91勛圖厙 in Berlin: Fieldtrip to Nitrokey
This morning we had a guest speaker, Dr. Carlo Piltz, come speak to the class about data protection in the European Union. More specifically, the provisions in the GDPR (General Data Protection Regulation) which are provided to every person currently in the EU, citizen or not. The four main focuses of the GDPR are fair and lawful processing, purpose limitation, data minimization, and data retention. The aim is to limit what data companies can gather on their users, what they use it for, how much data they gather, and how much data they keep. Companies are obligated to erase data collected on a user after a given period of time, and a company can be told at any time to demonstrate their process for it. A few US states have legislation similar to the GDPR, but the US has yet to enforce anything at the federal level.
Shortly after class ended, we hopped on the U-bahn and S-bahn to visit Nitrokey, a world-leading company in open source security hardware. We learned a brief history of their company, and then more in depth on what security services their products provide. The founders first started business in 2008, and the company was officially created in Berlin in 2015. Since then, they have created several iterations of the nitrokey, along with nitropad, a laptop, and nitrophone. In addition to that, they have created a messenger called NitroChat, a video calling service called Nitrokey Meet, and a data destruction service called NitroShred. They gave us a short tour of their office space, which included a couple rooms used for making their products complete with a few self-made tools and a 3D printer.