- From: Nick Doty <npdoty@ischool.berkeley.edu>
- Date: Tue, 24 Sep 2019 19:13:26 -0400
- To: Chris Wilson <cwilso@google.com>
- Cc: "public-privacy (W3C mailing list)" <public-privacy@w3.org>
- Message-Id: <62C27769-B118-4793-BDC2-9C982DD83F56@ischool.berkeley.edu>
On Sep 24, 2019, at 5:09 PM, Chris Wilson <cwilso@google.com> wrote: > Jeffrey's proposal can be a good starting point for that, certainly, but I think this should work like the TAG's Design Principles - it's a living guidance document, and it should make it clear what is being assessed by the PING review process. If new types of privacy concerns arise, they should be added to the document. +1 for keeping such documents regularly updated. I believe that’s also a motivation behind the existing "Self-Review Questionnaire: Security and Privacy” doc (also published by the TAG) including a final question to users about what updates would be helpful. > As for the PING's process, I do share your concerns (in the email you sent to the list previously) - the workmode in that doc lists strictures that it can't, by itself, enforce. (E.g. if you want to prevent specifications from going to Recommendation status without earning a green light from PING, you'd have to get that put into the Process document and adopted by the Advisory Committee. The Advisory Board nominally manages the Process and brings it to the AC for a vote, but in practice years ago we set up a Process Community Group <https://www.w3.org/community/w3process/> to encourage others to participate in improving the Process, so you can always propose changes there.) In the future, I’d encourage folks from Google to feel free to chime in with such feedback on this public mailing list — if, for example, you agreed with my approach that the existing Process already has a system for resolving objections — or at public teleconferences. Looking over the minutes from the teleconference where this particular proposal was discussed (and a couple of Googlers were in attendance), I believe the agreed upon way forward was to contribute to the ongoing discussion of horizontal review in the Process CG, much as you suggest, and focused on highlighting the status of reviews and tracking open issues. —Nick > On Tue, Sep 24, 2019 at 12:51 PM Nick Doty <npdoty@ischool.berkeley.edu <mailto:npdoty@ischool.berkeley.edu>> wrote: > Thanks for the context, Chris. > > Was Google’s Formal Objection to the Interest Group charter, or to a discussion proposal that was being considered in the group regarding process and input to the Process CG? I also had feedback on the particular draft proposal that was linked in the Formal Objection text. In particular, I tried to make it clear that PING was best situated to describe how the Interest Group’s own process for review worked; that feedback was shared on the public mailing list and discussed on a teleconference and those changes seemed to have broad support: https://lists.w3.org/Archives/Public/public-privacy/2019JulSep/0019.html <https://lists.w3.org/Archives/Public/public-privacy/2019JulSep/0019.html> > > I’m pleased that Google does not have concerns about PING reviewing web platform specifications, given that has been our focus for a number of years! Does that mean the Formal Objection has been resolved? > > There also seems to be broad agreement on having guidance to give to designers and specification authors in addition to conducting reviews. That is the very first work item described in the first sentence of the Scope section in the draft charter. Along those lines, we’ve published an Interest Group Note providing guidance on mitigating browser fingerprinting (which I edited), and we’ve worked with the TAG (where Jason Novak took the lead) on an update to the security and privacy questionnaire in order to provide more detail on both threat models and mitigations so that Working Groups have guidance prior to reviews. And I am certainly encouraged that that work should continue, including with the early threat model draft from Jeffrey Yasskin and the work on documenting/prioritizing fingerprinting surface, both discussed at TPAC. > > More participation would certainly be welcome so that we can address the increasing workload of reviews and prospective guidance. I hope we can resolve objections to the charter promptly so that we can focus on that work. > > Cheers, > Nick > > > On Sep 23, 2019, at 8:57 PM, Chris Wilson <cwilso@google.com <mailto:cwilso@google.com>> wrote: > > > > I wanted to offer some additional context on what precisely we were asking for here. Google believes a core need for the PING charter is to establish a formal model of privacy concerns, which should be a living, growing framework expressing best practices and understanding of privacy concerns. This should enable web platform API designers to understand privacy at a deeper level and avoid problems in their API designs, or at least identify them before getting to the review stage. This model should have the same kind of relationship to the horizontal reviews that the PING will do that the TAG's Design Principles (https://w3ctag.github.io/design-principles/ <https://w3ctag.github.io/design-principles/>) have to TAG reviews. > > > > Hopefully the need for this model is not controversial, as the group (as I understand it) has already adopted Jeffrey Yasskin's proposal as the beginnings of such a model in their domain (https://github.com/w3cping/privacy-threat-model <https://github.com/w3cping/privacy-threat-model>). We still think this is an essential deliverable to capture in the charter for the PING, and believe needs to be a critical focus for the PING group. > > > > To be clear: Google does NOT have concerns about the PING reviewing web platform specifications. Quite the opposite, and I think the conversations last week at TPAC—both in the PING meeting and in the Internationalization meeting about generalized horizontal review process—were quite productive. We do have slight concerns about the additional workload that might entail for the PING group, but we have been actively working to increase our participation in the PING to help account for that. (And for the record, I understand the proposed process changes mentioned in our objection have not been adopted; that was the information we were working from at the time.) > > > > As I've indicated to Sam, we have general concerns over long charter periods, but for this interest group this is not a blocking concern; this would not have led to Formal Objection by itself. > > > > -Chris > > > > Samuel Weiler <weiler@w3.org <mailto:weiler@w3.org>> wrote: > > >During AC review of the proposed new Privacy Interest Group (PING) > > >charter, Google filed a Formal Objection. Below is the text, provided > > >per Section 3.3.2 of the Process. > > > > > >-- Sam Weiler, W3C/MIT > > > > > > > > > We are primarily concerned that the PING is attempting to insert > > > itself as a required step for all specifications as per > > >(https://github.com/w3cping/administrivia/blob/process-changes-2019q3/README.md#privacy-review <https://github.com/w3cping/administrivia/blob/process-changes-2019q3/README.md#privacy-review>) > > > without first > > > focusing on creating a well-developed formal model that can give > > > actionable advice for developers to assess the privacy risks of > > > their features. Although we certainly believe effective and > > > constructive review guidance is > > > essential, only focusing on anti-patterns is not by itself a > > > solution. We'd like to see the PING focus on guidance for what a > > > true privacy-preserving browser might look like based on a > > > high-quality model of platform surface area - e.g. > > > removing hardware, screen resolution, and CPU distinguishers to the > > > greatest extent possible, outlining network-level analysis and the > > > inability to provide privacy from network actors without > > > network-channel-noise creation, and > > > discussing the role of powerful features, 3ps, and various page > > > construction techniques that need to be defeated for true privacy > > > preservation. > > > > > > Simply establishing themselves as an authoritarian review group > > > without formally establishing self-serve guiding principles will > > > cause significant unnecessary chaos in the development of the web > > > platform. Although we would like the PING to > > > take a strong role in horizontal review, we are uncomfortable > > > investing it with Process authority without more experience. > > > > > > Additionally, we find the 3+ year charter time frame for the > > > PING group to be excessive, as this is a significantly different > > > charter than it has been previously. We would like to suggest that > > > the charter end date be moved up to 31 > > > December 2021. >
Received on Tuesday, 24 September 2019 23:13:54 UTC