks!

rigo: indiscriminate retention not useful, struck down by ECJ
... but how to resolve privacy/human rights issues in prediction aspects of big data
... as opposed to the privacy concerns about computer decisionmaking in the 1970s

npdoty: Berkeley has grant funding, along with other universities, for a Center for Long-Term Cybersecurity

<christine> +q

gregnorcie: Greg Norcie, technologist at CDT, finishing dissertation with Jean Camp
... embedding human rights into Web standards, so working with PING and a few other organizations to make sure that happens

tara: welcome
... today a call with less agenda than usual, just sharing items

rigo: gave a talk at Frankfurt law firm about connected cars and security/privacy
... a car with a valet mode to record audio/video inside and outside the car
... received some criticism, and some features have been removed
... concern about hacking into cars and remote control
... W3C has an Automotive Business Group with many of the organizations involved
... remote deployment of hotfixes

christine: postponed item previously was ISPs injecting headers, is it worth talking about that?

tara: header enrichment

npdoty: summary of header enrichment, privacy issues of identifiers embedded in network traffic

http://known.npdoty.name/2014/header-enrichment

(nick's list of links about header enrichment)

npdoty: is there W3C work that could be done to help? or could we broker a conversation with interested parties to document how this affects a Web privacy model?

christine: could we issue statements as a group on particular issues, smaller than a Recommendation or Group Note, but could be posted on a blog or with TAG, etc.

rigo: if we could have a presentation on header enrichment, and invite @mnot, chair of relevant IETF HTTP WG
... how should software react when it encounters such enrichment?
... are there technical as well as legal restrictions?

christine: will circulate summary from meeting at IETF, to send out shortly.
... header enrichment not particularly discussed at that time

npdoty: was header enrichment discussed at other IETF wgs?

we're not sure.

<wseltzer> [ it came up as a counter-example in SPUD ]

https://tools.ietf.org/html/draft-hardie-spud-use-cases-01

<tara> Thanks Wendy!

Substrate Protocol for User Datagrams (SPUD)

rigo: similarly, Opera Mini browser is a sort of proxy browser, where all the requests are handled by the server and then rendered and returned as an image to your device
... SPDY / HTTP/2 can also use a sort of caching where a server handles subrequests on your behalf
... could be used as an anonymizing proxy or a central point to facilitate surveillance

npdoty: I had been thinking about header enrichment of identifiers that could match the Web privacy model, for example, origin-specific identifiers and a way for user agents to communicate with the network to clear identifiers

rigo: Workshop on User-Centric Controls in Berlin saw support for more transparency mechanisms, but that evercookies may always be a problem

npdoty: seems like there are some mitigations to an evercookie, and so that new technologies shouldn't introduce trivial new evercookie functionality

tara: summarizing: could have some discussions with mnot/IETF HTTP; we have some documents to review; could release a statement of some kind as a group

rigo: economic concerns about privacy and the cost of building countermeasures and mitigations
... creating research projects?

TPAC

tara: will take to the mailing list as well. had a f2f meeting for PING at the last TPAC in Santa Clara which went well. should we plan for that in Japan this year?

<rigo> [note that all the great mental supporters of PING are normally at TPAC]

rigo: lots of interested people would come to PING at TPAC

npdoty: +1, and useful because some coordination possible with IETF

<tara> TAG is meeting two weeks from now-- F2F in SF

npdoty: TAG interested in discussing privacy and security reviews

<tara> Other advantage of TPAC is being able to sit in on other group's meetings and see privacy issues in those grou[s

npdoty: will meet with TAG and discuss mkwest questionnaire and our experience with privacy reviews

call time

Kepeng: conference call time is difficult for Chinese participants

<rigo> 7am in Silicon Valley is hard :)

npdoty: we could have separate calls / alternating, for people to talk Asian morning / US afternoon

rigo: has been tried, but not sure what our attendance would be

tara: can look at alternate times

christine: May 14th?

14th looks good to me

tara: same time for next call, but will look at other options

trackbot, end meeting

Summary of Action Items

[End of minutes]

Minutes formatted by David Booth's scribe.perl version 1.140 (CVS log)
$Date: 2015/04/09 16:58:06 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.140  of Date: 2014-11-06 18:16:30  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: i/Kepeng/Topic: call time
No ScribeNick specified.  Guessing ScribeNick: npdoty
Inferring Scribes: npdoty
Default Present: +1.613.304.aaaa, tara, christine, Rigo, Kepeng, +1.202.407.aabb, gregnorcie
Present: +1.613.304.aaaa tara christine Rigo Kepeng +1.202.407.aabb gregnorcie
Found Date: 09 Apr 2015
Guessing minutes URL: http://www.w3.org/2015/04/09-privacy-minutes.html
People with action items: 

[End of scribe.perl diagnostic output]