IRC log of privacy on 2013-10-10

Timestamps are in UTC.

15:39:05 [RRSAgent]

RRSAgent has joined #privacy

15:39:05 [RRSAgent]

logging to http://www.w3.org/2013/10/10-privacy-irc

15:39:07 [trackbot]

RRSAgent, make logs 263

15:39:07 [Zakim]

Zakim has joined #privacy

15:39:09 [trackbot]

Zakim, this will be

15:39:09 [Zakim]

I don't understand 'this will be', trackbot

15:39:10 [trackbot]

Meeting: Privacy Interest Group Teleconference

15:39:10 [trackbot]

Date: 10 October 2013

15:39:13 [npdoty]

rrsagent, make logs public

15:39:18 [npdoty]

zakim, this will be 7464

15:39:18 [Zakim]

ok, npdoty; I see Team_(privacy)16:00Z scheduled to start in 21 minutes

15:50:56 [glenn]

glenn has joined #privacy

15:51:30 [npdoty]

npdoty has changed the topic to: agenda October 10: http://lists.w3.org/Archives/Public/public-privacy/2013JulSep/0078.html

15:55:02 [tara]

tara has joined #privacy

15:55:54 [Zakim]

Team_(privacy)16:00Z has now started

15:55:55 [Zakim]

+[Apple]

15:56:01 [Zakim]

+npdoty

15:56:03 [Zakim]

-npdoty

15:56:03 [Zakim]

+npdoty

15:56:16 [rigo]

rigo has joined #privacy

15:56:24 [tara]

zakim, Apple is me

15:56:24 [Zakim]

+tara; got it

15:56:42 [Zakim]

-npdoty

15:56:53 [christine]

christine has joined #privacy

15:57:06 [Zakim]

+Rigo

15:57:06 [Zakim]

-Rigo

15:57:06 [Zakim]

+Rigo

15:57:33 [rigo]

bad line, too much NSA loopback echo, trying again

15:57:38 [Zakim]

-Rigo

15:57:41 [Zakim]

+[IPcaller]

15:57:43 [Zakim]

-[IPcaller]

15:57:43 [Zakim]

+[IPcaller]

15:57:51 [Zakim]

+npdoty

15:58:10 [christine]

Zakim, [IPcaller] is me

15:58:10 [Zakim]

+christine; got it

15:58:15 [Zakim]

+Rigo

15:58:22 [Zakim]

+Wendy

15:58:44 [rigo]

zakim, mute me

15:58:44 [Zakim]

Rigo should now be muted

15:59:06 [christine]

Regrets from Joe and Hannes

15:59:27 [wseltzer]

Regrets+ JoeHall, Hannes

15:59:48 [christine]

Agenda: 1. Welcome and introductions 2. Discussion of the privacy reviews of the draft Web Cryptography API [1] and the draft WebCrypto Key Discovery [2] 3. Update re privacy guidance documents (Privacy Considerations; Fingerprinting; Process) 4. Update re getUserMedia privacy review 5. Update re EME privacy review 6. AOB

16:00:07 [npdoty]

chair: tara

16:00:29 [christine]

Regrets Robin

16:01:11 [wseltzer]

Regrets+ Robin

16:01:23 [tara]

Getting started in a moment...

16:01:28 [christine]

thanks, I will try to remember that

16:01:47 [wseltzer]

zakim, who is here?

16:01:47 [Zakim]

On the phone I see tara, christine, npdoty, Rigo (muted), Wendy

16:01:48 [Zakim]

On IRC I see christine, rigo, tara, glenn, Zakim, RRSAgent, npdoty, TallTed, fjh, wseltzer, trackbot

16:02:04 [christine]

We need a scribe

16:02:42 [christine]

Thank you Nick

16:02:43 [npdoty]

scribenick: npdoty

16:03:04 [npdoty]

Topic: Web Cryptography review

16:03:12 [christine]

Agenda item 2 - Discussion of the privacy reviews of the draft Web Cryptography API [1] and the draft WebCrypto Key Discovery [2]

16:03:28 [christine]

Many thanks to Robin for providing a privacy review

16:03:34 [npdoty]

