I expect Google's filing to show up here shortly:
If you've got something on offer, and want to know who might buy, Google won't tell you who is interested. They'll just deliver your message to the right people, and if you get a suitable response, you'll know that their service was worth the price.
There's a world of difference between the mediated transactions they have with their customers, and the exchange that takes place when the government says "hand over the data itself."
Google was caught pants down spying on everyone, stop trying to white wash it.
If you're referring to the whole wifi thing, tell me, what information do you expect the street view car to be able to pick up in the 10 or so seconds it would have been associated with the AP? Their engineers have basically come out and said that was a fuckup, and I'm inclined to believe them because I find it hard to imagine what use that random data would be.
And to be honest, I'm more likely to believe a Google engineer rather than a namecalling troll who's virulently against them for no good reason.
National security most likely qualifies as "compelling state interest" in general, but it's not the only thing the government needs to infringe on constitutional rights. The government also needs to prove that the infringement is narrow and specific.
Even then, I wonder if the "compelling state interest" could be challenged on not being compelling enough.
(I am definitely not a lawyer, just remembering a con law class I took and refreshing my memory with Wikipedia.)
National security is pretty compelling, but it's unclear how prohibiting disclosure of the number of requests is narrowly tailored to that interest. Without knowing more details about the nature of the program, it's hard to say why the number matters. But if the NSA can't demonstrate how disclosing a specific number, as opposed to an approximate range, has a noticeable impact on national security, the law would likely not be in their favor.
What are the governments burdens here? Can they merely assert there's a security issue here or do they have to prove it? Does it have to pass some kind of severity test in order to restrict speech? I'm genuinely curious what the case law says on this stuff.
It's much less clear when you are talking about someone who hasn't agreed to the clearance process. In 1979 the Department of Energy tried to prevent The Progressive magazine from publishing an article by Howard Morland describing the design of the Hydrogen Bomb. The article was derived from unclassified sources, but the government argued that information about atomic weapon design is "born classified". There was no conclusive judgement, as the government eventually dropped the case and the article was published.
Nice confirmation that the "in the last 6 months" numbers reported by Facebook et al are worthless. No company has yet said how many users are affected total. I assume it's all users, by an earlier "request" (actually all but an order). Why shouldn't an organization that gains a bigger budget the more people it surveils demand the moon?
If we're to believe the number of requests reported so far are 1-to-1 with users, all the information could fit on a single drive. The Bluffdale, UT facility seems capable of handling a good amount of data for each of the entire digital population, even if half of the buildings is space for bureaucrats.
Whether or not your browser client is providing the encryption, however, you've also rendered completely useless any reason for having web mail in the first place, as you've become next-to-useless to them (no content for ads, no content for things like Google Now) and all their infrastructure is useless to you (no content to search over, no content to spam filter, etc). You no longer have a relationship except they're your SMTP gateway and a backup drive. You can get those today all over the place, you don't need google. If you want to stick with Google, go download a desktop mail client and chat client and install the open source PGP and OTR plugins for them. You can do this right now.
As for the browser side of things, it seems like it would be much much better not to rely on google, but to write a browser extension that identifies the gmail textbox and runs some version of PGP using a private key in your OS/lastpass/whatever keychain. The main thing you'd want to do is somehow isolate the input textbox from the page so that keystrokes only go to the extension, and only the encrypted data goes into the page, preferably when the Send button is pressed.
If Google were to be technically capable of decrypting your email so they can show it to you in a browser, and you're a target for an investigation (a narrow one or an overly broad NSA one), why on earth would the court order/warrant not demand that they decrypt your email to show them, too?
A few other thoughts, though:
- You could still do spam filtering, of course. If it scores highly as spam and the user trusts the spam filtering, it could be deleted or moved into a likely spam folder. (I'm assuming plaintext email is encrypted automatically right away.)
- There are provably secure techniques to perform searches on encrypted data assuming an untrusted server, such as:
- If the encryption is handled on the client side, Google would NOT be technically capable of decrypting your mail. They would not be able to comply with a court order demanding they decrypt your mail. This is what the original version of Hushmail did, before they added the flawed later version that was exploited by FedGov in, if I recally properly, precisely the way you describe.
