PING - informal chairs' summary - 2 October 2014

PING - informal chairs’ summary – 2 October 2014

Please note that our next meeting will be on 4 December 2014 at the usual time.

Many thanks to Nick Doty for once again acting as scribe.

The chairs reminded participants that PING is planning to meet at TPAC [1] at the end of October, and encouraged registration for this event. There are plans for a breakout session on Wednesday 29 October 2014, as well as a full-day session on Friday 31 October 2014. Friday's draft agenda has been posted to the mailing list [2], but note that agenda suggestions for both sessions are still welcome. PING has also asked for some time at the Chairs' meeting, to help other W3C groups know more about the work we are doing.

* Research presentation at TPRC
Nick Doty recently presented some preliminary results of his research into privacy reviews in IETF and W3C at the Telecommunications Policy Research Conference in September [3].

* Privacy review: MediaStreams Recording Draft
Katie Haritos-Shea very kindly agreed to review the Editor's Draft of the MediaStreams Recording document [4], and posted her comments on the mailing list [5]. She led a discussion of her analysis on the call. Some points that were raised included the earlier PING review of the Media Capture and Streams draft (for reference purposes) [6]. A number of recommendations were proposed, including the inclusion of a standard W3C Privacy and Security Considerations section that addresses scripting vulnerabilities, and protections for any web-accessible media stream recordings (such as the requirement for HTTPS delivery and for explicit user consent). To move this work forward, we plan to invite the Media Capture Task Force to a PING call to discuss the recommendations in detail.

Thanks once again to Katie for taking on this task and providing such useful results.

* Updates regarding other privacy reviews

- Waiting for a written summary of Joe Hall’s meeting at IETF regarding WebRTC.

The following privacy reviews are pending:

IndieUI: User Context 1.0 [7] (Joe and Katie)
- Katie was working on MediaStreams review; hopes to coordinate with Joe at TPAC
Encrypted Media Extensions [8] (Wendy Seltzer + volunteers)
- Wendy was unable to make this call

* Web privacy news and events

Frank Dawson provided a summary of two recent privacy meetings: NIST's second Privacy Engineering Workshop [9] and the first Internet Privacy Engineering Network (IPEN) workshop [10].

The second NIST Privacy Engineering Workshop was held in San Jose, California on 15-16 September 2014. The first such workshop was held in April 2014. The workshop was intended to generate feedback about the NIST privacy engineering objective and risk model, which was developed following the initial workshop in April [11]. There were two main parts to the day: a moderated panel, followed by discussion of the draft in small breakout sessions. NIST accepted comments until October 15, 2014.

The first IPEN workshop was held in Berlin, Germany on 26 September 2014; Frank posted a note to the mailing list [12]. Nokia has put together a white paper of recommendations of "privacy engineering and assurance"; Frank reported that this had some resonance at the IPEN workshop, with a predominantly European audience of European Data Protection Supervisors, academics, NGOs and a few industry representatives. In general, there is support for the idea of privacy engineering, but not a lot of concrete details about how to do it. Data Protection Supervisors are beginning to cultivate in-house technical expertise, requiring them to have their own privacy engineers.

=> Next meeting – 4 December 2014 at the usual time

Christine and Tara













Received on Tuesday, 21 October 2014 05:28:05 UTC