15:54:28 RRSAgent has joined #privacy 15:54:28 logging to http://www.w3.org/2015/09/17-privacy-irc 15:54:30 RRSAgent, make logs 263 15:54:30 Zakim has joined #privacy 15:54:32 Zakim, this will be 15:54:32 I don't understand 'this will be', trackbot 15:54:33 Meeting: Privacy Interest Group Teleconference 15:54:33 Date: 17 September 2015 15:54:35 rrsagent, make logs public 15:54:37 chair: tara 15:55:49 Zakim, clear agenda 15:55:49 agenda cleared 15:55:58 agenda+ welcome and introductions 15:56:12 agenda+ fingerprinting guidance to group note 15:56:19 agenda+ privacy and security questionnaire 15:56:34 agenda+ AOB 15:57:26 LCPolan has joined #privacy 15:57:31 ah 15:58:14 Thanks! 15:58:23 You on the phone/Webex? 15:58:36 will be soon 15:59:43 christine has joined #privacy 16:00:08 it's very quiet 16:00:11 heh 16:00:39 present+ npdoty, runnegar, tara, JoeHallCDT, LCPolan 16:01:36 I can hear you! 16:01:43 scribenick: JoeHallCDT 16:02:14 We're just getting the phone side set up... 16:06:01 christine: let's get started 16:06:19 tara: no intros as we're all familiar with one another 16:06:26 Zakim, take up agendum 2 16:06:26 agendum 2. "fingerprinting guidance to group note" taken up [from npdoty] 16:06:36 tara: fingerprinting as a group note? 16:06:45 https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0121.html 16:06:46 +q 16:06:55 npdoty: sent out a msg in August about status of fpr document 16:07:01 … have resolved major document TODOs 16:07:11 … now complete, not perfect but not missing 16:07:20 … hoping to publish as a draft WG note 16:07:35 … will signal that has some support from PING 16:07:41 … and that it's stable enough for feedback 16:07:59 christine: totally agree that's what we should do... 16:08:05 … hoping wendy would be on the call 16:08:19 q+ on process 16:08:21 … what are the mechanisms to do that 16:08:31 … have some editorial comments but haven't finished yet 16:08:36 … will do so in the next couple of days 16:08:36 ack christine 16:08:52 … goal would be to produce the final version as a PING group note by the end of the year 16:08:59 ack np 16:08:59 npdoty, you wanted to comment on process 16:09:04 npdoty: on process, I can probably answer 16:09:20 … different WGs handle consensus differently… but chairs are the ones that judge consensus 16:09:24 +q 16:09:32 … can do over email "please note objections/concerns by x date" 16:09:42 +q 16:09:49 ack ch 16:09:54 christine: feeling is that the consensus would be that we should do this 16:10:04 … not enough people on this call to say we have consensus right now 16:10:46 (Katie joined, christine got her up to speed) 16:11:13 … should do it over email 16:11:31 … question: the email list has a population of people that is massive… bigger than formal PING group 16:12:00 tara: has to be of PING members 16:12:17 npdoty: we haven't had to make a sharp distinction between mailing list and signing forms to be members 16:12:28 ack joe 16:12:31 scribenick: npdoty 16:12:49 JoeHallCDT: Christine, sounds like your goal is a Note by the end of the year that's no longer draft status? 16:12:53 christine: yes. 16:13:06 JoeHallCDT: what is a member/participant? 16:13:26 ... formal, vs public where anyone can sign up on the mailing list 16:14:04 npdoty: members of the w3c are dues payers 16:14:09 … participants in groups like PING 16:14:17 … members of w3c and public people 16:14:38 … in order to be a formal member of the group you have to be a w3c member or an invited expert 16:14:49 scribenick: JoeHallCDT 16:15:13 christine: tara, we have an action item to do the call for consensus on the email list and publish the note as a draft 16:15:21 … presume the usual period is 2 weeks 16:15:41 regrets+ wseltzer 16:15:42 tara: and we'll wait until christine is done with editorial contribusions 16:16:06 npdoty: have gotten a few comments from the mailing list or offlist 16:16:13 … might want to start using github issue tracker 16:16:15 +q 16:16:45 GitHub for PING? 16:16:55 Is in the W3C account 16:17:09 tara: thanks a ton, npdoty! 