So what can the gov't do if companies don't co-operate? With individuals, there is blackmail and illicit co-ercion. What does the gov't do to corporations worth updwards of 100B to get them to comply?
Mainly, that it's essentially overstepping the speech of the less powerful. It results in the poor having unequal, lesser freedom of speech.
I would have expected you to be on my side on this issue, as you seemed to be more of a 'spirit of the law' guy rather a 'letter of the law' kind of guy.
Anyway, I'm curious to know more on why you think CU was the right decision. I advise watching all 31 minutes of the Trevor Potter vs. Floyd Abram debate if you have time and if you haven't watched/read it already.
I was very sad that ACLU came out in support of CU, I think they were wrong on this one.
No. Nobody is "forcing" me to concede that. Certainly no logical aspect of this situation.
One person opting out probably won't help them at all, but it would be interesting to consider a more scaled up "opt out" program whereby you go through a one-time deep check and might be granted less monitoring as a result. They would need to sufficiently automate it to make it feasible, though. I also suspect the people who feel most strongly about opting out would also be against the idea of even a one-time check.
No, that would not be interesting, that would be treason.
This is conceptually confused.
Juries aren't judges or lawyers. They don't get to rule on questions of law, and their verdicts don't set precedent.
If Google does what you suggest and then a judge rules that, as a matter of law, the FISC order was unconstitutional, that means that what Google would have been accused of doing was not illegal -- which means no jury ever gets involved.
If on the other hand a judge holds that what Google would be accused of was illegal, then you get a jury to decide whether, as a matter of fact, they did what they're accused of. But in that case, an acquittal by the jury wouldn't set a precedent that their actions were legal, any more than a jury finding someone not guilty of murder sets a precedent that murder is legal.
All of which means there's no reason for them not to seek a declaration of the order's unconstitutionality before breaching it.
A jury can rule on questions of law.
Rather, it's a jury saying 'I know thing X is illegal (and I can't change that), but I'm going to say that the defendant is not guilty of doing thing X, even though I think he did, because I think thing X shouldn't be illegal'.
That may sound like a fine distinction, but it isn't, it's crucial. A legal precedent that X is not a crime means no-one can thereafter get tried for X (where the precedent applies). A jury nullification doesn't have that effect.
Google does have legal resources far beyond anything a normal citizen has, and since they have been compelled to secretly give up their data, they also have the legal standing to file suit (presumably, although who can know when you have secret laws decided in secret courts via secret decisions...).
So uh, go google!
This is a PR-stunt, nothing more. Google could have "challenged" any and all gag-orders even before PRISM was leaked.
Was giving NSA wholesale access to user data bad in 2009? -Why not challenge that shit in 2009? Gag-orders getting in the way? -Well why not challenge those in 2009 then?
I guess they were too busy extolling the virtues of being Open and Transparent: http://googleblog.blogspot.com/2009/12/meaning-of-open.html - that's December 2009, with PRISM in place for almost a year. Fucking scumbags.
So why didn't they challenge it in 2009? Probably because there wasn't that much in it for Google, since wasn't a big national shitstorm blowing that way. But now there is. That is the point I am making.
So, now, Google could serve their own corporate interests by fighting hard against the rise of the secret police. Would that make Google an awesome person? No, it would still be a selfish corporate entity trying to get money, just like it always has been
But, it would (rightly) be perceived as a force for good, on the right side of this particular battle with tyranny. That would help you, me, America, and the world... but it would also help Google, it would seem.
And some of these other "fucking scumbags" (which I assume is your term for "corporations acting normally"), like Apple, Yahoo, etc., might be encouraged to do likewise.
In other words, it takes public outrage to create the shitstorm (which you will have noticed is in the mainstream media, not just nerd forums like this one), but once the outrage is in place, that helps align the interests of corporate behemoths like Google with what you and I would probably agree is Good (i.e., not having fucking secret police using secret laws to evade the control by the citizens of the nation).
> So why didn't they challenge it in 2009? Probably because there wasn't that much in it for Google, since wasn't a big national shitstorm blowing that way. But now there is. That is the point I am making.
Yes. I'm also well aware that corporations engage in damage control only when it's necessary. But again, there's no reason to commend them for doing precisely that, especially when that's all this is about.
