Whereas if you buy an Android phone in Europe, you know for certain that your data and behavior are being examined by Google, and are available to US agencies.
> NSLs exist, and is there any reason to believe they're not enforceable for non-US data?
Given the pains the NSA took (no matter how tortured the logic got), to keep trying to claim they weren't spying on Americans [except when they talked to non-Americans, or talked to someone when outside the US, or when an otherwise American communication got routed outside the US, or they accidentally included American data in a sweep "targeted" at non-American data, etc.]... I think we have plenty of evidence that the opposite is true.
Assuming the data is available in the US (so no other country can get in the way), it's easier to demand non-US data than it is to demand US data. Don't forget: part of the detestable legal rationalizations behind this surveillance is that non-US people have no Fourth Amendment rights - eliminating many classes of potential or actual legal barriers.
- wifi and celltower db query servers are indeed hosted outside EU
- Siri indeed uploads your whole address book - it even tells you about that beforehand!
- iCloud tabs must upload every URL to a central server, it would not work otherwise
- the mud puddle test* proves that iCloud backup is extractable from Apple servers by third parties.
*http://www.magnir.com/2012/08/how-secure-is-your-cloud-take-...