PING - informal chairs summary and next meeting from Christine Runnegar on 2012-07-25 (public-privacy@w3.org from July to September 2012)

From: Christine Runnegar <runnegar@isoc.org>
Date: Wed, 25 Jul 2012 16:06:12 +0200
To: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <16583494-107C-451E-B65D-BA71AFD4D27E@isoc.org>

Informal chairs summary – 19 July 2012

Thank you to our guest:

Matt Womer (W3C Staff Contact for the Geolocation WG)

The discussion about the work undertaken in Geo to develop the Geolocation API specification was very useful in helping PING understand some of the challenges in dealing with privacy issues in the standards development process.

Thanks to our scribe, Joanne.

Next call on 23 August 2012 (same time)

--------

*Report from Geo (Matt Womer) with additional information/perspective provided by Alissa Cooper

The Geolocation API Specification [1] is at the stage of W3C Proposed Recommendation. It is expected to be released as a Recommendation soon. The specification “defines an API that provides scripted access to geographical location information associated with the hosting device”.

The specification was developed from a Google API that did not have privacy “built-in”. Relatively early in the work, privacy concerns were raised by people from CDT, the IETF GeoPriv [2] and Berkeley (including Nick, before at W3C).

It was a very difficult process trying to reach a privacy solution that was both implementable and testable, particularly as laws are very different across the world. What is legal in one country may be illegal in another. The specification requires active consent for sharing location and the API can lie about location (e.g. the browser can be configured to always say that the location is Timbuktu). The concept that an API can lie is controversial.

Testing “implementability” was difficult. Geo had to test with reference to sites’ privacy policies and terms of services. (See [3])

GeoPriv put forward a proposal that the privacy mechanism for the API be aligned with the mechanism developed by GeoPriv. While that proposal was not adopted, the specification contains some strong normative language and provides a testing process. This language has also been used by DAP in their API specification. This represents an important step forward, even if it is difficult to enforce vis-à-vis recipients of location data.

Question from Nick: Should the requirements be more technical to make it easier to test conformance?

Additional testing: Hannes proposed mobile which has a different consent model. Nick’s group at Berkeley had considered conducting an updated study to see if privacy practices of deployments of the API changed over time, but concluded that it was difficult to measure in a comparable way.

Geo greatly benefitted from having technical experts who were also privacy experts involved in developing the specification. Geo also consulted the TAG.

Observation from Matt: It is important to have the right people involved from the beginning. PING should be horizontal, operating across W3C working groups.

[1] http://www.w3.org/TR/geolocation-API/
[2] https://datatracker.ietf.org/wg/geopriv/charter/
[3] http://www.w3.org/2008/geolocation/drafts/API/Implementation-Report.html#website-tests)

*Report from the IAB Privacy Program (Alissa Cooper)

A recently updated version of the draft Privacy Considerations for Internet Protocols, which “offers guidance for developing privacy considerations for inclusion in IETF documents and aims to aims to make protocol designers aware of privacy-related design choices” is available [4]. This is the main work item of the IAB Privacy Program.

Feedback on the document is welcome.

So far, feedback from potential users of the document has been mixed (e.g. this does not apply to this protocol, its overkill) and has helped shape some of the terminology and led to further clarification. However, much work needs to be done to socialise the document and develop a culture of privacy.

An IPv6 Privacy Survey, which Hannes has been spearheading, should be out soon. The hope is to get some feedback from the field concerning which features are being used and deployed.

[4] https://tools.ietf.org/html/draft-iab-privacy-considerations-03

*Privacy considerations

There seems to be consensus that privacy considerations should be considered as early as possible (including at the chartering stage), and ideally, everyone involved in developing W3C standards should be mindful of privacy issues and able to address them appropriately in specifications.

One initial proposal was to develop a document providing guidance as to when and how W3C working groups should seek assistance concerning privacy.

Hannes asked what is/should be the W3C approach concerning design regimes. (Please refer to Hannes’ email dated 20 July 2012 for more details.) He also noted the limitations with respect to JavaScript because of past design choices, commenting that there is more flexibility with other standards.

*Due to time constraints:

- the reports on work in OECD, APEC, UNESCO, UNECA/AU;
- the discussion on best practices for deployment;

were deferred to the next call.

Christine and Tara

Received on Wednesday, 25 July 2012 14:06:43 UTC