Things that make you go hmmm: Do crypto key servers violate GDPR?

guest · Jul 5, 2018

Things that make you go hmmm: Do crypto key servers violate GDPR?
One does not simply 'remove' data from key servers
July 5, 2018
https://www.theregister.co.uk/2018/07/05/pgp_key_servers_gdpr/

Cryptographic key servers are in "direct violation" of the EU's General Data Protection Regulation, a software developer has claimed.

Michael Drahony (AKA yakamok) has written a program (on GitHub) designed to highlight the potential compliance issues posed by use of PGP as an email encryption utility.

"Currently you cannot remove data from the key servers on request," Drahony told El Reg in an email. "Any data posted to them propagate to other key servers, making the data immortal in a sense."
Implied consent
Users make a conscious decision to place a public PGP key on a key server, but might the fact data can't be deleted still be an issue? [...]
Click to expand...

mirimir · Jul 5, 2018

The inability to delete is a concern. Both about old keys, and about spoofed keys. Say if someone created and uploaded a key for mirimir@riseup.net. Maybe they could manage to spoof the email address well enough to trick one of my correspondents. But I would have no way to prove ownership, and have the key deleted. That's one reason why I prefer Keybase.

Log in or Sign up

Things that make you go hmmm: Do crypto key servers violate GDPR?

guest Guest

mirimir Registered Member

Log in or Sign up

Things that make you go hmmm: Do crypto key servers violate GDPR?

guest Guest

mirimir Registered Member

Useful Searches