W3C

- DRAFT -

Privacy Interest Group Monthly Meeting May 2017
18 May 2017

Agenda

See also: IRC log

Attendees

Present
weiler, keiji, tara, npdoty, wseltzer, BenHayes, chaals, christine
Regrets
Chair
tara, christine
Scribe
npdoty, weiler

Contents

<keiji> present keiji, tara, npdoty

<npdoty> WebRTC FTW

<npdoty> scribenick: npdoty

Introductions

runnegar: of ISOC, enough tech to be dangerous ;)

tara: engineering and privacy at Google

npdoty: UC Berkeley, School of Information

weiler: W3C Security & Privacy

keiji: Keio University and W3C, Team Contact

benhayes: Chief Privacy Officer at Nielsen, a privacy lawyer

wseltzer: W3C Strategy, another lawyer :)

christine: PING is trying to improve privacy in Web standards, work with groups to help make design decisions with a privacy and security perspective
... inviting spec authors or others from the WG to talk about the functionality of the specification
... also produce guidance so that Working Groups can do their own reviews and mitigations
... fingerprinting mitigation guidance, and a more detailed annotated privacy questionnaire

<weiler> https://mit.webex.com/mit/j.php?MTID=mfaf091b3c460e388fc7b609bb8f2b753

christine: need to roll up our sleeves; suggest we raise a particular privacy issue/questionnaire each week
... and share information on current Web privacy issues (e.g. header enrichment)

Fingerprinting guidance

http://w3c.github.io/fingerprinting-guidance/

<christine> yes please sam

<tara> Thanks, Sam!

<weiler> scribenick: weiler

BenHayes: what you mean re: mitigating fingerprinting?

npdoty: doc defines fingerprinting and impact on end users. TAG has written more about this.
... tracking of users w/o controls. mitigations are re: ways to, from our specs, limit impact on user privacy.

<npdoty> http://w3c.github.io/fingerprinting-guidance/#identifying

npdoty: @@
... section 5's goal is explaining tradeoff between fingerprinting surface and impact.
... persistence of identifiers, availability of drive-by web, entropy....

benhayes: what's this use of entropy?

npdoty: how much randomness?

weiler: is this close to 'anonymity set'?

npdoty: not quite
... high entropy = high identifiability.

[this seems odd to the audience]

scribe: happy to have better language.

<chaals> [I find "high entropy = high identifiability" confusing. Can we find a word less confusing, like "identifiability"?]

christine: in developing annotated privacy questionaire... compare to IETF privacy considerations... this is very different from what you'd give a pivacy officier.
... in standards area, we need to offer things that are meaningful to the spec writers.
... we commonly ask re identifiers, since spec authors understand that. then we talk about properties of identifiers that may have privacy implications

benhayes: talked w/ folks this AM re: no longer PII but instead @2

npdoty: we used 'entropy' for 'amount of distinguishedness'.

benhayes: feel free to use terminology you like, but it may need to be explained.

<npdoty> nick will create an issue to better explain "entropy" somewhere in the text

<chaals> ["information resolution" might be a better term, since resolution is used in other contexts. But let's not spend this meeting looking for terminoology]

<christine> chaals, would you be willing to talk about microdata?

npdoty: i need feedback on these five factors: are they useful indeciding what tradeoffs to make.

<christine> great, let's do that next

christine: any feedback from other communities?

npdoty: no.

christine: want to get this done. ideas for how to convince folks to give us feedback?

[weiler has an idea. will see what trees I can kick.]

<christine> thanks sam

chaals: who did you ask?

npdoty: EFF fingerprinting group & PING list.

chaals: you want to ask chairs & spec editors for feedback.

<scribe> scribenick: npdoty

<tara> Agenda item: Microdata

thanks. I think we've tried some to talk with chairs@ on earlier iterations, but might want to go back to that.

