Re: new security/privacy review questions

Thanks Greg.

Everyone, you’ll need your W3C Account credentials to login and edit the wiki. 

We encourage everyone to take a look at the draft. How it could be improved? What is missing? What needs more explanation? etc. 

Principal audience of the questionnaire = W3C specification authors

If you do make any edits, please also send a note to the PING email list with an overview of your input so others know when and how the wiki has been updated.

For those of you who may not be experts in wiki editing, if you send us your content, we can arrange for that content to be added.

Finally, for those who will be in Prague for the IETF, we’ll be discussing the document. 

(Meeting details to follow)

Christine (co-chair)

> On 14 Jul 2015, at 10:52 pm, Greg Norcie <gnorcie@cdt.org> wrote:
> 
> Hi all,
> 
> To make editing more democratic,  I took the questions and put them on the PING wiki to allow for easier editing:
> 
> https://www.w3.org/wiki/Privacy_and_security_questionnaire

> 
> Now it should be much easier for everyone to make changes to the document, but we avoid some of the issues present with say, a Google Docs. (It's nontrivial to both allow those w/o Google accounts to edit and prevent vandalism)
> 
> -Greg
> 
> On Wed, Jul 8, 2015 at 11:32 AM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
> I should say that we have no interest in holding the pen here... I
> asked Greg to send a PDF just because I didn't want people to have to
> necessarily have a Google account to view the Doc. However, it sounds
> like that's inaccurate (anonymous users can edit Google docs).
> 
> We'd be happy to throw this up in a Doc... we'd need to be careful
> about defacement since we can't control access to PING members, but
> happy to do it.
> 
> best, Joe
> 
> On Tue, Jul 7, 2015 at 2:28 PM, Greg Norcie <gnorcie@cdt.org> wrote:
> > Hi all,
> >
> > So I spoke with Joe - he will definitely be in Prague, however we both agree
> > it'd be ideal to keep as much of the discussion on list as possible, so
> > those who won't be present can give feedback. (The IETF meeting can focus on
> > discussing any remaining sticking points / high level issues that need
> > debate).
> >
> > I went through the questions and edited them to try to be more respectful of
> > international norms, using language like "personally derived information"
> > rather than "personally identifiable" information
> >
> > I also fleshed out the sections where an explanation and/or example was
> > lacking.
> >
> > (The goal is that each section have an explanation of the question as well
> > as a real world example - some questions seem pretty self explanatory but
> > I'd rather be a little redundan rather than start to make subjectives
> > judgement on what questions are "self explanatory")
> >
> > On Sat, Jul 4, 2015 at 8:11 AM, Ambarish S Natu <ambarish.natu@gmail.com>
> > wrote:
> >>
> >> If i try to summarize Privacy as a state free from observation and
> >> Security as a state free from danger, what will ensure that an individual be
> >> free from any observation be it PII or PDI or something else, i have no
> >> particular preference.
> >>
> >> Ambarish
> >>
> >>
> >> On Saturday, 4 July 2015, Craig Spiezle <craigs@otalliance.org> wrote:
> >>>
> >>> +1. Agree with David
> >>>
> >>> Sent from my iPhone
> >>>
> >>> > On Jul 3, 2015, at 4:21 PM, David Singer <singer@apple.com> wrote:
> >>> >
> >>> >
> >>> >> On Jul 3, 2015, at 4:28 , Christine Runnegar <runnegar@isoc.org>
> >>> >> wrote:
> >>> >>
> >>> >> Yes, welcome Tiffany, and thank you for sharing your views.
> >>> >>
> >>> >> Indeed, the scope of privacy and data protection laws (i.e. the
> >>> >> definition of “personal data/personal information”) varies depending on the
> >>> >> jurisdiction.
> >>> >>
> >>> >> A common, but not universal definition is:
> >>> >>
> >>> >> “any information [relating to/about] an identified or identifiable
> >>> >> individual”
> >>> >>
> >>> >> (found, for example, in the OECD Privacy Guidelines, Council of Europe
> >>> >> Convention 108 and APEC Privacy Framework)
> >>> >>
> >>> >> My personal preference is not to use “PII”, but rather, “personal
> >>> >> data” or “personal information”, as needed.
> >>> >
> >>> > yes.  I am quite fond of ‘personally derived information’ i.e.
> >>> > information that derives from the actions of a single person.
> >>> >
> >>> >
> >>> > David Singer
> >>> > Manager, Software Standards, Apple Inc.
> >>> >
> >>> >
> >>>
> >>
> >>
> >> --
> >> अंबरीष श्रिकृष्ण नातू
> >>
> >>
> >> Sent from Gmail Mobile
> >
> >
> >
> >
> > --
> > /***********************************/
> > Greg Norcie (norcie@cdt.org)
> > Staff Technologist
> > Center for Democracy & Technology
> > 1634 Eye St NW Suite 1100
> > Washington DC 20006
> > (p) 202-637-9800
> > PGP: http://norcie.com/pgp.txt

> >
> > Fingerprint:
> > 73DF-6710-520F-83FE-03B5
> > 8407-2D0E-ABC3-E1AE-21F1
> >
> > /***********************************/
> 
> 
> 
> --
> Joseph Lorenzo Hall
> Chief Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> joe@cdt.org
> PGP: https://josephhall.org/gpg-key

> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
> 
> 
> 
> -- 
> /***********************************/
> Greg Norcie (norcie@cdt.org)
> Staff Technologist
> Center for Democracy & Technology
> 1634 Eye St NW Suite 1100
> Washington DC 20006
> (p) 202-637-9800
> PGP: http://norcie.com/pgp.txt

> 
> Fingerprint:  
> 73DF-6710-520F-83FE-03B5
> 8407-2D0E-ABC3-E1AE-21F1
> 
> /***********************************/

Received on Wednesday, 15 July 2015 07:48:43 UTC