15:05:19 <RRSAgent> RRSAgent has joined #privacy
15:05:19 <RRSAgent> logging to http://www.w3.org/2015/06/25-privacy-irc
15:05:21 <trackbot> RRSAgent, make logs 263
15:05:21 <Zakim> Zakim has joined #privacy
15:05:23 <trackbot> Zakim, this will be
15:05:23 <Zakim> I don't understand 'this will be', trackbot
15:05:24 <trackbot> Meeting: Privacy Interest Group Teleconference
15:05:24 <trackbot> Date: 25 June 2015
15:05:37 <wseltzer> zakim, space for 20 at 1200?
15:05:39 <Zakim> sorry, wseltzer; could not schedule an adhoc conference; passcode overlap; if you do not have a fixed code you may try again
15:05:47 <wseltzer> zakim, this will be PING
15:05:47 <Zakim> ok, wseltzer; I see Priv_IG()12:00PM scheduled to start in 55 minutes
15:42:13 <Guest77> Guest77 has joined #privacy
15:45:26 <christine> christine has joined #privacy
15:45:49 <christine> Hello Wendy, are you here?
15:46:28 <christine> A very big thank you!
15:49:51 <tara> tara has joined #privacy
15:50:47 <tara> Christine, have you set up the conference already?
15:51:14 <Zakim> Priv_IG()12:00PM has now started
15:51:21 <Zakim> +??P4
15:51:59 <christine> Zakim, ??P4 is me
15:51:59 <Zakim> +christine; got it
15:53:27 <Zakim> + +1.613.304.aaaa
15:53:46 <tara> Zakim, aaaa is me
15:53:46 <Zakim> +tara; got it
15:54:32 <SimonRice> SimonRice has joined #privacy
15:55:17 <tara> agenda+ Welcome and introductions
15:55:19 <Zakim> +??P6
15:55:35 <tara> agenda+ Privacy considerations for Media Capture Streams
15:55:45 <tara> agenda+ TAG Privacy and Security Questionnaire
15:56:00 <tara> agenda+ Strengthening PING’s influence in W3C
15:56:10 <tara> agenda+ Geofencing (time permitting)
15:56:19 <tara> agenda+ AOB
15:56:42 <Zakim> +??P8
15:57:06 <Zakim> + +1.202.407.aabb
15:57:35 <fjh> fjh has joined #privacy
15:58:18 <Zakim> +[IPcaller]
15:58:24 <fjh> zakim, ipcaller is me
15:58:24 <Zakim> +fjh; got it
15:59:23 <Zakim> + +1.646.283.aacc
15:59:45 <mike_oneill> mike_oneill has joined #privacy
16:00:08 <christine> regrets Karima
16:00:10 <gnorcie> gnorcie has joined #privacy
16:00:55 <Zakim> +WSeltzer
16:01:19 <tara> Scribe?
16:01:22 <wseltzer> regrets+ npdoty
16:01:34 <christine> regrets+ Karima
16:01:40 <tara> Thanks, Wendy, for doing logistics work!
16:02:35 <Zakim> + +44.793.550.aadd
16:02:59 <wseltzer> zakim, aadd is Hannes
16:02:59 <Zakim> +Hannes; got it
16:03:20 <wseltzer> zakim, who is here?
16:03:20 <Zakim> On the phone I see christine, tara, ??P6, ??P8, +1.202.407.aabb, fjh, +1.646.283.aacc, WSeltzer, Hannes
16:03:22 <Zakim> On IRC I see gnorcie, mike_oneill, fjh, SimonRice, tara, christine, Guest77, Zakim, RRSAgent, chaals, TallTed, plinss, trackbot, hadleybeeman, mkwst, terri_offline, wseltzer
16:03:55 <gnorcie> testing 123
16:04:12 <wseltzer> present+ Simon, Lake
16:04:31 <mike_oneill> zakim,  [P6] is me
16:04:31 <Zakim> sorry, mike_oneill, I do not recognize a party named '[P6]'
16:04:44 <mike_oneill> zakim, P6 is me
16:04:44 <Zakim> sorry, mike_oneill, I do not recognize a party named 'P6'
16:04:50 <wseltzer> zakim, ??p6 is mike_oneill
16:04:50 <Zakim> +mike_oneill; got it
16:04:57 <mike_oneill> thanks
16:05:23 <Guest77> This is Lake - actual first time on IRC!
