key question

MFPA expires2010 at ymail.com
Sat Mar 6 17:34:02 CET 2010 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi Paul


On Saturday 6 March 2010 at 8:55:48 AM, you wrote:


> On Sat, 27 Feb 2010 03:52:02 +0000 MFPA wrote:
>> > (b) the person owns the information has the right to
>> > control how it is disseminated, and

This was someone's re-interpretation of my point. Spot the extra ">"?

The concept of *owning* your personal information makes little sense.
For example, there may be many organisations with copies of your
personal information in their databases. They each own their
respective databases. In a lot of countries, there are legal measures
in place to control what they are allowed to do with your personal
information. In most European countries, they will only be allowed to
use the information for the purpose for which you were told it would
be used, can only keep it as long as reasonably required for that
purpose, must not disclose it to third parties (except as allowed in
the T&Cs covering your relationship, or allowed or required by law),
must allow you to see what info they hold (fee usually payable - here
it is "up to" 10 GBP), must allow you to correct the info, ...

I have posted several relevant links in my message that yours was a
reply to.



>>
>> The data subject does have various rights concerning the personal
>> information that is about him.

> Hello MFPA,

> How far do the "rights" of the key holder go?

Exactly as far as everything else that would fall under the basic
right to privacy (described in Article 8 of the European Convention of
Human Rights as "the right to respect for private and family life").
The OECD's "Guidelines on the Protection of Privacy and Transborder
Flows of Personal Data" is a slightly more international view.
http://www.oecd.org/document/20/0,3343,en_2649_34255_15589524_1_1_1_1,00.html

The use, storage or dissemination of personal information is the
subject of specific laws in many places, as mentioned above and linked
from earlier in the thread.

I'm referring to the personal information that is often present in key
UIDs. Others may wish to extend similar discussion to cover the key
ID/fingerprint, which I view as problematic. The key ID/fingerprint is
not personal information in and of itself. But if the key is on a
server, the de facto standard for key UIDs leads to, in most cases,
personal information being revealed to anybody in possession of the
key ID.



> You say that the key's originator should control the dissemination
> of the key to the keyserver,

(I would point out that other opinions are available and have been
shared in this thread. Also, the conditional "should" is important
since anybody in possession of the key has the *ability* to upload it
whether they "should" or not.)

I say that if the key's originator does not disseminate said key to
said keyserver, nobody else is in a legitimate position to make that
decision on their behalf. If the originator actively *wanted* their
key to be on that server (or network of servers), they would probably
have uploaded it there.

The originator may have been unaware of that server's existence. They
may simply have taken no action regarding keyservers. They may have
considered a particular keyserver (or network) and made a decision
that they did not want their key on it. They may not want their key on
any keyserver. The point is, without referring to the key originator,
a third party cannot know their intentions and should not have the
arrogance to presume.

The OpenPGP standard and GnuPG can both be seen to concede that the
key originator could have some say in the matter: the
"keyserver-no-modify" flag was defined quite a while ago in RFC 2440
as meaning "the key holder requests that this key only be modified or
updated by the key holder or an administrator of the key server," and
has long been set by default in GnuPG. Unfortunately, I don't see
evidence that any keyservers honour this flag.



> but what about from the keyserver?  Isn't the keyserver unwittingly
> sharing the key without the originator's permission?

Difficult to answer.

Say, for example, I was to print out your photograph, name, address,
phone number, etc. and display it on a public noticeboard in the
church. Would you consider that the noticeboard was unwittingly
sharing your personal information without permission? Or am I solely
at fault? Or does the church share some blame?



> And if the keyserver should control dissemination, what are the
> limits of the originator's "rights"?

I don't believe the keyservers should restrict dissemination of keys
once they are admitted to the server.

I believe servers should perform some sort of originator-verification
before listing fresh or updated keys with the keyserver-no-modify flag
set (including where set on the existing but not the updated copy).
Where keyservers synchronise, there would need to be a way of passing
on the originator-verification result along with the updated key.

If a user makes the conscious decision to allow indiscriminate
publishing/updating of their key, unsetting the keyserver-no-modify
flag should achieve this. If they already uploaded it to the servers
with that flag set, they would need to pass the
originator-verification one last time to propagate the change.



> If the originator does have "rights" to control copying and sharing, are
> there any "fair use rights" for the person who has a copy of the public
> key?  Should these "rights" of the originator be enforced by some
> governing body, or should they be merely courtesy or suggestion?

I am not advocating anything remotely equivalent to copyright
provisions, just protection of personal information.

As with all other situations where you give somebody your personal
information, it depends on the circumstances. In the context of
family/friends/casual acquaintances, we are simply talking about
trust, courtesy, honour, etc. In the case of a business relationship
where the individual provides personal information for a particular
purpose, the standard privacy/data protection laws apply in addition.

Note again that I am talking about the personal information attached
to the key, not the key itself. This could all be avoided if an option
were available to create UIDs which revealed no personal information,
but which still enabled somebody who knew your email address to
retrieve your key from a server. See
http://www.hauke-laging.de/ideen/gpg-hash/index_1_1.en.html and
http://marc.info/?t=125471254900001&r=1&w=2 and
http://www.imc.org/ietf-openpgp/mail-archive/msg36986.html



- --
Best regards

MFPA                    mailto:expires2010 at ymail.com

He's an environmentalist - his arguments are 100% recycled
-----BEGIN PGP SIGNATURE-----

iQCVAwUBS5KED6ipC46tDG5pAQqZjAP+PU7zpnqvLWsYc+ahAN9PD2xMzuD+YI/P
4Sps6E03iiZoA7rE4UV5IkFE/OOCQ27oFPIhbnem8aywpJlCE2wfuHDhLsFT7JP+
Zmyo1mMOm0Cgm62KKoheXRfD5cjx9+18N7NUKWHmHsXkxaUewXTsqpHBG14zbuMs
XTCXEYWl2Ig=
=6hSm
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list