Jan 11, 18 / Aqu 11, 02 14:13 UTC

Personal Data/Information protection on Asgardia servers  

Hi all, I want to apply for the Parliament elections and I have to send my personal info (like scan of passport or ID card) to Asgardia servers. Which is fine, but when every day we hear about stealing personal data and information from several companies, I wonder which measures Asgardia IT staff has enabled to protect all these scanned ID Card.

I have made a couple of tweets and written emails asking about that but I got no official answers.

Does anyone can answer me?

Thank you.

  Last edited by:  Carlo Biason (Asgardian)  on Feb 1, 18 / Pis 04, 02 10:32 UTC, Total number of edits: 1 time

Jan 11, 18 / Aqu 11, 02 18:34 UTC

Sorry to hear that, I wouldn't expect to much from them . If asked to do this again make copies and snail. Mail them 

Jan 19, 18 / Aqu 19, 02 12:19 UTC

Just to be clear, I haven't sent any personal information at the moment, I was just wondering if there are some IT security measures enabled. Apparently no one can answer me. And here cames the second question: which kind of new country can we build, if it is not even possible to know what is the security level of IT governance? How can I trust Asgardia?

  Last edited by:  Carlo Biason (Asgardian)  on Feb 1, 18 / Pis 04, 02 10:33 UTC, Total number of edits: 1 time

Jan 24, 18 / Aqu 24, 02 16:05 UTC

@mailmarterc
Looking at how much time it will take to them to answer you, you'll can see how much to trust them: just apply the formula T = 1/t  where "T" is "Trust" and "t" the "time".
Don't be scared if, like I already see, T will tend to zero.

Feb 1, 18 / Pis 04, 02 10:32 UTC

LOL, very nice formula, I like it! :)

You are probably right, but then another question raises: if Asgardia people want to build a new transnational nation (!) without geographical borders, in the today Information Society, and do not care about the digital and personal data they collect, how can they expect to be trusted and to build a strong and reliable organisation?

Ok, nevermind... :)

  Last edited by:  Carlo Biason (Asgardian)  on Feb 2, 18 / Pis 05, 02 13:02 UTC, Total number of edits: 2 times

Feb 5, 18 / Pis 08, 02 17:12 UTC

[personal opinion] i believe they don't have to answer to a question of what measures have in order to protect the data (if i was in their place i would do the same)

Feb 6, 18 / Pis 09, 02 15:56 UTC

My I ask you why do you think so? Storing personal data is not important? If their procedures are not up-to-date and some criminals will steal my personal ID Card, shouldn't I be concerned? Should I then blame myself or Asgardia IT Staff?

Thank you for your answer.

Feb 8, 18 / Pis 11, 02 17:27 UTC

ofcourse and its important especially in the digital age i never said that they are not important, but security measures are not for public view, exposing your defences you might give to hackers infos that in other ways couldn't get them (sorry for my english it's not my native language)

Feb 13, 18 / Pis 16, 02 14:15 UTC

Don't worry Christos, I am not an English native speaker either! :)

Thank you for your answer, but I strongly disagree. You refer to a topic well known in cybersecurity literature: security through obscurity. Which means that something not known is more secure because few people know it. Unfortunately this is wrong. The most secure algorithm are all public, like the source code of some operative systems like Linux. And Linux is considered among the most secure OS, because the more people can look at and revise it, the more is possible to find bugs and security flaws, and then correct them. In the source code, and, as I asked, in the infrastructure and security measures I wanted to know, there are not written the login/password information, or any other sensitive data for the infrastructure itself, but just how it works. 

Imagine that Asgardia uses some old and bugged hardware, or some software not patched and updated. Few people know it, he wope the "trusted" one. But what happens if this information slips away (and sooner or later this will happen, as it still happens around the world from decades!) and a cracker will find it? Asgardia IT staff will be reluctant to admit the stealing, and the cracker will use our personal information to commit any kind of crime, or just steal our digital identity. A problem that more and more people are facing every day. And all of this just because someone didn't use the most secure and updated technology and didn't want to tell it hoping that no one will never discover it? No thank you. I trust Asgardia people, but when my personal identity is concerned, I don't want to play any game.

I hope I made my point clear. As I said, this a huge problem, and it seems that even today, after all the problem already happened in similar situations (yahoo email stealing, one of the hugest), very few organizations and persons take care of it seriously.

Feb 23, 18 / Pis 26, 02 14:41 UTC

what about "misleading through obscurity"?

Mar 6, 18 / Ari 09, 02 18:43 UTC

Hi,

You can send your question to citizens@asgardia.space and they can forward it along to the appropriate team.

Regards,

Rebekah Berg
Head of Community Affairs
Asgardia

Mar 26, 18 / Tau 01, 02 09:19 UTC

Hi petrv.

Yes, I know about the GDPR, I just hoped that they will answer my question not because they are forced by the law to do that, but because they agree that it is important (sort of Kantian moral law) to share it with us.

Anyway, it seems that I really have to wait the end of May, even if with the GDPR it is difficult to understand what they must say and what I can ask, this is not so straightforward. :)

Thank you for your answer.

Mar 26, 18 / Tau 01, 02 09:21 UTC

Hi Rebekah,

thank you, I wrote twice but never got an answer. Probably my email vanished in the digital space. :)

  Last edited by:  Carlo Biason (Asgardian)  on Apr 13, 18 / Tau 19, 02 13:01 UTC, Total number of edits: 1 time