I do run e-mail services for third parties... Including mailing lists. Its a private non-profit invite-only system and its paid by donations from its users, but one of the biggest issues that I have with this is that when it becomes mandatory to "sign" your emails, nobody will use my system anymore because the username can be traced back to a physical person. Also, the term "doxing" will be a big issue for me since I store over 1.5 million emails/month just for a single service, and they include sensitive information about the user like username, location and email address. The system runs purely on emails that are generated by users, and in general send their emails from addresses that are specially made for this purpose. When a request comes in to "remove" a username from the system, I humbly request them to send me an email with that request, otherwise I am unable to trace the source back. If each username can lead to a physical person, then I have to secure my server on a different scale to prevent data leaks (and stalking).

I even had to go to the cops for a data leak (thieves broke in the system and copied over 1 million emails), leaked it online and the cops just said "meeh", despite the fact that I had the offending IP address. What if those emails contained identity card signatures? They would still not be able to do something with it, but everyone would know who you were and what you have been doing online. Its a "goodbye privacy".

An "username" is a very low way of confidentiality that a person is guaranteed to be that person. However, if the "username" has to be signed with his eID, then that username suddenly becomes something like your social security number: Nobody wants that piece of information to be sent to everyone, however regulations force you to give that piece of information to everyone.

On Mon, May 2, 2016 at 3:27 PM Gordon Lennox <gordon.lennox.13@gmail.com> wrote:

There is a lot more to this draft than eIDs. It is worth slogging through it to get an idea of what the Commission thinks about this area in general.

I guess nobody on this list actually runs e-mail services for third-parties - do they include mailing lists? There are some interesting things about portability there.

Patrik, do I have your attention now? ;-)

Anyway, and keeping it simple, there are various stages where one can try and make one’s wishes or concerns known in Brussels.

The first stage is too often for those in the bubble. Lobbyists and the like. There are many lobbyists, very many lobbyists. And they work full-time. And of course they include ETNO and GSMA and so on.

And you also have the “expert groups” and public consultations.

It is still relatively rare though that a draft proposal is then leaked. Does this indicate that some folk are not happy?

But this “leak” is very useful. You can now see much more clearly where the Commission is heading. Writing to your favourite Commissioner now might have an impact. It has to be very soon though. The machine is moving. Once the proposal has been adopted collectively then the Commission collectively has to defend it.

After that it is a question of arguing - collectively? - through Parliament and Council?

Writing now as an individual to the Commission, even on one particular point, obviously does not preclude joining in with any group response later to the Council or Parliament.

Gordon