NSA Helped Destroy Trust In US Internet Firms, But Would Going Overseas Be Any Better?
from the unfortunately-not dept
First off, when the data is within the US, there are at least some restrictions on what the NSA/FBI can access. There are quite reasonable complaints about just how insanely broad Section 215 of the PATRIOT Act and Section 702 of the FISA Amendments Act are... but, at least those laws do include some restrictions and oversight (even if we all agree it's not nearly enough). However, once things are outside of the US, it's basically "fair game" to the NSA. The NSA has interpreted Executive Order 12333 to mean that it's "open season" on all information not in the US. As ridiculous as it sounds, that actually means that there are somewhat greater restrictions on information inside the US than outside. Those stories about the NSA hacking into the links between Google and Yahoo data centers? Those were only done on offshore data centers outside of the US, under the auspices of EO 12333. Meanwhile, for local intelligence operations, they rarely even have the same kind of restrictions that the NSA has -- meaning that offshore data may be even more at risk of being spied on by whatever local intelligence agencies are in that country.
It's a complete mess for the entire tech industry -- but if you were running a tech company and wanted to best protect that data from the NSA, there's at least a strong argument that the best move is to stay in the US, even after all of these revelations. And, honestly, that's even more of a reason why the US tech industry needs to be fighting strongly for much greater reform and oversight concerning NSA (and FBI) activities inside the US. The protections are way too low, but at least there are some protections.
I recognize that some are going to disagree with this entirely, as many have completely written the US off because of these revelations. But, there's a simple question to ask: if that's the case, do you really feel safer with your data somewhere else, where there are no rules at all about what the NSA can do with it?