Is your data more private on foreign servers?

Companies outside the US are marketing their Internet services as more private, out of reach of the US government.
Written by Larry Seltzer, Contributor

Everyone knows about the scandal of NSA bulk data collection and surveillance of Americans and non-Americans. There are many reasonable ways to respond to it. Or you can be irrational.

One irrational suggestion, for Americans anyway, is to move your computing off-shore.

The Wall Street Journal on Friday reported on the boom in business for non-US computing resources. This morning on Twitter, F-Secure was pitching their new younited service, which centralizes access to your various cloud services. It's interesting just on these merits, but the pitch was focused on the fact that the data is stored in Finland, not in George Orwell's United States of America. 

The service is not live yet, but is accepting requests for early access. Here's some more on younited:

My Twitter exchange with the F-Secure guys triggered a burst of Finnish national pride (although I wonder whether Sean Sullivan is a native Finn). The pointed me to Finland's strong data privacy laws and noted that "Finnish police (not government) needs a court order or formal criminal investigation to request user data".

I'm still trying to find out what "(not government)" means, but for US police, Feds, state or local, a court order is required too. In fact, a formal investigation isn't enough. We all know now that there are giant holes in these protections, the main one being that metadata, like the fact that your computers connected to their computers at a particular date and time, is not protected. I'm not sure how outrageous this is, but it's not a new law; it long-predates the Bush administration.

I've followed F-Secure's Mikko Hypponen on Twitter for many years. Mikko has over 50,000 followers; in the world of security he's a rock star, and for good reason. He has a great talent for explaining technical security issues, and his understanding is at the bleeding edge. But I have the distinct impression, with respect to the data security issue here, he's mainly offended by the fact that, under US law, the US government is free to surveil non-US citizens living outside of the US, like him, to their heart's content.

Before you make any decisions, sit down, have a drink, get calm and open yourself up to some perspective. Is it rational for the average American to expend any effort to protect themselves against government surveillance?

We know from recent disclosures that Microsoft does not disclose data to law enforcement willy-nilly, and they reject many requests. We don't know the numbers of disclosures they make in response to National Security Letters and other secret, Federal requests, but the fact that Microsoft and several other companies are litigating for the right to disclose aggregate data tells me that the numbers are low.

Whether the numbers are low or not doesn't make a difference for whether the surveillance is just. Even one person in the US has Fourth Amendment rights, and whether any of the surveillance disclosed by Edward Snowden is illegal or unjust is a fair matter for debate. Surely at least some of the practices he disclosed are unjustifiable.

But none of that means that it's reasonable for you to worry about government surveillance, at least of the type that can be avoided by storing your data on foreign servers. I know I'm trying out younited because it sounds like an interesting service, but I don't care where my data resides.

Who does need to keep their data outside the reach of authorities? Principally people who have something to hide. Anyone and everyone has the *right* to do so, but a principle is not the same thing as an actual need.

So let's get principled: We believe the US government to be malevolent and desirous of our private correspondence, so let's store it elsewhere. Can you think of a better way to call attention to yourself? And what reason do you have to trust the government of Finland or any other government?

Editorial standards