I've actually done work for the owner of this website, on this particular service (front end) and another couple services that he runs (back end). He is a good guy - I believe people are reading into this a bit too much. In the end, he is just like us; trying to build a business/s. He runs a few websites that are fairly successful, and I believe he sold one a year or so ago - good for him. I don't think he means any harm, or is trying to make a political statement - or be righteous in any way. He is just a guy, trying to make a buck. Maybe he made a mistake in the way he handled this, maybe he didn't.
For other people making comments about double standards when he obeys US law, but is circumventing laws of other countries. The fact is, he is a citizen of the UK, not the US. Just put yourself in his shoes - You run this website, the US govt. comes knocking at your door looking for records - what do you do? Thought so.
It happened. A guy committed a crime in a country with a lot of influence. Said influence persuaded another guy to hand over records and he complies (or else face the consequences). Move on.
And if the U.S. decides to assist with some other country's pursuit of a political dissident? Do you help then, too?
> You run this website, the US govt. comes knocking at your door looking for records - what do you do?
You truthfully say that you don't have any records to provide, because responsible privacy services don't log their customers' activities. I think that's the one part of this situation that I don't understand: why were there records in the first place?
Regardless, a lot of his customers -- the ones providing half of his revenue for this business -- are now aware that the service monitors their activities.
He states that only two things are recorded - the time you start using the service, and the time you stop.
I assume the FBI pieced that crime together based on this data. I honestly don't know much more than that, or what he has been up to in the past 2 years. I just know him from previously doing work for him, and thought I could give some insight to who he is and what he's like.
Three things would have to be recorded in that case: the "you" part of the start & stop times, as well as the times themselves.
I'll take your word for it that he's a decent person. I certainly have no reason to think otherwise. But that doesn't change that his service is recording information that it ought not to be.
The way you typically record this is start time, end time, and IP assigned. It's still not enough to identify what sites or traffic was visited, but when you get a spam email forwarded to you by your upstream provider, it's enough to identify a customer.
He has US based servers - perhaps it was "give us your logs, or we take your servers" (speculation). I just figured I know the guy more than the people here - or at least, used to and from what I could tell he was a good guy who tried to to do the right thing. That's all I can say.
It's a bit like Hushmail. Compare their new advice to customers about how Hushmail will comply with law enforcement; to the point of creating new malicious Java software and pushing that out secretly to the 'target' / 'victim' to compromise their communication.
Hushmail states all this clearly, allowing new customers to make an informed choice.
when something is specifically promoted as protection against oppressive laws/regulations, and then caves at the first opportunity to do so, that's problematic. The service clearly never intended to fight such orders, only to use such claims as marketing tools. I dont care if he is a "guy just like me" thats a scummy, shitty thing to do.
I'm not really going to argue, I guess it's a matter of opinion. I don't feel that the service is particularly positioned in the way that it's promoted to fight oppressive law - based on the landing page anyway; I'm unaware of his other marketing initiatives though, afaik, he uses word of mouth. I guess that's really all I can say.
Does that mean US court order got executed in UK, on UK citizen, just like that? Asking because I can't get any company information out of their site, nor from whois data to confirm if that's indeed UK company and/or individual.
I'm not sure. I have not been in contact with him since 2008 and it would be weird to contact him out of the blue based on this situation - although, I'm very tempted. If I do decide to look into it, I'll let you know.
"You run this website, the US govt. comes knocking at your door looking for records - what do you do? Thought so."
I'm not sure what you're referring to in "this website", but I can tell you that jurisdictional arbitrage, and being able to protect my customers data in exactly this situation is something I spend a lot of time thinking about.
Of course, nobody wants to fight a powerful government, so a better strategy is to make it such that the powerful government never comes knocking on your door, or you don't have any useful information for that powerful government, or your site infrastructure is in the jurisdiction of a government that has no interest in rolling over to that powerful government, like say, singapore.
The US government can try to swing its weight around in singapore and will likely be told to go pound sand. And if the singapore government agrees with the US government, then what you hand over may not contain any sensitive client information (because you don't keep sensitive client information when you don't have to. If you have to, it is a different matter.)
I think every one of us working on web services should think long and hard about how we're going to deal with the reality that the US government, without cover of law, regularly demands information (using the PATRIOT act) that it doesn't have the legal right to, and regularly censors (the torrent site takedowns, etc.) content providers who have never even been charged, let alone convicted of violating the law.
You don't want your business shut down, that's true. (also a reason not to domicile your business in the USA, or keep your banking there.)
These are issues you should think about before, or early, in the period of starting your business.
Interesting that you use website as a synonym for company. The web site of this company is nothing more than a front end for interfacing with the public for marketing and customer service. Presumably, the company also has their actual VPN structure which they use to deliver their service to their customers, offices (optional), bank accounts, etc.
I've actually done work for the owner of this website, on this particular service (front end) and another couple services that he runs (back end). He is a good guy - I believe people are reading into this a bit too much. In the end, he is just like us; trying to build a business/s. He runs a few websites that are fairly successful, and I believe he sold one a year or so ago - good for him. I don't think he means any harm, or is trying to make a political statement - or be righteous in any way. He is just a guy, trying to make a buck. Maybe he made a mistake in the way he handled this, maybe he didn't.
For other people making comments about double standards when he obeys US law, but is circumventing laws of other countries. The fact is, he is a citizen of the UK, not the US. Just put yourself in his shoes - You run this website, the US govt. comes knocking at your door looking for records - what do you do? Thought so.
It happened. A guy committed a crime in a country with a lot of influence. Said influence persuaded another guy to hand over records and he complies (or else face the consequences). Move on.