Just to clear the record: there is technology out there that can obfuscate data (anonymization) and offer protection against unauthorized access (it is even possible to store data in tamper-proof systems to which nobody has access, including Google). Nobody is suggesting Google should not respond to subpoenas. We are suggesting that Google protect our data and take steps to reduce the risks of subpoenas.
If Google can access my data anyway(even though its a pain in the ass), they can still comply with US subpoena's. I would imagine its easier to just automate the process(with a backdoor of sorts) then have to mess around doing this all the time.
I don't see any details on the actual backdoor in the article, so I hesitate to jump to conclusions.
Google fights against subpoenas and warrants all the time but sometimes they lose. At that point they have to comply or be held in contempt and I can't really blame Google for complying in that situation.
With many thousands of engineers it is totally possible for bad actors to have infiltrated Google. It's one of the reasons why there are such strict protocols for accessing customer data or production hardware. The idea is that by default no one has access to anything and that all accesses to data and production hardware are logged and audited.
I'm sure there're still opportunities for a rogue employee to do something bad but Google are way better at protecting access to their customer's data than many of the companies I've seen.
Yeah, but Google should overthrow the government and set up one without subpoena power. Otherwise, they're just not doing all they could to protect my privacy.
Sure. But that requires atleast a subpoena. So there is atleast some expectation of due process. Which means Google or any other company can push back. Failing that, something like Snowden can happen.
Contrast that with police collecting that data and not requiring any, however made-up, oversight.
Yeah, but if you read the linked paper, there are things Google could do to protect its users' privacy. That paper is about privacy-preserving targeted advertising, which would not give Google anything for the government to subpoena or search while still allowing them to conduct their business. There is no reason Google has to make itself an easy target.
We were also the first company to publish our transparency report on governmental requests, and the first company to include any specific number ranges on the number of national security letter (NSLs) that we get.
Google pushing malicious updates would leave forensic traces, not to mention it'd be difficult to establish a legal framework allowing a government to force Google to do so.
In contrast, subpoena'ing data from the cloud is routine for police in countries all over the world.
"The government needs legal process—such as a subpoena, court order or search warrant—to force Google to disclose user information."
Well, as long as we know that the NSA has installed hardware at their "partner" companies, the main questions about the degree of access to private user data seem answered to me.
all data given under a subpoena should be a matter of public record at some point (at least it is here) and I was not aware Google handed out any other data to the government - if he has evidence of that it would be good to see it.
Are you kidding? It would, of course, be covered by a National Security Letter (or whatever they're calling them these days), and illegal to even talk about. I have zero doubt whatsoever that the FBI, CIA, NSA and anyone else who wants it has full access to everything Google stores.
TBH, I think this is the wrong situation to trot out "Don't be evil."
Law enforcement has always been able to subpoena this type of information. From phone companies, credit card companies, ISPs, etc. If Google wants to legally operate in the United States then they don't have any choice but to comply.
The bigger issue, IMO, is that nobody has any idea who else has access to this information. Google can share this information with anybody. It's entirely on good faith that people trust them not to.
My point is that I suspect Google complies with requests even when they legally don't have to, and provides data to the government that looks innocent on the surface for PR reasons but is still instrumental for widespread surveillance and infringes on the rights of Americans
My comment is referencing what was documented to happen during 2013: the NSA compelled tech companies to turn over user data under threat of jailing the executives and fining the company huge amounts.
They don't need to ask Google for data from other companies. They can compel them to provide the passwords or authentication codes which are stored on Google's servers. Or they could just ask for a list of which accounts have a saved password, so they know who to target next with an NSL.
Seeing as the government can demand any information on you from Google if it really wants it, Google-proofing is a prerequisite for NSA-proofing. And Google can't imprison you.
2. Google is lobbying to change federal law to require search warrants backed by probable cause and signed by a judge for stored cloud email (and Google Drive, Dropbox, Flickr, etc.) files, a privacy protection opposed by the Obama DOJ:
http://news.cnet.com/8301-31921_3-20123710-281/google-facebo...
3. Google began requiring police to obtain search warrants for email after the Warshak decision nationally, even though it was binding only in a few states. So did (from memory) Facebook and Microsoft.
I trust Google as a company. But as Google is under US jurisdiction it is affected by things like National Security Letter subpoenas (see: http://en.wikipedia.org/wiki/National_Security_Letter). This is a type of subpoena that does not require a probable cause or judicial oversight (meaning that the FBI can issue them without court order) and the recipient is under a gag order prohibited from speaking about them.
In addition, Google seems to also abide to subpoenas issued by other countries, but does not clearly state under what conditions. E.g., is the German government only able to subpoena accounts of German citizens? Or of people who used Gmail in Germany? Or of any Gmail user if there is a probable connection to Germany? And under what conditions does Google adhere to the data retention laws in some European countries?
I acknowledge that there are cases where it is legitimate that government agencies get access to one's mails. But if this is possible without court orders I consider this largely undemocratic. As a consequence, I try to keep as much information as possible on my own server (with a fully encrypted filesystem).
So I:
- Currently use Google for searches, but I have set my browser to delete all cookies on shutdown. I have not Flash installed, so I'm not affected by "Flash-cookies". I also tried out duckduckgo as search engine, but in my opinion the search results are considerably worse than Google's.
- I have some domains using Google Apps that I've moved to Google in the past. But I'm currently in the process to also move the remaining domains (that only relay mails) back to my own server. However, I also acknowledge that this is somewhat futile given that 90% of people I communicate with use Gmail - meaning that all of my mails are stored on Gmail anyway.
So in this case letting Google analyze the data really is wiretapping [1].
I understand there can be tremendous benefits in letting companies analyze all sorts of data on us, and then letting them spit back useful services for us. However, if we're going to go along with all of this, then we'd better have some very strong national and international laws to protect us against government abuses in simply lifting data of millions of people at a time, or simply targetting various people, whether nationally or internationally, without very strong oversight and a clear record of what happened, who did it, and why they did it.
Otherwise, companies like Google, by collecting so much data on us and keeping it for so long, are just making it extremely easy and trivial for governments to abuse their power.
Well, I'm not actually American, but seeing that Google is, and that's where they store all their data, and as such both they and it is subject to US law, I was speaking for there.
a subphoena through the normal courts
Why on earth would they get a subpoena? Do you know what an NSL is? Not that they even need that, apparently. Have a read of this:
Dont you think such a massive conspiracy would be fairly quick to come to light
None of this is conspiracy, though it might have sounded like that even 10 years ago. It's common knowledge. Most privacy-conscious individuals I know, including myself, have been operating under the assumption that interested government organisations have full access to anything stored by any business or government entity, with only the sheer volume of data providing any kind of anonymity.
Well, subpoenas are issued prior to someone being judged guilty. And, I don't know if you agree, but "if you have nothing to hide, you have nothing to worry about" is a very poor justification for any kind of invasion of privacy.
As I'm sure people are aware :-
1. Google DNS tracks all domain queries
2. Chrome basically key logs everything you type into the search bar.
3. Android tracks calls, messages, IMs, emails..
4. Google Fiber has the potential to track even more content
If there were lets say 20 different services, there would be NO way to connect email account foo@email.com with a forum posting from member RedSpike93 to a search for "escorts in miami". Google engineers have already been fired for stalking teens, accessing private info, etc.
Heck, its kind of unbelievable that not too long ago, Netscape was sued for "only" tracking what users downloaded.
reply