16:06:17 <chaals> zakim, please call chaals-es
16:06:17 <Zakim> ok, chaals; the call is being made
16:06:18 <Zakim> +Chaals
16:08:25 <tara>  http://www.w3.org/TR/2015/WD-mediacapture-streams-20150414/#privacy-and-security-considerations
16:09:45 <tara> Last call on this document coincided with our PING call.
16:10:04 <tara> Katie had provided comments previously.
16:10:16 <tara> Useful to have further comments at this stage.
16:10:37 <tara> Homework from last call :-) was to come ready to discuss this document.
16:10:45 <Guest77> MediaCapture status: comments from email list
16:10:50 <Guest77> -no comments
16:11:05 <tara> No comments on email list between then and now, but Joe and Greg (CDT) indicated that they intended to review.
16:11:17 <mike_oneill> +q
16:12:21 <wseltzer> scribenick: Guest77
16:12:24 <wseltzer> scribe: Lake
16:13:06 <Guest77> Mike O: raised concern with cross-origin passing
16:13:08 <tara> Mike: Device ID as drive-by identifier; fingerprinting threat, can be passed cross-origin
16:13:17 <tara> ack m
16:13:38 <Guest77> Greg: agrees with fingerprinting comment; "mixed content" - need stricter definition
16:13:52 <SimonRice> +q
16:14:10 <wseltzer> [Note that WebAppSec is working on Mixed Content spec -- and would welcome comments]
16:14:13 <wseltzer> q+
16:14:59 <tara> CDT comments: https://lists.w3.org/Archives/Public/public-privacy/2015AprJun/0079.html
16:15:08 <wseltzer> -> http://www.w3.org/TR/mixed-content/ Mixed Content, in CR
16:15:24 <Guest77> Mike: any third party script can see IP address
16:15:36 <Guest77> 'Not limited to a single origin'
16:15:47 <SimonRice> Section 9.3.1 Attributes references the use of persistent identifiers
16:16:35 <tara> Q: how do they protect device iD?
16:16:54 <Guest77> Q: How do they protect device IDs? Why should a platform know how many devices/of which class, without seeking authorization
16:17:06 <tara> Q: how do you know number of device/class of devices w/out authorization?
16:17:10 <wseltzer> s/Q:/Christine:/
16:17:39 <christine> Q?
16:17:44 <christine> +q
16:17:54 <Guest77> Greg: Does consent carry forward across session? Do you have to revoke consent? Should be easy to revoke
16:18:12 <wseltzer> q+ on permissions
16:18:16 <Guest77> Mike: Or built-in sunset with defined lapse period
16:18:19 <wseltzer> q+ on mixed content
16:18:57 <Guest77> Mike: Don't want to rely on people to remember to go back to revoke/clear
16:19:16 <tara> ack sim
16:19:16 <keiji> keiji has joined #privacy
16:19:56 <Guest77> Simon: Why wouldn't identifier change btw sessions?
16:20:08 <Zakim> -??P8
16:20:12 <tara> ack ws
16:20:12 <Zakim> wseltzer, you wanted to comment on permissions and to comment on mixed content
16:20:43 <Zakim> +[IPcaller]
16:21:07 <mike_oneill> zakim, ??P8 is me
16:21:07 <Zakim> I already had ??P8 as ??P8, mike_oneill
16:21:19 <wseltzer> http://www.w3.org/TR/permissions/
16:21:41 <tara> Wendy - two relevant specs - Mixed Content spec (see above); + Permissions API. Goal would be for other specs like Media Capture to use these as guidance.
16:21:45 <Guest77> Wendy: Mixed content spec and Permissions API - both aim to give guidance re: mixed content handling, permissions. Comments on persistence of permissions should also be directed to these specs
16:21:52 <Ryladog> Ryladog has joined #privacy
16:22:34 <Guest77> Wendy: pushback from browser developers - want to consider using dropdown to control permissions
16:22:39 <Zakim> +Katie_Haritos-Shea
16:22:47 <tara> ack ch
16:23:04 <wseltzer> s/want to consider/while they don't want to standardize UI, often/
16:23:48 <Guest77> Christine: spec should go further - recommend platforms devp'rs don't use persistent identifiers
16:24:16 <Guest77> Christine: indicate that permission is persistent?
