Hacker Timesnew | past | comments | ask | show | jobs | submitlogin

I mean that there is a big difference between a state automatically providing your data to any other state while having "their database disconnected" - and a human operator in the loop and an administrative verification of the appropriate access ;

For example this would allow a state to refuse access to the PI of their citizens for cases that are not administratively documented. This forces the access audit sufficiently that a malign actor cannot simply request data for a citizen without having probable cause ; another vector we want to protect ourselves against is simply the psycho/sociopaths that have access to these data without surveillance.



Whats your source for the database sharing claim?

The way I understand it is more like tls certs, with each country managing their own root cert.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: