When you tell a friend a secret, you trust that they can responsibly own that information. You know that your friend won’t give away your secret today, tomorrow, next year, or in 10 years. You know this because you trust their character. Character is not volatile- you can generally count on it.
But, when you trust a company to hold your secrets, what are you relying on? What is the character of a company that makes it worthy of your trust? Unlike an individual, the character of a company can change over time. CEOs come and go. Economic success can wane. Political pressures can ease or tighten. Laws are written. Public sentiment changes. How can you know that the company you trust your password, profile, credit card number, email, contacts, etc will not change over time? You can’t.
Online service providers (companies) are aggregators of secrets. In order to pry a secret away from your trusted friend, the government would need it badly – they’d be specifically looking for you and talking to your friend. This is costly and takes effort. But, when large companies like Yahoo and MSN can hold lots of secrets, the desire by the government (or hackers) to tap into that pool of secrets is much much higher. Worse, the executives that control the companies are not required to protect your information. They don’t know you – and they never personally promised you anything. Behind layers of legalese, EULAs, privacy policies and lawyers, they can reasonably justify that giving away your secrets was the right thing to do. And the reasons for giving the information away may be based on laws that haven’t even been written yet. Or laws written in countries you’ve never even traveled to.
Lastly, data never forgets. Unlike your friend, who forgets, or can at least credibly say, “I don’t remember”, companies that collect data have no such fallback. If it’s on a disk or a tape, anywhere, it cannot be ignored. Ever. If someone interrogated your friend, he could provide context about the secret which could significantly change the value of the secret. But, when taking data from a company, context around that data may or may not be there. Who will provide the context to explain your secrets? Nobody.