As a political statement it has power, that is one aspect I definitely agree with. However, I don't think it's a security measure, and in fact could decrease security.
You make a good point that encrypted data is retained longer by the NSA, and even domestic encrypted communication is kept without any nexus to an international person of interest or 50% confidence that at least one party is not a US citizen. But as we know well, the encryption is the absolute last thing which is going to fail or be broken independent of some other action.
NSA can fill their hard drives with all the cipher text they want. If that ciphertext ever somehow becomes valuable on its own -- for example, without getting a warrant for the key - then the crypto-apocalypse has arrived and the whole discussion about which data center the server runs in is completely pointless.
We haven't seen any Snowden leaks indicating NSA is walking into US data centers without a warrant and busting servers. On the other hand, their entire modus operandi is to do exactly that overseas. Wait, or is that the CIA... Generally speaking, if you have something they really want and it's on a US server, you get agents at the door with warrants. If you have something they really want and it's on a non-US server, they just hack or steal the damn server.
See my earlier reply about the Google packet sniffing, done only for data which left the US as far as we know. There would be a much stronger case that such packet interception was illegal and unconstitutional under current US law if it was happening to traffic running within US only WANs.
By the way, there's nothing you can do if the service provider decides to just accept the warrant and provide the data, regardless of where the server is colocated, which is why I think self-hosted SaaS is so important. You might not be able to stop them getting the data, but if it's on your server, you probably will know they have taken it, or otherwise you'll have a great case to argue in front of the Supreme Court (as in, an EFF pro bono spectacle, not necessarily that you will prevail).
The people that put these surveillance systems in place don't give two fucks about the economic impact, and the people that do consider the economic impact aren't invited to the meetings.
tl;dr People should be really screaming mad angry about what the US government is doing, but foot shooting is perhaps exactly the response they are looking for.
You make a good point that encrypted data is retained longer by the NSA, and even domestic encrypted communication is kept without any nexus to an international person of interest or 50% confidence that at least one party is not a US citizen. But as we know well, the encryption is the absolute last thing which is going to fail or be broken independent of some other action.
NSA can fill their hard drives with all the cipher text they want. If that ciphertext ever somehow becomes valuable on its own -- for example, without getting a warrant for the key - then the crypto-apocalypse has arrived and the whole discussion about which data center the server runs in is completely pointless.
We haven't seen any Snowden leaks indicating NSA is walking into US data centers without a warrant and busting servers. On the other hand, their entire modus operandi is to do exactly that overseas. Wait, or is that the CIA... Generally speaking, if you have something they really want and it's on a US server, you get agents at the door with warrants. If you have something they really want and it's on a non-US server, they just hack or steal the damn server.
See my earlier reply about the Google packet sniffing, done only for data which left the US as far as we know. There would be a much stronger case that such packet interception was illegal and unconstitutional under current US law if it was happening to traffic running within US only WANs.
By the way, there's nothing you can do if the service provider decides to just accept the warrant and provide the data, regardless of where the server is colocated, which is why I think self-hosted SaaS is so important. You might not be able to stop them getting the data, but if it's on your server, you probably will know they have taken it, or otherwise you'll have a great case to argue in front of the Supreme Court (as in, an EFF pro bono spectacle, not necessarily that you will prevail).
The people that put these surveillance systems in place don't give two fucks about the economic impact, and the people that do consider the economic impact aren't invited to the meetings.
tl;dr People should be really screaming mad angry about what the US government is doing, but foot shooting is perhaps exactly the response they are looking for.