You should
assume that all data is available to attackers, at the very least because I am sure that the forum's security is not beyond extra-legal covert groups such as the NSA.
When police (any police, worldwide) contacts me about a forum user engaging in a non-victimless crime (eg. scamming) where I perceive that probable cause exists, I may assist them in their investigation voluntarily.
The forum is under US jurisdiction, so it is impossible to ignore US subpoenas. I try to have the scope of subpoenas narrowed as much as reasonably possible, but it's very expensive/difficult/time-consuming to fight these things. The degree to which I fight them depends on my perception of the costs and benefits, thinking about questions like:
- Is the alleged crime victimless?
- Is the person probably guilty?
- Will the information in question actually change the case much?
- How strong are the forces behind the subpoena?
- How much can actually be won? Oftentimes, it is extremely unlikely that I could do more than massively delay the process and improve a few minor issues by fighting the subpoena, even in the best case.
For example, I didn't fight the Ross Ulbricht's subpoena at all because it was extremely narrow already and probably nothing could've been gained even if I had somehow fought it off completely. The BFL subpoena on the other hand originally asked for all PMs that even
mentioned BFL, but I fought strongly against that, and I succeeded in having it substantially narrowed.
I try to publicly announce subpoenas as soon as I can.
Impressive job of saying just what I was about to say!
Yeah, I agree taking care of your own privacy is your own responsibility so that's something I expected. So basically from what I understand from your and unabomber, most major cases will be announced publicly with what data was being shared but what about the smaller cases? Like Ross Ulbricht and BFL were both publicly well know figures but would the same be done for lesser known users?
You are welcome to share my data with any government agency with or without a court order.
I must be a really boring person.
When I read this I love to quote this Ted Talk quote by Glenn Greenwald (source:
https://www.privacytools.io and
www.ted.com/talks/glenn_greenwald_why_privacy_matters)
Over the last 16 months, as I've debated this issue around the world, every single time somebody has said to me, "I don't really worry about invasions of privacy because I don't have anything to hide." I always say the same thing to them. I get out a pen, I write down my email address. I say, "Here's my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide." Not a single person has taken me up on that offer.
The forum should develop a written policy on disclosing information to government entities.
Regardless of the above, I would encourage the forum to do the following:
- publish a transparency report periodically, disclosing the number of requests, and requests fulfilled (generalized, if necessary) about various types of requests for information
- Notifying any subject of a government request for information (if allowed by law) of request for information before the providing of information, so the subject can attempt to fight these types of requests -- this should not preclude the forum from disclosing information voluntarily if in its sole judgment, providing said information would be a net benefit to the community
This is the policy followed by Reddit and some other sites, which I believe is a pretty straightforward one (Disclaimer: I don't necessarily agree with
all their policies, nor am I a lawyer with enough knowledge on every implication. Just my thoughts as an end user). A transparency report would pretty neat.
