They're spying on us! But who are "they"?

Usually it's not the FBI or the NSA directly monitoring our communications, but the private corporations with which we intend to do business. Read the privacy policy — whatever else it says about protecting your data, it also says that they will respond to proper legal requests from law enforcement and other government authority.

Many of you are, no doubt, mad at the big faceless corporations for participating in this, but they're not "participating", they're obeying orders. They're genuine victims in all this. Yes, I hear the boo-hoo-hoo's.

Big Internet corporations and telecoms are in a bad spot in situations like this. Obviously they don't want to be at odds with the US government, but they have a genuine interest in their customers feeling good about doing business with them.

Think through the problem in the abstract: Do you want corporations to refuse to comply with valid government orders? There are a lot of questionable laws out there, but it's not reasonable to expect public corporations to engage in civil disobedience.

What could they do? Sometimes nothing; recipients of a national security letter are compelled to comply. They could challenge government orders in court and sometimes they do. Microsoft, Google, Facebook and Yahoo! are currently suing the government in the FISA Court seeking permission to disclose more information about their compliance with government orders.

For a good example of how the companies are put in a difficult position, consider the origins of the telephone metadata program, the first of the Snowden disclosures. The major telecoms were cooperating unofficially with requests for bulk metadata; AT&T got outed on it and was sued. After this, the telecoms told the government that if they wanted the data anymore there would have to be a court order, and thus was born the system of periodically reauthorized FISA court-ordered metadata disclosure.

Were the companies just covering their asses? Yes, of course they were, and it was the right thing to do. They were protecting their rights and their customers' right by forcing the matter into a judicial process. The fact that it's the secret FISA court complicates things, but that was all the telecoms could do, and that's all you could have expected of them.

I was recently reminded of a story from early 2010. Google and a number of other companies had been hacked in China. There was evidence that the Google hack was, at least in part, about getting at the GMail accounts of dissidents; Google actually pulled out of China at the time, (which is the exception to the rule I made above about corporations and civil disobedience, but Google is not a Chinese company and may have had other reasons to leave).

I emailed Steve Ballmer at the time and urged him to go along in some way, at least to show disapproval of the Chinese hacking surveillance state. He replied with a polite "we're doing what we can in different countries, etc." I wasn't mad at him at the time, just disappointed. Now I realize that he knew that they Microsoft was, under legal order, providing data on US citizens, and was probably aware of many of the shadier tactics of the government. I'm not going to tell Microsoft what the right thing is for them to do. It's too complicated.

Don't get the idea that I'm equating Chinese government hacking of their own citizens' email accounts in order to suppress dissent with a US legal process which, for all its faults, is designed to protect the country from external threats. They're not the same. But it's not the privilege of US corporations to decide which US laws they will comply with.