16:17:16 thanks all for the feedback 16:17:23 … very grateful for moving this forward, we're proud of this accomplishment 16:17:31 Zakim, take up agendum 3 16:17:31 agendum 3. "privacy and security questionnaire" taken up [from npdoty] 16:17:46 tara: now we're on to privacy and security questionnaire 16:17:52 present+ KatieHS 16:17:58 +q 16:18:08 tara: have quite a lot of work done by CDT 16:18:11 -q 16:18:35 christine: reiterate that Joe and Greg have done a spectacular job of moving this forward 16:18:45 … on my list to do a read through and comment and additions 16:19:05 … what we need to think about is how can we at least get to the stage of giving consensus input from PING to the TAG 16:19:22 … and get to the point to publish a draft note on our complimentary document that would go into more detail 16:19:46 Ryladog has joined #privacy 16:19:48 … TAG's goal is to have a succinct questionnairre, but we see value in having a document that gives context for the items in the questionnaire 16:19:58 … if we can do that this year, that would be a good thing to do 16:20:09 ack ch 16:20:19 … we have TPAC coming up, maybe the plan should be to have a meeting on that Friday (maybe just the morning) to push this forward as a group 16:20:20 Present+ Katie Haritos-Shea 16:20:21 +q 16:20:34 q+ 16:20:40 ack JoeHallCDT 16:20:41 Boo! 16:20:50 (to no CDT folks. But we understand.) 16:20:54 q+ 16:20:54 JoeHallCDT: CDT folks won't be in attendance at TPAC 16:20:57 I will have a speakerphone. 16:21:00 ... could participate remotely? 16:21:11 I tried to ensure remote folks could join. 16:21:44 ... have been working to pull out the privacy stuff to have a distinct questionnaire. mkwest: it would be really great to contribute that back to the TAG document 16:21:54 ... to what extent do we want to have a PING-maintained privacy questionnaire? 16:22:20 ... vs. just giving feedback to the TAG on their questionnaire, and maintaining a document of contextual support 16:22:30 ... think we shouldn't combine privacy and security too closely 16:23:05 ... doing privacy reviews and making sure there is feedback to the questionnaire based on those reviews 16:23:18 ... for example, Greg has done that with the Presentation API experience 16:23:44 ... do we have other requests to do privacy reviews? a working understanding is most useful 16:24:59 ... Greg's email has meta questions about the questionnaire 16:25:19 tara: +1, useful to try out the questionnaire with reviews 16:25:19 tara: very beneficial to get experience reviewing documents with this one 16:25:36 npdoty: we should look at Greg's Presentations API email 16:25:40 ack np 16:25:59 … would be happy to have this merged with the security document that the TAG is working on 16:26:14 … having one document means it's more likely that people will use it 16:26:22 … and being TAG, people will pay attention to it 16:26:29 … so fine with having one document 16:26:40 … would like to do anything we can to get the feedback to tAG 16:26:42 +q 16:26:51 … whatever we need to do to get that feedback 16:27:03 christine: what we need to do is have another conversation with TAG 16:27:18 … what's the best way that both pieces of work get good traction 16:27:23 ack chr 16:27:32 … the second screen working group have reached out to us 16:27:40 … will be having privacy discussion at TPAC in their own meeting 16:28:03 … if we can do a bit more work on our document, about what we think is important for the S&P questionnaire 16:28:15 … can take to TPAC and present to TAG our feedback 16:28:26 +1 16:28:32 ack JoeHallCDT 16:28:33 Yup, good idea! 16:28:39 JoeHallCDT: +1 to taking questionnaire to TPAC 16:29:05 ... understand npdoty on having one document/one place is good, connected to TAG sounds good 16:29:41 ... here are the pieces we think need to be updated with privacy-informed perspective 16:29:53 ... that could be formal input back to TAG 16:30:02 ... we (CDT) can work on that 16:30:20 ... when we have a discussion, Second Screen, more face to face feedback 16:30:42 ... there's no reason we PING couldn't be more ambassdors, going to other groups' calls 16:31:02 ... 