15:39:05 <RRSAgent> RRSAgent has joined #privacy
15:39:05 <RRSAgent> logging to http://www.w3.org/2013/10/10-privacy-irc
15:39:07 <trackbot> RRSAgent, make logs 263
15:39:07 <Zakim> Zakim has joined #privacy
15:39:09 <trackbot> Zakim, this will be
15:39:09 <Zakim> I don't understand 'this will be', trackbot
15:39:10 <trackbot> Meeting: Privacy Interest Group Teleconference
15:39:10 <trackbot> Date: 10 October 2013
15:39:13 <npdoty> rrsagent, make logs public
15:39:18 <npdoty> zakim, this will be 7464
15:39:18 <Zakim> ok, npdoty; I see Team_(privacy)16:00Z scheduled to start in 21 minutes
15:50:56 <glenn> glenn has joined #privacy
15:51:30 <npdoty> npdoty has changed the topic to: agenda October 10: http://lists.w3.org/Archives/Public/public-privacy/2013JulSep/0078.html
15:55:02 <tara> tara has joined #privacy
15:55:54 <Zakim> Team_(privacy)16:00Z has now started
15:55:55 <Zakim> +[Apple]
15:56:01 <Zakim> +npdoty
15:56:03 <Zakim> -npdoty
15:56:03 <Zakim> +npdoty
15:56:16 <rigo> rigo has joined #privacy
15:56:24 <tara> zakim, Apple is me
15:56:24 <Zakim> +tara; got it
15:56:42 <Zakim> -npdoty
15:56:53 <christine> christine has joined #privacy
15:57:06 <Zakim> +Rigo
15:57:06 <Zakim> -Rigo
15:57:06 <Zakim> +Rigo
15:57:33 <rigo> bad line, too much NSA loopback echo, trying again
15:57:38 <Zakim> -Rigo
15:57:41 <Zakim> +[IPcaller]
15:57:43 <Zakim> -[IPcaller]
15:57:43 <Zakim> +[IPcaller]
15:57:51 <Zakim> +npdoty
15:58:10 <christine> Zakim, [IPcaller] is me
15:58:10 <Zakim> +christine; got it
15:58:15 <Zakim> +Rigo
15:58:22 <Zakim> +Wendy
15:58:44 <rigo> zakim, mute me
15:58:44 <Zakim> Rigo should now be muted
15:59:06 <christine> Regrets from Joe and Hannes
15:59:27 <wseltzer> Regrets+ JoeHall, Hannes
15:59:48 <christine> Agenda: 1. Welcome and introductions 2. Discussion of the privacy reviews of the draft Web Cryptography API [1] and the draft WebCrypto Key Discovery [2] 3. Update re privacy guidance documents (Privacy Considerations; Fingerprinting; Process) 4. Update re getUserMedia privacy review 5. Update re EME privacy review 6. AOB
16:00:07 <npdoty> chair: tara
16:00:29 <christine> Regrets Robin
16:01:11 <wseltzer> Regrets+ Robin
16:01:23 <tara> Getting started in a moment...
16:01:28 <christine> thanks, I will try to remember that
16:01:47 <wseltzer> zakim, who is here?