>>> So, now, Google could serve their own corporate interests by fighting hard against the rise of the secret police. Would that make Google an awesome person? No, it would still be a selfish corporate entity trying to get money, just like it always has been
>>> But, it would (rightly) be perceived as a force for good, on the right side of this particular battle with tyranny. That would help you, me, America, and the world... but it would also help Google, it would seem.
Even in 2009, all those huge corporations were well aware of the "rise of the secret police", because all of them were either already participating in PRISM, or in the process of being strong-armed into doing so. Had they perceived fighting this kind of evil to be in their own self-interest, they would have done it right from the start. They could even have joined their forces in opposing the government, but they chose to remain silent. Not a word about the systematic raping of people's privacy all over the world.
PRISM was just as evil in 2009 as it is now, and taking a stand against evil was the right thing to do in 2009, just like it is now. Parading around as some kind of paragon of corporate virtue while secretly shitting all over your users' privacy, on the other hand, was something that only Google did. Also, if a highly intelligent bunch of people running a powerful corporation is interested in fighting the rise of the secret police, it'll be aware that's something that should be done right away instead of after waiting around for several years for the situation to get even worse.
Google can't be rightly seen as a "force for good", no matter how eagerly you swallowed their disingenuous PR-bullshit about the joys of being Open back in 2009.
>>> but once the outrage is in place, that helps align the interests of corporate behemoths like Google with what you and I would probably agree is Good (i.e., not having fucking secret police using secret laws to evade the control by the citizens of the nation).
It's important to realize that they've already proven they simply don't give a fuck. As long as they're making pleasantly massive piles of money and their armies of lawyers are keeping their taxes low, they're quite happy with the Status Quo. Don't think Google gives a fuck or even thinks it can change anything. Don't think it even wants to change anything.
Back in 2009, they wouldn't benefit from it, so none of them did it.
I don't believe Google is inherently "open" or "not evil" any more than I believe Big Macs are "nutritious" or "delicious".
What I am saying is that massive public outcry about secret police circumventing democracy may not affect the government or their secret police very much -- not until it gets a lot more massive anyway -- but it could have the effect of making the interests of multinationals like Google more aligned with our interests.
Which would be a force multiplier, since one Google has the firepower of two or three million average citizens.
Do they benefit from fighting the creeping police state in 2013? -Apparently not, because they didn't - at least until there was that massive shitstorm blowing their way.
Again, if they considered fighting the police state to be in their interests, all of those companies would have done it long ago. Since they haven't, we can conclude that they don't, and therefore, if a massive shitstorm prompts them into doing damage control and pretending they give a fuck, that still doesn't amount to Doing The Right Thing. It only amounts to bullshitting us some more.
Google's legal brief filed yesterday cites the "PRISM" flap, and false allegations like yours, as justification for being able to lift the gag order. They didn't have as strong an argument two weeks ago.
> Google's legal brief filed yesterday cites the "PRISM" flap, and false allegations like yours, as justification for being able to lift the gag order. They didn't have as strong an argument two weeks ago.
Oh? How about fighting against gag orders because they're unconstitutional and immoral to begin with? How's that for a "justification" for lifting one? Worse than "PRISM flap" and "allegations"?
The justice department almost certainly wont try to charge them with violating the order because they know that it will get declared unconstitutional by the supreme court and a giant company like google has plenty of money and lawyers to take it all the way to the supreme court. Most companies are too scared to see what will happen if they violate the unconstitutional order
Some of the companies named in the PRISM slide deck are in a state of constant information warfare with hostile governments (like China) and governments openly desirous of tapping all networks (like India). They are also continuously beset by piratical criminals from all over the world. It seems unreasonable to assume that they would transmit data over long-distance links in the clear.
I'm not saying they do encrypt everything or even most things. But as the basis of one's theories about PRISM, it doesn't seem like a good assumption.
I think it's an important distinction to make, and underlines how companies ultimately serve their own self interest before anything else; they're not acting nobly, and the ultimate responsibility lies with the individual.
Gag order also of Greenberg/Guardian, then what are ES' options?
> "....The Ministry of Defence has issued a D notice preventing the UK media from 'publish[ing] information that may "jeopardise both national security and possibly UK personnel"'.
what's left-- pastebin, Kim Dotcom, Prate's Bay, that New Yorker thing(no, gag order), Anonymous posting onto defaced sites, Wikileaks, ... ?
