Has Storjlabs got plans to perform an independent certification process or audits of Tardigrade to prove the claimed security of data so that it potentially can improve attraction to corporate customers?
Data security in clouds is a big thing in the EU and especially here in Germany and if you can present a certificate from TÜV or something that everything is safe and secured even though stored on private HDDs all over the world, this could help a lot.
8 Likes
well aren’t you just a well spring of good ideas these days… 
keep up the good work
1 Like
Hi jammerdan we did do that last year. I know that Europe is overall a pro-privacy region, but Im also curious: why do you think Germany is especially so? And I would also love to hear about how laws are rolled out in EU from country-to-country
No idea about current laws exactly, but historically East Germany was under an absolutely massive surveillance scheme by the communist government, with ~2% of the whole population being collaborators. Now Germany is especially sensitive to privacy.
1 Like
Yes, that’s right. Germany has always had quite strict privacy laws backed and upheld by our highest courts that often even limit state or government agencies to access certain data or forbid to collect and/or store certain data. So I guess it transformed into a cultural thing that every individual has the right to decide over their own data. The EU GDPR was made so that it should not lower the standard here, so basically the German standard is now EU standard. But also in Germany we tend to be a bit skeptical on technical innovations. Maybe we see potential dangers first and not chances. So if something new pops up we might rather ask ‘is this safe’ than ‘which advantage does it offer’.
An independent audit should cover topics like:
- Company’s practices in terms of coding and data protection
- Encryption standard
- 3rd party developers ability to undermine or bypass security and encryption
- Access to stored data by SNOs
- Access to stored data by satellite operators
- Data distribution
- Data deletion
- Data access by government agencies or on governmental/judicial request.
5 Likes
very interesting, thank you. And this list is really nicely organized! I will mention it internally. It seems to me that it probably takes careful time and effort, so the answer may not be immediate. But its a great thing to keep top-of-mind
ETA: Ive just posted a note in our data-privacy-guild (internal group) as a reminder to discuss in the next meeting, and it includes the bullet list from upthread, thank you!
4 Likes
Just some more sourcing:
https://www.coalfire.com/insights/news-and-events/press-releases/coalfire-iso-launches-iso-27701