Weekly Meeting 2013 11 05 Notes

Information Sharing Work Group Teleconference

Date and Time

  • Tuesday  October 22 : 9:00 am PDT, 12:00pm EDT,  5:00pm UK,
  • Wednesday October 23 : 2:00am JT, 5:00am NZT

  • Join the conference call
    • Skype: +99051000000481
    • US Dial-In: +1-805-309-2350
    • UK Dial-In: +44-20-3137-5285
    • Conference ID: 178-2540
    • GoToMeeting ID: 844-771-298

Attendees

  • Joe Andrieu
  • Mark Lizar

Apologies

Agenda

  1. Attendance
  2. Approval of Prior Minutes & Other Motions
  3. Prior Action Item Review
  4. Continuing Business
    1. Rechartering
    2. Open Notice
    3. Redesign
  5. New Business
  6. Action Item Review
  7. Next meeting schedule

Minutes

1. Attendance

We noted that with 2 of 8 voting members in attendance, quorum was not met. 

2. Motions

None

3. Prior Action Item Review

4. Continuing Business

Rechartering

Sent out eVote for the charter.

Open Notice

Held face-to-face meeting last week at the Mozilla Festival in the UK. About 7 live attendees and 3 virtual. Good to connect with other people in the space. Good energy. Good peeps.  Exciting things going on about header.

Reviewed sandbox. Talked about relationship between note.

Tag doesn't depend on the website. If you took a fingerprint of a website, you could record that and use email or other technologies or venues to work with the fact of the consent. One of the biggest roadblocks is that you have to work with the private entities to manage your preferences.  Like DoNotConsent, it works at the browser.

Q: One challenge with that without the website participating, non-repudiatibility may almost be impossible.

One issue is does the website put something on the website.

Or there is just a browser button, without the website participating.

So the question is what is different with a consent tag from what is currently existing.

  1. It isn't dependent on the company's internal privacy architecture

Counter:

  1. By standardizing how notices and consent are presented and recorded, we're enabling third parties to help individuals understand and manage what's going on.

P3P was about sophisticated policy negotiation behind the scenes, not about third part enablement.

Seems to be agreement that the counter is, in fact, the magic.

A. I'm about to sign up for this service, or website, or venue, how do I find out the information I need to do so.

B. You can record a fingerprint: domain name, date, etc., to provide the context for later evaluation or lawsuits


Today people have to fill out privacy profiles at all these different sites.  There is no common standard.

But with Open Notice, people will be able to manage their own privacy independently.

Three parts

  1. Publishing a notice (could be the website using a well-known location, or a third party, using a standard context)

  2. Consent transaction receipt (receipt) for non-repudiation (either website or browser, stored locally or in the cloud)

  3. Using the receipts and notices (analytics, historical review, withdrawing consent, remediation)

Nobody ever reads this stuff. We have all these terms and privacy policies. How do we make sense of all of these policies at once? How do we look at a consent that we gave last month, last year?

The different between notice and receipt is pre-and post consent. The standard is all about enabling third party tools.



Norman Sadeh, PI at the Usable Privacy Project http://www.usableprivacy.org presented at the event. 

 



 

 

Redesign 

5. New Business

6. Action Items

None.

 

7. Next Meeting

  • Tuesday, Nov 12 : 4:30pm PDT, 7:30pm EDT
  • Wednesday, Nov 13 : 12:30am UK, 8:30am JT, 12pm NZDT
  • 60 minutes