W3C home > Mailing lists > Public > public-privacy@w3.org > July to September 2019

Re: Proposed W3C Charter: Privacy Interest Group (PING) (until 2019-08-04)

From: Nick Doty <npdoty@ischool.berkeley.edu>
Date: Tue, 24 Sep 2019 15:51:21 -0400
Message-Id: <BC6F1A31-4D9D-42EA-BB55-5BF96D8A4339@ischool.berkeley.edu>
Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
To: Chris Wilson <cwilso@google.com>
Thanks for the context, Chris.

Was Google’s Formal Objection to the Interest Group charter, or to a discussion proposal that was being considered in the group regarding process and input to the Process CG? I also had feedback on the particular draft proposal that was linked in the Formal Objection text. In particular, I tried to make it clear that PING was best situated to describe how the Interest Group’s own process for review worked; that feedback was shared on the public mailing list and discussed on a teleconference and those changes seemed to have broad support: https://lists.w3.org/Archives/Public/public-privacy/2019JulSep/0019.html

I’m pleased that Google does not have concerns about PING reviewing web platform specifications, given that has been our focus for a number of years! Does that mean the Formal Objection has been resolved?

There also seems to be broad agreement on having guidance to give to designers and specification authors in addition to conducting reviews. That is the very first work item described in the first sentence of the Scope section in the draft charter. Along those lines, we’ve published an Interest Group Note providing guidance on mitigating browser fingerprinting (which I edited), and we’ve worked with the TAG (where Jason Novak took the lead) on an update to the security and privacy questionnaire in order to provide more detail on both threat models and mitigations so that Working Groups have guidance prior to reviews. And I am certainly encouraged that that work should continue, including with the early threat model draft from Jeffrey Yasskin and the work on documenting/prioritizing fingerprinting surface, both discussed at TPAC.

More participation would certainly be welcome so that we can address the increasing workload of reviews and prospective guidance. I hope we can resolve objections to the charter promptly so that we can focus on that work.


> On Sep 23, 2019, at 8:57 PM, Chris Wilson <cwilso@google.com> wrote:
> I wanted to offer some additional context on what precisely we were asking for here. Google believes a core need for the PING charter is to establish a formal model of privacy concerns, which should be a living, growing framework expressing best practices and understanding of privacy concerns.  This should enable web platform API designers to understand privacy at a deeper level and avoid problems in their API designs, or at least identify them before getting to the review stage.  This model should have the same kind of relationship to the horizontal reviews that the PING will do that the TAG's Design Principles (https://w3ctag.github.io/design-principles/) have to TAG reviews.
> Hopefully the need for this model is not controversial, as the group (as I understand it) has already adopted Jeffrey Yasskin's proposal as the beginnings of such a model in their domain (https://github.com/w3cping/privacy-threat-model).  We still think this is an essential deliverable to capture in the charter for the PING, and believe needs to be a critical focus for the PING group.
> To be clear: Google does NOT have concerns about the PING reviewing web platform specifications. Quite the opposite, and I think the conversations last week at TPAC—both in the PING meeting and in the Internationalization meeting about generalized horizontal review process—were quite productive.  We do have slight concerns about the additional workload that might entail for the PING group, but we have been actively working to increase our participation in the PING to help account for that.  (And for the record, I understand the proposed process changes mentioned in our objection have not been adopted; that was the information we were working from at the time.)
> As I've indicated to Sam, we have general concerns over long charter periods, but for this interest group this is not a blocking concern; this would not have led to Formal Objection by itself.
> -Chris
> Samuel Weiler <weiler@w3.org> wrote:
> >During AC review of the proposed new Privacy Interest Group (PING)
> >charter, Google filed a Formal Objection.  Below is the text, provided
> >per Section 3.3.2 of the Process.
> >
> >-- Sam Weiler, W3C/MIT
> >
> >
> >    We are primarily concerned that the PING is attempting to insert
> >     itself as a required step for all specifications as per
> >(https://github.com/w3cping/administrivia/blob/process-changes-2019q3/README.md#privacy-review)
> >     without first
> >     focusing on creating a well-developed formal model that can give
> >     actionable advice for developers to assess the privacy risks of
> >     their features.  Although we certainly believe effective and
> >     constructive review guidance is
> >     essential, only focusing on anti-patterns is not by itself a
> >     solution. We'd like to see the PING focus on guidance for what a
> >     true privacy-preserving browser might look like based on a
> >     high-quality model of platform surface area - e.g.
> >     removing hardware, screen resolution, and CPU distinguishers to the
> >     greatest extent possible, outlining network-level analysis and the
> >     inability to provide privacy from network actors without
> >     network-channel-noise creation, and
> >     discussing the role of powerful features, 3ps, and various page
> >     construction techniques that need to be defeated for true privacy
> >     preservation.
> >
> >     Simply establishing themselves as an authoritarian review group
> >     without formally establishing self-serve guiding principles will
> >     cause significant unnecessary chaos in the development of the web
> >     platform.  Although we would like the PING to
> >     take a strong role in horizontal review, we are uncomfortable
> >     investing it with Process authority without more experience.
> >
> >     Additionally, we find the 3+ year charter time frame for the
> >     PING group to be excessive, as this is a significantly different
> >     charter than it has been previously.  We would like to suggest that
> >     the charter end date be moved up to 31
> >     December 2021.

Received on Tuesday, 24 September 2019 19:51:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:49:38 UTC