Note: The problem is in the so called end-to-end encryption. The endpoints are the weak spots, but it would be an interesting first step if Gmail got encryption. It would ruin Google´s current business model based on context sensitive ads so I guess we won´t see it soon.
Originally shared by +Dan Gillmor
Note to tech companies based in the United States: I realize the federal government has put you in a tough spot. But you helped create the problem. If you want more trust from your customers/users, you can win it back this way:
1) Stop collecting vast amounts of data on us. 2) Do end-to-end encryption wherever possible. 3) Encrypt our cloud data so even you can't read it.
I realize these are not always trivial to do, and may conflict with your current business models. But if you want my trust — never mind the countless millions of users outside the US and the clued-in ones here — it's the bottom line.
The problem is in the so called end-to-end encryption. The endpoints are the weak spots, but it would be an interesting first step if Gmail got encryption. It would ruin Google´s current business model based on context sensitive ads so I guess we won´t see it soon.
0) bring transparance.
I understand that if you want me to know I have to leave for my next appointment you should read my data.
If you want to check spam you should read my data.
If you want to suggest me stuff you should read my data.
I trust you with that, keep it that way.
but then you will have to add 0.0) making data sharing opt-in +Riël Notermans
I for one am capable of setting up my own calendar entries so no need to read my data for that.
Spam checking doesn´t even require reading my emails. A choice can be made to only check spam on a server / provider level based on activity levels of the senders. In other words; targeting a minority.
Suggestions: I can live without them.
Why should I have to abide by another countries laws? Does anyone know what my civil rights are regarding this? I would be straight to the European Court of Justice with the best fame hungry lawyer I could find.
Not very practical (PITA!!!), but to have fun – you can use PGP/GPG to send messages that the recipient can copy to the clipboard and decrypt locally only – no unencrypted message will ever sit on the server….
—–BEGIN PGP MESSAGE—–
hQIMAy2J8Ob4eu7jAQ/8C2DB+9Mtza6zvO5e49LZxv7Fu4w3CK6a9E+azcdLVxnL
yZJprYe6b7Y3+qphEcTPZ455MP0ueao0eHL+F3IYMwUzslhqrCdfyoRmHqyTw7pP
VXQS4n3x2bgk1ETgubrScYCfp7sw2mczX/D3l17x9h5r4ZzU/cvN8zrnhR7hpu2F
Lh6HobL5EHB2BmRXJ3qut2lUN7atY8ypP2wzBRY8ZdGd5T7rnYZgqSSrUjhItfuX
cF8dj1niWbuYXBRx9q6vh/I6dqdoEl0uQefZ6+5kcjZFWhvwDJxdmN1eW7jnmMNW
ishmCdqVMQ/bn2e3VVhg+U+WUKlGiMTpA00ukdpOaGQD3tyxRqjPrrniFXf2tntW
/sD/1hhgwRlCzqT9NNhdZlkdBaB2QkVILfLia6uNT669x82Tj0/j+yy1755eQZYJ
97VpGMVrJVB5dlDhW7cixtiM8NfNu+G9OgXjjAfp71yqXkDLA1Rqvj7rQXVJ3RTz
up8UAKcAlL12hP9qasA4TB57/dCjSxY97UYPV4Y2Q1UPymvBC8Bf8E/7Uhhn+qbu
Rwht4bbvnCNQfX17whtLwHo/x3UC29wl7ZyL+6PdyQLjaIpyXyQm79oEoU067A3t
3xhP2WhRQ72hdU5nEsKh15rQyXE1qNqWZdOf09bDRvFKTlQtdzgJ9nls8yX8Kb2F
AQwDuv3eDLCj+PsBCACH1kK3kxHrvwzTTP5WDgfZuIZTuIIkGVwI10hLII2KUFfJ
IgFhp3eMetGrZhcnw/n1cWelQJ53bXfaAWY79W5+nTnnHSeAMZ04sAcrg92mqCuY
kHdVpic9Mau5qZbWElb3sYexibuF43Np72Xb0IdrAKKyNNx1YGYUFRRwGPIyBt/K
ToALELJgu0zQuOUR13BFVAFEDw/bPWSEzBQGQfxlubbKShzw5tjizzgxMCMtFGCA
tYY2KC0C7rQ9lD+7MtOtssOsBmNEjDtiqv0nsefOf9QKZjpHfRD/2ZIQAk1uuTg5
wEiilQHOfP5dV56DL4U2R3iS4iMUxSt4AWiZsN9+0n4BPocXy4tswB97dx4O1Weh
+z4HJxgSBTDG4ZugoFzmG0aTbcsFOKDY8ICpjFq5wGydmOSr0RPXAOVphRtBX2Od
9qtCuKMHwqhkRKVruVrna470SGlCCQZ/UGMBnE1tgcy1r9TB2APbW902ADlQU5An
Slz9xsLkr2qnAJPlXko=
=u5x0
—-END PGP MESSAGE—-[Note – Just a sample above; encrypted with a friend's public key for demonstration purposes only :)]
+Max Devine I think, although not entirely sure, that we can't do anything. Firstly most companies have the EULA that covers them, secondly, if your data is stored on a server in America, and you agreed to their terms, i think it automatically falls under US laws. Think it's time the internet had global internet laws independent of any nation
+Max Huijgen then you don't want googles services. That is an option…
For Google apps data sharing is opt in…
Emails are not read anyway… They are processed.
Legally there is not a lot you can do +Max Devine +Arthur Moore The American companies have to comply with the Patriot Act (otherwise known as the reversal of the Constitution).
But +Max Huijgen , if you take Google for instance, which is based in various locations around the world including Europe, wouldn't they need to comply with European laws too?
yes and no +Arthur Moore The European privacy regulations bind Google, but until the the EU laws are in actual force the penalties are too small to be a real deterrent.
To solve the stalemate between two legal systems the US made a so called Safe Harbour process. However whatever it says it will always be overruled by the Patriot Act which overrules whatever US companies promise commercially.
+Max Huijgen Thank you for explaining
>It´s hardly an explanation of an extremely complex subject +Arthur Moore But whatever the legalities (and the outcome of the current investigations in Europe against Google) the crucial point is that without decent cloud storage and social networks based in Europe the US will have access to all our data.
Is that worse then having the EU/NL having access to all our data? So yes, in what way?
the question you skip is: does the EU have access to your data. The answer is no.
It's bad too but with USA record, it would be the lesser of two evils I suppose
Even NL has access. Not always a court order is needed… NL is part of EU…
The Netherlands are one of the largest wire-tappers in the world, but internet access is a different issue. Bad enough though.
Internet also. Few days ago Plasterk confirmed this. We also have made a legal paper for our clients where a known 'it-jurist' also states that NL can access cloud data if wanted and doesnt need a court order.
But it is a side issue.
Yes, governments can access data. What is your risk of having them.actually read this? Is this a big risk? Bigger then using local storage and chances of theft or loss?
All questions you can use. For now saving data on Googles or others cloud is legal by our laws. The rest is something each company should decide for them selves.
Storing data on US controlled cloud storage is not legal for most privacy regulators in Europe. The status of so-called safe harbor compliant companies is still unclear.