16:01:47 <Zakim> On the phone I see tara, christine, npdoty, Rigo (muted), Wendy
16:01:48 <Zakim> On IRC I see christine, rigo, tara, glenn, Zakim, RRSAgent, npdoty, TallTed, fjh, wseltzer, trackbot
16:02:04 <christine> We need a scribe
16:02:42 <christine> Thank you Nick
16:02:43 <npdoty> scribenick: npdoty
16:03:04 <npdoty> Topic: Web Cryptography review
16:03:12 <christine> Agenda item 2 - Discussion of the privacy reviews of the draft Web Cryptography API [1] and the draft WebCrypto Key Discovery [2]
16:03:28 <christine> Many thanks to Robin for providing a privacy review
16:03:34 <npdoty> Robin sent comments to the list about it
16:03:48 <tara> https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html
16:03:58 <tara> http://www.w3.org/TR/webcrypto-key-discovery/
16:04:21 <wseltzer> -> http://lists.w3.org/Archives/Public/public-privacy/2013JulSep/0079.html Robin Wilton's review
16:05:47 <npdoty> christine: last call we had guests from Web Crypto to discuss their privacy conversations; Robin provided a privacy review, but haven't received comments on the list
16:05:58 <npdoty> ... Web Crypto is anxious to get their review
16:06:32 <npdoty> ... follow up with Crypto WG, noting that they want something in a couple of weeks
16:06:47 <Karima> Karima has joined #privacy
16:06:47 <npdoty> tara: useful to get some comments in at this stage, let them see a draft
16:08:30 <Zakim> +??P13
16:08:51 <Karima> zakim, ++??13 is me
16:08:51 <Zakim> sorry, Karima, I do not recognize a party named '++??13'
16:08:56 <npdoty> npdoty: concern that most UAs couldn't implement it because of privacy concerns. should that be a blocking concern?
16:09:00 <npdoty> Zakim, ??P13 is Karima
16:09:00 <Zakim> +Karima; got it
16:09:11 <Karima> zakim, mute me
16:09:11 <Zakim> Karima should now be muted
16:09:50 <npdoty> wseltzer: pre-provisioned keys spec split off because of implementer concerns
16:10:17 <npdoty> npdoty: if implementations can't be built, should that be a blocker? what does w3c typically do in that situation?
16:10:50 <Zakim> -Karima
16:10:51 <npdoty> wseltzer: let it go for a while through the process; at some point should PING give a comment, might eventually go to the Director, based on whether implementations can be made
16:11:07 <npdoty> ... could do privacy reviews at the implementation stage to see if concerns really were addressed
16:12:16 <npdoty> christine: typically would think we would focus on specification rather than implementation, but could maybe give advance guidance on implementation/results
16:12:56 <npdoty> wseltzer: easy to give advice on individual specs, but privacy concerns will be noted for the point of implementations and interactions between features
16:13:15 <npdoty> ... could note it earlier just to compare our expectations to the actual real world experience
16:15:18 <npdoty> npdoty: question about implementers
16:15:37 <Zakim> +??P13
16:16:07 <Karima> Zakim, ??P13 is me
16:16:07 <Zakim> +Karima; got it
16:16:27 <npdoty> ... could note about feature-at-risk or risk of non-implementation
16:17:57 <npdoty> Topic: privacy guidance documents
16:18:11 <npdoty> tara: privacy considerations; fingerprinting; SPA
16:18:23 <wseltzer> ACTION christine to share draft review of WebCrypto with Virginie Galindo
16:18:24 <trackbot> Created ACTION-4 - Share draft review of webcrypto with virginie galindo [on Christine Runnegar - due 2013-10-17].
16:18:56 <npdoty> ... missing Frank and Hannes today, as an Interest Group, what should be done with the documents at this stage?
16:20:43 <wseltzer> http://www.w3.org/2005/10/Process-20051014/process.html#ig-cg-notes
16:22:30 <rigo> nick, do you have the link for the charter
16:22:36 <npdoty> http://www.w3.org/2011/07/privacy-ig-charter.html
16:23:15 <rigo> ack ri
16:23:30 <npdoty> npdoty: expectation was to publish a Group Note, not sure if we have draft/review requirements in the meantime
16:23:36 <christine> q+
16:24:43 <tara> ack
16:24:45 <npdoty> rigo: per the charter, we're allowed to make Group Notes
16:24:45 <rigo> zakim, mute me
16:24:45 <Zakim> Rigo should now be muted
16:25:04 <rigo> ack ri
16:26:09 <christine> So does that mean we call it Draft Group Note as at x date?
