I truly do not understand why anyone would want to "help" the LEOs of today. They are the enforcement arm of the ruling class seeking to take away whatever privacy we have left. It truly saddens me that Google is volunteering to help turn over data to them, for free, without a fight.
The current system is slow and inefficient, and that is wonderful. Think about it. Police could always legally follow you - it only became a problem for privacy when CCTV and hidden GPS trackers made it easy to "follow" everyone at once, cheaply and efficiently. Much like password hashing algorithms, some systems only work well if they are kept slow and inefficient on purpose, to ratelimit their use. This causes each use to be reviewed and considered carefully. I feel like turning over user data to anyone should be one of these processes.
Let them get warrants signed in triplicate, convince ten judges, file thousands of pages of papers, find out they lack jurisdiction, convince more judges, etc... Only then is there a chance that they will not go on a fishing expedition for everyone's data all at once.
Always remember these words of Richelieu: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." You may be an honest man (/woman/child/etc), but your government is always on its way to becoming Richelieu
There is also the issue of parallel construction - basically using evidence gathered illegally to build a case, and then not submitting that evidence during the case, or using it for a plea-bargain.
As Snowden said, good encryption is a part defense against this. VeraCrypt http://veracrypt.org works nicely with DropBox, while SyncDocs https://syncdocs.com encrypts Google Drive.
Richelieu would have had a ridiculously easier time if he could select any six lines from everything an honest man had ever written. Using encryption to make this harder could be wise.
Encryption can't save you entirely, there is still a ton of metadata being produced which is most of the time at least as interesting as the content [1]. Avoid the cloud and decentralize as much possible. As a bonus decentralizing helps to avoid oligopolies and monopolies.
Big, purely money driven cooperations will follow the path of the least resistance so it's no surprise that they automate LE requests away in the long run. As most of the "internet giants" essentially make money by spying on their users they have the basic infrastructure in place already.
[1] 'We Kill people based on metadata' some former CIA/NSA director once admitted.
This isn't about helping law enforcement. Here's the tell:
Faced with the extended delays under the MLAT process, some countries are
now asserting that their laws apply to companies and individuals outside of
their borders. Countries asserting extraterritorial authority potentially
put companies in an untenable situation where we risk violating either the
law of the requesting country or the law of the country where we are
headquartered.
[...]
We are also seeing various proposals to require companies to store data
within local borders as a means to gain easier access.
It's about two things:
1 - Google doesn't want to be in the middle of Country X and the US where the laws conflict;
2 - More worryingly, countries are requiring data be kept within their borders and hence subject to their laws. This complicates google's business of monetizing people's data.
> The current system is slow and inefficient, and that is wonderful.
which is great until it's not slow and there is no due process. I think the key motivation may be:
> Faced with the extended delays under the MLAT process, some countries are now asserting that their laws apply to companies and individuals outside of their borders. Countries asserting extraterritorial authority potentially put companies in an untenable situation where we risk violating either the law of the requesting country or the law of the country where we are headquartered.
> USA was reminded that their laws did not apply outside of USA, and they can go use proper slow channels
They were reminded that the Stored Communications Act does not apply outside of the US, but according to the OP the Second Circuit said Congress could easily change that.
If Congress started making moves in that direction it would make sense to get out in front of it with some kind of proposal, because AFAIK there's no constitutional basis for those protections.
The US have always liked to apply their laws on American entities even on foreign soil, see e.g. IRS taxation. Based on decades of precedents like that, it's not difficult to see them attempt to apply the same reasoning for communications.
Anything that makes getting user data easier is bad. Better to fight each request. Better to not have a set procedure that is clear and concise. Let them figure it out each time. Change it up occasionally.
It seemed like it would be better if there were clear rules and guidelines that governed when and how data would be turned over. Then users and companies would be more aware of their rights and risks, and there would be an above-board and verifiable process for accessing data.
> I truly do not understand why anyone would want to "help" the LEOs of today.
Have you considered the position of the victim?
Consider some instance of cybercrime, for example: perpetrators defrauding four companies of €86m [1]. Are LEO supposed to roll over and give up on the case, just because the perpetrators reside in some other country?
The current system is slow and inefficient, and that is wonderful. Think about it. Police could always legally follow you - it only became a problem for privacy when CCTV and hidden GPS trackers made it easy to "follow" everyone at once, cheaply and efficiently. Much like password hashing algorithms, some systems only work well if they are kept slow and inefficient on purpose, to ratelimit their use. This causes each use to be reviewed and considered carefully. I feel like turning over user data to anyone should be one of these processes.
Let them get warrants signed in triplicate, convince ten judges, file thousands of pages of papers, find out they lack jurisdiction, convince more judges, etc... Only then is there a chance that they will not go on a fishing expedition for everyone's data all at once.
Always remember these words of Richelieu: "If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged." You may be an honest man (/woman/child/etc), but your government is always on its way to becoming Richelieu