Regarding legal independence of USA law, you're legally right I'm sure because that's indeed how GDPR works. I just can't imagine Amazon Europe telling a USA judge "sorry your honor, we really can't tell our subsidiary to give you this data relevant to national security, it's protected by European laws." It's one company, not a separate entity.
Perhaps it would go this way and perhaps they would rather incur sanctions or take to the media when ordered to hand over data stored in Europe. But so we're trusting Amazon with our data.
I guess, if I'm being fair, I just don't really know enough about this. Perhaps a legal entity in the USA cannot be held liable for not complying with a judge's orders to tell its wholly owned subsidiary to do something, or either of them for the subsidiary not complying. It might work that way. I just expect that in practice, they might very well simply comply. Or, like you say, that a "European intelligence agencies carr[ies] out such a task for them".
> message notifications on phones usually use Firebase Cloud Messaging (or the Apple equivalent)
When questioned about the privacy of using Google/Apple messaging stuff, what I've always heard as reply is that it only nudges the phone to fetch new messages. It still connects directly as well, as I have heard it (though it seems silly to me, why not just put the encrypted message right in there? Or is that a metadata thing then, revealing the message length to Google/Apple? Idk).
> Knock at the door of that European datacenter and hope employees won't say anything to the press?
That is very much how legal intercept works. And the NSA doesn't do those, it's a judge that gives the tap warrant and something like police (or a person of similar status) that executes it. I have never heard of it being leaked that some company is being tapped or in relation to which case (for all we'd know, it would be on European orders). That taps are happening is a well-known fact, just not on whom and especially not for what purpose. In a tour of an ISP data center, they pointed out now-decommissioned tap boxes to us that the police had put there. Distinctively blue in color if I remember correctly, and a hacker space later made a, um, tap out of one of them (beer tap).
> For once, an advantage of The Cloud™ haha
:D
> I don't think it's that hard to find out who's running a server (in Europe) when you have its IP address.
Indeed; that's not what I meant, but I that sentence can indeed be read both ways (sorry). I meant to say that you don't know who's running servers, like, do you run one? Do I? Or the other way around: do I connect to a Matrix server? You have to actively check the server since the traffic is just TLS on tcp/443 (so much for passive tapping). More concretely, if a government (judge, secret service, ...) wants to find whom I talk to, instead of knocking on the door of a (few) central service(s) like Amazon or even Signal itself and telling them to send copies of TCP flow logs, you have to first tap my home IP, mobile data, see where I connect, then check those servers if any of them might be chat servers, then request a tap on those IPs in their respective countries, use that to check who else connects to those, if it's more than a handful of people you need to do traffic correlation there as well...
I see what you mean, though, with the centralized system requiring one to overcome scaling issues before any intercept can start, and potentially requiring cooperation of a party like Signal who will certainly make a ruckus. Which one will turn out to be easier might depend a lot on the situation.
> the NSA and its partner agencies are sitting at every major internet backbone.
They definitely have taps in many places, but all of them, in each country? And what about private peerings, can I not talk to anyone within one country without it being caught? Surely when ISPs A and B have a private peering in Germany, the BND doesn't automatically have a permanent tap installed there. It seems to me like there would be too many interconnects to really monitor all of them. But this is rather speculative, I don't really know. Also about the tier 1 backbones: sure it's a fair assumption that a random one of them is being tapped and so we need proper encryption, and also multiple strategic ones, but all of them all the time all across the world? I don't know.
> (Unless, maybe, your Matrix contacts are all in your neighborhood and are all with the same ISP.)
We here are Internet people, we talk to faraway people all the time. A good friend of mine lives on the second-furthest continent, latency-wise (Australia/NZ would be further), our traffic typically runs through the USA when we do a traceroute. Some of my friends moved to work in other countries. But an average mom, who does she talk to on WhatsApp? I think the furthest person my mom regularly talks to is me (~50km), and for faraway old friends maybe 150km across the country. The Matrix home server I use traceroutes through the nearest internet junction point (Frankfurt, 200km), I guess depending on how the physical interconnects go this might be on an easily tappable line, but it's not a given that it passes through a big backbone to make it onto another ISP's network within the country. In case you have some way to tell (I'm curious now), these seem like the most likely points in the trace:
6 bundle-ether2.0003.dbrx.02.fra.de.net.telefonica.de (62.53.28.149) 25.9 ms bundle-ether1.0003.dbrx.02.fra.de.net.telefonica.de (62.53.14.163) 21.5 ms
7 bundle-ether1.0005.prrx.02.fra.de.net.telefonica.de (62.53.10.51) 20.1 ms
8 ae3-1337.bbr02.anx25.fra.de.anexia-it.net (80.81.195.166) 24.3 ms
Anyway, what I was saying is that if you're hiding from the police or an intelligence agency, you'd probably avoid centralized servers, and that a random public home server is not as centralized as Signal. Not so much that this would definitely prevent a backbone capture, but that it would not make the traffic be caught in the same filter where they capture traffic going to/from a central chat service.
By the way, in general, I like your reasoning. I think the places we differ in opinion are mainly about how we weigh different risks or how prevalent we assume things are that neither of us can truly know. It's interesting to exchange thoughts and speculate about, though. There is no contact info in your profile but it might be fun to talk more about various topics - I see that you were asking in another thread about getting into cyber security. There are already good answers on that particular question, but as someone already in that field, perhaps I can be of help :). Since I keep this username loosely decoupled from chat accounts, you could shoot me an email at https://lucb1e.com/email-address/ with your matrix/signal/wire/... if you like!
Perhaps it would go this way and perhaps they would rather incur sanctions or take to the media when ordered to hand over data stored in Europe. But so we're trusting Amazon with our data.
I guess, if I'm being fair, I just don't really know enough about this. Perhaps a legal entity in the USA cannot be held liable for not complying with a judge's orders to tell its wholly owned subsidiary to do something, or either of them for the subsidiary not complying. It might work that way. I just expect that in practice, they might very well simply comply. Or, like you say, that a "European intelligence agencies carr[ies] out such a task for them".
> message notifications on phones usually use Firebase Cloud Messaging (or the Apple equivalent)
When questioned about the privacy of using Google/Apple messaging stuff, what I've always heard as reply is that it only nudges the phone to fetch new messages. It still connects directly as well, as I have heard it (though it seems silly to me, why not just put the encrypted message right in there? Or is that a metadata thing then, revealing the message length to Google/Apple? Idk).
> Knock at the door of that European datacenter and hope employees won't say anything to the press?
That is very much how legal intercept works. And the NSA doesn't do those, it's a judge that gives the tap warrant and something like police (or a person of similar status) that executes it. I have never heard of it being leaked that some company is being tapped or in relation to which case (for all we'd know, it would be on European orders). That taps are happening is a well-known fact, just not on whom and especially not for what purpose. In a tour of an ISP data center, they pointed out now-decommissioned tap boxes to us that the police had put there. Distinctively blue in color if I remember correctly, and a hacker space later made a, um, tap out of one of them (beer tap).
> For once, an advantage of The Cloud™ haha
:D
> I don't think it's that hard to find out who's running a server (in Europe) when you have its IP address.
Indeed; that's not what I meant, but I that sentence can indeed be read both ways (sorry). I meant to say that you don't know who's running servers, like, do you run one? Do I? Or the other way around: do I connect to a Matrix server? You have to actively check the server since the traffic is just TLS on tcp/443 (so much for passive tapping). More concretely, if a government (judge, secret service, ...) wants to find whom I talk to, instead of knocking on the door of a (few) central service(s) like Amazon or even Signal itself and telling them to send copies of TCP flow logs, you have to first tap my home IP, mobile data, see where I connect, then check those servers if any of them might be chat servers, then request a tap on those IPs in their respective countries, use that to check who else connects to those, if it's more than a handful of people you need to do traffic correlation there as well...
I see what you mean, though, with the centralized system requiring one to overcome scaling issues before any intercept can start, and potentially requiring cooperation of a party like Signal who will certainly make a ruckus. Which one will turn out to be easier might depend a lot on the situation.
> the NSA and its partner agencies are sitting at every major internet backbone.
They definitely have taps in many places, but all of them, in each country? And what about private peerings, can I not talk to anyone within one country without it being caught? Surely when ISPs A and B have a private peering in Germany, the BND doesn't automatically have a permanent tap installed there. It seems to me like there would be too many interconnects to really monitor all of them. But this is rather speculative, I don't really know. Also about the tier 1 backbones: sure it's a fair assumption that a random one of them is being tapped and so we need proper encryption, and also multiple strategic ones, but all of them all the time all across the world? I don't know.
> (Unless, maybe, your Matrix contacts are all in your neighborhood and are all with the same ISP.)
We here are Internet people, we talk to faraway people all the time. A good friend of mine lives on the second-furthest continent, latency-wise (Australia/NZ would be further), our traffic typically runs through the USA when we do a traceroute. Some of my friends moved to work in other countries. But an average mom, who does she talk to on WhatsApp? I think the furthest person my mom regularly talks to is me (~50km), and for faraway old friends maybe 150km across the country. The Matrix home server I use traceroutes through the nearest internet junction point (Frankfurt, 200km), I guess depending on how the physical interconnects go this might be on an easily tappable line, but it's not a given that it passes through a big backbone to make it onto another ISP's network within the country. In case you have some way to tell (I'm curious now), these seem like the most likely points in the trace:
Anyway, what I was saying is that if you're hiding from the police or an intelligence agency, you'd probably avoid centralized servers, and that a random public home server is not as centralized as Signal. Not so much that this would definitely prevent a backbone capture, but that it would not make the traffic be caught in the same filter where they capture traffic going to/from a central chat service.By the way, in general, I like your reasoning. I think the places we differ in opinion are mainly about how we weigh different risks or how prevalent we assume things are that neither of us can truly know. It's interesting to exchange thoughts and speculate about, though. There is no contact info in your profile but it might be fun to talk more about various topics - I see that you were asking in another thread about getting into cyber security. There are already good answers on that particular question, but as someone already in that field, perhaps I can be of help :). Since I keep this username loosely decoupled from chat accounts, you could shoot me an email at https://lucb1e.com/email-address/ with your matrix/signal/wire/... if you like!