Microdata

chaals: microdata is a straightforward specification

https://w3c.github.io/microdata/#privacy-considerations

<chaals> Microdata privacy considerations

attributes that you can add into your HTML documents, to mark up the content in a machine-readable way

chaals: you could use it to publish information into RDF (a common use, with schema.org), telling crawlers what the document is about
... not very clever, relies on vocabularies
... microformats, rdfa, microdata -- microdata is most used if not the most expressive
... goal is a recommendation that reflects what is actually implemented
... few privacy implications

<christine> q

<christine> +q

chaals: could make information more explicit, but that's the only thing I can think of that happens

christine: could microdata be used to enhance privacy?
... improve transparency about privacy aspects of a page

chaals: by itself it wouldn't make a difference, but need to process microdata, which is typically done by third-party applications -- a browser extension or a search engine, say
... could identify documents that shouldn't be read or shouldn't be published because they are privacy-sensitive
... could identify parts of the HTML interface that are collecting sensitive form data
... not specific to microdata, but microdata provides a mechanism to achieve it
... microdata not especially expressive, so might not be the best option
... most often used for search engines to provide rich snippets based on marked up pages

<christine> most common use of microdata is to mark up personal data (e.g. author name) so need to fix privacy considerations

<chaals> NPD: Should we be recommending access control for personal information?

npdoty: think it's incorrect to say that it's not generally personally identifying, because an extremely common use is marking up name/author information for search engine publishing

chaals: enabling easier machine processing of potential information about people
... so might want to recommend that users take care when marking it up that way

christine: changing the privacy implications of the personal data that's in that page, because it's easier to find or easier to consume/process

<chaals> [point to the need to consider what information is being collected, or made more collectble, and what are the implcations of doing so.]

chaals: will file an issue on that point.
... helpful feedback

AOB

christine: need to move forward with the privacy questionnaire
... what's a good discrete question to start with on the email list?

chaals: went looking for privacy questionnaires, and I found 3!
... would be very helpful if we went through our own documentation to point to 1 or 2, but in a consistent manner

<tara> Thanks, chaals.

keiji and weiler, can you help us fix the documentation?

christine: point to TAG sec/priv questionnaire
... and make it clear that work-in-progress one at Greg's longer questionnaire

chaals: for me, the questions in the wiki were easier to understand around privacy issues (rather than just security issues, or more technical points)
... could split security and privacy questionnaires

npdoty: my impression was that tag document could become shorter, and point to longer documents

christine: hoping we'll have some staff/volunteers back and more accessible

wseltzer: we can publish whatever we have consensus on, not seeing active work on sec/priv questionnaire
... incremental improvement, decide where the best pointer is to a single document
... leaving it as 3 documents where no one is working on any of them is causing confusion

<weiler> wseltzer++

christine: +1, let's sort that offline

<tara> https://www.w3.org/2017/11/TPAC/

do a questionnaire walkthrough at TPAC?

would need a pretty solid draft by then

<weiler> maybe more than one? open invitation?

chaals: don't expect it to ever be totally finished because we'll keep learning things

christine: should try to identify a good test case early

npd: +1

<tara> Sounds good for TPAC plan!

christine: npdoty, do you have a list of specs with privacy considerations?

npdoty: will try to come up with that offline

tentatively planning on June 29th for next meeting

[adjourned]

<keiji> yes, thank you nick!

<keiji> Chair tara

<keiji> 6-10 NOVEMBER 2017?

Summary of Action Items

Summary of Resolutions

[End of minutes]
Minutes formatted by David Booth's scribe.perl version 1.152 (CVS log)
$Date: 2017/05/18 17:00:54 $

Scribe.perl diagnostic output

[Delete this section before finalizing the minutes.]
This is scribe.perl Revision: 1.152  of Date: 2017/02/06 11:04:15  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: Irssi_ISO8601_Log_Text_Format (score 1.00)

Succeeded: s/in stds/...in standards/
Succeeded: s/fingerpritning/fingerprinting/
Succeeded: s/ present +christine//
Succeeded: s/present +christine//
Default Present: weiler, keiji, tara, npdoty, wseltzer, BenHayes, chaals
Present: weiler keiji tara npdoty wseltzer BenHayes chaals christine
Found ScribeNick: npdoty
Found ScribeNick: weiler
Found ScribeNick: npdoty
Inferring Scribes: npdoty, weiler
Scribes: npdoty, weiler
ScribeNicks: npdoty, weiler
Agenda: https://lists.w3.org/Archives/Public/public-privacy/2017AprJun/0027.html
Got date from IRC log name: 18 May 2017
Guessing minutes URL: http://www.w3.org/2017/05/18-privacy-minutes.html
People with action items:
[End of scribe.perl diagnostic output]