Robin sent comments to the list about it

16:03:48 [tara]

https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html

16:03:58 [tara]

http://www.w3.org/TR/webcrypto-key-discovery/

16:04:21 [wseltzer]

-> http://lists.w3.org/Archives/Public/public-privacy/2013JulSep/0079.html Robin Wilton's review

16:05:47 [npdoty]

christine: last call we had guests from Web Crypto to discuss their privacy conversations; Robin provided a privacy review, but haven't received comments on the list

16:05:58 [npdoty]

... Web Crypto is anxious to get their review

16:06:32 [npdoty]

... follow up with Crypto WG, noting that they want something in a couple of weeks

16:06:47 [Karima]

Karima has joined #privacy

16:06:47 [npdoty]

tara: useful to get some comments in at this stage, let them see a draft

16:08:30 [Zakim]

+??P13

16:08:51 [Karima]

zakim, ++??13 is me

16:08:51 [Zakim]

sorry, Karima, I do not recognize a party named '++??13'

16:08:56 [npdoty]

npdoty: concern that most UAs couldn't implement it because of privacy concerns. should that be a blocking concern?

16:09:00 [npdoty]

Zakim, ??P13 is Karima

16:09:00 [Zakim]

+Karima; got it

16:09:11 [Karima]

zakim, mute me

16:09:11 [Zakim]

Karima should now be muted

16:09:50 [npdoty]

wseltzer: pre-provisioned keys spec split off because of implementer concerns

16:10:17 [npdoty]

npdoty: if implementations can't be built, should that be a blocker? what does w3c typically do in that situation?

16:10:50 [Zakim]

-Karima

16:10:51 [npdoty]

wseltzer: let it go for a while through the process; at some point should PING give a comment, might eventually go to the Director, based on whether implementations can be made

16:11:07 [npdoty]

... could do privacy reviews at the implementation stage to see if concerns really were addressed

16:12:16 [npdoty]

christine: typically would think we would focus on specification rather than implementation, but could maybe give advance guidance on implementation/results

16:12:56 [npdoty]

wseltzer: easy to give advice on individual specs, but privacy concerns will be noted for the point of implementations and interactions between features

16:13:15 [npdoty]

... could note it earlier just to compare our expectations to the actual real world experience

16:15:18 [npdoty]

npdoty: question about implementers

16:15:37 [Zakim]

+??P13

16:16:07 [Karima]

Zakim, ??P13 is me

16:16:07 [Zakim]

+Karima; got it

16:16:27 [npdoty]

... could note about feature-at-risk or risk of non-implementation

16:17:57 [npdoty]

Topic: privacy guidance documents

16:18:11 [npdoty]

tara: privacy considerations; fingerprinting; SPA

16:18:23 [wseltzer]

ACTION christine to share draft review of WebCrypto with Virginie Galindo

16:18:24 [trackbot]

Created ACTION-4 - Share draft review of webcrypto with virginie galindo [on Christine Runnegar - due 2013-10-17].

16:18:56 [npdoty]

... missing Frank and Hannes today, as an Interest Group, what should be done with the documents at this stage?

16:20:43 [wseltzer]

http://www.w3.org/2005/10/Process-20051014/process.html#ig-cg-notes

16:22:30 [rigo]

nick, do you have the link for the charter

16:22:36 [npdoty]

http://www.w3.org/2011/07/privacy-ig-charter.html

16:23:15 [rigo]

ack ri

16:23:30 [npdoty]

npdoty: expectation was to publish a Group Note, not sure if we have draft/review requirements in the meantime

16:23:36 [christine]

q+

16:24:43 [tara]

ack

16:24:45 [npdoty]

rigo: per the charter, we're allowed to make Group Notes

16:24:45 [rigo]

zakim, mute me

16:24:45 [Zakim]

Rigo should now be muted

16:25:04 [rigo]

ack ri

16:26:09 [christine]

So does that mean we call it Draft Group Note as at x date?

