[molticrystal]

>the government comes to them with a legitimate warrant

Which government, such as the French government for all Russian users, the Russian government for all Ukraine users, or the USA government for all users?

Whose standard for warrants, and how much use of coercion and force are they allowed to use for enforcement. Can the USA kidnap the owners for non-compliance, can the Russians?

[kortilla]

You’re asking very basic questions that the answers to have been the same for hundreds of years. If you do business in a country you have to answer to its laws or you risk asset forfeiture or arrest.

[standardUser]

That would only be true if you step foot in that country or posses assets in that country, right? Though I imagine the US government can reach a lot farther than the Russian or Chinese governments.

[DannyBee]

Not quite.

Here: https://www.asil.org/sites/default/files/benchbook/jurisdict...

This is both a reasonable exposition and fairly short.

But also keep in mind data collection and transmission and sharing and rule enforcement are not really a jurisdiction thing.

[ocdtrekkie]

Also bear in mind that government can convey restrictions on any other business in that country. See Brazil requiring ISPs to ban Twitter (even a penalty on individuals bypassing the block using VPNs!), or the US basically prohibiting any business with anyone in Russia.

Basically if you want to operate in a country, you probably need to obey their laws, no matter what you think of those laws. If you ignore them, you can't really be surprised if you get blocked or penalized from doing business there.

[beaglesss]

The ironic consequence of this is eventually if you want to use big tech for messaging privacy you'll be forced to basically pick one under the jurisdiction of an enemy non-extradition state like Russia or China. Sure their governments will farm and exploit the metadata even if encrypted, but they won't be handing it over to the west unless the deal is juicy.

[Gud]

Another option is to use free and open source encryption software, like gpg/pgp.

Like what most darknet markets use.

[ocdtrekkie]

Eh, not really, because the US has shown it's happy to go ahead and make it illegal to have TikTok here as well. The real result is probably much, much simpler: Globally-operating apps won't make as much sense as they got away with in pre-regulatory eras of the Internet.

Big Tech has basically spent the past twenty years pretending their global status made them above the law of any one nation, but in reality, being a global company just means you're subject to all the laws of all the nations.

[stvltvs]

Or the countries you live or travel in have extradition treaties with the other country.

[mistrial9]

remarkably, these are not very basic questions, and the answers are not the same for hundreds of years since this is electronic records that cross international boundaries

[DannyBee]

Certainly principles of international jurisdiction are well settled and fairly consistent. In that sense the comment was correct. However, you are also correct that legal principles around information collection and transmission are both new and not well settled.

This feels like one of those hn discussions where everyone will end up talking past each other because of terminology failure.

[pixl97]

I mean if you were shit talking France when living in England a few hundred years back you're likely to get put on the enemies of France list, even if your pages were for consumption in England. Now if you never left England there wouldn't be much to worry about, unless they suddenly became friends and decided to export your corpse for goodwill.

[mikrotikker]

I have never paid telegram for their business

[mikae1]

So, using the same logic, Meta should not be liable for what happens on Facebook because users do not pay…

That's some Barlowesque[1] thinking that would play into the hands of big tech.

If Telegram didn't want to answer to French law, they should've blocked French phone numbers from registering users. Problem solved.

[1] https://disconnect.blog/reclaiming-sovereignty-in-the-digita...

[mikrotikker]

Meta sells my data to advertisers

[dkasper]

I think you answered why the only real solutions are

a) don’t collect the data (signal approach)

b) hire an army of lawyers and compliance people (big tech approach)

c) ban users from entire countries where you don’t comply (common in crypto)

d) risk jailtime or asset forfeiture

[AyyEye]

Signal has both phone numbers and IPs.

[shakna]

Signal hand over IP logs, phone numbers, and the datetime of last connection. [0]

[0] https://signal.org/bigbrother/central-california-grand-jury/

[PawgerZ]

That link states that they only have two data points tied to an account: time of account creation and time of last connection. Since phone numbers are used as the account identifier, law enforcement would need to supply the phone number for signal to look up the account, right?

Do you have any source for Signal supplying IP logs?

