Comment by tptacek
1 year ago
What these analyses always miss is that providers on foreign soil have even less protection against the US IC: breaking into foreign providers is literally NSA's chartered mission. That's not to say you should deliberately use US providers! Unless, that is, abuse of legal process in the US motivates your decisionmaking, in which case: an abused legal process beats no process requirements at all.
It’s not even that they have to “break in.” The government allows big tech companies to basically do whatever they want as long as big tech provides the government with an easy way to move forward with the parallel construction needed to bring case against literally anyone should officials be motivated to see that person imprisoned. Everything you’ve ever done can and will be used against you to maximum effect.
It's the NSA's job to do that domestically, it's just supposed to be firewalled by some hidden kangaroo court that absolutely doesn't do its job: FBI agents have been busted stalking women/exs several times.
Has been since 9/11. Remember, there's the omnipresent neverending war on terror.
I mean, sure, stipulate that. But there isn't even a kangaroo court for a service hosted in Europe.
Europe has plenty of “Kangaroo courts” of their own and partnerships like five eyes encourages authorities to share information. The UK’s NSA equivalent doesn’t need to worry about infringing on an American’s 4th amendment right and technically (if you don’t think about it) the NSA has plausible deniability if the UK shares this information. And vise versa with UK citizens or any western government.
9 replies →
Whatever legal requirements might be at play, the fundamental difference is that a US company will comply, whereas a non-cooperative external party would still need to be broken, which is very much non-trivial in the age of strong cryptography, even if you're NSA.