16:26:49 [rigo]

yep

16:27:44 [npdoty]

npdoty: suggest we publish Editors' Drafts now, and internally decide on what level of review we're going to have within PING or based on feedback from other groups before we published a finalized Note

16:27:56 [npdoty]

tara: if other Interest Groups have gone through this, happy to hear feedback

16:28:03 [fjh]

fjh has joined #privacy

16:28:04 [rigo]

look at http://www.w3.org/TR/app-privacy-bp/

16:28:06 [tara]

ack christine

16:28:11 [npdoty]

... not complex, but happy to hear we can move these forward without a formal process

16:28:18 [rigo]

and ask Frederick how he got there

16:28:33 [npdoty]

christine: happy to hear suggestions on how we can encourage contributions to these privacy documents

16:28:59 [npdoty]

... suffering a little bit from divided time, with TPWG taking a lot of focus

16:29:29 [fjh]

we got there through the work in DAP at the time, including CDC input, discussions, items that involved applications

16:29:43 [rigo]

ack ri

16:29:49 [npdoty]

... this is important work for W3C, enough so to charter work, if you have ideas on how to go faster, please let me know

16:30:02 [fjh]

zakim, code?

16:30:02 [Zakim]

the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), fjh

16:30:11 [Zakim]

+[IPcaller]

16:30:21 [fjh]

zakim, [IPcaller] is me

16:30:21 [Zakim]

+fjh; got it

16:30:46 [tara]

q?

16:31:09 [fjh]

rrsagent, generate minutes

16:31:09 [RRSAgent]

I have made the request to generate http://www.w3.org/2013/10/10-privacy-minutes.html fjh

16:31:30 [npdoty]

npdoty: we've had success with individual volunteers doing privacy reviews, maybe we should ask individuals to do reviews of each guidance document

16:31:47 [npdoty]

rigo: input can be driven by process requirements

16:32:20 [npdoty]

christine: IETF is taking a much more obvious and active interest in data security

16:32:26 [npdoty]

... gives a lot of support to their ongoing privacy work

16:32:28 [fjh]

s/CDC/CDT/

16:33:19 [christine]

thank you for joining us

16:33:22 [fjh]

rrsagent, generate minutes

16:33:22 [RRSAgent]

I have made the request to generate http://www.w3.org/2013/10/10-privacy-minutes.html fjh

16:34:26 [christine]

q+

16:34:47 [npdoty]

npdoty: based on our use of "fingerprinting" term in other privacy reviews, we might want to update the definition or recommend using a different term

16:34:51 [npdoty]

ack christine

16:35:00 [npdoty]

christine: reminded hannes on getusermedia review

16:35:35 [christine]

q+

16:35:45 [npdoty]

wseltzer: joe and I still planning to do privacy review on EME

16:36:07 [npdoty]

q?

16:36:11 [npdoty]

ack christine

16:37:00 [npdoty]

christine: there may have been some uncertainty about the forward progress/scope of EME

16:37:15 [npdoty]

... how would it fit into their schedule? do they have a particular deadline?

16:37:31 [npdoty]

wseltzer: they have published Working Drafts, it would be useful to have privacy review now

16:38:12 [npdoty]

christine: might be able to capitalize on the recent press coverage, reminder that wseltzer is managing a privacy review of this spec

16:39:01 [npdoty]

wseltzer: would be happy to forward that email to the restricted media community group

16:39:19 [npdoty]

q+

16:39:30 [tara]

ack npdoty

16:40:40 [christine]

q+

16:40:51 [tara]

ack christine

16:41:09 [npdoty]

topic: standards and surveillance concerns

16:42:09 [npdoty]

npdoty: what should we do in response to reports of sabotage of security standards? know IETF/IAB is working on some privacy-related rfcs

16:42:24 [christine]

q+

16:42:28 [npdoty]

christine: know it's been an active topic of discussion in internet governance

16:42:29 [wseltzer]

q+

16:42:38 [npdoty]

... don't want to comment on what w3c is doing internally

16:43:09 [npdoty]

tara: on a broader scale, what can we do to provide transparency around process to address that concern

16:43:10 [npdoty]

ack wseltzer

16:43:11 [tara]

ack christine

16:43:40 [npdoty]

wseltzer: one statement has been from OpenStand, open standards process to resist that kind of infiltration, a very high-level response

16:43:59 [christine]

http://open-stand.org/

16:44:22 [npdoty]

http://open-stand.org/statement-from-openstand-on-the-strengths-of-the-openstand-principles/

16:44:35 [npdoty]

wseltzer: what should we do now that we know more about this kind of threat?

