Slashdot Mirror
The Google Transparency Project Transparency Project
-
Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?
-
What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?
-
Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?
With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.
On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.
I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:
Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.
I immediately wrote back:
But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?
If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?
(It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.
The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.
But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.
So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.
Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.
Send your PGP-encrypted message over gmail, of course.
Nevertheless, Google is pioneer on transparency reporting, no other company had gone such extremes to publicize this kind of info. This should always be mentioned when criticizing their Google Transparency Report system. I didn't read the treaty above, but skimmed and saw nothing of sort.
From the Department of Redundancy Department
Free Martian Whores!
At the bottom of the article/summary, it notes that just encryption is not good enough against a real enemy (and not the made up ones by the tin foil hat crowd in the west) who will just beat your encryption key out of you. For a WW2 reference, you can have the most fancy code for your radio message but if the nazi's found you is possession of a radio, whether the message was encrypted or not, harmless or not, did not matter. No broadcasting!
Same in North Korea, hard to send any message out if you don't have a computer and the few computers that do have access are completely monitored. In Iran, all ISP's are state owned and controlled and so any signal that doesn't signal 100% innocent WILL be investigated and they won't take your word for it that you lost your key for PGP either.
It is what makes "darknet" programs such silly little kiddy toys. They only work in the west where your ISP doesn't give a shit what traffic goes over which port. But if a government wants to monitor all traffic, all they got to do is filter out any traffic that doesn't fit pre-determined patterns. How would you disguise encrypted traffic to non-standard destinations? Back to radio, the fact that you are sending a signal is what alert the authorities, not the signal being received. Connect to some Tor node and that itself will be cause for investigation. And no, they don't need to have a list for all Tor node, they just need a list of "legit" destinations and then notice that yours isn't on that list.
No freedom sucks, it isn't that visiting "154.32.55.32" is illegal, it is that visiting anything but yahoo.com is illegal.
That is why ordinary film rolls are still used to get information out of North Korea with flesh and blood messengers. Sure, it is possible to use a cellphone near the border... but just the receiving of such a cellphone, just having an adapter to charge it, is a crime. And they don't need evidence.
Thank [insert object of worship] that 99% of us never have to deal with true repression. Real repression is your finger nails being torn out because someone near you at one point might have done something someone didn't like and you don't even have a clue and nobody cares.
Fiddle around with your PGP and Tor all you want, it only works because in the west, because the state operates under rules which don't allow them to simply let you disappear because they thought you might have done something someone didn't like.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
yep. Leading the way as usual. It's not like you'll ever hear of this from any other large technology focused companies - that's for certain. Whether it's manufacturers or software developers or any other aspect of technology, all you get is a general lack of transparency.
Most people here will respond as if the United States is the greatest villain, not realizing that there actually is real tyranny and oppression in the world.
Americans tend to forget they are foreign to the majority of the world. From a UK perspective the "local laws" of the US appear very different, a country that executes their citizens, prosecutes people who cross the road without state help and allows people to carry firearms with minimal checks. Yes, I'm sure that the UK has some equally strange laws when seen from the outside, but my point is that US law isn't "international law", but far from it. The closest any one country comes to that is Scottish law (different to UK law), and even that varies wildly. I'd assume that Google follows the local law of whichever country it's operating in at the time (which may or may not include other legal codes, eg European legislation in EU countries), so we'll probably see wild variations in how they respond.
Please consider this account deleted, I just can't be bothered with the spam anymore.
I know, random examples and you don't really mean aything by it, but I felt I had to expand / defend. I totally agree with you in that "US Law" is not the same thing as "international law" and I do find it disgusting that our government tries to enforce it outside our borders and such.
1: Executing citizens: very controversial and is not legal in many states. Is hardly used at a whim, and when it is used there is strong deliberation in the court whether to use it or go with something like life imprisonment. Again, this is only used against people like murderers.
2: Jaywalking: makes sense in a place like new york, where people randomly crossing the street is not only dangerious but fucks up traffic. Most places people look before they cross and are curtious enough to not interrupt traffic, but at such high populations we can't rely on people being nice. Enforcement of this outside of major population centers is practically non-existant.
3: We've had a bloody birth. The lack of checks is because of paranoia that the government can use the collected data to take them away from us. These guns are one of the few things keeping our government from outright fucking us all. Sure, there are some vocal nuts who make it seem like we just like guns, but that's not how it really is.
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
With reference to point 3, do Americans honestly believe that an armed overthrow of the government is possible? Let's presume the US government does actually overstep the boundaries by (for example) instructing the military to open fire on a peaceful protest and there's a mass uprising - you'd have the military in an odd situation where they have to decide whether they work for the people or the government, if it's the latter then you have millions of people with pistols and rifles facing A-10s and tanks.
If the military side with a rogue US government then the right to bear arms becomes nothing more than guerilla warfare (rendering the "right" moot). Surely the "right to bear arms" clause isn't as important as having a military which is sworn to defend the people, not the government?
Please consider this account deleted, I just can't be bothered with the spam anymore.
well, that's the thing - if they really did so then turkish requests for records of turkish activities done in turkey would go through(obviously it's legal for them to demand such info from google, even if they haven't made it illegal enough for google to not comply - afaik google isn't banned & fined in turkey).
if they did adhere to local law always then they would be helping iranian authorities to eavesdrop, they would be helping isrealis tap on palestenian communications and so forth- though it seems that they don't, which is exactly what creates this question about what internal guideline are they following?
world was created 5 seconds before this post as it is.
Oh, absolutely, but if you're going to legislate to protect the people from a rogue government I just think there's better ways to do it than giving the public peashooters. As somebody on here says in their sig, "Soap box, ballot box, ammo box, in that order" - except I can't help but think the last one is pretty futile if the military are sworn to follow the government no matter what.
Please consider this account deleted, I just can't be bothered with the spam anymore.
Well, the reason for the 2nd amendment was because of what the British armies were doing to the colonies. Think entering homes and killing and all sorts of other things. Hence the right to bear arms was meant to be able to repel an invading force because the citizens would be armed. Of course, it never was against the government (which barely existing, and thus no military to protect itself). In the absence of a military, citizens were called upon to defend the nation. Of course, the spirit and the letter of the amendment differ (it was expected that citizens will rise up to defend their nation voluntarily), but that's the historical context.
It never really was about the citizens vs. their own government, more citizens vs. an invading force. One could argue about it being redundant (the US can defend itself just fine, the spirit implies a draft, etc), but that's really a more thorny discussion.
It makes more sense when one reviews their history and puts the context for everything in historical perspective. Many other free countries don't have a right to bear arms (and heavily regulate them), for example. It's just the US pretty much came into being after that war and decided it would be wise to ensure there was a militia ready to fight.
Well between those very same sort pea shoots and IEDs the various groups in Afghanistan have kept our so powerful military bogged down for ten years.
No I don't think it would be possible to organize civilians with typical consumer fire arms and lead a siege of Washington that is opposed by the military. I do think the guns being out there make our government a bit concerned that riots might be uncontrollable and stops them from doing anything to unpopular.
I also think the prospect of doing something that people would never get over like say suspending free speech, would mean decades of dealing with renegade groups sporadically murdering public officials and collaborators in law enforcement to the point that it might cause a total break down of society and is therefor off the table.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html