The revelations over the last few days of the extent of the United States National Security Agencies PRISM program might have many people thinking hard about who it is safe to keep your data with in the cloud. Since it appears many services have been named as working with the NSA on data collection including many cloud services that you might trust to hold your data private. The list includes: Facebook, Google, Apple, Microsoft, Yahoo, Dropbox, Paltalk and AOL. While all of them have denied giving the NSA direct access to their users information it might be a matter of semantics about what direct access means. Whether the NSA has direct access or a private secure portal server where data is deposited by companies does it really make much difference in how the NSA obtains their information since the process is all done in a secret court with no hope of appeal.
Aside from the official replies from the above companies there have been a few other cloud storage and backup companies that have made official replies. Realizing that this type of snooping by the NSA could impact the ability for people to trust them with their private data.
IDrive was the first to come out with an official statement on June 7, 2013 reminding people that
“With our 256-bit encryption along with the additional Private Key encryption, nobody, not even the government, can see your data.”
Backblaze had a blog post on June 9, 2013 stating:
- Backblaze has not participated in PRISM.
- Backblaze has not been asked by the NSA (or any other government agency) to provide any information on any of our customers.
Moreover, as opposed to the data that you may have with Facebook, Google, Microsoft, and some of the “Current Providers”, customer data that is backed up by Backblaze is encrypted on the customer‚Äôs computer before being backed up.
SpiderOak published a blog post on June 12, 2013 stating:
I can say definitively that our users‚Äô data is encrypted client-side, uploaded, and stored in its fully encrypted state which means we are never able to view plaintext user content under any circumstances. In short, PRISM would be wholly and entirely useless in the SpiderOak context.
To Note: We also have yet to even be contacted by any agency regarding the program ‚Äì surely a result of our ‚Äòzero-knowledge‚Äô privacy environment. After all, encrypted data is rather useless for conducting data mining activity.
EMC/Mozy replied to an email I sent them on June 13, 2013 stating the following:
Similar to every other global enterprise, EMC and its subsidiaries review lawful requests for specific information and respond appropriately as required under the law. Neither our business processes nor our technology solutions are designed — nor do we intend to modify them — to enable open access to customer information by third parties not specifically authorized by the customer.
Mozy offers customers the option of selecting their own personal key to encrypt their data to military standards, which they, and only they, have access to. As Mozy is not able to decrypt this data without the key, customers can be confident that their data is protected in the event of any legitimate access request.
Unofficially, MEGA founder Kim Dotcom has been having a field day with the leaks and information on his Twitter account but there is no official statement on the MEGA website or blog.
CONFIRMED: NSA storing & analyzing ALL Internet traffic incl. Skype, iCloud, Gmail, calls & SMS. It’s time for real PROTEST.
— Kim Dotcom (@KimDotcom) June 6, 2013
If more responses by cloud storage and backup services come out I will post them here.
This latest incursion into our basic human rights of privacy highlights once again how important it is to keep not only our data safely backup up but also to keep that data safely encrypted. With that in mind it is always a good thing to look at services that offer the ability to use a private encryption key and to take advantage of that added security. I did a post in February on private encryption keys and the companies that I know of that offer that higher level of security.
Without repeating that entire post the list of companies that offer a private encryption key option are:
It will be interesting to see if any changes come about due to this leak about PRISM and the NSA. Certainly it seems as though the NSA has over stepped their bounds by collecting massive amounts of data on US citizens.
Have to wonder if the Enemy of the State movie has become real.
What are your thoughts on this whole NSA PRISM leak?