On Sat, 11 Apr 2015 13:56:59 +0200 deloptes <delop...@yahoo.com> wrote:
> Petter Adsen wrote: > > > Switzerland might be good, unfortunately I don't know of any cloud > > services there, but I'm sure there are. But if the NSA wants data > > stored on servers in Switzerland badly enough, do you really think > > Swiss laws would stop them? > > > > Petter > > I mean a situation where they come to you as service provider and > tell you to deliver the encryption keys for the services you provide. > In this case Swiss and Austrian Law is still much harder to bend. I see. Well, if your customers manage keys for themselves, that would not be your problem at all. However, if you manage them, then I see your problem. In my personal case, I don't much care which cloud providers I use, as I pretty much encrypt everything I store on them anyway. CloudMe is geographically close and I get good speeds, which is mainly why I'm considering them for backups. > The back side is ... do you want to host data of mentally sick > people ... like islamists, pedophiles or alike - and how would you > guarantee that there is none? For me this is an important question - I do not think you can guarantee that. Of course, if you have access to the encryption keys and your clients do not encrypt things themselves, you can scan their content. However, this may not be legal (I have _no_ idea), your customers may strongly dislike it, and you still won't find everything. Ironically, the best approach could actually be to cooperate with the authorities :) I think in most cases if they come with a warrant for the content of a certain user, they actually have a strong reason for it. I do not think they would do that without strong grounds. > that I can still not answer. Assume you sell a service with encrypted > mail, cloud etc. Surely you get people from the underground world, > that would like to use the service. How do you prevent the service > being used by such people? Ideas? I have never had the time to look > for theoretical papers or implementations on this subject. I honestly don't have anything to suggest, I'm afraid. I would hazard a guess that many users who are concerned about privacy and security would still encrypt mail and content themselves, though, and in that scenario I don't see that there is much you could do about it. I wish you the best of luck in your venture, though, as the world sorely needs more secure infrastructure, and many people don't want to or are incapable of handling crypto for themselves. Petter -- "I'm ionized" "Are you sure?" "I'm positive."
pgpNr4V45n0gI.pgp
Description: OpenPGP digital signature