16:26:49 <rigo> yep
16:27:44 <npdoty> npdoty: suggest we publish Editors' Drafts now, and internally decide on what level of review we're going to have within PING or based on feedback from other groups before we published a finalized Note
16:27:56 <npdoty> tara: if other Interest Groups have gone through this, happy to hear feedback
16:28:03 <fjh> fjh has joined #privacy
16:28:04 <rigo> look at http://www.w3.org/TR/app-privacy-bp/
16:28:06 <tara> ack christine
16:28:11 <npdoty> ... not complex, but happy to hear we can move these forward without a formal process
16:28:18 <rigo> and ask Frederick how he got there
16:28:33 <npdoty> christine: happy to hear suggestions on how we can encourage contributions to these privacy documents
16:28:59 <npdoty> ... suffering a little bit from divided time, with TPWG taking a lot of focus
16:29:29 <fjh> we got there through the work in DAP at the time, including CDC input, discussions, items that involved applications
16:29:43 <rigo> ack ri
16:29:49 <npdoty> ... this is important work for W3C, enough so to charter work, if you have ideas on how to go faster, please let me know
16:30:02 <fjh> zakim, code?
16:30:02 <Zakim> the conference code is 7464 (tel:+1.617.761.6200 sip:zakim@voip.w3.org), fjh
16:30:11 <Zakim> +[IPcaller]
16:30:21 <fjh> zakim, [IPcaller] is me
16:30:21 <Zakim> +fjh; got it
16:30:46 <tara> q?
16:31:09 <fjh> rrsagent, generate minutes
16:31:09 <RRSAgent> I have made the request to generate http://www.w3.org/2013/10/10-privacy-minutes.html fjh
16:31:30 <npdoty> npdoty: we've had success with individual volunteers doing privacy reviews, maybe we should ask individuals to do reviews of each guidance document
16:31:47 <npdoty> rigo: input can be driven by process requirements
16:32:20 <npdoty> christine: IETF is taking a much more obvious and active interest in data security
16:32:26 <npdoty> ... gives a lot of support to their ongoing privacy work
16:32:28 <fjh> s/CDC/CDT/
16:33:19 <christine> thank you for joining us
16:33:22 <fjh> rrsagent, generate minutes
16:33:22 <RRSAgent> I have made the request to generate http://www.w3.org/2013/10/10-privacy-minutes.html fjh
16:34:26 <christine> q+
16:34:47 <npdoty> npdoty: based on our use of "fingerprinting" term in other privacy reviews, we might want to update the definition or recommend using a different term
16:34:51 <npdoty> ack christine
16:35:00 <npdoty> christine: reminded hannes on getusermedia review
16:35:35 <christine> q+
16:35:45 <npdoty> wseltzer: joe and I still planning to do privacy review on EME
16:36:07 <npdoty> q?
16:36:11 <npdoty> ack christine
16:37:00 <npdoty> christine: there may have been some uncertainty about the forward progress/scope of EME
16:37:15 <npdoty> ... how would it fit into their schedule? do they have a particular deadline?
16:37:31 <npdoty> wseltzer: they have published Working Drafts, it would be useful to have privacy review now
16:38:12 <npdoty> christine: might be able to capitalize on the recent press coverage, reminder that wseltzer is managing a privacy review of this spec
16:39:01 <npdoty> wseltzer: would be happy to forward that email to the restricted media community group
16:39:19 <npdoty> q+
16:39:30 <tara> ack npdoty
16:40:40 <christine> q+
16:40:51 <tara> ack christine
16:41:09 <npdoty> topic: standards and surveillance concerns
16:42:09 <npdoty> npdoty: what should we do in response to reports of sabotage of security standards? know IETF/IAB is working on some privacy-related rfcs
16:42:24 <christine> q+
16:42:28 <npdoty> christine: know it's been an active topic of discussion in internet governance
16:42:29 <wseltzer> q+
16:42:38 <npdoty> ... don't want to comment on what w3c is doing internally
16:43:09 <npdoty> tara: on a broader scale, what can we do to provide transparency around process to address that concern
16:43:10 <npdoty> ack wseltzer
16:43:11 <tara> ack christine
16:43:40 <npdoty> wseltzer: one statement has been from OpenStand, open standards process to resist that kind of infiltration, a very high-level response
16:43:59 <christine> http://open-stand.org/
16:44:22 <npdoty> http://open-stand.org/statement-from-openstand-on-the-strengths-of-the-openstand-principles/
16:44:35 <npdoty> wseltzer: what should we do now that we know more about this kind of threat?
