Legal Issues for Anonymous Encryption

PassPack‘s new Beta 5 release is very much a turning point. Not only are we undergoing an architectural restructuring, adding new features and extending our scope – but we’re also weeding through various international laws on encryption and anonymous services.

Encryption Laws

In some countries it is illegal to use encrypted services. Period. There is nothing we can do for citizens of these countries – if encryption is illegal in your country, we’re sorry, but you can’t use PassPack. The terms and conditions will be updated shortly to reflect this, and users will need to accept that they are not breaking any laws by using our service.

If you are already a user, please watch the blog for an announcement of the terms and conditions update so that you can verify if you are effected by this change or not.

Anonymous Accounts

We need to rethink anonymous accounts. We like the idea, and we know you do too, but it seems that offering anonymous, encrypted online storage is … well, a legal minefield. There is a 99.9% chance that PassPack is going to have to require an email at sign up in order to comply with the broadest range of countries. In particular, Italy, where we are based.

Luckily, however, Italy has fabulous privacy laws – all in favor of the user. One of the key points, is that we not only have the right to, but are required to, remove every trace of you and your personal data from our systems upon your request. We’ll build it so that that request is part of account deletion and is as transparent to you as possible.

The primary issue is that we can identify a person should law officers need us to do so (think: terrorists and other criminal lifeforms). Since we’re sure you are all honest folks, using PassPack to protect your personal data, and are not sought after criminals, this shouldn’t be an issue.

You can email me here, or comment below.

Technorati Tags: , , , , , ,


10 responses to “Legal Issues for Anonymous Encryption

  1. Pingback: Purple Lemon » Blog Archive » The Additional Secret of The Movie The Secret

  2. Delta Pi

    and which kind of email address are you going to use to “identify” the user?
    hotmail? bigfoot?

  3. @Delti Pi
    Whatever your preference. :)

  4. I don’t mind providing an email address for my account, however, the thought of you (or your company) being able to hand over my data to law enforcement is a little scary. I thought there was no way PassPack could decrypt someone’s account?

    Not that I will ever be doing anything that law enforcement would need my data. It just seems like the service will be less secure.

  5. @Ronnie
    I’m glad you brought this up. It’s a key point: PassPack can not decrypt your pack.

    So even if we were required to “hand it over”, it’s still encrypted. This is why encryption is illegal in some countries.

    However, should we be asked to provide information about our clients, we need to be able to do that. That’s the reason for the email.

    Does that make more sense?

  6. Yes, that makes sense. I was afraid the data would be unencrypted and then handed over.

  7. Ramesh Bhaskar

    I was wondering, consider the application is used over a long period of time (say 10 years). Encryption algorithms change over time and older algorithms are broken.

    If an algorithm being used by PassPack is broken and/or you need to change the algorithm, how would you do so? Since you don’t have access to our data how would you re-encrypt it using the new algorithm?

  8. Hello Ramesh,
    PassPack can do automatic updates on all of its algorithms. As you imagined, this can’t happen on the server because we don’t have your Packing Key, but as soon as you connect to your account after we’ve set up an new version, the automatic update will happen in your browser.

    For example, we’ve done this in the past with 100% success (no data loss) and we’ll be doing it again shortly with the upcoming Beta 5 release.

    Does that answer your question?


  9. Ramesh Bhaskar

    Yep it does :) . I was thinking along the same lines. Am waiting for the smart button feature.

  10. Pingback: Customer Support & Email Policy « PassPack Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s