1. go back to TAG with edits. 2. engage with groups, including at TPAC 16:31:11 q+ 16:31:45 tara: we can build bridges for the meeting, and support this at TPAC 16:31:55 are there any times that East Coast US and Japan meetings that easily overlap? 16:32:15 christine: you volunteered to try reviewing Presentation API? 16:32:23 https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0120.html 16:33:05 … for some reason, I didn't see that 16:35:02 +q 16:35:03 I've just updated the wiki page on privacy reviews with that link, and the fact that Greg has been looking at the Presentation API 16:35:33 q+ on list of reviews 16:36:26 JoeHallCDT: would be good to have a set of resources somewhere, not just in the mailing list 16:36:36 https://www.w3.org/wiki/Privacy/Privacy_Reviews#Requested_reviews 16:36:51 npdoty: we do have a wiki list of requested and finished reviews ^^^^ 16:37:03 ack np 16:37:03 npdoty, you wanted to comment on list of reviews 16:37:06 … I am hopeful that this can be a semi-stable resource 16:37:13 … still need to send things to the mailing list 16:37:34 christine: to add to that, to Joe's point that also keeps the reviews so you don't have to look at the mailing list 16:37:44 … can we add to the wiki the actual detail of the reviews? 16:37:51 … ah you have… pointers to the emails? 16:38:05 … maybe that's all we need to do 16:38:11 ack ch 16:38:13 … we should look at that and what's the best way to do it 16:38:28 I'm not sure if the email review style is the best possible, but it's definitely a good start 16:38:44 … one of the things I'd like to do is send a note out to the list encouraging people to look at the Presentation API review before turning over to 2nd screen WG 16:38:51 +q 16:39:03 ack jo 16:39:32 JoeHallCDT: having a list on the wiki with pointers to emails where we go through a privacy review is great, but if there are multiple reviews, or follow-up pointers ... gets complicated 16:40:06 ... instead, could keep the review in a separate wiki page, and then update it on the wiki 16:41:00 npdoty: haven't included a link to every email in the list discussing something… just the final link to the WG 16:41:56 q+ with more requested reviews 16:42:00 q+ 16:42:06 tara: presumably the next call we'd have is during TPAC 16:42:13 npdoty: do have some other business 16:42:23 https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0133.html 16:42:49 … Mike West has asked for more feedback on what's now called Secure Context (used to be powerful features) 16:42:56 … limit certain features to secure origins 16:42:58 https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0051.html 16:43:04 … DNT asked for feedback 16:43:33 q+ 16:43:53 … the other thing was not so much a review as threads on clearing local data in private browsing mode 16:44:00 … now there is a proposal in WebAppSec 16:44:03 https://lists.w3.org/Archives/Public/public-privacy/2015JulSep/0134.html 16:44:09 +q 16:44:11 ack 16:44:15 ack me 16:44:50 christine: also has a feeling that there may be something else as well 16:44:58 … we need to figure out how to contribute to these requests 16:45:22 … I can try to spurring people into action via the email list 16:45:33 … really need to be looking at these things 16:45:35 ack ch 16:45:49 ack jo 16:45:52 I'll update the wiki. if anyone knows of an individual who would be good to request review one of these documents, that would be great 16:47:55 @ Joe,yes, I'll chase up 16:48:40 JoeHallCDT: could look at DNT with fresh eyes/PING perspective 16:48:55 ... otherwise, +1 to email reminders to prompt people, multiple people, to review 16:49:07 christine: header enrichment? 