16:45:10 [npdoty]

... TAG (technical architecture group) and domain talking about what responses are necessary on security in standards development

16:45:12 [wseltzer]

-> http://open-stand.org/statement-from-openstand-on-the-strengths-of-the-openstand-principles/ OpenStand statement

16:45:17 [npdoty]

tara: will this be a topic at TPAC?

16:45:39 [npdoty]

wseltzer: it should be discussed there, yes. we should propose it on the unconference day if it's not already on the schedule

16:45:45 [npdoty]

q+

16:45:54 [tara]

ack npdoty

16:45:55 [wseltzer]

-> http://www.w3.org/wiki/TPAC2013/SessionIdeas TPAC Wiki

16:46:12 [rigo]

q+

16:46:21 [rigo]

ack ri

16:46:25 [tara]

ack rigo

16:46:37 [npdoty]

npdoty: can also talk at IETF in Vancouver, good for coordinating between w3c and ietf

16:48:35 [christine]

agree with Nick

16:48:59 [npdoty]

tara: hearing general support for making statements. is there anything on the other side, concerns against making a statement?

16:48:59 [npdoty]

fjh: might be a w3c thing, not a PING thing

16:49:32 [Karima]

I think it is a PING thing

16:49:33 [wseltzer]

q+

16:50:07 [wseltzer]

q-

16:50:30 [npdoty]

q+

16:50:36 [christine]

q+

16:50:39 [Karima]

q+

16:50:46 [npdoty]

q- later

16:51:26 [tara]

ack npdoty

16:52:43 [tara]

ack christine

16:53:12 [npdoty]

npdoty: organizations as a whole can make larger statements, but PING or IAB privacy program can publish documents that would actually implement those priorities

16:53:41 [npdoty]

christine: had hoped to have further progress on privacy considerations, but glad we've been doing privacy reviews

16:54:10 [npdoty]

... still maturing, but hope we can get to the point where we can say, there is a group that is developing guidance and coordinating privacy reviews of specifications

16:54:24 [npdoty]

... question may be asked of standards bodies: what are you doing to protect us?

16:54:31 [npdoty]

ack Karima

16:55:57 [npdoty]

Karima: congress on privacy, launch debate on what happens at the NSA; videos have been posted, including a discussion of standardization

16:56:03 [npdoty]

... could be helpful in making a responsible statement

16:56:23 [christine]

+q

16:56:58 [npdoty]

ack christine

16:57:08 [npdoty]

christine: pointing out charter date inconsistency

16:57:15 [christine]

christine will be

16:57:28 [tara]

I will not be, sadly.

16:57:36 [npdoty]

npdoty: my fault, will follow up internally

16:58:29 [npdoty]

tara: if you'll be in Vancouver, let us know, so we can get together and discuss

16:58:54 [christine]

when is thanksgiving?

16:59:08 [npdoty]

us thanksgiving is thursday the 28th of November

16:59:10 [christine]

I can't do 21

16:59:20 [rigo]

all W3C will be absent for TPAC until 19 Nov

16:59:36 [christine]

first week of dec?

17:00:00 [christine]

I will be hoping outstanding privacy reviews are completed by then - 5 dec

17:00:12 [christine]

thank you tara

17:00:18 [christine]

and nick and all

17:00:20 [npdoty]

December 5th likely works for next call

17:00:26 [Zakim]

-fjh

17:00:29 [Zakim]

-christine

17:00:31 [rigo]

regrets on 5 th of December, conflicting meeting

17:00:35 [Zakim]

-tara

17:00:36 [Zakim]

-npdoty

17:00:36 [Zakim]

-Wendy

17:00:38 [Zakim]

-Karima

17:00:43 [npdoty]

Zakim, list attendees

17:00:43 [Zakim]

As of this point the attendees have been npdoty, tara, Rigo, christine, Wendy, Karima, fjh

17:00:47 [npdoty]

rrsagent, please draft the minutes

17:00:47 [RRSAgent]

I have made the request to generate http://www.w3.org/2013/10/10-privacy-minutes.html npdoty

17:00:54 [npdoty]

rrsagent, bye

17:00:54 [RRSAgent]

I see no action items