|
|
|
|
|
|
by 6r17
50 days ago
|
|
|
I mean that there is a big difference between a state automatically providing your data to any other state while having "their database disconnected" - and a human operator in the loop and an administrative verification of the appropriate access ; For example this would allow a state to refuse access to the PI of their citizens for cases that are not administratively documented. This forces the access audit sufficiently that a malign actor cannot simply request data for a citizen without having probable cause ; another vector we want to protect ourselves against is simply the psycho/sociopaths that have access to these data without surveillance. |
|
|
The way I understand it is more like tls certs, with each country managing their own root cert.