Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Should a team-confidential formal objection lead to a team-confidential council report? #717

Closed
chaals opened this issue Mar 16, 2023 · 5 comments
Labels
Closed: Accepted The issue has been addressed, though not necessarily based on the initial suggestion Director-free: FO/Council Issues realted to the W3C Council and Formal Objection Handling
Milestone

Comments

@chaals
Copy link
Contributor

chaals commented Mar 16, 2023

As I read the last sentence of https://www.w3.org/Consortium/Process/Drafts/#council-decision it seems that a team-confidential objection would result in a team-confidential Council Report.

That doesn't seem right.

@swickr
Copy link
Contributor

swickr commented Mar 16, 2023

I would expect that only under extraordinary circumstances would the Team raise a "Team Confidential FO".

"Team Confidential" in this case clearly needs to expand to include the members of the specific FO Council.

Given that, I would defer to that Council to determine whether that FO should remain confidential or request a less-confidential variant be published, along with its Council Report.

@frivoal
Copy link
Collaborator

frivoal commented Mar 21, 2023

Ah, nice catch. I think I get what the Process is trying to do, but I agree it isn't doing it quite right just yet.

There's a bit of subtlety around what is confidential: the FO itself, or the decision against which it is filed. It is possible to raise Team-only or Member-only Objections against less confidential decisions. The Process already says (in 5.5 Registering Formal Objections) that “A record of each Formal Objection regarding a publicly-available document must be made publicly available.”

So, there may remain private details of an FO against something public, but the existance and general content of the FO will be known.

In 5.6.2.7. Council Decision Report, it says “Council Reports must have the same level of confidentiality as the Formal Objection.” That seems slightly off, in two ways:

  • I think it ought to say that they must be no more confidential than, rather than must be equally confidential to.
  • The thing whose confidentially should be measured against should be the decision (and the record of the FO existing), rather than the FO itself, in cases where the FO is more private than the thing it's objecting to

Additional wrinkles:

  • Unlike the requirement that a public Record of FOs be made for private FOs against public things, there's currently no requirement that a Member-visible record of private FOs agaisnt Member-visible things be made. That looks like an oversight.
  • The public (resp. Member-only) record about a private FO might contain less details than the original FOs, or there might be some facts that are known at a confidential level, but not visible more broadly. In addition to its public (resp. Member-only) report, the Council might want to make some additional confidential commentary visible to those who have access to the confidential facts or allegations. That should be allowed.

Here's a pull request that tries to clean up all this: #720

@frivoal frivoal added this to the Process 2023 milestone Mar 21, 2023
@frivoal frivoal added the Director-free: FO/Council Issues realted to the W3C Council and Formal Objection Handling label Mar 21, 2023
@dwsinger
Copy link
Contributor

  • I think it ought to say that they must be no more confidential than, rather than must be equally confidential to.

The report surely cannot be less confidential than any material it cites or includes. I think that's what forced us to equality? Perhaps the whole idea of FOs having their own confidentiality needs to be dropped; we could insist that an FO has the same confidentiality level as the decision being objected to, as a mismatch in confidentiality levels could be (as this shows) a nightmare.

(I added this as a comment on the PR also. )

@frivoal
Copy link
Collaborator

frivoal commented Mar 22, 2023

we could insist that an FO has the same confidentiality level as the decision being objected to, as a mismatch in confidentiality levels could be (as this shows) a nightmare.

That is already dealt with for confidential FOs on public documents, as the Team is required to go through https://www.w3.org/2021/Process-20211102/#confidentiality-change for those. And this part of the PR tries to generalize that to other confidentiality mismatches

@css-meeting-bot
Copy link
Member

The Revising W3C Process CG just discussed Should a team-confidential formal objection lead to a team-confidential council report?, and agreed to the following:

