Yes, mozilla mentioned this in a blog post when someone here on HN pointed that they should move persona out of the U.S. Being a U.S. company they have to follow the U.S. law regardless of their servers' location.
Its a bit short on specifics though. I'd like to know which laws give the US access to data held on servers that are physically outside its jurisdiction. What happens when they are in conflict with local laws (e.g. EU privacy laws)? I though there were international agreements covering this.
If Apple can successfully use tens of shell companies to declare income outside of the US and thereby avoid taxes, I wonder if Mozilla and others could create shell companies outside the US to avoid surveillance.
