Subpoenas are intended to recover specific pieces of evidence to prove guilt in a trial. They are not meant for blanket vacuuming of data, or for discovery.
It's not like the subpoena is a new legal instrument
I don't think they ever could compel companies by specifying the target as every customer on the off-chance that some where foreigners.
Whats changing is how powerful a surveillance tool it is— especially with service providers intentionally blurring the boundary between local and cloud data for unrelated business reasons.
In 1787 there would have practically no reason for you to hand over your most personal papers and effects to a third party. Today its increasingly hard to avoid and can even happen without any real knowledge or consent.
The obvious fix isn't statutory: Keep your private data local, don't use software that will cloudify your data without your knowledge, and when you must use third party systems always use encryption. ... but this is complicated by the fact that there are multiple industries whos revenue is threaded by prudent behavior like this.
Hopefully they'll realize that taking the immunity only solves the lesser of the problems this presents and they'll provide the resources needed to create the legislative change to insure privacy for the data they hold in trust. But maybe it's just cheaper to convince everyone that they don't need any privacy?
https://www.google.com/search?q=This+is+an+interesting+appro....
(1) Operate in Europe and make money here, but no spying on any EU citizen.
(2) Continue spying, but don't operate in Europe.
Alternatively, eliminate the tax evasion benefits of routing everything through Ireland. The tax hit of forcing many US companies to pay the full amount of US corporate taxes should be more than enough to change their tune.
The current Data Protection Directive apparently does not take into account many of the foreign online services, but the new GDPR does.
On wikipedia:
The proposed new European Union Data Protection Regulation (a draft for which was unveiled in January 2012) extends the scope of the EU data protection law to all foreign companies processing data of European Union residents.[1]
I'm wondering if and how the EU will enforce this law?
Source: https://en.wikipedia.org/wiki/Data_Protection_Directive , http://en.wikipedia.org/wiki/General_Data_Protection_Regulat...
First of all, I strongly disagree with "enough evidence now".
Next, to sue successfully, you need to prove that the thing happened (and that it happened in a way or in a place where the relevant law claims jurisdiction). How will your imagined plaintiffs get actual evidence? Subpoena the companies? Seriously, imagine you're a successful, law-abiding, US company. And imagine that a European court orders you to reveal facts XYZ, blah blah blah. Normally, because you're law-abiding, you try legal ways to avoid it, and then you obey the court. But in this case, the NSA has a gun to your head, and it's a legal gun (both in the sense that the gun is not illegal, and in the sense that the gun is made-out-of-laws). What do you do? You can't obey both laws at once. What you do is obey your own country. So the only way they'd get evidence (assuming your unfounded accusations are true) is if there were enough whistleblowers inside each sued company. If those people existed, they'd probably be coming forward already.
ALSO, not counting the UK, profits in Europe are pretty small, overall. Not small enough to ignore, but way way way too small to threaten US profits. Even all of non-UK Europe put together, actually, but especially if you're talking about individual countries.
And finally, you seriously have no clue how tax avoidance (not evasion) works. If big companies were forced to move out of Ireland, they'd move to any of the dozens of alternatives. Even the UK and France, for example, when they're not hassling big-corps, literally brag about how good their tax incentives are. There are LOTS of tax havens. Many countries would rather have 10% of a lot than 50% of nothing. You can disapprove or whatever, but that's the world the the politicians have created, when they're not pretending to be angry about that very same world.
The thing is, although I think nearly every sentence of your comment is ill-conceived, I wish your plan made sense. Because I would like to see the truth come out, whatever the truth is. If my company is innocent, I'd like proof. If my company is guilty, I'd like proof, so I can quit, and pressure fellow-engineers to quit, to send a message that would actually affect the bottom line. But your plan will never help me to learn the truth.
I'm sure there are other types of honeypots that could be set up.
So your choice, as a European, seems to be utilize networks that don't pass through America at all, or have the NSA spy on you. I apologize for the inconvenience.
Then why would the companies need blanket immunity?
This law could circumvent the breaking of ALL and ANY laws by these companies. After such a law is passed, companies may not have to be accountable to anyone. When questioned, they can lie about it and say the NSA said so.
They don't need to release transparency reports cuz the NSA said so. Any tech company can lie to the Privacy Commissioner cuz the NSA said so. They can do anything cuz the NSA said so.
This is the mother of all loopholes. Good luck, world.
Once this thing becomes legal, companies have grounds to organize this as a trade with the NSA. The funny (maybe scary is the right word?) part is that they can legally lie about this because it's with the NSA.
But Keith usually gets what Keith wants, so I'd bet money on it passing this time around.
I personally will never ever trust any company with putting stuff into their systems.
