People can dislike Wikileaks all they want, but this is exactly why they exist. The raw information is not being released and they see fit to do so. When the USG has a law on the books that congress passed but the DoJ won't share their interpretation of what the law means, you know something is very very wrong. (see: http://en.wikipedia.org/wiki/The_Trial )
The headline is a little disingenuous (technically correct, yes...) - especially if thats all anyone ever reads. Google didn't hand this over on a whim, rather:
The contacts list and IP address data of Jacob
Appelbaum, a WikiLeaks volunteer and developer
for Tor was given to the U.S. government after
they requested it using a secret court order
enabled by a controversial 1986 law called the
Electronic Communications Privacy Act, according
to the Wall Street Journal. The law allows the
government to demand information from ISPs not
only without a warrant, but without ever
notifying the user.
The problem/fault/remedy lies with the US gov, not so much the compelled company in this case.
Orwellian naming conventions are all the rage these days :-) Jerry Yang faced a lot of heat for doing pretty much the same thing in China. Google seems to reluctant to criticize the US government now, unlike, for e.g., the Chinese government.
EXACTLY the same thing. It's a really interesting point. When China does it, they're horrible. When the US does it, what is it? Is there a difference or not? The motivations are quite similar, and one probably can only look at whether the motivations of each country can be justified from a moral standpoint.
Perhaps the discontent comes because China is seen as something of an expeditionary market for American search providers. While you can give China the finger and get out, it's not tenable to do that in the US, so one is compelled to play by American rules.
I don't necessarily believe that China's status as an expeditionary market makes it worthwhile to stop offering services in that country, just playing devil's advocate I guess.
Collaboration with a bad government is always optional, you can cease to do business. That's definitely tenable. It takes a lot of balls to do so.
Imagine google coming right out and saying: 'Our do no evil motto is our guiding light and we have decided that being forced by the government to act in this manner to prevent our technology from being used to spy on American citizens in ways that we can not in good conscience allow is against our principles. Therefore we will cease operating today.'.
I'm trying to imagine the effect of such a move, it strikes me that the ensuing fall-out would probably see the government as the losing party and google re-instated in very short order.
Sometimes you have to make a stand, if the same thing was a good enough reason for google to cease to do business in China then maybe it should be good enough to cease doing business in the US.
I very much doubt that Google threatening to pull out of the country would cause any action in Congress. The government has no incentive to act, and all the power to spin the story if there is some sort of public outcry - something to the effect of "Google is unpatriotic and doesn't care about your safety." Most people will buy it.
If anything, Microsoft would just step in to fill the vacuum with Bing, and business would continue as usual for everyone but Google.
That's why I'm sayin' they can't just leave, and they can't just threaten. It has to be real civil disobedience. They have to be willing to say:
No, we're not going to do that. You'll have to shut us down, which will take years, and cost the economy millions of jobs and trillions of dollars.
Oh, and I hope it goes without saying that we won't be complying with any court orders related to this matter. If you're serious about doing this, there will be pictures of men pointing guns at innocent American technicians, right next to the headline "The Feds are Coming for Your Email," and underneath that, Senator, will be your name.
Then they'd say something like: "This is America, motherfucker. Land of the free. You can't get away with this shit."
That's not true at all; many (probably most) huge companies have never received bailouts. Compliance is also a tricky issue - you don't want to let the market compete on nuclear power plant design without some sort of supervision, even if the current system doesn't work very well. Lobbyists are a different story, but Google, for example, or Amazon, got to where they are without leaning on governmental support or anti-competitive laws.
Why even bother to shut down? Google could probably just go "Haha! Fuck you. Who's your closest supervisor in an elected office?" Next day, "<Official> wants Google to share your personal information with the Federal Government" magically becomes the top hit for that name.
Bureaucrats and spooks are happy to play this game because they know it never comes back to them. Nobody who has to answer to voters would dare put their name on it-- we're looking for any damn excuse to not vote for the incumbent this cycle.
But I guess standing up for us could mean a hit to shareholder value, and some things just aren't worth sacrificing.
There are many dimensions of freedom. I'll note that Sen. Feingold's name shares a place in "McCain-Feingold", which is a limitation on free speech (some may argue that it's a warranted limitation, but the fact that it is a limitation on freedom is objectively true)
Perhaps they did so because of a total ban on advocacy ads within X days of the election? We wouldn't want people to hear about what a snake their Congressman is, when the election is close enough they might remember.
There's a heck of a lot more to McCain-Feingold than just a $2300 limit.
They could have made more of a fuss over it. Get ideas up in the air about shifting pieces of Google overseas, for example. Once the idea that Google might be locating somewhere else for concern about collaborating with the US government, public concern might have been raised.
The reality is that governments do have the ability to dictate a lot. But companies are global now and that means some competition exists. It's old news that countries compete on tax laws but competing on rights and freedoms would be nice too. To a certain extent, they do.
If he's receiving random emails they are probably not important or sensitive enough to be valuable to the government. If he's receiving non-random emails that contain sensitive data, it should all be encrypted.
If you do get something important that is not encrypted, you can forward the mail to yourself as ciphertext.
You're correct that Appelbaum has no control over Google's retention procedures.
From comments here, it looks like there aren't good options for secure email outside of the jurisdiction of the US government.
I've been interested in setting this up for myself. If you're interested, let me know on this form, and I'll begin looking into the issues of where to host, and what legal structures I'd need to set up.
