<trackbot> Date: 28 August 2014

<christine> Zakim. IPcaller is me

<tara> Hullo! Trying to get connected by phone...

<christine> Hi. We'll start soon.

<scribe> scribenick: npdoty

welcome back, Frank Dawson, from Nokia

<yrlesru> :-)

<christine> Thank you for scribing Nick

<christine> Agenda item: Privacy guidance and process documents

Privacy guidance and process documents

christine: had an informal meeting at last IETF on task force
... planned out some steps, but still need to make progress, especially before TPAC
... and help / reviews / comments are welcomed even from non-experts

<wseltzer> https://w3c.github.io/privacy-considerations/

<wseltzer> and http://yrlesru.github.io/SPA/

christine: Frank's document, haven't worked a lot on progressing that document

<yrlesru> http://yrlesru.github.io/SPA/

christine: separate goals: guidance for improving privacy in specs vs. process for conducting reviews

Katie: like a privacy impact assessment of a spec and how to perform one?

yrlesru: yes, specification privacy assessment
... for a high-level PIA, how should we do that as an editor of a spec
... also submitted to OASIS and ISO (adopted as a standing document)
... main difference from IETF work or Hannes' suggestion, those are more like checklists to use in a particular context
... should be more systematic and less ad hoc

christine: would be useful to see what privacy considerations text is already out there

npdoty: I've been doing some data analysis on TRs and mentions of privacy
... will have some data / list out to you all soon

fjh: what if we added to the ReSpec spec-editing tool a magical section for including privacy/security considerations section

npdoty: sounds like a cool idea

katie: we should coordinate with the security group as well

<wseltzer> [+1 from Security]

fjh: does seem like combining those sections is seeming more common

<fjh> ACTION: fjh to propose update to ReSpec for security and privacy consideration section support [recorded in http://www.w3.org/2014/08/28-privacy-minutes.html#action01]

<trackbot> Created ACTION-7 - Propose update to respec for security and privacy consideration section support [on Frederick Hirsch - due 2014-09-04].

<christine> Agenda item: Privacy reviews

here is a list of 87 recommendation track documents that mention privacy: https://npdoty.name/tr-analysis/graphs/tr-list.html

Privacy reviews

christine: hopefully Katie and Joe can connect before our next call

Katie: going to look at media stream recording / IndieUI

christine: media task force definitely producing documents with privacy interest

fjh: I'm probably not the expert, talk to the group itself via the mailing list for the task force
... might want to consider generic streaming media threats first, then details related to spec
... this is not a minimal specfiication, it has a lot of detail such as constraints, tracks, streams etc

<yrlesru> Sounds like a good case for data flow diagramming to understand the interactors?

christine: outstanding discussion re encrypted media extensions

wseltzer: alas, it is still outstanding
... would welcome any help with it

<christine> Agenda item: Privacy news

Privacy news

<yrlesru> NIST Privacy Engineering Workshop in San Jose in September (not attending)

christine: just an agenda item for anything going on inside or outside regarding privacy

Frank: two privacy engineering events: NIST having its second workshop
... also IPEN (sp?) run by data protection agencies having a workshop in Berlin at the end of September
... if we wanted to hire a privacy engineer, what the requirements look like and what curricula would help

<fjh> s;mailing list for the task force;mailing list for the task force http://lists.w3.org/Archives/Public/public-media-capture/;

Frank: the professional slide of privacy engineering

<tara> Frank, is this is right link? https://secure.edps.europa.eu/EDPSWEB/webdav/site/mySite/shared/Documents/EDPS/IPEN/14-08-14_IPEN_workshop_practical_information_EN.pdf

<christine> @ NIck - EDPS IPEN workshop is on 26 September 2014 in Berlin

<fjh> mailing list for the media capture task force http://lists.w3.org/Archives/Public/public-media-capture/

<fjh> http://www.w3.org/TR/2013/WD-mediacapture-streams-20130516/

Frank: some people looking at the top ten privacy risks in OWASP

<fjh> re media capture, suggest asking the chairs if they have an overview, I believe there is one

<yrlesru> OWASP Top 10 Privcy Risks.

<tara> http://www.w3.org/2014/07/permissions/

<yrlesru> One of the principles is Stefan Burgmair <Stefan.Burgmair@msg-systems.com>. MSG Systems appears to be an ICT consulting firm for German/EU banking industry.

npdoty: there is a workshop / meeting regarding permissions for web applications

wseltzer: will represent privacy (attending second day)

<yrlesru> Lastly, to report, CIPL has a Privacy Risk Management project that has produced a pretty informative report.

christine: regarding TPAC, separate time to meet on Friday; unconference day on Wednesday; and a chance to chat with the chairs

<yrlesru> iPEN = https://secure.edps.europa.eu/EDPSWEB/edps/EDPS/IPEN

christine: please send any suggestions along

Frank: useful to have an agenda for our Friday meeting as early as possible, regarding scheduling

wseltzer: possible additional item is a breakfast meeting of the chairs of all groups. could take a moment of that time to discuss privacy reviews

<wseltzer> http://www.w3.org/2014/11/TPAC/

wseltzer: plenary day is unconference, not scheduled in advance, until 2:45pm; scheduled events after

frank: catch people at coffee breaks. could we have a table set up?

wseltzer: coffee breaks not as synchronized as at IETF
... maybe a table tent at lunch to invite people to talk; not sure how well it will work

christine: 1) webappsec wg put out a FPWD of referrer policy
... can set policy for how referer headers should work for outgoing requests

<wseltzer> ACTION: wseltzer to propose TPAC review group "office hours" or hallway tables for future TPACs [recorded in http://www.w3.org/2014/08/28-privacy-minutes.html#action02]

<trackbot> Created ACTION-8 - Propose tpac review group "office hours" or hallway tables for future tpacs [on Wendy Seltzer - due 2014-09-04].

christine: might be worth looking at the document to see how it would help with privacy

wseltzer: +1, worth looking at

christine: web and mobile interest group is gathering wake lock use cases
... some of their requirements seem focused on user control
... finally, web apps working group is rechartered, with PING as a liaison

next meeting October 2?

next meeting: 2 October

<yrlesru> Regards to all. Bye.

<yrlesru> quit

trackbot, end meeting

This is scribe.perl Revision: 1.138  of Date: 2013-04-25 13:59:11  
Check for newer version at http://dev.w3.org/cvsweb/~checkout~/2002/scribe/

Guessing input format: RRSAgent_Text_Format (score 1.00)

Succeeded: s/there are generic issues related to streaming media/might want to consider generic streaming media threats first, then details related to spec/
Succeeded: s/won't be a simple spec with a single context or a simple model/this is not a minimal specfiication, it has a lot of detail such as constraints, tracks, streams etc/
Succeeded: s/@@@/OWASP/
Found ScribeNick: npdoty
Inferring Scribes: npdoty
Default Present: christine, +1.650.944.aaaa, +1.650.944.aabb, tara, Wendy, npdoty, fjh, +1.650.618.aacc, yrlesru, Katie_Haritos-Shea
Present: christine +1.650.944.aaaa +1.650.944.aabb tara Wendy npdoty fjh +1.650.618.aacc yrlesru Katie_Haritos-Shea Frederick_Hirsch

WARNING: No meeting chair found!
You should specify the meeting chair like this:
<dbooth> Chair: dbooth

Found Date: 28 Aug 2014
Guessing minutes URL: http://www.w3.org/2014/08/28-privacy-minutes.html
People with action items: fjh wseltzer