> building tools for governments to mass-export data based on their queries
While I can totally imagine that governments would mass-export data, and I don’t doubt your friends claim, I can also imagine more innocent interpretation of this work.
I once worked on a large company’s GDPR data-export project. It was a large enough company that it also had a dedicated team to handle legal requests regularly from government(s). GDPR exporting needs to work “at scale” for all accounts, without human-in-the-loop work, and without causing any load issues to running services. The same system also handled legal requests, where the legal team could get an export for a user (almost) identically to the process of a user getting their own data. The legal team had tools set up to work with warrants, subpoenas and similar (internationally) legal data requests from courts and law enforcement. It looks like a “mass export” system, because it was, but it wasn’t used in “bulk requests” from the legal system.
Yes, I can imagine a benign use of this technology, but past behavior and the PR dishonesty have given me no reason to prefer the most benign interpretation over the most profitable interpretation.
If however they said something more authentic like "We export data in all these cases, in all these countries, and it's never more than .01% of users in a given country, and it never includes freedom-of-speech crimes, and ..." or something then maybe I'd be inclined to consider that.
While I can totally imagine that governments would mass-export data, and I don’t doubt your friends claim, I can also imagine more innocent interpretation of this work.
I once worked on a large company’s GDPR data-export project. It was a large enough company that it also had a dedicated team to handle legal requests regularly from government(s). GDPR exporting needs to work “at scale” for all accounts, without human-in-the-loop work, and without causing any load issues to running services. The same system also handled legal requests, where the legal team could get an export for a user (almost) identically to the process of a user getting their own data. The legal team had tools set up to work with warrants, subpoenas and similar (internationally) legal data requests from courts and law enforcement. It looks like a “mass export” system, because it was, but it wasn’t used in “bulk requests” from the legal system.