If the US decides it wants access to your accounts, I don't think putting a server in another country will be enough to stop them.
The real answer to this and all other serious privacy issues is to use strong cryptography properly. There's no two ways about it. Anything that isn't encrypted before it sees a NIC should essentially be considered a public broadcast.
There must be ways to protect user privacy that are better than collecting everything in a form that can just be handed over. Example: encrypt on the client side, with user-supplied, large, non-compromised keys, and don't ever inspect the data on the server. If you need to inspect data in order to serve relevant ads, do it on the client, and only send back enough information to tailor whatever ads are currently available. Maybe do the ad selection on the client too. If this doesn't work for one of your services, consider it for other services where it would work. Laws prevent you from providing service X without providing such-and-such a hook? Then don't provide service X. Provide a plugin framework instead, and let users bring their own service. Use your heads. Maybe use a bit of the compute power the client has available. You spun down a lot of your China presence because of stuff like this, supposedly. You should be able to take big steps anywhere, not just in China. You are smart. Figure. It. Out.
Would someone please remind me when Wikileaks was convicted or even accused of a crime?
That's right: Neither ever happened.
What is going on in this country?
Is the desire to operate in the dark, to work behind the backs of the very people that this government represents so strong, that any organization shining light on this must be squashed?
Even if you host it yourself but at a regular hosting provider "they" might just confiscate your servers. Increasing email encryption usability might be the road out of this dilemma. Otherwise email encryption is going to stay within a very small circle of users.
When I said "Host your own" I meant on a physically secure box using full disk encryption.
But I do like the idea of encryption, GPG does this really well already but key distribution is still a problem.
Just an idea for a secure physical box:
Throw in a external "always on" GPS receiver on the box and have it physically destroy the hard drive if it is outside of a certain area or if it detects a certain amount of movement (think someone removing it from a rack without disabling the service first). If your server was moved/confiscated it would ensure some safety. Just a tinfoil thought.
When you say "physically destroy" do not use any form or anything that could be spun as a incinderary, explosive, or projectile device. The laws on those type of things will put you in prison for a long time.
I'm aware of the illegal NSA spying, but surely they're still somewhat more cautious about deploying domestic surveillance. Going overseas makes it all legal and OK, here they at least theoretically are not supposed to be doing things, and that's better than nothing, right?
I'm always disappointed when I go looking for European web services, why is that? Why can't they have a Hotmail counterpart? China has comparable duplicates of most American services, but Europe doesn't even try. It's weird.
You speak of "off-shore" as though it represents some magically lawless region. As useful as that might be for these purposes, it doesn't exist. Your server will exist in some country. That country will have laws; those laws may or may not favor you. That country may or may not wish to refuse a US court order. Most countries are on fairly good terms with the US, and unlikely to say "no" to a request for evidence based on what looks like a standard legal investigation. Many of the countries not on good terms with the US rank pretty high on the list of places not well known for respecting rights, least of all privacy. And on top of all that, keeping a server outside the US does not render you personally immune to a US warrant if you remain in the US.
(Most of the above applies for s/US/$country/g as well.)
You're likely better off hosting a mail server here in the US, not actually storing any mail on it, downloading the mail immediately to a local mail store on an encrypted disk, and using encrypted email to protect new mails. That still won't render you immune to prosecution, but you might consider the consequences of refusing to decrypt a server preferable to the consequences of revealing the contents of your email. Or not.
I'm not a lawyer but I believe it would be very difficult for an FBI prosecutor to raise a case to international status and get a foreign judge to issue a subpoena. Most countries are very protective of spying on their citizens or corporations.
I think the main danger of using a foreign host would be that the NSA has more spying leeway with international traffic so they probably will have already slurped and archived your mail off of the wire without needing to ask your mail host. SSL is supposed to help with that but I have my doubts that that stops the NSA if they want to target you.
Right, it is a good reason for leaving all US services, just singling out gmail would be unfair. Too bad so many major ones are hosted in the US (or at least by US companies). We really need a less centralized internet... Otherwise, when the US turns into a loony military dictatorship it takes us all with it.
The article states that the government had a court order but didn't have a search warrant. It seems there is a loop in the system with the Electronic Communications Privacy Act. My questions is, did Google 'have' to give over his Gmail account information? Or do they just comply to make their lives easier?
In today's society 'having to' and making your life easier is just about the same thing. Don't want to comply citizen? We do have those antitrust hearings scheduled in a few weeks, would be a shame if we found out you were running a monopoly and had to break up your company.
When US citizens are assassinated by presidential order rather than being brought to trial it's probably time to 'make your life easier' rather than wait around for the ICC.
The ISP Sonic fought against having to hand over the data and lost.
Both Sonic and Google fought over the right to inform Mr. Appelbaum of the request for his data and won (afaik).
The article says it is not known whether Google fought against having to hand over the data, like the ISP Sonic did.
Which makes me assume the writers asked Google, they didn't answer, neither did they issue a press report one way or the other. Which leads me to believe that, no, Google did not fight the actual request and unlike the small ISP Sonic did just comply in order to make their lives easier.
Of course it's just speculation but why else would we know about the other case Google did fight in this matter?
Additionally, why would Google go through that trouble, they have no interest either way, and are not in the business of protecting their users from surveillance state governments. Apparently.