16:45:10 <npdoty> ... TAG (technical architecture group) and domain talking about what responses are necessary on security in standards development
16:45:12 <wseltzer> -> http://open-stand.org/statement-from-openstand-on-the-strengths-of-the-openstand-principles/ OpenStand statement
16:45:17 <npdoty> tara: will this be a topic at TPAC?
16:45:39 <npdoty> wseltzer: it should be discussed there, yes. we should propose it on the unconference day if it's not already on the schedule
16:45:45 <npdoty> q+
16:45:54 <tara> ack npdoty
16:45:55 <wseltzer> -> http://www.w3.org/wiki/TPAC2013/SessionIdeas TPAC Wiki
16:46:12 <rigo> q+
16:46:21 <rigo> ack ri
16:46:25 <tara> ack rigo
16:46:37 <npdoty> npdoty: can also talk at IETF in Vancouver, good for coordinating between w3c and ietf
16:48:35 <christine> agree with Nick
16:48:59 <npdoty> tara: hearing general support for making statements. is there anything on the other side, concerns against making a statement?
16:48:59 <npdoty> fjh: might be a w3c thing, not a PING thing
16:49:32 <Karima> I think it is a PING thing
16:49:33 <wseltzer> q+
16:50:07 <wseltzer> q-
16:50:30 <npdoty> q+
16:50:36 <christine> q+
16:50:39 <Karima> q+
16:50:46 <npdoty> q- later
16:51:26 <tara> ack npdoty
16:52:43 <tara> ack christine
16:53:12 <npdoty> npdoty: organizations as a whole can make larger statements, but PING or IAB privacy program can publish documents that would actually implement those priorities
16:53:41 <npdoty> christine: had hoped to have further progress on privacy considerations, but glad we've been doing privacy reviews
16:54:10 <npdoty> ... still maturing, but hope we can get to the point where we can say, there is a group that is developing guidance and coordinating privacy reviews of specifications
16:54:24 <npdoty> ... question may be asked of standards bodies: what are you doing to protect us?
16:54:31 <npdoty> ack Karima
16:55:57 <npdoty> Karima: congress on privacy, launch debate on what happens at the NSA; videos have been posted, including a discussion of standardization
16:56:03 <npdoty> ... could be helpful in making a responsible statement
16:56:23 <christine> +q
16:56:58 <npdoty> ack christine
16:57:08 <npdoty> christine: pointing out charter date inconsistency
16:57:15 <christine> christine will be
16:57:28 <tara> I will not be, sadly.
16:57:36 <npdoty> npdoty: my fault, will follow up internally
16:58:29 <npdoty> tara: if you'll be in Vancouver, let us know, so we can get together and discuss
16:58:54 <christine> when is thanksgiving?
16:59:08 <npdoty> us thanksgiving is thursday the 28th of November
16:59:10 <christine> I can't do 21
16:59:20 <rigo> all W3C will be absent for TPAC until 19 Nov
16:59:36 <christine> first week of dec?
17:00:00 <christine> I will be hoping outstanding privacy reviews are completed by then - 5 dec
17:00:12 <christine> thank you tara
17:00:18 <christine> and nick and all
17:00:20 <npdoty> December 5th likely works for next call
17:00:26 <Zakim> -fjh
17:00:29 <Zakim> -christine
17:00:31 <rigo> regrets on 5 th of December, conflicting meeting
17:00:35 <Zakim> -tara
17:00:36 <Zakim> -npdoty
17:00:36 <Zakim> -Wendy
17:00:38 <Zakim> -Karima
17:00:43 <npdoty> Zakim, list attendees
17:00:43 <Zakim> As of this point the attendees have been npdoty, tara, Rigo, christine, Wendy, Karima, fjh
17:00:47 <npdoty> rrsagent, please draft the minutes
17:00:47 <RRSAgent> I have made the request to generate http://www.w3.org/2013/10/10-privacy-minutes.html npdoty
17:00:54 <npdoty> rrsagent, bye
17:00:54 <RRSAgent> I see no action items