This time we will be trying to integrate Phpmyadmin with Nginx and MariaDB. We are using Arch Linux since its my preferred distribution, but all of these commands are not very specific to the distribution you choose to work with. PhpMyAdmin is one of the most famous tools for managing the MySQL database, and is…
Legal advice from Datatilsynet
While there still is a lot of work left with the technical part of the project, I wanted to reach out and see if I would run into any problems with the legal stuff. I wrote emails explaining my project to both Datatilsynet and Digitaliseringsstyrelsen. Datatilsynet responded after a while with a request to call them, as the nature of my project required them to use a phone and not email. Here is the Legal advice from Datatilsynet
Since my project involves hacking of properties that are not mine to begin with, I wanted to make sure that a simple contract made between my customer and I would insure that nobody could get in trouble after the job was done.
The phone interview lasted about 20 minutes and was very interesting. The questions can be summed up in:
- Any particular laws which forbid me to make an agreed “hack” of a corporate network, then to generate a report based on network and security issues and problems.
Still waiting for information from Digitaliseringsstyrelsen, but according to Datatilsynet, I shouldn’t have any problems. They had some pointers and advise to the contract that should be signed before starting any work. Since I am sniffing traffic from the network, it would be advised to store this data in a safe manner in case there is any person sensitive data.
Since the device I’m working on doesn’t save the person sensitive data anywhere, but just reads the data packages, I shouldn’t have any problems. According to Datatilsynet, if a company has employees, they will also have a protocol for safeguarding person sensitive data. Datatilsynet advised me to create a data processor agreement according to the specifications in Danish law § 42 paragraph. 2. This would help protect me in case anything would happen.
My project doesn’t save any data, but merely use the data already in the air to crack the passwords. This data in the airwaves could very well be Facebook messages, or emails, but since I’m not using the data for any purpose related to the person sensitive information and not storing it, the project shouldn’t be affected by any person sensitive data laws. Now I just need to get answers from Digitaliseringsstyrelsen as they might be able to get me some more information about what potential problems I could encounter.