[arcanemachiner]

It's actually spelled '"Auto-Deletion" of data' since you can't prove it's been deleted.

Google and other US tech companies have no right to be trusted after PRISM. Not to mention the US government's complete abdication of public oversight under the guise of national security, with secret courts, secret rulings, and national security letters compelling silence from these same organizations while complying with whatever demands they make.

[spankalee]

You realize many tech companies responded to PRISM by making their data centers and private fiber more secure against domestic state sponsored hacking, right?

[londons_explore]

Unfortunately, I believe that there were 2 possible outcomes in a post-PRISM world:

1) Tech companies increased their security, but it wasn't enough, and security services still have a feed of nearly all data, through a combination of software/hardware/algorithmic flaws.

2) Tech companies did manage to mostly stem the flow of information into security services. However, security services simply sent secret letters to all the big players demanding an API/backdoor and requiring them not to talk about it.

(or some mix of the two)

[joshuamorton]

My lukewarm take is that it is possible to construct your company/infra in such a way that functionally, any employee can audit that (2) is not the case, and that Google comes very close to doing this.

If you take security and specifically insider threats seriously, you can't privilege or hide any subsystem, or it becomes a threat of its own, so the same processes that prevent an attacker from creating a shadow-system in your infrastructure also prevent you from doing the same thing.

[GTP]

But a FISA court order has nothing to do with hacking.