| It doesn't even matter at all. The US demands - through law - that any company, US and doing business in the US, give access to all it's user data upon simple subpaena by a secret court without notification to anyone, in a situation that can last for years. They're not even allowed to let you delete your data. There is no justification needed and most users are never informed this has happened, not even in the future. If you're a US citizen the time limit is measured in years (and can be extended by said secret court), if you're not a US citizen (or merely suspected not to be one), there is no time limit. Doing "just" this to their users is what is understood in this discussion under the misnomer "not cooperating" with US spying. One can only assume that the OP has a funny sense of humor. Given that this is noncooperation, why are we discussing who is cooperating and who is not ? This is WAY over the line, and of course means that no foreign company of any size should trust ANY US company with any amount of data. And, frankly, it means that given the slightest disagreement in court, you should assume that all your data is public. Famously this facebook/instagram/whatsapp private messages in divorce cases, but not just that. Outlook messages of non-US citizens being picked apart by competitors because of a small non-payment vs non-delivery civil case in a non-US court has happened. Note that the US government is famous for exploiting private sector relationships for spying and the reverse (exploiting government spying to give advantages to favored US companies). So you should assume the worst and immediately implement basic security mechanisms (that are standard procedure at most companies now): 1) anything sent to you for any reason gets automatically deleted, especially email, unless specifically and individually prevented 2) any backup system is encrypted and the keys are subject to (1). 3) NOTHING can be put on any cloud system, for any reason without (1) implemented, and you should refuse to cooperate with external parties that insist on such a system.] 4) more strict measures are needed for director level and upward (note: legal definition of director, not just because it's used in company directories). Protocols negotiated beforehand dictate what can only be discussed over secure channels. First item on that list: anything related to any one specific employee. |
I can't defend the secret courts or how long the secrecy lasts though.