RE: W3C Workshop Agreement?

Hi Thomas, 

I updated the description a bit: 
"
The two practical proposals that drew most interest and discussions were
the Mozilla privacy icon approach and CDT's privacy rule-set idea. Both
proposal received a lot of positive feedback. In addition to technical
and user interface challenges, there were questions about the business
incentives for browser vendors and large Web providers, as one of the
main obstacles for getting privacy from research and standardization to
deployment. Nevertheless, further investigation and experimentation with
both approaches seems worthwhile and was encouraged.

There was agreement that it is useful to capture best current practices
gained during early implementation efforts (such as those presented
during the workshop regarding the geolocation API). Furthermore,
investigating how to help specification writers and implementers to
systematically analyse privacy characteristics in W3C specifications was
seen as a worthwhile effort. To this end, the W3C staff plans to propose
a charter for a Privacy Interest Group that can serve as a forum for
this work. Such an Interest Group could also provide a focal point for
privacy-related coordination with other interested standard development
organizations.
"

Thanks for giving it an editorial pass. 

Ciao
Hannes


> -----Original Message-----
> From: ext Thomas Roessler [mailto:tlr@w3.org] 
> Sent: Friday, August 13, 2010 1:54 PM
> To: Tschofenig, Hannes (NSN - FI/Espoo)
> Cc: Thomas Roessler; public-privacy@w3.org
> Subject: Re: W3C Workshop Agreement?
> 
> On 13 Aug 2010, at 12:21, Tschofenig, Hannes (NSN - FI/Espoo) wrote:
> 
> >> Well, there were two sets of reservations:
> >> 
> >> - Folks from various vendors saying they didn't really 
> think they'd implement those proposals. 
> 
> > I would call NSN a vendor and we are very interested in 
> implementing and providing privacy based capabilities to our 
> customers. Hence, you cannot say "vendors" here but rather to 
> those persons at the workshop, such as Ian, David,  etc. I 
> assume they speak with their company hat but I am not sure.
> 
> >> - People with various backgrounds questioning whether 
> either Web services or browser vendors would have incentives 
> to deploy a particular technology. 
>  
> > The very negative reaction from the previous set of people 
> was obviously noticed by others in the room and hence 
> everyone else was indeed wondering what would make these guys 
> change their mind. People in the room very well understood 
> that some companies have a business model that is based on 
> collecting information and enhancing privacy capabilities 
> seems to be in conflict with their business model.
> 
> So, here's what the summary currently says:
> 
> "The two practical proposals that drew most interest and 
> discussions were the Mozilla privacy icon approach and CDT's 
> privacy rule-set idea. Both also drew significant questions 
> about their practical viability and about the respective 
> incentives for implementation by browser vendors and large 
> Web properties. Yet, further investigation and 
> experimentation with both approaches seems worthwhile."
> 
> Can you suggest additional changes?
> 
> >> For example, I don't think Deirdre counts as "the side of 
> browser vendors and big Web service providers."  I do think, 
> though, that her remarks about lawyers' tendency to write 
> ambiguous text, and the fundamental incompatibility of that 
> with some of the privacy policy notions, is a valid 
> reservation about the privacy icons work. 
> 
> > She is aware of how the industry works and is not too shy 
> to say it. I did not got the impression that she argued 
> against developing better ways for presenting privacy 
> policies on the Internet.
> 
> That's why the report says "drew questions." There's no claim 
> here that asking questions about the viability is the 
> equivalent of pushing back on useful privacy protection -- 
> and, indeed, that wouldn't be true.
> 
> >> What we could say is that the questions were about the 
> practical viability and likelihood of implementation in both 
> Web browsers and by Web service providers, or some such.  
> What do you think? 
> >> 
>  
> > I tend to think that the core problem is with the 
> incentives rather than with the technical aspects.
> 
> Yes, absolutely.
> 
> > Sure, there are challenges (like with any technology) but 
> those are typically (for engineers) solvable. Here, the 
> arguments about the implementation and user interface aspects 
> are just claims to hide the real problem that people see, 
> namely "why should I do this when it could hurt my business".
> 
> You're suggesting a linkage between "would it be implemented" 
> and "technical issues" that I don't see in the report. I've 
> clarified further to say that the question is about 
> incentives for implementation and deployment.
> 
> >> I remember repeated discussion of privacy considerations 
> and not much opposition against those. That's what I meant by 
> "agreement."  If I'm overstating what I thought I heard, I'd 
> be happy to correct this.
> 
> > I noticed that many people used the term "privacy 
> considerations", including myself, but nobody really 
> described what they mean by that. I can tell you what I have 
> in mind. We in the IAB are working on a document that 
> provides the counterpart of the "Guidelines for Writing RFC 
> Text on Security  Considerations"  (RFC 3552) but for privacy.
> 
> Right. But the fact the we don't have the framework in place 
> quite yet shouldn't preclude us from capturing the workshop 
> discussion.
> 
> (Meanwhile, I do think it would be useful to figure out what 
> that privacy guidelines document could look like.)
> 
> --
> Thomas Roessler, W3C  <tlr@w3.org>  (@roessler)
> 
> 
> 
> 
> 
> 
> 
> 

Received on Friday, 13 August 2010 12:28:37 UTC