In my The Good Guys and Bad post, I had harsh words for Microsoft’s collaboration with the NSA and FBI. I still find their actions over the top and inexcusable but there is another side to the story. Declan McCullagh over at CNET explains how the government forces Internet companies to cooperate on surveillance.
The big threat is that the government will install their own equipment on the company’s network if they don’t get cooperation. No one wants that, of course, so they provide the targeted account details using internal mechanisms. Companies that resisted have consistently lost in court.
This, however, does not exonerate these companies, at least not completely. Companies are only required to provide what they can provide. If they don’t keep logs for longer than required for engineering purposes, they can’t tell the government when someone was logged on. If they keep user data encrypted on their servers in such a way that only the user can decrypt it, they can’t give it to the government. None of this is impossible. We can’t expect Google, for instance, to do this because their business model is all about mining their users’ data but other companies can and do.
If you want to keep your business your business you should seek out these companies. I’ve been accumulating a list of such services for my own use and will blog about them occasionally. Realistically, if you become a target of the NSA or FBI1, they are probably going to get your data but most of us aren’t and won’t be such targets so we can take steps to avoid having our data vacuumed up wholesale. This will also prevent companies like Google and Facebook from building a profile of our Net activities—a profile that itself could easily become a target of government interest.
Footnotes:
1 Or, if you’re not an American, whatever the appropriate Three Letter Agency is that takes care of such things in your country.