16:24:53 <Guest77> Simon: interface should indicate that persistent permission is in use, with potential privacy risk
16:25:22 <wseltzer> [ some browsers have "door-hanger" notifications]
16:25:30 <SimonRice> Correction: The comment "interface should indicate that persistent permission is in use, with potential privacy risk" was from mike_oneill
16:26:23 <wseltzer> s/Simon:/Mike:/
16:27:18 <Guest77> Comments to be summarized to be sent to MediaCapture authors
16:28:07 <tara> https://w3ctag.github.io/security-questionnaire/
16:28:25 <tara> (Thanks, Christine, for filling in the background!)
16:28:31 <Guest77> PING to work with TAG on draft privacy questionnaire
16:28:47 <tara> Thanks Greg & Joe for work on this!
16:29:33 <tara> CDT comments: https://lists.w3.org/Archives/Public/public-privacy/2015AprJun/0068.html
16:29:54 <Guest77> CDT comments: compared draft to questions prepared by Nick; found largely focused on confidentiality, etc,
16:30:06 <Guest77> Pulled out privacy-specific list
16:30:32 <Guest77> Privacy section mirrors the security considerations section
16:30:49 <Guest77> To help people think about broader privacy questions
16:31:08 <Guest77> Need group input to flesh out privacy questions
16:31:26 <chaals> [+1 to having a privacy thing that isn't just an addendum to security issues]
16:31:47 <christine> +q
16:31:50 <Zakim> -Hannes
16:31:57 <tara> ack ch
16:32:27 <Guest77> Christine: especially tricky issues/ new insights?
16:32:31 <SimonRice> +q
16:33:08 <Guest77> Greg: some issues hard to clearly slot as either security v. privacy
16:33:47 <mike_oneill> +q
16:34:04 <tara> ack Sim
16:34:38 <Guest77> Simon: data itself v uses of data; how use decisions impact individuals
16:34:50 <Ryladog> q+ to say (I cannot talk now) do we have questions about 'holding' and controlling data?
16:35:08 <Guest77> Greg: doesn't really address as of now; could work this distinction in
16:35:12 <christine> +q
16:35:26 <tara> ack mi
16:36:10 <Guest77> Mike: Security Qs don't address limits on persistence as of now; also should address same origin policy
16:36:52 <Zakim> -Chaals
16:37:12 <tara> Same origin policy limited in providing privacy guarantees
16:37:46 <Guest77> Mike: when you give permission to other 'principal', establishing relationship btw person and entity; should be discussed more
16:38:33 <Guest77> Greg: open to changing same origin language
16:39:15 <tara> ack Ry
16:39:15 <Zakim> Ryladog, you wanted to say (I cannot talk now) do we have questions about 'holding' and controlling data?
16:39:28 <Guest77> Katie: data controller responsibilities covered?
16:40:08 <Guest77> Should tell spec writers what responsibilities are for data controllers
16:40:36 <tara> ack ch
16:41:13 <Guest77> Christine: Support this idea in principle, but what about legal responsibilities?
16:41:40 <tara> Christine: data controller language strays into legal requirements, which can be problematic for W3C spec
16:41:42 <mike_oneill> +q
16:41:55 <SimonRice> +q
16:42:01 <Ryladog> +1 to agree with you...but to identify that the technology developed have "a" responsibility
16:42:21 <Guest77> But, room to make recommendations for platform developers: 'don't use persistent IDs...'
16:42:49 <Ryladog> =!
16:42:55 <Ryladog> +1
16:43:04 <Guest77> Can achieve Simon's ask if frame in terms of data minimization, not legal responsibility
16:43:30 <tara> ack mi
16:44:11 <Guest77> Mike: ISO standard could be useful; could import terms
16:44:36 <SimonRice> ICO Privacy Impact Assessment Code of Practice page https://ico.org.uk/pia and https://ico.org.uk/media/for-organisations/documents/1595/pia-code-of-practice.pdf
16:44:43 <tara> ack si
16:45:30 <Guest77> Simon: See annex 1 and 2; questions for new tech projects. Could help flesh out privacy questions
16:45:48 <christine> +q
16:46:02 <tara> ack ch
16:46:35 <mike_oneill> where is it?
