You can only infer that as the result of court case demanding logs. And even then, it would have to be born out of the discovery process that PIA was truthful, in my opinion. Yet that only gives you comfort that they hadn't maintained logs up to that point. You have no guarantees from that point forward, which is what we're all concerned about. We aren't concerned about PIA's past operations, but rather what this new partnership means for their future behavior.I realize your question is most likely rhetorical, but I felt the need to articulate my concerns.
nickpsecurity|6 years ago
You can't be sure. In the Lavabit case, Lavabit argued giving up the key protecting all their users... compromising them to the FBI... would cost them customers due to damaged reputation and privacy. The FBI argued they could do it without telling them. Then, Lavabit would still look private with no financial harm. The judge agreed.
That proposal and the judge agreeing changed how I looked at a lot of companies' claims about law enforcement. I already assumed this would happen with Patriot Act requests by FBI/NSA partnership given they'd be hit with secrecy orders. I didn't see a judge straight up telling a privacy company to defraud all of its customers. I figured the order would be more narrow than that. Now, I have a blanket recommendation to avoid U.S. for privacy tech over both secret government (Patriot Act stuff) and regular, court system.
w0uld|6 years ago
dd36|6 years ago