Do they have the users' best interests in mind? I honestly can't say so.
If Google's too big to fail on it's own, but the Feds want them to fail because they're (Google) are poking around too much, what happens?
On the other hand, if they all resist, who is the government going to retaliate against? The entire industry? It would be too great a hit to the economy.
So the question is whether Facebook, Apple et al are going to take the short view or the long view. If they let Google be the only one to stand up then maybe it will encourage the government to damage their competitor, but in so doing set the precedent that the industry won't stand together on issues like this, which can only make the government more brazen in the future.
I would love to see a ruling that corporations have no constitutional rights. But the people running them do, of course.
Google's arguably been the most active of the major tech firms in getting permission to disclose ranges of requests to date (has anyone else?); it's not clear there would have been a good business reason to pursue what may end up being a very expensive case if it proceeds all the way up through the court system.
It would only do slightly more than the current disclosure to expose the issue of such requests, and it would incur significant risk and cost in return. Given the recent controversy, I'd say this suit now benefits Google employees and shareholders, but I'm not sure it really does a lot for customers in reality.
Let's say Google wins the right to disclose the exact number of requests instead of the range it's been reporting. Will that really materially improve the situation for users?
Not everything needs material benefit. Symbolic benefit can be as structurally useful and beneficial as a countable material benefit. For if a powerful set of companies acts, the power relationship with the government (and consumers, not always beneficially of course) then changes.
the whole point is that Google did't ask before, so the benefit is less than it would have been had they (and others) acted earlier. I am suggesting this is because of a lack of real stakeholder accountability. The benefit to users now is still appreciable, even though they weren't looking after their customers' interests as strongly as perhaps they might have in another era.
Relevance to what? This is a most pertinent issue with respect to the actions of executives of a large business. If executives are competent, then if their concerns are broader, they will act. And there is certainly no requirement for me to demonstrate this in conversation such as this. Your statement appears to commit a burden of proof fallacy.
The most worrisome and misunderstood part of these reports is the "direct access" bit: can the government arbitrarily query company servers? their denials address that, they clearly say that is not the case, instead they sftp the data after being served with court orders or warrants and yes also the secretive FISA requests.
So by revealing the number of FISA requests they receive and their scope they hope to clear this "direct access" mess. As even FISA orders are much more acceptable than wholesale access.
As for the development being reported here: I think it has merit seeing how this clearly falls under the first amendment, but I'd like a lawyer to chip in.
That's Google. We've yet to hear from many of the other companies in the program about whether this sort of access is technically impossible, or whether it's an honor system that the government is supposed to follow. I haven't been closely following the Facebook, Microsoft, or Apple statements, so maybe they have also been explicit that it is a restriction that is implemented by technical means. Some of the companies haven't said anything yet.
How many of the companies really make sure there is legitimate documentation for each request? Do they really do this every time, or have they become resigned to the fact that there's nothing they can do, so they just rubber stamp each request coming through, even without the proper legal documentation?
 This seems to be a major issue--the President and NSA leaders have claimed that analysts "cannot" access your phone metadata and phone call content without the correct legal instruments. But by "cannot", they seem to mean "they are not allowed to" rather than "it is not possible for them to".
my understanding of PRISM and all this is that the entire internet is vacuumed and everything is stored, just in case. I cannot imagine a guy "checking off" on every email or every mailbox for millions of gmail users every day or even once a month manually. With 11K terabytes of digital data created per hour by US, I cannot imagine any sort of manual system being implemented.
It has to be totally entirely automatic, otherwise it won't fly.
