[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] About deleting keys
|
From: |
Arnold |
|
Subject: |
Re: [Sks-devel] About deleting keys |
|
Date: |
Fri, 08 Nov 2013 00:21:54 +0100 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0.12) Gecko/20130116 Icedove/10.0.12 |
On 11/01/2013 06:01 AM, Petru Ghita wrote (a few days in the past??):
> On 11/04/2013 10:14 AM, Johan van Selst wrote:
>> Petru Ghita wrote:
>>> But I don't really think that such a legal action is possible and
>>> assuming it was possible that it would have any degree of success.
>> [..]
>>> To sum it up:
>>> - there is by architecture no intent on verifing nor identifying the
>>> information stored on the SKS network nor the author of the data.
>>
>> It doesn't matter if the information is verified. Users are asked for
>> their name and email address, which is considered personal data
>> (according to EU definitions) and keyservers are processing and storing
>> this data. Thereby, keyserver operators are subjected to the data
>> protection laws. The validity of the data is not relevant, neither is
>> the intention of the operators (commercial or otherwise).
>
> Users are not asked for their name nor for their email address by the
> SKS implementation. Please check [1].
> What I see there is a text field, that has no validation nor any
> standard format whatsoever that is used to identify a public key.
True, but the point is I have data in my database that I make publicly
available.
It does not really matter where it came from or who put it there. Someone may
have
objections to the publication of that data. If a judge supports the objection, I
have a problem.
> This is the main argument any SKS operator has in front of a judge, in
No, not for me. I make available data that the owner wants to be publicly
available. I do this _in good faith_ people uploading a key do not abuse the UID
fields (or other fields) of OpenPGP keys.
However, if abuse of UID fields is brought to my attention, a judge in NL will
not
accept that I take no action.
There are multiple laws in NL on which deletion of data can be requested.
Privacy
law is just one of them. Other examples are child porn in a photo ID, insulting
people or damaging one's good reputation, copyright protected data of a book (a
UID
can be very large), etc. These are just some things I can think of.
> my opinion. The whole point being that there is no such thing as
> personal data stored in the UID.
The definition used in your local law may be different.
> ...
> What I'm trying to show here is that I think there is quite strong
> evidence that a SKS server or the SKS network for that matter is just a
> storage and delivery media, same as a distributed web server or a web
> proxy cache.
If you are fine without the possibility for deleting a key, that's fine with me.
However, I can think of situations that I definitely will have a problem.
Therefore, I welcome the possibility to delete (or at least hide) specific data,
without the need to stop the service completely (_if_ the situation occurs).
I just hope the ones who are fine without the possibility to delete or hide data
support the ones who feel the need to have it. We can then start the discussion
what needs to be done.
It is also fine with me if it is decided (idealistic) that it is more
acceptable to
have key servers shut down under legal threat (or by abusive large keys), than
to
have the possibility to delete or filter. Up to now, I only read we have to be
careful with deletion as there too is the possibility of abuse, harming some
unknown user who fully relies upon our key server network not deleting anything.
Currently we still seem to be in the state of debate whether it is valid or not
that some feel they might need to delete or hide keys.
Arnold