If so, then the law essentially forces you to give your files up and no server location will protect you.
For any person who is not being forced into giving their keys up, encrypting their own files must be safer than hoping a cloud provider won't freely hand them over to the US government.
Fine. If you're foreign, encrypt your files and store them anywhere you like. If you're a US citizen, do the same and know that the government only has them when they force you to hand the keys over.
(Barring them being able to hack them some other way, e.g. simply grabbing your keys off your machine.)
Stay away from the UK - here a judge can throw you in jail for failure to provide keys, even if there's no evidence you still have the keys, and said judge would pretty much be guaranteed to believe that you did not hand over the correct keys if the result is garbage.
A couple of people have been convicted of refusing to hand over their encryption key.
It's worth noting that this is a separate offence, so there's a determinate prison sentence. You can't be held in contempt of court for refusing to hand it over.
Unfortunately, the OTP is always as large as the encrypted data. So strictly speaking, this is not really "encrypted data + password" but more of a "split data into two random-looking parts". In particular, this is nothing you can keep in your head or print on paper.
You'd have to keep it on a separate storage medium. And if you have to hand out the done medium, what's preventing them to get your second medium? And if you are able to keep that second medium secret and safe, why don't you store the whole unencrypted data on it in the first place?
Either way: OTPs are really cool, but I don't think they have any relevance here.
That's in line with what I expected, thanks. Specifically to read:
"Of the 15 individuals served, 11 did not comply with the notices. Of the 11, seven were charged and two convicted."
Whilst they may have been incarcerated since the report, at the least it would seem that there is some evidence based procedure to determine "guilt" in terms of whether you are able to produce the key or not.
For any person who is not being forced into giving their keys up, encrypting their own files must be safer than hoping a cloud provider won't freely hand them over to the US government.
This is especially true for non-US citizens, who seem to have no protection at all. Even the earlier whistle-blowers don't consider us anything but open season: http://www.usatoday.com/story/news/politics/2013/06/16/snowd...
Fine. If you're foreign, encrypt your files and store them anywhere you like. If you're a US citizen, do the same and know that the government only has them when they force you to hand the keys over.
(Barring them being able to hack them some other way, e.g. simply grabbing your keys off your machine.)