First:
Thank you Snowden for introducing Privacy as a Banner issue which makes things like competing on providing greater privacy a "Business Differentiator".
Before the disclosures there was only a murmur of privacy violations that too only amongst the tech literate. Yesterday the old guy manning the register at a store said "Now they can't track you when you pay by cash" to the customer in-front of me.<p>Second:
What a lazy-ass way to dragnet everybody and get stuck with huge irrelevant data!
If you really suspected some one, the govt. should be able to convince a judge to get a "tap&gag".
Worth pointing out:<p><i>"The changing tech company policies do not affect data requests approved by the Foreign Intelligence Surveillance Court, which are automatically kept secret by law. National security letters, which are administrative subpoenas issued by the FBI for national security investigations, also carry binding gag orders."</i><p>But also:<p><i>"The shifting industry practices force investigators to make difficult choices: withdraw data requests, allow notification to happen or go to magistrate judges to seek either gag orders or search warrants, which typically are issued under seal for a fixed period of time, delaying notification."</i><p>I hope that the public don't misunderstand these two things.
Meanwhile, all emails older than 180 days are still considered "legally abandoned" and any government agency can look at them with a simple statement saying they are relevant to an investigation.<p>Does anyone know if user notifications are being sent when those emails are accessed too?
TBH, the default at all tech companies once they reach a certain size is to make a page that notifies users every time they are included in any query and the purpose of that query.<p>I should be able to go to Facebook, Google or any other large company and see every single query where I was included in the results. Every query run should include a 1-4 sentence blurb explaining the purpose of the query run and an ID that can identify the employee/entity/user that ran the query. A large hash table could be used to anonymize the counterparty. Users, when seeing a suspicious query, could then petition the companies to divulge more information about the query in question, possibly even resorting to the courts if they can make a reasonable appeal for the information.<p>I would love to see the EU to push for this as the default. If this was the default, then public policies researchers could gather data from volunteers to get a better picture of how companies are using personal data.<p><i>Quis custodiet ipsos custodes?</i>
<i>"... companies grew determined to show that they prized their relationships with customers more than those with authorities"</i><p>I've noticed that the words 'customer' and 'user' are starting to draw my conscious attention when I see them used (and misused) in mainstream journalism.<p>Consider: For most of the companies listed in this article, the customer is exactly that -- someone who pays the company for something, e.g. a cable or internet subscriber.<p>But for Google, Facebook, et al, the customer isn't the user; the customer is the advertiser. The user is the product. Google's <i>customers</i> could care less about privacy and user notification, except insofar as it spooks the users away from the service.<p>The distinction is worth keeping in mind when trying to gauge just how far companies might take this newfound willingness to resist.
Obama hasn't done his job of bringing change. Quite what the word "hope" means to him is anyone's guess. What we've got instead is a system of government so ridiculous and bizarre that it's not worth following at all.
What are the legal consequences to these large tech companies tipping off users? Are these companies just calling the bluff of enforcement agencies who are not willing to risk the bad PR? I'd love to hear from someone who has a better idea on why this issue is as gray as it seems.
“It serves to chill the unbridled, cost-free collection of data,” said Albert Gidari Jr.,<p>... I thought corporations received some number of millions of dollars to perform these procedures?
I hope there's some discretion used here based on the nature of the request. Child Sextortion (send me naked photos or record these sex acts with your sibling or I'll send this devastating photo to all of your friends on Facebook) is a very real and frequent problem. If mom & dad show the sextortion messages to their local police detective and s/he fills out a Facebook records request to see if the suspect is victimizing other minors, will Facebook notify the suspect?<p>The average local investigator is low-tech, has good intentions to help a victim, and has nothing to do with FISA or national security issues. I'd much rather see a tech company say, "Hey, we're not just going to give you everything on this user. In fact, we'll notify the user unless you provide more justification or background on the reason for your request," than notify the suspect without warning. At least then the investigator can provide more info for consideration, or go back to a judge.