The PRISM program mentioned in the Powerpoint slides is very likely the same program that is mentioned in unclassified documents such as Army Field Manual (FM) 3-55, Information Collection:
> 6-12. Two joint ISR planning systems—the collection management mission application and the Planning Tool for Resource, Integration, Synchronization, and Management (PRISM)—help facilitate access to joint resources. PRISM, a subsystem of collection management mission application, is a Web-based management and synchronization tool used to maximize the efficiency and effectiveness of theater operations. PRISM creates a collaborative environment for resource managers, collection managers, exploitation managers, and customers. In joint collection management operations, the collection manager coordinates with the operations directorate to forward collection requirements to the component commander exercising tactical control over the theater reconnaissance and surveillance assets. A mission tasking order goes to the unit responsible for the collection operations. At the selected unit, the mission manager makes the final choice of platforms, equipment, and personnel required for the collection operations based on operational considerations such as maintenance, schedules, training, and experience. The Air Force uses the collection management mission application. This application is a Web-centric information systems architecture that incorporates existing programs sponsored by several commands, Services, and agencies. It also provides tools for recording, gathering, organizing, and tracking intelligence collection requirements for all disciplines
Of course, this isn't remotely reassuring for a bunch of reasons. Most of all though, I'd be curious to hear more about how the auditing process works. He kept saying "auditable" I noticed, not you know... "actually audited".
But what I'm afraid of is that this mess with deciding exactly how much access the government has to Google will turn into a distraction from the larger picture. Which is that, in all likelihood, the NSA does not have access to Google. What they do instead, and what the name PRISM implies, is that they connect to the backbone (Verizon/AT&T), scoop up ALL data, and store it in their freshly built data center in Utah.
The slides I saw seemed to indicate when certain applications or filters came online. Such as a filter for Facebook data, or a filter for Google search/map/GPS data, etc. That's how I interpreted the graph, at least. It would indicate the NSA is rolling out specialized applications to handle data coming to and going from specific sites. Which allows them to more intelligently decipher what is being said, in more or less shotgun fashion.
Hence, the name PRISM. It's a project to split the full Internet stream into a Facebook bucket and a Google bucket, etc.
The hard solution is to secretly duplicate traffic from every data center operated by each of these companies, reverse engineer every HTTP request that goes back and forth so that the data can be parsed, maintain it for every product change that happens at these companies, circumvent HTTPS by compromising the certificate authorities, store it all, and still maintain a massive analytics tool that can make sense of the astounding amount of data coming through.
The easy solution is to avoid all of the technical ugliness of acquiring the data, and just legally make the companies give you the relevant information, neatly structured and packaged. NSLs are the ultimate hack.
You cannot decrypt passive monitoring with a CA's key.
Google started using these for their TLS setup about a year ago, and it's smart. They blogged about it, hoping others would follow suit.
I wonder if perhaps that change, and blog post, were their way of saying without saying.
For example for emails: emails travel unencrypted through the hops, and they would store them all, and then constantly analyzing them. When something suspicious comes up, they would go to the email provider to ask for more data. So for example if gmail address is there, they would go to Google and use their PRISM interface to get more data associated with that gmail adress, if it will be yahoo email, they will go to Yahoo for more data, etc.
This is even more complicated when the data centers are in other countries, and none of the data actually enters the US. So if two EU users were accessing Gmail from the EU, the data may never enter the US at all. This means any network tapping would have to be done in the EU as well, requiring cooperation from many international telecom companies.
It's still easiest to just force Google to hand it over via NSL. Google's still legally bound to deliver the data even if it isn't physically stored in the US.
From their perspective, why not?
A lot of the communication won't be encrypted anyways, and some of it will be, but they may be able to decrypt it at some point in the future.
The hard solution isn't just a little bit harder ... it's several orders of magnitude harder and more expensive. It's also highly vulnerable to simply using encryption. The easy solution works because the US companies are bound by law to cooperate. There's no reason to believe that legal pressure on these companies has failed to get the government what it wants.
Also, not every company is a US company.
I doubt that costs for such an operation would make any difference to the US government, considering how much it is spending per day on its military.
PRISM is a web-app. The slides make it pretty clear its a web-app. The army field manual link helpfully posted before in this discussion outright says its a web-app.
Not necessarily. As another commenter pointed out , a single FISA order doesn't have to correspond to a single citizen. One order can encompass millions of accounts.
> their denials address that, they clearly say that is not the case, instead they sftp the data after being served with court orders or warrants and such, including the secretive FISA requests.
While I think it's reasonable to doubt the claim that the NSA has true direct access to servers, I haven't been given a reason to doubt that information can be requested without court orders, warrants or FISA requests.
 - https://news.ycombinator.com/item?id=5901811
The court document from Google (http://assets.nationaljournal.com/img/MOTION.pdf) clearly states the desire to clearly list, in aggregate, the number of accounts impacted.
