[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

To: home_pw@xxxxxxx
Subject: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
From: Martin Rex <martin.rex@xxxxxxx>
Date: Thu, 11 Jan 2007 00:34:56 +0100 (MET)
Cc: tls@xxxxxxxx
In-reply-to: <BAY126-DAV170D705159BDA85247456E92B20@xxxxxxx> from "home_pw@xxxxxxx" at Jan 10, 7 02:36:10 pm
List-archive: <http://www1.ietf.org/pipermail/tls>
List-help: <mailto:tls-request@lists.ietf.org?subject=help>
List-id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.lists.ietf.org>
List-post: <mailto:tls@lists.ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@lists.ietf.org?subject=unsubscribe>
Reply-to: martin.rex@xxxxxxx

I know that there is are no (effective) legal safeguards in the US
for personal data.  This is why I am worried about the TLS Evidence
approach.

Just because US citizens are entirely unused to enjoying privacy
and protection of their private data, doesn't mean that all the
rest of the world should not be entitled to such freedom either
by ignoring this security aspect when designing technology.

home_pw@xxxxxxx wrote:
> 
> Despite pro forma optin mechanism compliance, its normal in 
> US practice for US companies to subvert the Euro-intent on 
> such opt in regimes using safe harbor and other procedural 
> tricks : in the US, you will find that as a consumer one 
> cannot connect to one's commodity service provider if you 
> FAIL TO AGREE TO OPT IN to the data retention policy.

That's not quite accurate.  Several courts in europe have
already ruled that the safe harbor trick is ineffective and
therefore illegal.  Currently, only governments are still playing
some tricks, for businesses this approach may easily
become a very costly expedition.

Many europeans chicken out and do not insist on their privacy,
and incredibly many sign "away" the privacy they're entitled
to all to easily.  But, as indicated, everybody may revoke
their agreement at any time, no reason required.

This is why there are several safeguards, like the requirement
to provide a detailed list of the information that is going
to be collected&persisted plus an exact description of the
purpose which the consent agreement will authorize.
For every additional information and every additional purpose
a new explicit agreement/permission must be obtained.

The German Telecom lost also the final appeal
when the subscriber of an internet flatrate sued them for keeping
a record of his DHCP lease (or equivalent) after he disconnects.

> 
> This is just like today: phone a US health account insurer 
> to discuss a claim, and it will tell you they are recording 
> the call "for quality purposes". You can opt out, and thus 
> the provider will simply drop the call, interdicting "phone" 
> support... Your optin choice!

Here, you could easily get a cease-and-desist order with a daily fine
for ever further day of non-compliance for such business practices.

The courts here take the "voluntary consent aggreement" requirement
in the data protection directive very seriously.

-Martin

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls

References:
- Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
  - From: home_pw

Prev by Date: Short 30 second form
Next by Date: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Previous by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00<
Next by thread: Re: [TLS] Please discuss: draft-housley-evidence-extns-00
Index(es):
- Date
- Thread