[larodi]

This all seems bad news for all Russian war channels, but I guess they had enough time to migrate already. Influencers influence the whole world anyway, so they should expect a knock on the door if so brave. Stupid drug dealers will find other ways to deal or will go deeper the crypto/tor hole. Childporn offenders are anyway legit target for Mr.Robot. Who's left then...? Music pirates - who cares, Spotify lives on, Soulseek does well to. Torrents apparently kill business only where it cannot exist at all due to cultural specifics.

This all somehow leaves perhaps not-so-big list of particularly interesting gentlemen then certain countries will undergo a lot of trouble to get to. No wonder then they did so this time, but wonder which particular among these is the culprit this time...

[mikrotikker]

Bad news for the OSINT community who gets tonnes of leaks from Russian war telegram channels

[larodi]

I doubt the war channels are to be concerned, perhaps the secret chats, and leftover magic in the normal chats. Or even simpler - the phone of the devices allows mobile net tracking, for certain operations this is potentially more than enough.

[crabbone]

This will depend on how the company is registered and represented in the states it operates in. It will also depend on the citizenship of the kidnapped owners (and whether it will be even necessary, as maybe extradition would also work).

In any case, a court in any particular state will be responsible for issuing the documents entitling the law enforcement to particular data. There's also the process to dispute issuance or legitimacy of such documents, again, through courts.

So, obviously, there isn't a single answer to your questions. But, obviously, they aren't without answer. Any specific case will produce a potentially different set of answers.

[limit499karma]

> Which government ... Whose standard

It depends entirely on where you land in your private jet.

[Cody-99]

Where ever they want to do business at. If they expect to be allowed to operate in France/the EU they will have to comply with legitimate French/EU warrants. No one is saying they can't fight it if there is a reason to.

>Can the USA kidnap the owners for non-compliance, can the Russians?

Jailing someone/holding a company in contempt that does business in your country for ignoring legal warrants isn't kidnapping. Trying to frame it that way is pretty silly and disingenuous.

[Ajedi32]

What does it mean to "operate" in a country though? If I operate a service in the US and have no servers in Iran, no employees in Iran, no physical presence in Iran whatsoever, but Iranians are communicating with me over the global public internet, does that mean I have to comply with Iranian law? What about if its France and not Iran? What if these French/Iranian users are not only communicating with me, but also sending me money and/or cryptocurrency in exchange for that communication?

[Ajedi32]

Personally I would contend that none of that counts as "operating" in France or Iran. You're operating entirely in the US, and it would be ridiculous for Iran or France to try to subject you to their laws just because people who live in their country are communicating with you or sending you money. (Though obviously those people are still subject to the laws of their respective countries in what they're allowed to do when interacting with you, just as you are subject to US law in your interactions with them.)

Of course, the fact that something is ridiculous doesn't prevent a sovereign country from trying to do it anyway. Iran can threaten to assassinate you for communicating with their citizens, and France can threaten to jail you if you ever travel to France or extradite you. Both of those threats are unjustified in my opinion and should not be supported or condoned by other countries (particularly not the US), but like I said; they're sovereign countries so we can't do much to stop them if they want to be unreasonable.

[tmottabr]

i disagree completely on this..

If you are serving people in Iran or France then you are operating in those countries regardless of where you or your servers are and so you do have to comply with their laws or risk facing the consequences.

Now, depending on where you are at the reach of the consequences can be negligible and not impact you at all or can be a major problem.

At minimum you will get your service banned in those countries.

[Ajedi32]

In this example everything is happening on U.S. servers, with U.S. employees, on U.S. soil. How is that "operating in" Iran or France?

If someone physically flew over from Iran and talked to me in-person instead of over the internet would you make the same argument? That I'm "operating in Iran" and should be subject to Iranian law because I'm talking to an Iranian citizen? What if it was via a letter? How about a phone call?

[cpa]

So what? Legitimate warrants cannot exist? Companies exist somewhere, and they follow the rules that can be enforced on them. I'll take warrents by imperfect democracies over autocracies and dictatorship any day.

[russdpale]

You ask these like they are some kind of gotcha moment, but all of these very simple questions have been answered for decades by international law. You think yourself clever but show yourself ignorant.

[colechristensen]

You have to follow the laws in the jurisdictions in which you do business.

If you want to not be subject to the laws of a country you need to blackhole that entire country.

[hartator]

Ha! The devil of the details.