-
Martin
Can you s2s with voip-push.eightysoft.de? I always get `Forbidding insecure connection to/from voip-push.eightysoft.de because its certificate is not valid for this name` but according to Thilo it should serve the right certificate.
-
jc
Hey everyone I'm curious what best practices are regarding law enforcement requests. I'm assuming some people here have received them before. What do you generally do? Do you ask for a legally binding document before handing over (meta-)data of a particular user? Thanks
-
jc
with "legally binding" I mean something that legally compels you to do so, instead of just someone asking nicely
-
Ge0rG
jc: I suppose as long as they are only "asking nicely", you aren't even allowed to hand over any data
-
jc
Yeah, that's what I'm wondering
-
Ge0rG
but that highly depends on your local legislation, as well as on the legislation of the user asked about
-
Ge0rG
like e.g. the GDPR
-
jc
Seems problematic to just hand over data to someone who claims they're law enforcement
-
Ge0rG
that's even worse.
-
Ge0rG
I could claim I'm law enforcement ;)
-
Ge0rG
so you need to authenticate them, and you need them to provide you with a legal basis for their request
-
Ge0rG
and then you~r lawyer~ must check the law text on whether it is actually sufficient to require that data
-
jc
my wat
-
Ge0rG
yup
-
TMakarios
> Ge0rG wrote: > but that highly depends on your local legislation, as well as on the legislation of the user asked about > like e.g. the GDPR If I'm in New Zealand, with my server in New Zealand, accessed only via New Zealand IP addresses and domain names, but with a user in, say, Bhutan, am I bound by Bhutanese privacy and anti-privacy laws? How would they be enforced?