Linked by Thom Holwerda on Sat 8th Jun 2013 14:57 UTC
Legal And yes, the PRISM scandal is far, far from over. More and more information keeps leaking out, and the more gets out, the worse it gets. The companies involved have sent out official statements - often by mouth of their CEOs - and what's interesting is that not only are these official statements eerily similar to each other, using the same terms clearly designed by lawyers, they also directly contradict new reports from The New York Times. So, who is lying?
Thread beginning with comment 564113
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Comment by Nelson
by voidlogic on Sat 8th Jun 2013 16:03 UTC in reply to "Comment by Nelson"
voidlogic
Member since:
2005-09-03

We start to get into a gray area when companies start being blamed for complying with the law. They are compelled to provide this information by the Government of what is in some cases their host country. Surely a little slack can be afforded to the ones that did comply.


Understandable and excusable are different. When it comes to things like human rights and civil liberties I expect people (and therefore companies) to to make the hard call and do what is right. What you are saying is just more supporting evidence of the banality of evil.

I'm not just talking about civil disobedience there. I'm sure the smart folks at many of these companies could work on engineering their products so that complying with these orders in a meaningful was be technically impossible and provide the government with no information.

Reply Parent Score: 5

RE[2]: Comment by Nelson
by WorknMan on Sat 8th Jun 2013 18:59 in reply to "RE: Comment by Nelson"
WorknMan Member since:
2005-11-13

Understandable and excusable are different. When it comes to things like human rights and civil liberties I expect people (and therefore companies) to to make the hard call and do what is right. What you are saying is just more supporting evidence of the banality of evil.


Right. So you're running a large company, and the government comes to you and says, 'We need some information from your servers about Joe Sixpack, and by law, you must provide us with this information.' So, what are you going to do? Are you going to play the hero and get yourself thrown in jail, and your company possibly put out of business? I'm sure we could get a good debate going about whether such things should be legal, but the point is that they ARE legal, and businesses are legally obligated to hand this information over. So I personally don't hold it against them.

I'm not just talking about civil disobedience there. I'm sure the smart folks at many of these companies could work on engineering their products so that complying with these orders in a meaningful was be technically impossible and provide the government with no information.


The way I look at it, it's like the DMCA. If you're being requested for information and it happens frequently enough so that it's a pain in the ass to do it manually, eventually you'll come up with some way to streamline the process. Otherwise, it's probably costing you time and money, and slowing down the process. If you HAVE to do it anyway, might as well be quick about it.

Edited 2013-06-08 19:04 UTC

Reply Parent Score: 3

RE[3]: Comment by Nelson
by voidlogic on Sat 8th Jun 2013 19:24 in reply to "RE[2]: Comment by Nelson"
voidlogic Member since:
2005-09-03

Right. So you're running a large company, and the government comes to you and says, 'We need some information from your servers about Joe Sixpack, and by law, you must provide us with this information.' So, what are you going to do? Are you going to play the hero and get yourself thrown in jail, and your company possibly put out of business? I'm sure we could get a good debate going about whether such things should be legal, but the point is that they ARE legal, and businesses are legally obligated to hand this information over. So I personally don't hold it against them.


Fair enough, the first few times it happened. Then I would like to see companies like Google to take technical measures to make it impossible to comply with these kind of orders in a meaningful way (Ideas follow):

It could be as simple as making sure non-encrypted user data is in jurisdiction non-amenable to assisting other security states and owned by a subsidiary local to that jurisdiction.

So they might comply, but the powers that be would get no useful information. For example, my gmail messages could be encrypted using my public key and only decrypted client side using my private key. Then Google could not read my mail (after storing it) and they could not provide anything but cryptotext to governments. They could still do all their advertising/search stuff by doing keyword indexing or whatever they do at receive time.

Q: How much extra work is this?

Not much, the server has one extra public key encrypt (which is cheap and happens every-time you visit a HTTPS page), after that the extra work is done client side (and is still pretty cheap). The only thing burdensome perhaps is that any search/ad indexing must happen are receive time and is not deferred (which may or may not be the case now for gmail).

The real technical challenge here is how to make sure the user has their private key on their devices/browsers without storing the key at Google, etc. Perhaps putting this key server in a different legal jurisdiction or letting users sneaker-net it at their choice is an option.

Reply Parent Score: 2

RE[3]: Comment by Nelson
by TM99 on Sun 9th Jun 2013 05:59 in reply to "RE[2]: Comment by Nelson"
TM99 Member since:
2012-08-26

Right. So you're running a large company, and the government comes to you and says, 'We need some information from your servers about Joe Sixpack, and by law, you must provide us with this information.' So, what are you going to do? Are you going to play the hero and get yourself thrown in jail, and your company possibly put out of business? I'm sure we could get a good debate going about whether such things should be legal, but the point is that they ARE legal, and businesses are legally obligated to hand this information over. So I personally don't hold it against them.


I hold it against them, and yes, I do expect them to stand up to this. Does this generation never study history any more? Go read about the Red Scare and McCarthyism. It was finally stopped when individuals and businesses began to stand up to the crazy intrusions upon civil liberties. It would not have if everyone did what you and Nelson (the corporate shill & apologist) are suggesting here.

Yup, poor little CEO's and corporations. They have a multi-billion dollar tax haven, errr, I mean business, to run. They can't be bothered with standing up to obvious governmental violations of the US Constitution & civil liberties!

Christ on a pogo stick. Haven't ya'll read any decent distopian science fiction? Unplug and read a fucking book or two!

Reply Parent Score: 4