  • RESOLVED: Merge PR #720 as-is
The full IRC log of that discussion <fantasai> florian: Odd things about confidentiality
<fantasai> ... a document can be public or private
<fantasai> ... a decision about a document can be public or private
<fantasai> ... an objection can be public or private
<fantasai> ... and the Council report can be public or private
<fantasai> ... and the Process text about this was a bit messy
<fantasai> florian: We already say that if there's a private FO about a public document, its existence needs to be made public
<fantasai> ... the Process says the Council Report has same confidentiality as the FO, but is that the original FO or the recast FO?
<fantasai> ... etc.
<fantasai> florian: so the PR tries to fix this to be clear about the required confidentiality of the Council Report
<fantasai> ... wanted to say that the Council Report is at least as open as the documents/decisions ruled on
<fantasai> ... but it might require citing confidential information
<fantasai> ... so some changes
<fantasai> florian: lastly, there's a section that if a Council Report needs to be public, but there could be extra commentary citing confidential information, there can be a supplementary report
<fantasai> florian: I'm proposing to merge today with one change
<fantasai> ... "must have same level of confidentiality" -- leave this line unchanged
<fantasai> ... alternatively could leave it as-is
<fantasai> ... because you can't make a public report about private facts, it's hard
<florian> Original:[=Council Reports=] <em class=rfc2119>must</em> have the same level of confidentiality
<florian> as the [=Formal Objection=].
<florian> PR: [=Council Reports=] <em class=rfc2119>must</em> be no more confidential
<florian> than the decision or document being objected to.
<florian> Proposed: [=Council Reports=] <em class=rfc2119>must</em> have the same level of confidentiality
<florian> as the decision or document being objected to.
<plh> q+
<fantasai> plh: do people understnad the proposal here?
<fantasai> plh: I can imagine that you're objecting to proposed REC moving forward, but don't want your company name to be made public
<fantasai> ... if Council Report needs to cite the name
<fantasai> florian: There's higher up in the Process, if you make a private FO about a public document
<fantasai> ... the Team has to make it public, by restating the objection without identifying the objector
<joshco_> how about add "same level of confidentiality, or with appropriate redaction"
<fantasai> ... the facts of the case would be publicly known
<joshco_> q+
<plh> ack fan
<plh> ack josh
<plh> q-
<fantasai> ... though there may be confidential info
<fantasai> joshco_: [proposes some text]
<fantasai> florian: I think it's implied, but might not hurt to be explicit
<florian> q+
<fantasai> plh: It's a matter of whether Team redacts the report to make it publicly consumable, or asks Council to redact it
<plh> ack fan
<joshco_> "same level of confidentiality, or with confidential information redacted"
<plh> fantasai: confidentiality is not a linear scale. the council report should be visible to everyone who can see the formal objection.
<plh> ack florian
<fantasai> s/confidentiality/Nigel says confidentiality/
<fantasai> s/the council/but the council/
<fantasai> ... I think the original PR is correct
<fantasai> florian: OK
<fantasai> ... we might consider adding a note about redaction, as joshco_ mentions
<fantasai> fantasai: I'm fine to add a note "The Council cannot make more public information that was confidential, see #confidentialinfosection"
<fantasai> plh: I don't think we need a note
<joshco_> q+
<fantasai> ... It's clear what's acceptable
<plh> ack josh
<fantasai> ... for everything else, I think we should make everything as public as possible
<florian> confidentiality https://www.w3.org/Consortium/Process/Drafts/#confidentiality-levels
<fantasai> joshco_: There's a PR and then in your statements you said there's another part wrt confidentiality?
<fantasai> florian: [summarizes confidentiality levels: public, Member-only, Team-only]
<fantasai> ... Team is able to change confidentiality levels of information by following specific process
<fantasai> florian: for example, can file a Team-only FO
<fantasai> ... Team can ask to restate publicly, and can say no
<fantasai> ... in that case the Team can restate without attribution, and might need to redact some additional info
<fantasai> joshco_: so maybe a note about redacted information?
<fantasai> fantasai: propose to accept the PR as-is
<fantasai> ... discuss notes in GH asynchronously; if sufficiently editorial, Florian and I can just merge it
<fantasai> plh: Concerned the Process keeps getting longer / more complicated
<fantasai> ... nobody can read it all
<fantasai> florian: Sure, but we have limited time today, so we'll have to discuss such notes in the PR to add the notes
<fantasai> plh: OK, any objections to merge 720 as-is?
<fantasai> ... I'm comfortable doing it, because it doesn't change intent of the Process
<fantasai> +1 from me
<fantasai> RESOLVED: Merge PR #720 as-is

@frivoal frivoal added the Closed: Accepted The issue has been addressed, though not necessarily based on the initial suggestion label Mar 22, 2023
frivoal added a commit to frivoal/w3process that referenced this issue Mar 22, 2023
@frivoal frivoal closed this as completed Mar 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Closed: Accepted The issue has been addressed, though not necessarily based on the initial suggestion Director-free: FO/Council Issues realted to the W3C Council and Formal Objection Handling
Projects
None yet
Development

No branches or pull requests

5 participants