16:46:53 <Guest77> Christine: F2F Ping meeting next month alongside IETF; who's attending? Could devote to questionnaire
16:47:12 <wseltzer> [I'll be there]
16:47:24 <wseltzer> Prague
16:47:36 <tara> Sadly, I will not be there.
16:49:17 <Guest77> Topic: PING's role/efficacy in the W3C
16:49:23 <christine> +q
16:50:30 <tara> ack q
16:50:38 <tara> ack ch
16:51:06 <Guest77> Christine: Would like to have stronger impact on W3C work, through good, quick, consistent advice
16:51:17 <Zakim> +WSeltzer.a
16:51:23 <Guest77> And, through joint work with TAG
16:51:24 <Zakim> -WSeltzer
16:51:25 <wseltzer> zakim, drop wseltzer
16:51:25 <Zakim> WSeltzer.a is being disconnected
16:51:27 <Zakim> -WSeltzer.a
16:51:29 <wseltzer> zakim, drop wseltzer
16:51:29 <Zakim> sorry, wseltzer, I do not see a party named 'wseltzer'
16:51:47 <Zakim> +WSeltzer
16:51:49 <Guest77> Questionnaire will go out at TAG finding
16:51:54 <Guest77> -as
16:52:25 <Guest77> Other suggestions, to help produce standards that are more privacy protecting?
16:53:11 <wseltzer> q+
16:53:17 <mike_oneill> +q
16:53:22 <tara> ack ws
16:54:29 <Guest77> Wendy: Goal is to make privacy review necessary part of spec dev't
16:54:55 <tara> ack mi
16:55:02 <wseltzer> ... and to bring people together to do that work
16:55:11 <wseltzer> ... Thanks to all who are working here!
16:55:32 <tara> Yes, thanks for all the pro bono privacy work!
16:56:17 <Guest77> Mike: ISO spec as starting point for common terms
16:56:20 <christine> Q+
16:56:35 <tara> ack q
16:56:39 <tara> ack ch
16:57:56 <Zakim> -fjh
16:58:11 <Guest77> Christine: useful to have common terms; common though for standards bodies to use their own terms. Terms need to be legible to W3C standards authors
17:00:14 <tara> Next call?
17:00:29 <Guest77> Next call: after F2f at end of July, or August?
17:00:39 <Zakim> -Katie_Haritos-Shea
17:01:27 <mike_oneill> bye
17:01:29 <Zakim> - +1.202.407.aabb
17:01:31 <Zakim> -mike_oneill
17:01:31 <Zakim> -WSeltzer
17:01:32 <Zakim> -tara
17:01:34 <Zakim> - +1.646.283.aacc
17:01:37 <Zakim> -christine
17:01:39 <Guest77> Guest77 has left #privacy
17:01:45 <SimonRice> SimonRice has left #privacy
17:06:38 <Zakim> disconnecting the lone participant, [IPcaller], in Priv_IG()12:00PM
17:15:01 <tara> tara has joined #privacy
17:15:06 <tara> trackbot, end meeting
17:15:06 <trackbot> Zakim, list attendees
17:15:06 <Zakim> As of this point the attendees have been christine, +1.613.304.aaaa, tara, +1.202.407.aabb, fjh, +1.646.283.aacc, WSeltzer, +44.793.550.aadd, Hannes, mike_oneill, Chaals,
17:15:09 <Zakim> ... [IPcaller], Katie_Haritos-Shea
17:15:14 <trackbot> RRSAgent, please draft minutes
17:15:14 <RRSAgent> I have made the request to generate http://www.w3.org/2015/06/25-privacy-minutes.html trackbot
17:15:15 <trackbot> RRSAgent, bye
17:15:32 <wseltzer> rrsagent, make logs public
17:15:37 <wseltzer> rrsagent, draft minutes
17:15:37 <RRSAgent> I have made the request to generate http://www.w3.org/2015/06/25-privacy-minutes.html wseltzer
17:15:44 <tara> (oops, thanks Wendy!)
17:50:59 <fjh> fjh has joined #privacy