For me the cloud as offered by them is dead and buried forever, even though I know that the NSA can capture anything with their split network rooms, the companies just lost my trust by lying as first.
It would have been less worse if they said that they were forced, but no, the arrogant adolescent nerd boys management thought it was ok to lie.
I am not a lawyer.
TL;DR: everything about the WAY this story was reported is an obvious deception.
First, methodology. This is blogspam that adds nothing to the original article at http://dyn.politico.com/printstory.cfm?uuid=EF9BC1BF-34EB-41... (at least they link it). That article, in turn, cites no sources. So I'm basing the following only on those articles.
Also, let me be clear that I'm anti-immunity in general, and I think that the UsGov behaviour in Hepting vs AT&T is reprehensible, and no one should ever vote for any lawmaker who voted in favour of FISA, for that reason alone.
Okay, let's take it apart.
If you read TOA, it specifically says Alexander specifically claims he's not asking for blanket immunity. So the title is linkbait. Fuck you techdirt, for sabotaging the cause of freedom; now if/when Alexander/NSA replies to this article, he can avoid the issue by denying your false allegation. Don't muddy the waters.
Next, the context is not explicitly about spying at all. Not at all. Zero mention of spying. Oh look, the headilne is linkbait twice over. Fuck you twice over, techdirt. I can only conclude that Mike Masnick is either illiterate, or a liar.
ALSO, while Alexander is the head of the NSA, and while the NSA and the USCYBERCOM are deeply in bed, they is still some distinction, and this really sounds more like a USCYBERCOM thing than an NSA thing.
Next, listen, the only legitimate reason for cops to exist is to protect the populace. And if there's ONE thing that I trust Alexander about, it's the fact that at least some people want to fuck with US companies and US infrastructure (he's probably lying about the scale, and basically everything else). If SinoGov, or crazy terrorists, or AnonSecOfTheWeek, or whatever, attack US Companies, and private enterprise can't cope, it's reasonable for USGov to fight on behalf of Americans and American companies, and that might include giving them advice on cybersecurity, and that might involve giving them the equivalent of virus definitions, and saying "block all traffic that matches this signature and you'll be in better shape". This is legit. This is a strong argument. He goes on to say that if companies obey the NSA and turn out to harm someone with it, they should be immune. Okay, this part I disagree with. But seriously, of all the horrible asshole claims the NSA has made lately, this one is about as reasonable as it gets.
That said, I'd argue against such immunity. If the companies act in good faith with due diligence, what do they have to lose? And if they don't do due diligence, fuck them... what kind of moron trusts the fucking NSA?
As for counter-hacking, sooner or later the law is going to have to address it. And it's going to be difficult. And they should fucking get started, and proceed slowly and cautiously.
EDIT: slight touch-up on TLDR
Keith Alexander is the Director of the NSA, Chief of the Central Security Service, and Commander of U.S. Cyber Command.
Maybe I misunderstand the division of responsibilities, but AIUI, the NSA limits themselves pretty absolutely to spying, and actually going out and doing things (like telling companies to block certain packets, which allegedly might cause that company to need immunity (ha!)) is not really an NSA thing.
I've had that reaction so many times now that I eventually stopped clicking on any story from there. All they ever do is pander to their readers' preconceptions. With friends like these, we don't need enemies.
An online colleague once coined Japhy's Law. It says: "The facts you really want to be true are those you should be most skeptical of." It should be written on every blog.
Alexander would not be heading the agency if he bluntly asked for blanket immunity or talked about spying on citizens. (How much was said about PRISM?) The article deduced what is possible within the proposal. And knowing some history, I say it's likely to happen.
So yes, it is biased and baity, but hardly prompts a "fuckety fuck" rant :)
Minor quibble #2: "blanket immunity" and "spying on citizens" are deliberate fabrications of what was proposed. Separate paragraphs "deduc[ing] what is possible" would be well-and-good, but actually saying he said things that he definitely didn't say is not okay.
KEY POINT: When it comes out that Alexander/NSA/whatever didn't commit/advocate the particular abuses/crimes that some liar (e.g. Masnick) said they were committing, no one will believe you and me when we tell them the truth. And the truth is BAD ENOUGH!
Dishonest shysters posing as journalists always rates a "fuckety fuck" rant.
1. Do you actually care if you get it?
2. Go f* yourselves
Or are you afraid that they'll rat you out to the police for being a 'dissident?' If you are then they've already won.
plaintext: "Don't you wished everybody used Ivory(tm) soap?"
- retroactive legality - retroactive il-legality - immunity
I don't / can't even understand how immunity can be a thing. Sounds like some kids making up bullshit rules on the playground. To even suggest it points directly at guilt.
Edit: While he's in jail, maybe he could pick up a copy of the Constitution. :)