[security-area] Are we all lawless?

[Olle Mulmo]

In recent meetings that I have attended, the issue that "VOs might not
be legal" has surfaced a couple of times.

Of course, the illegitimacy of a VO depends on you define and operate a
VO for a certain community. But the basic argument goes like this: in a
loosely coupled, non-centralized community, there is no point of control
that can be held responsible for the sharing of information considered
"sensitive" from a legal standpoint: Health and business regulations
(not to mention data privacy laws) often require such a single entity.

Other examples that fit this description is world-wide file-sharing of
copyrighted material and cryptographic software.

Does anyone have more insights on this matter?

Regards,

/Olle