Subject: World Wide Web Consortium Staff Comments on Multistakeholder Process to Develop Consumer Data Privacy Codes of Conduct
From: npdoty@w3.org
Date: 4/02/2012 04:55:00 PM To: NTIA Cc: Thomas Roessler, Wendy Seltzer, Rigo Wenning Bcc: http://bcc.npdoty.name/

Please see attached comments, also publicly available at: https://www.w3.org/2012/04/ntia-multistakeholder-comment.html

Nick Doty
Privacy
World Wide Web Consortium



We've commonly heard (at workshops in July '10, December '10 and April '11, for example) that W3C should have a venue for discussing and addressing ongoing and upcoming privacy issues. To that end, we're proposing a Privacy Interest Group, with a draft charter now available.

http://www.w3.org/2011/07/privacy-ig-charter

Feedback from the public (and this list in particular) would be most helpful.

I'm imagining this group as a place to discuss new issues (via public-privacy), spin off Recommendation-track work as necessary, develop guidelines for handling privacy considerations and provide advice to other groups for handling privacy in Web specifications. How do *you* think a group like this should function?

Discussion is welcome on this list, or feel free to send me feedback offline.

Thanks,
Nick



Following up on the Princeton workshop [1] and widespread interest from both industry and regulators [2] in standardizing Do Not Track technologies, we're proposing a Tracking Protection Working Group, with a draft charter now available.

http://www.w3.org/2011/tracking-protection/charter-draft

Feedback from the public (and this list in particular) would be most helpful.

Next steps will be to send the charter to the W3C Advisory Committee for review. After that step and approval from the Director, we expect the group to form and work to begin by the end of August.

Discussion is welcome on this list; if you wish to send comments offline, please contact me <npdoty@w3.org> and Thomas Roessler <tlr@w3.org>.

Thanks,
Nick

[1] http://www.w3.org/2011/track-privacy/report.html
[2] http://www.w3.org/QA/2011/06/do_not_track_the_regulators_ch.html


Subject: Comments of Nick Doty on Docket #101214614-0614-01
From: npdoty@ischool.berkeley.edu
Date: 1/28/2011 08:57:00 PM To: ntia.doc.gov Cc: Deirdre Mulligan Bcc: http://bcc.npdoty.name/

Comments are attached.

Nick Doty
Lecturer / Researcher
UC Berkeley, School of Information



Mr. Kravitz,

Back at home near DC for the holidays, I happened to read your article "More body scanners are coming to an airport near you" in Sunday's Washington Post. I'm glad the Post is pursuing this "Agony at the airport" series and found your article to be both interesting, and having just flown home for the holidays, very relevant.

I was concerned, however, about the neutrality of how the TSA's statements were presented. In the infographic accompanying the article there is a list of "privacy safeguards", including the following:

"The TSA and manufacturers say images cannot be saved, printed, transmitted or uploaded. Once passengers are cleared, their images are erased."
Although I agree that the TSA makes such statements (both on their website and to the press), these points are strongly disputed by the Electronic Privacy Information Center, which has argued that the TSA's own procurement specifications documents contradict the TSA's statements. According to those documents, body scanners are specifically required to be built with the capability for storing images and with USB and Ethernet interfaces for transmitting data, though those capabilities should be disabled during regular use. This is a significant privacy concern considering the potential risk of security vulnerabilities and the unknown number of employees who can turn these capabilities on and off.

I recognize that limitations of space prevent you from including every relevant detail, but it seems misleading in the list of privacy safeguards to cite a TSA assurance without at least acknowledging the ongoing dispute and lawsuit.

Thanks,
Nick Doty

P.S. Also, I applaud the Washington Post on providing email bylines at the ends of articles, which enables electronic feedback even for articles in a paper newspaper. I hope that you generally find readers' responses useful.