-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Paul
On Monday 8 March 2010 at 5:35:08 AM, you wrote: > MFPA wrote: >> On Saturday 6 March 2010 at 8:55:48 AM, you wrote: >> >> >>> On Sat, 27 Feb 2010 03:52:02 +0000 MFPA wrote: >>>>> (b) the person owns the information has the right to >>>>> control how it is disseminated, and >> >> This was someone's re-interpretation of my point. Spot the extra ">"? > Hello MFPA, > I never asserted that you said the key's originator owned the > information stored in the key. I was quoting the context of what your > reply about the originator having "some rights" was about. I would > never try to insert words into your mouth. I just wanted anybody reading this after the event to be clear the quoted line about owning was not anything *I* have said. >>>> The data subject does have various rights concerning the personal >>>> information that is about him. > I used this quote, because I believe > that it states, in your own words, what you have been saying, either > directly or by implication, during this whole discussion thread. Yes, it is the main thing I have ended up discussing. >> The concept of *owning* your personal information makes little sense. > [snipped the rest of the paragraph] > You have began by answering a question that I never asked. I have only > asserted that you believe that the originator has "some rights". I > never used the word "own". I used the word "rights". Since you quoted Robert J. Hansen's line beginning "the person owns the information," I felt I could not reasonably address the question you went on to ask without first putting that point to bed. > Really, I am not interested in talking about what the law says. The law > may be right, or the law may be wrong. I don't want to know what the > law thinks, I want to know what you think. The legal aspect is an integral part of the answer to your question; it demonstrates that rights to privacy and to an element of control over one's personal information are not something I dreamt out of thin air. Whatever different views people may have on moral or ethical rights, there are situations where processing/storage/dissemination of personal information is the subject of an established body of legislation and legal precedent. All that is open to question is the extent and nature of privacy "rights" that may exist beyond the narrow set enshrined in law and the slightly wider set in documents such as ECHR. > For the record, I don't believe that the key holder should upload the > key if the key's originator doesn't want Seeing as we are framing this in terms of "rights," do you believe the holder has a right to upload in these circumstances but "should not" exercise that right? > the key in some public venue > (forget the keyservers, it's about public availability). It's not entirely about public availability. There is also the inability to remove a key from most servers. An individual may be perfectly happy to post the key on their website, or biglumber, or the PGP directory, but not want it on the main server networks. It's about the individual's right to choose what happens to their personal information. > But I don't believe the originator has a /right/ to prevent the key > holder from sharing it. Morally and ethically, I disagree. To use an example with phone numbers: say I had a personal friend who was an insurance broker with a teenaged daughter and elderly parents. I would suggest it's perfectly in order for me to pass to a third party my mate's business number. I definitely have no moral or ethical right to pass on his daughter's or parent's numbers or his personal number. Some would argue he has a right to give me a good beating if I did. In practical terms, the originator currently has no means to prevent this sharing, whether or not he has a right. In a certain narrow set of circumstances, there could be an argument for legal redress if the originator's personal information was shared. > I don't believe the keyserver (or the church) is responsible for > another's actions. But I wanted to see whether you thought the > keyserver should be responsible. I also don't think a webhost should be deemed responsible if somebody posts unlawful material on a site or forum that happens to be hosted on their servers. > The only problem that I can see with the keyserver preventing any > modification of the originator's key, is that it could prevent someone > else from ever revoking their signature on the originator's key. That > would be, of course, if absolutely no modification is allowed. Unless I have missed something, the RFCs have not addressed that point. >>> If the originator does have "rights" to control copying and sharing, are >>> there any "fair use rights" for the person who has a copy of the public >>> key? Should these "rights" of the originator be enforced by some >>> governing body, or should they be merely courtesy or suggestion? >> >> I am not advocating anything remotely equivalent to copyright >> provisions, just protection of personal information. > The "rights" that you are asserting are similar to copyrights. They > both restrict the copying and dissemination of the information > associated with them. I cannot conceive of anything other than a presumption of privacy in respect of the personal information usually present in the UIDs, and have always been amazed at the number of people displaying it openly on their public keys. > So if the key holder can't ethically (not talking > about physically) share the key or modify it, then what "rights" does > the key holder have? Any use whatsoever that in no way compromises the privacy of the originator's personal information. > Your purpose for keyservers and my purpose for keyservers are different. > I believe that keyservers should be for the public dissemination of > keys. You believe that keyservers should be for the private > dissemination of keys. I believe anybody with my details should be able to fetch my key from a server, but looking at my key should give them no extra personal information about me. > What /you/ want is a keyserver that you can upload publicly and share > privately. I want is a keyserver that I can upload publicly and share > publicly. > Remember that they are called public keyservers. And like a public > restroom, they can be used by deviant and saint alike. > You shouldn't assail the public keyservers. My intention was merely to challenge the statement "it's a good idea to upload your key to a keyserver," since I had seen such sentiments expressed without qualification various places previously but had always seen more good reasons against than in favour. I got into a much longer (and more interesting) discussion than expected. > You should be calling for an additional kind of keyserver to fill > the niche of people like you. I think it would work better if the option of increased privacy could be integrated into the mainstream servers. - -- Best regards MFPA mailto:expires2...@ymail.com The truth is out there. -----BEGIN PGP SIGNATURE----- iQCVAwUBS5VuUaipC46tDG5pAQrTKgP/UGB1GM94CSCNLLtQ3LA2aVylSulKD0+c XIxTmSqdLFOusiCXEm70lcBB6m6v52vC+yI3mtQeRGZaZ3rDHSm4y4LE48T+TzGt e6tUiZthUiVPlcfhVtHfDPvKoHDexc/ZaeIUgWc6s/BTFlMByP+4uvUhNQ1dcxes xzj3iOKXiu0= =ZX4l -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users