Re: [Sks-devel] About deleting keys

[Petru Ghita]

Hello,

On 11/04/2013 10:14 AM, Johan van Selst wrote:
> Petru Ghita wrote:
>> But I don't really think that such a legal action is possible and
>> assuming it was possible that it would have any degree of success.
> [..]
>> To sum it up:
>> - there is by architecture no intent on verifing nor identifying the
>> information stored on the SKS network nor the author of the data.
> 
> It doesn't matter if the information is verified. Users are asked for
> their name and email address, which is considered personal data
> (according to EU definitions) and keyservers are processing and storing
> this data. Thereby, keyserver operators are subjected to the data
> protection laws. The validity of the data is not relevant, neither is
> the intention of the operators (commercial or otherwise).


Users are not asked for their name nor for their email address by the
SKS implementation. Please check [1].
What I see there is a text field, that has no validation nor any
standard format whatsoever that is used to identify a public key.
For the matter of argument you could create a (valid and usable) key
with an UID: "John who lives in front of Alice."

This is the main argument any SKS operator has in front of a judge, in
my opinion. The whole point being that there is no such thing as
personal data stored in the UID.

It is also true that some GUI implementation create kind of a standard
string by composing what a user has on the fields name and email of
their email account and use that as the data posted to an SKS server on
the UID field. But again, that's a client thing.

That client could be using twitter as a server for posting this kind of
data for the sake of the argument, but that would not make twitter a
personal information database.

What I'm trying to show here is that I think there is quite strong
evidence that a SKS server or the SKS network for that matter is just a
storage and delivery media, same as a distributed web server or a web
proxy cache.



> If national or international data protection laws give users the right
> to have their personal data removed from servers, then it should be
> possible for local keyserver operators to comply with that law.
> Preferably without terminating their service.

If it would be considered that there is indeed personal data stored on
the SKS servers, no matter if the "delete" functionality would be
somehow implemented, there would be no way of running, legally an SKS
server in Europe. There are some other issues we would need to deal with
such as:

- Giving EU citizens private data to third parties not bound by EU
legislation.
- Not having a proper security assessment of our peers servers, or of
our own servers security for that matter.
- There are more legislations than EU... there would be NO way that we
would be able to know nor comply with each particular legislation about
privacy. I'm quite sure that it is practically impossible to do that
properly even with all the countries in the EU without investing huge
amounts of time in the matter.

> The privacy and data protection regulations are not the only thing to
> worry about. If people put Nazi slogans or death threats into UID
> fields, or put child pornography into JPEG attachments, then there may
> be other laws that can force keyserver operators to remove keys.

If I'd upload a picture with a swastika as the picture of the UID: "John
who lives in front of Alice."

- how would you know about the existence of such a picture?
- if you'd somehow learn about it, because I'd give you the UID and
you'd actually check it out: Would you remove it? Would you force me to
remove it? On what grounds? Please look at [2] and note that the
swastika was and still is a symbol for Good for some cultures.

If we would remove all the symbols and information that is offensive to
somebody in some degree from the Internet, we would end up with very
little content in there.

> IMHO there is a clear demand for the option to remove certain keys -
> or at least make them irretrievable locally. That some keyserver
> operators are asking for the feature, should be reason enough to move on
> to discussion of the technical aspects.

True, that it might be good to discuss the ability to delete/hide keys.
But the big problem that have been highlighted and not solved, properly
in my opinion is still there:

The data has no owner therefore who should have the authority to delete
or modify it.

In this respect what comes to mind is Wikipedia. So you'd keep some old
versions of the data and in the eventuality of vandalism you'd be able
to recover a point in time version. But then you'd probably need a
centralized model instead of a distributed one.

Kind regards,
Petru

[1] http://www.gedanken.org.uk/pgp/
[2] http://en.wikipedia.org/wiki/Swastika

signature.asc
Description: OpenPGP digital signature