Comment by dragonwriter
12 years ago
> Isn't this useless?
No.
> They can serve Google NSL and the court can force the company to release the SSL keys for the encryptions - just like Lavabit.
They can't do that without Google knowing about it, knowing what data is covered by the NSL and having the opportunity to challenge the request, or to factor the fact of the requests and the extent of information covered by it in evaluating Google's lobbying priorities.
> Google CEO/Board can not shutdown the company like Lavabit.
Well, it could (or, at least, it could recommend that course of action to the shareholders), but its true that Google is differently situated than Lavabit -- specifically, Lavabit doesn't have ~$50 billion in cash it doesn't know what to do with that it could pull from for political action to address government policy that it felt severely threatened the way it prefers to do business, whereas Google does, which gives it options to address known actions by a government agency that it doesn't like.
> What can they do, get out of USA like how they got out of China?
Well, its too big of a market for that to be a good first choice, but its not impossible. Moving the headquarters, etc., would be easy, the hard part would be moving all their existing data centers and similar operations out of the US.
If they wanted to do that with minimal disruption, they'd either need to build duplicate datacenters somewhere else and switch operations to those -- or, for less duplication, build a fleet of transport vehicles that could hold data centers, and piece by piece transfer their existing US datacenters into those transports.
I find it funny how many people say "x is going to move out of the US!". Upon doing so, x isn't protected from spying bye the NSA at _all_, not even the flimsy toothless protections we have as US citizens under US law. Ostensibly, the entire _job_ of the NSA is to spy on foreigners, which you become when you leave.
BTW, a much simpler way to get the SSL keys is to send someone (or teams) to be employed by Google. (Like another big country probably did a while back.)
Once inside, put a few webcam, physical/virtual key logger, a few line of code, (checkin code with extra ",", "=" instead of "==" in the right place - just like a post about Linux security Kernel hack a while back.) and the jobs are done.
> BTW, a much simpler way to get the SSL keys
SSL keys are not the target, the data is the target. SSL keys change over time, and you still need to monitor the actual encrypted data; tapping the data where its sent in cleartext is actually simpler, if you have the capability to do it, than infiltrating a spy into the dev team, having them compromise the system without being detected, getting the SSL keys, and monitoring all the encrypted comms.
> or, for less duplication, build a fleet of transport vehicles that could hold data centers, and piece by piece transfer their existing US datacenters into those transports.
That must be what they're building in SF bay right now! It all makes sense now. Get Apple involved with their cash hoard and you could put the datacenters in space.
>or, for less duplication, build a fleet of transport vehicles that could hold data centers, and piece by piece transfer their existing US datacenters into those transports.
Or, they could build data centers on barges and float them out of difficult jurisdictions. ;)