The other companies aren't going this far and I think they deserve a credit for what they're doing.
And I disagree with commend you link to, the solution isn't limiting data collection, sure it makes you a target but more data equals a better product. It's an issue of government overreach not engineering decisions.
I agree with this entire comment. Even the part where you disagreed with part of the comment I linked to. I even responded to that poster before replying to you. :-)
(Sorry about that. I meant to link to the comment for the text of the FISA order, and not for the jab against Google.)
http://twit.tv/show/security-now/408 for audio and relevant links
At any rate, assuming all fibre optic is tapped, how does that explain breaking SSL? That's a really big jump.
As to SSL, is there a claim that NSA has broken it? I wasn't aware of that. Not relevant to Gibson's idea, anyway.
Large governments don't need to break SSL. They have SSL root keys and can man-in-the-middle at will. Doing so across the board would likely be detected, but targeted usage likely wouldn't be.
If this was widespread, I'd expect someone to have found a Google cert signed by different root. Then again I suspect Google pins their certs in chrome for a reason.
This whole conversation is about wholesale data access, so targeting is not relevant. Besides, even if you are talking about targeting, the claim is, they are storing data and then targeting 'retrospectively'. So without a time machine there's no way they are going to be able to go back and MITM the targeted conversations they want to listen to after the fact. They would have to be MITM everything all the time.
How about this: the NSA has issued a secret subpoena for the private SSL key of every listed provider (Google/Facebook/Yahoo/etc). They are using those keys to transparently decrypt traffic and suck up what they want.
When news of the PRISM program was first revealed two weeks ago, officials at Facebook, Google and other tech firms informally conferred on a public response...
I don't know why people keep putting this into question, giving Google the benefit of the doubt, when they were caught pants down, no questions asked.
If the companies mentioned in the slides just complied with the law, why would they be singled out in those slides? Honoring search warrants and FISA requests is an obligation, not an extra.
The reason Google was singled out as a partner since 2009 is because they gave the government full unrestricted access.
Which part of the PRISM slides make you think that? They certainly indicate pretty much full access to accounts which have been OK'd by Google (at least in archive form), but that is very different from 'full unrestricted access' to servers. I'd say we don't really know the extent of it, and welcome Google's decision to try to challenge the government in court to reveal more details.
As far as I read them the few PRISM slides we've seen don't really indicate:
1) The extent of access (how many accounts, how many accounts per order etc)
2) The mechanisms for FISA access
3) Any time delay in receiving documents/access
4) Whether data is realtime or not after access is granted
and the figures that FB, MS, Apple have announced hardly constitute full unrestricted access to all accounts as you seem to be implying. It's still a serious invasion of privacy, there are serious doubts about the efficacy of the FISA court supervision, and for foreigners I'm not even sure there are any protections at all (the NSA might not even feel obliged to get specific permission for non-US communications), so for everyone outside the US this is really invasive, but I'm not sure I can agree with your characterisation of these slides as showing full access (full access to what, to all Google servers, seriously?).
After the scandal was revealed, and only after it was revealed in an unprecedented act by Snowden, did Google come out in favor of their customers. This is ridiculous.
Google was caught pants down and there's no amount of PR bullshit they can use to white wash this and pretend the government forced them to do it. They willingly participated in exchange for political status with the government, that is the raw truth.
| After the scandal was revealed, and only after it
| was revealed in an unprecedented act by Snowden,
| did Google come out in favor of their customers
I'm not saying you should trust Google with all of your secrets, or even all of your data, but it should be an informed decision.
Scary as hell, considering that one request can be as broad as: “It is hereby ordered that [Verizon Business Network Services'] Custodian of Records shall produce to the National Security Agency…all call detail records or ‘telephony metadata’ created by Verizon for communications (i) between the United States and abroad; or (ii) wholly within the United States, including local telephone calls,”
Google should cut the crap with PR moves and stop hoarding so much data about everything we do online. If they have, NSA will get it--one way or another.
I like that Google has a lot of data on me---it makes their services much more valuable to me. I don't like that the government can access it secretly.
These are distinct opinions and both can be reasonably satiated simultaneously if there are proper checks and balances in government.
Don't fall for this bullshit, Google has been in the spying business for ages now. They joined the NSA program in 2009 and have been in trouble constantly in every spy scandal there is some google product involved. Wake up already.
