The NYT filed a lawsuit yesterday to try to start getting some transparency into these matters -- even Congress is urging people to find out the truth:
People can dislike Wikileaks all they want, but this is exactly why they exist. The raw information is not being released and they see fit to do so. When the USG has a law on the books that congress passed but the DoJ won't share their interpretation of what the law means, you know something is very very wrong. (see: http://en.wikipedia.org/wiki/The_Trial )
The contacts list and IP address data of Jacob
Appelbaum, a WikiLeaks volunteer and developer
for Tor was given to the U.S. government after
they requested it using a secret court order
enabled by a controversial 1986 law called the
Electronic Communications Privacy Act, according
to the Wall Street Journal. The law allows the
government to demand information from ISPs not
only without a warrant, but without ever
notifying the user.
> Google Hands Wikileaks Volunteer's Gmail Data to U.S. Government
Implies that Google did so out of free will rather then being legally compelled to.
Orwellian naming conventions are all the rage these days :-) Jerry Yang faced a lot of heat for doing pretty much the same thing in China. Google seems to reluctant to criticize the US government now, unlike, for e.g., the Chinese government.
I don't necessarily believe that China's status as an expeditionary market makes it worthwhile to stop offering services in that country, just playing devil's advocate I guess.
Imagine google coming right out and saying: 'Our do no evil motto is our guiding light and we have decided that being forced by the government to act in this manner to prevent our technology from being used to spy on American citizens in ways that we can not in good conscience allow is against our principles. Therefore we will cease operating today.'.
I'm trying to imagine the effect of such a move, it strikes me that the ensuing fall-out would probably see the government as the losing party and google re-instated in very short order.
Sometimes you have to make a stand, if the same thing was a good enough reason for google to cease to do business in China then maybe it should be good enough to cease doing business in the US.
If anything, Microsoft would just step in to fill the vacuum with Bing, and business would continue as usual for everyone but Google.
No, we're not going to do that. You'll have to shut us down, which will take years, and cost the economy millions of jobs and trillions of dollars.
Oh, and I hope it goes without saying that we won't be complying with any court orders related to this matter. If you're serious about doing this, there will be pictures of men pointing guns at innocent American technicians, right next to the headline "The Feds are Coming for Your Email," and underneath that, Senator, will be your name.
Then they'd say something like: "This is America, motherfucker. Land of the free. You can't get away with this shit."
...sigh. At least it'd make a good screenplay.
You want a big multi-billion $ business to start dictating your laws?
Good luck on that one, that's not going to end badly is it?
The current system, where corporations often actually, literally dictate many laws is a lot less open and straightforward.
From a societal POV, big anything is bad. I wish more open-minded people could recognize that fact.
Bureaucrats and spooks are happy to play this game because they know it never comes back to them. Nobody who has to answer to voters would dare put their name on it-- we're looking for any damn excuse to not vote for the incumbent this cycle.
But I guess standing up for us could mean a hit to shareholder value, and some things just aren't worth sacrificing.
Remember that 99-1 vote for the Patriot Act? The one senator who voted against, Russ Feingold, lost in 2010 to a guy who's campaign slogan revolved heavily around "freedom".
Fascism and communism didn't kill 100 million people because of a 2300 dollar limit on campaign contributions.
There's a heck of a lot more to McCain-Feingold than just a $2300 limit.
The reality is that governments do have the ability to dictate a lot. But companies are global now and that means some competition exists. It's old news that countries compete on tax laws but competing on rights and freedoms would be nice too. To a certain extent, they do.
Also the economy there could use a boost I believe.
If you do get something important that is not encrypted, you can forward the mail to yourself as ciphertext.
You're correct that Appelbaum has no control over Google's retention procedures.
I've been interested in setting this up for myself. If you're interested, let me know on this form, and I'll begin looking into the issues of where to host, and what legal structures I'd need to set up.
The real answer to this and all other serious privacy issues is to use strong cryptography properly. There's no two ways about it. Anything that isn't encrypted before it sees a NIC should essentially be considered a public broadcast.
There must be ways to protect user privacy that are better than collecting everything in a form that can just be handed over. Example: encrypt on the client side, with user-supplied, large, non-compromised keys, and don't ever inspect the data on the server. If you need to inspect data in order to serve relevant ads, do it on the client, and only send back enough information to tailor whatever ads are currently available. Maybe do the ad selection on the client too. If this doesn't work for one of your services, consider it for other services where it would work. Laws prevent you from providing service X without providing such-and-such a hook? Then don't provide service X. Provide a plugin framework instead, and let users bring their own service. Use your heads. Maybe use a bit of the compute power the client has available. You spun down a lot of your China presence because of stuff like this, supposedly. You should be able to take big steps anywhere, not just in China. You are smart. Figure. It. Out.
That's right: Neither ever happened.
What is going on in this country?
Is the desire to operate in the dark, to work behind the backs of the very people that this government represents so strong, that any organization shining light on this must be squashed?
But I do like the idea of encryption, GPG does this really well already but key distribution is still a problem.
Just an idea for a secure physical box:
Throw in a external "always on" GPS receiver on the box and have it physically destroy the hard drive if it is outside of a certain area or if it detects a certain amount of movement (think someone removing it from a rack without disabling the service first). If your server was moved/confiscated it would ensure some safety. Just a tinfoil thought.
or are you being sarcastic?
(Most of the above applies for s/US/$country/g as well.)
You're likely better off hosting a mail server here in the US, not actually storing any mail on it, downloading the mail immediately to a local mail store on an encrypted disk, and using encrypted email to protect new mails. That still won't render you immune to prosecution, but you might consider the consequences of refusing to decrypt a server preferable to the consequences of revealing the contents of your email. Or not.
I think the main danger of using a foreign host would be that the NSA has more spying leeway with international traffic so they probably will have already slurped and archived your mail off of the wire without needing to ask your mail host. SSL is supposed to help with that but I have my doubts that that stops the NSA if they want to target you.
When US citizens are assassinated by presidential order rather than being brought to trial it's probably time to 'make your life easier' rather than wait around for the ICC.
Both Sonic and Google fought over the right to inform Mr. Appelbaum of the request for his data and won (afaik).
The article says it is not known whether Google fought against having to hand over the data, like the ISP Sonic did.
Which makes me assume the writers asked Google, they didn't answer, neither did they issue a press report one way or the other. Which leads me to believe that, no, Google did not fight the actual request and unlike the small ISP Sonic did just comply in order to make their lives easier.
Of course it's just speculation but why else would we know about the other case Google did fight in this matter?
Additionally, why would Google go through that trouble, they have no interest either way, and are not in the business of protecting their users from surveillance state governments. Apparently.
The law is the law, and they must comply.