The Jacob Appelbaum / Wikileaks story makes for some pretty disturbing reading:
The secrecy makes it difficult to determine how often such court orders are used. Anecdotal data suggest that digital searches are becoming common.
In 2009, Google began disclosing the volume of requests for user data it received from the U.S. government. In the six months ending Dec. 31, Google said it received 4,601 requests and complied with 94% of them. The data include all types of requests, including search warrants, subpoenas and requests under the 1986 law.
— Secret Orders Target Email, WSJ
Having a cloud infrastructure run by US companies, on US soil, under US jurisdiction, seem positively dangerous. There is probably little that the companies involved can do in the legal system to rebuff these kinds of requests (although it is interesting that the likes of Twitter and Sonic, are at least making a point of fighting back).
Given that it’s unlikely that an operation like Google would forego the ability to mine it’s users data, it is hard to imagine that they would switch to a model where all data is stored encrypted, only accessible to the user holding the key. That, along with guarantees of only maintaining activity logs for a limited duration, would make a big dent in the likelihood of abuse.
Update: It looks like Sonic actually did the right thing: Help us, protect your privacy online. It would obviously be interesting to know if this co-incides with request for records relating to Appelbaum.
That said, it’s probable that government agencies would apply a lot of pressure to an operator of Google’s scale to be ‘co-operative’. In the states there seems to be very little public appetite for privacy protections written into law. Whether that is down to genuine belief that abuse is unlikely or just plain ignorance of the situation, is hard to say.
Appelbaum’s case appears to be a nightmare example of authorities fishing for information to build a case where there is no evidence that laws have been broken. They are determined to take revenge for Wikileaks release of the diplomatic cables, and will do almost anything to get it…
As an aside, i’m quite surprised that Appelbaum would use GMail as a provider. One would hope that he took precautions after getting involved with Wikileaks, and that the government agency working this case is wasting it’s time.
Anyway, it does raise the question as to whether there is an opportunity for someone to setup cloud based services, in a location less inclined to be silently co-operative with US requests, and focused on maintaining the privacy of the user. The lack of such an operation of any scale rather indicates that moment has not yet arrived…