Well, did you expect "privacy" to imply that your data would not be released to the government following legal requests for it? I always assumed it meant that they wouldn't share it with other businesses, but maybe that's just me.
Analogously, if one of the major phone providers started selling information to marketers, including what times of day I made phone calls, would it be inappropriate for a competitor to create a marketing campaign around "privacy" highlighting that they don't do similar things? Would you complain that since the government can still get a wiretap and listen to private conversations, there really isn't a meaningful privacy difference?
That implication is exactly what Colin provides with my tarsnap backups. He (or Amazon) can respond to legal requests with my strongly encrypted data, and Neither Colin/tarsnap nor Amazon can provide them with my private keys.
You can design your systems this way. It appears you're allowed under US law. It seems there's companies jumping through hoops on behalf of the NSA and/or FBI to build systems that _dont_ provide that guarantee.
Note that Colin _could_ conspire with / be compelled by the NSA to attempt to convince me to "upgrade" my local tarsnap code with a backdoored version - and I'm OK with that, if the NSA is looking for me specifically, I fully expect them to find out _everything_ - that's their job and I expect them to be world-class at it. What I _dont_ accept, is that they have any "right" to record and archive permanently anything I ever do online "just in case". And I can and am taking steps to make that harder for them, and I'm noticing which companies are apparently working agains my wishes. I'm curious to know if Dropbox are noticing an drop in de-dup rates lately? My Dropbox storage is now all encfs encrypted - including the folders full of grabbed funny-cat-pics and Internet meme images. My versions are no longer the same as the other several million of them stored on Dropbox. Same for my SkyDrive/GDrive/Jotta accounts.
Can they do that?
I assume there is a difference in law between the somewhat passive act of giving access to information already stored and forcing somebody to actively perform some action.
For example if you have private CCTV on your premises, a court can demand access to whatever footage they have captured but I don't think that they can force you to install hidden cameras on your property.
Isn't stuff like that usually done as part of a bargain, like having somebody wear a wire in exchange for not going to jail.
They persuaded a lot of big companies to collaborate actively (i.e. Microsoft, Blackberry etc subverting crypto). Personally I don't see it as legal or ethical, and would resist it, but a large government can bring a lot of pressure to bear. So if tarsnap got big enough to be a problem, then perhaps we'd find out.
I didn't think it meant they would give the NSA an un-encrypted firehose of private user data violating unlawful search and seizure implications that are a constitutionally protected right of American citizens, but maybe that's just me.
I can see how "but maybe that's just me" (and the entirety of the first paragraph) could be read as snarky, but that's not how I meant it. It was a non-rhetorical question: what should a company like Microsoft do when faced with a court order? Does compliance with such orders make "privacy" campaigns nonsensical, if they still have meaningful privacy protections compared to competitors? Also, IANAL, but as far as I know Microsoft can't violate the 4th amendment, only the government can.
No-one can violate the 4th amendment. The government is only seen to be violating it because they've chosen to interpret it under a different meaning that somehow allows them to collect private user data en-masse.
Analogously, if one of the major phone providers started selling information to marketers, including what times of day I made phone calls, would it be inappropriate for a competitor to create a marketing campaign around "privacy" highlighting that they don't do similar things? Would you complain that since the government can still get a wiretap and listen to private conversations, there really isn't a meaningful privacy difference?