Google by comparison can turn off your gmail account.
On the other hand, if the government does this, people can do... what, exactly? Stop giving their information to the government? They didn't willingly do that to begin with. Stop giving it to Google? Maybe, but they would have to stop giving it to anyone, which is a lot more difficult than just switching from one service to another.
No, it doesn't.
People who aren't the government, and who lack its sanction in doing so, apply violence every day.
I'm certainly not the government, and I can quite legitimately be violent when defending myself from illegitimate (aka non-governmental) violence.
For example, if someone breaks into my home and behaves threateningly, I can (rather violently) shoot them, and the government won't object in the slightest. So much for them having a monopoly.
Okay, I know that he specifically refers to the US (he mentioned Gitmo) but remember that even then the state is the one who lets you exercise violence. The monopoly's just lending some of its power to make you shut up and stop whining so he can keep minding his (evil) business.
Also: Windows had a monopoly even when Linux existed. Monopolies don't always have 100% of the market share, but they're still a monopoly de facto and will fight hard to achieve the full monopoly.
What's the deal with the prostitute? Breach of services (especially illegal services) doesn't justify violence. Did the prostitute grab the john's money and then try and run off? If that's what happened, I'm not too surprised by the result, since we're allowed to defend ourselves against theft.
Now, perhaps the government has a monopoly on legitimate use of force (indeed, Max Weber used that as the criteria to define whether an entity was the government of a particular territory).
In the sense Weber uses it, it may be fuzzy, but its not subjective (its essentially the aggregate of how it is treated by the people in the territory.)
> The legitimacy of an act (violence in this case) is highly subjective.
The idea that legality is objective in a way legitimacy is not is debatable.
> I think I would rather say that the government has a legal monopoly on violence.
Perhaps, but that seems to be a trivial tautology, in that what is legal is precisely, by definition, what is formally allowed by some government.
> The legitimacy argument breaks down for oppressive governments where some revolting citizens take up violence because they see it as their last and only option.
Weber would state that, to the extent that this is a general failure over some subset of its territory, the entity has failed as the government of that territory -- that, in the case where no entity exercise a legal monopoly on violence over a territory, there is no government, and in the case where there is such an entity but its not the one that is claiming to be the government, then the claiming entity is simply wrong.
> Some might argue that their act is legitimate, but it is still illegal.
In the eyes of the purported government that they are revolting against, but not in the eyes of the purported government that they have formed in the revolution. Legality has no meaning without reference to a governing authority.
There is a lot more nuance there than the party-line recitation suggests.
Slavery used to be legal too. I'm sorry the government is not completely perfect, but the answer is to go fix it and make things that should not be legal, illegal. Until then it's like complaining about shell companies used by Google and Facebook to avoid paying taxes (a strategy typically well-defended on HN because they're "technically complying with the law").
I take it you've never lost an important email account, it can be very isolating. For some people that can be deadly.
I'm not saying that them fighting it isn't a good thing, but its hillarious that they're holding themselves out to be crusaders of freedom and privacy when they are one of the most prolific producers of "profile" data. You could even say they create "anti-privacy".
The cynic in me thinks that Google is deliberately fighting a losing battle, so that later on they can say, "Hey, it's not our fault -- we want to tell you what is happening, they won't let us!"
If they wanted to fight, they'd just publish the info instead of asking some court before doing anything.
Then again, it's doubtful whether anyone would believe them at this point if they published anything and claimed the information was complete.
The companies involved are taking these actions because the leak may have undermined consumer trust (eg. small drops in activity) in them. Perhaps even wrongly, if PRISM isn't as widespread as the initial leak suggested.
Secondly, if what you say is true, then we should stop complaining about what Google passes it to the government - what business is it of ours what they do with their data?
Thirdly, I doubt that anyone seriously believes that the 'fee' for using GMail is that their messages become Google's property.
You know the old saying, "If you're not paying for a service, you're the product." Why expect anything else? Google is a for-profit company and it's an expensive thing to run. They deserve something for the services provided, don't they?
But, if things are as you say, Google can do whatever it likes with the data according to the ToS. If people don't like data about them being given to the Government, or used for any other undisclosed purpose, they shouldn't have used Google.