[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] terminating

From: Arnold
Subject: Re: [Sks-devel] terminating
Date: Thu, 09 Sep 2010 00:17:47 +0200
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20090707 Thunderbird/ Mnenhy/

On 09/08/2010 11:07 PM, Phil Pennock wrote:
> No.  EU data protection laws typically (eg, in Britain) state that data
> about a person belongs to that person and if you hold the data, you're
> required to provide it upon reasonable request to that person (charging
> a small processing fee is allowed) and IIRC you're required to delete it
> if it's inaccurate.

IANAL. The Netherlands has similar law, based on the constitution (i.e. not
EU guide lines).

I interpret the SKS-server as a database of key-ID's with fake or true names
and fake or true e-mail addresses attached to it. So, in my opinion, it is
not a database with data of private persons.

If it is explained as storing personal data of private persons, I would
already be violating the law as I have not registered this service with the
data protection agency(*). So, I prefer the first interpretation ;-)
However, if someone threatens me with court, based on the second
interpretation, I am likely to shut down my server too. I actually never
thought of this...

(*) which most likely comes with procedures like approval of the owner of
the data. So, I might have to delete all keys for which I am not sure 'we'
(all SKS-server operators together) have approval to store the data (opt-in).

> Holding onto the data but not serving it is a violation of a takedown
> notice and something that should only be considered after discussion
> with expensive lawyers.

While this is correct, hiding data may be the best very short term
intermediate solution.

For a definitive solution, I am in favour of persistent local deletion of
keys. (Holding only the key ID in a local 'deletion database' would not be a
violation, I guess.) That way key server operators can have independent
policies, depending on local legislation.

Network wide deletion will result in the smallest possible set of keys that
are allowed by each and every national law in each country. (What if, for
example, an underground keyserver in China is discovered and has to delete
all keys of which the government does not hold the private key...)

Just my €0.02


reply via email to

[Prev in Thread] Current Thread [Next in Thread]