16:49:23 … nick and joe, still worthwhile doing anything else in this space 16:49:31 q+ 16:49:38 npdoty: rather than reviewing a document, could be a good thing for a convening function 16:49:40 +q 16:49:49 … privacy implications of header enrichment 16:50:34 ack ch 16:50:35 christine: suggestion and question: 16:50:58 … suggestion in the part of the unconference TPAC, maybe PING could suggest a session on the privacy imps of header enrichment 16:51:12 … question: this is slightly different from what PING does traditionally 16:51:19 I think the unconference is still on the schedule; sounds like a reasonable idea to me 16:51:25 … could PING have a series of blog posts? statements? 16:51:45 tara: sounds interesting, not sure about the precedent 16:51:56 npdoty: there's a w3c blog, anyone can blog on their own 16:52:06 … if we think that's a good way to communicate on a topic, we should do it. 16:52:10 ack me 16:52:32 JoeHallCDT: Unsanctioned Tracking finding from TAG relevant to header enrichment 16:52:54 ... what would we say about header enrichment, separate from TAG finding? 16:53:40 ... not okay, except in these circumstances 16:54:03 npdoty: might be interesting to try to define exactly what circumstances might be privacy preserving in header enrichment 16:54:13 … we want to get the header enrichment and privacy people to talk 16:55:17 JoeHallCDT: concern about it not being end-to-end on any level, but could imagine some use cases 16:55:23 q+ 16:55:33 ack ch 16:55:47 christine: who do we think the pro-enrichment people would be 16:55:59 Joe: Verizon and AT&T 16:56:37 christine: are there others that have been doing this? 16:56:45 JoeHallCDT: not sure 16:56:57 christine: would be worthwhile having a conversation 16:57:19 q+ 16:57:34 yeah, I should probably do that 16:58:11 christine: add to the list things that need to be done: organize TPAC session, send agenda around 16:58:21 npdoty: telecon in october? or just TPAC? 16:58:35 tara: arranged for there to be a phone so that we could do that 16:58:39 … time zones will be hard 16:58:52 npdoty: should have remote optoin, but separate call in October 16:58:57 +1 16:59:11 christine: inclined to think we should have a call separate from TPAC meeting 16:59:19 … keep the enthusiasm! 16:59:29 tara: quite a valid point 16:59:36 … just don't want folks to be overwhelmed. 16:59:48 … should we do it before TPAC? since TPAC is right before 16:59:53 … 22 would make sense? 16:59:55 22 works 17:00:17 maybe we could check with our Geofencing presentation re: scheduling 17:00:23 tara: will assume we'll do it then, with the aim of making progress for the TPAC set of meetings 17:00:44 trackbot, end meeting 17:00:44 Zakim, list attendees 17:00:44 As of this point the attendees have been npdoty, runnegar, tara, JoeHallCDT, LCPolan, KatieHS, Haritos-Shea 17:00:52 RRSAgent, please draft minutes 17:00:52 I have made the request to generate http://www.w3.org/2015/09/17-privacy-minutes.html trackbot 17:00:53 RRSAgent, bye 17:00:53 I see no action items 17:03:53 RRSAgent has joined #privacy 17:03:53 logging to http://www.w3.org/2015/09/17-privacy-irc 17:03:58 rrsagent, please draft minutes 17:03:58 I have made the request to generate http://www.w3.org/2015/09/17-privacy-minutes.html npdoty 17:04:42 npdoty has changed the topic to: Minutes from PING, 17 September: http://www.w3.org/2015/09/17-privacy-minutes.html 17:05:57 JoeHallCDT1 has joined #privacy 17:07:40 JoeHallCDT1 has joined #privacy 17:16:23 JoeHallCDT has joined #privacy 17:22:06 LCPolan has joined #privacy 17:28:57 JoeHallCDT has left #privacy 17:35:05 keiji has joined #privacy 18:18:32 LCPolan has joined #privacy 19:53:45 npdoty has joined #privacy 20:25:02 npdoty has joined #privacy 21:02:14 keiji has left #privacy 21:05:13 LCPolan has joined #privacy 21:28:15 LCPolan has joined #privacy 23:01:26 LCPolan has joined #privacy 23:47:12 keiji has joined #privacy 23:56:50 LCPolan has joined #privacy