Re: [projectvrm] NY Times article: Personal Data and Privacy - and VRM topics - A European point of view

[Johannes Ernst < >]

On Oct 9, 2014, at 15:52, Dean Landsman < "> > wrote:

Estonia ... All personal information is kept on separate servers and behind distinct security walls of government agencies, but the system allows the state and businesses like banks to share data when individuals give consent.

I always cringe when I hear something like that. Unless there is independent, credible, ongoing verification that this is indeed true, all that it is is an assertion in the same ballpark as "We do not collect data on ..." -- not even made by anybody in particular, so it's hard to keep them accountable.

If, on the other hand, they hired, say, the EFF, to go through their security / privacy architecture and implementation with a fine comb twice a year, we'd have something here. I say twice a year, because bureaucratically, it may be difficult to bring up and tear down back doors on a reliable basis that often without anybody noticing.

Of course that'd be prohibitively expensive and inconvenient and all of that, which is why I prefer what Kim Cameron used to call the Law of "Justifiable parties", and IMHO it starts with other people having as little data about me as possible. Not with the government acting as the central information service provider, which is what Estonia sort of seems to be doing.

Cheers,

Johannes.