Web Apps: Single Point of Subpoena

Reading Dion Hinchcliffe’s blog, I found this interesting nugget buried away: [W]ith attention scarcer and scarcer, people are also less willing to spend time installing, upgrading, and patching all the instances of the productivity software, e-mail clients, and PIMs they use. I’d never seen the appeal of web apps in the attention light before, but it makes perfect sense. The dark side to this is that we have to hope that the web app provider is doing backups and is appropriately subpoena-proof.

Only it turns out there’s no such thing as subpoena-proof. As the EFF pointed out when Google announced a version of Google Toolbar that would upload your documents to the Google servers “to enable searching from any of the user’s computers”, your data held by ISPs is subject to different laws than your data on your computers. Data on your PC needs a search warrant to be accessed, and so can’t be roped into civil cases. Data on your ISP needs only a subpoena (a lower barrier), which civil cases may be able to get. And what is a web app but an ISP in the eyes of the law?

I like the EFF’s approach: we web developers should be campaigning for a correction of the laws. The more data we put online in the hands of web apps, the more important this lag between law and tech becomes and the more public our private data becomes. David Brin may get his Transparent Society in an unexpected way!