![]() ![]() There’s always a human being creating it. But those ‘Patriot Act worrying lawyers’ have one thing right - It’s the law, and not technology, that is going to solve this.Ĭloud-based, or application-based, protecting privacy is nearly impossible using any form of technology-forced solution. ![]() If a government, ours or another, really wants your client’s information, I don’t think I’ve got a ‘tin foil hat’ on in thinking that they’ll find a way. Some believe that using (or not using) a cloud company based on its server location will protect them. Lawyers are required to consider their client’s privacy, and in Canada, many worry about storing client files on web-services with their servers based in the United States. How can we be sure software providers haven’t created a backdoor? It happens. Web-based services will still be vulnerable via user passphrases and even if you step outside of the web-browser ecosystem, application software is no better. We hear so much talk about “encryption” being the answer but that’s only one part of the story. Here’s the unfortunate truth about internet privacy: we don’t have any. And if that door somehow locks, governments will lean on the companies themselves for ‘built-in’ access points. But is “file encryption” going to protect your data (or your client’s data) from government access? Even with bullet-proof encryption in place, user passphrases will be the next target. It’s hard to imagine most will exist in five years time without it. ![]() Will cloud companies move towards encrypted file storage? Probably. It wasn’t whether the company had encrypted its user’s files that became the weak spot, it was the login credentials, which the company was forced to capture and then turn over. It’s also likely not possible, at least for now… The CNET article interestingly identifies the Canadian company Hushmail, who have a pretty good reputation as a secure encrypted email and webmail provider but as is described in this 2007 Wired article, Hushmail was forced to turn over a user’s passphrase. It’s a nice idea - that users can encrypt files that the cloud-company cannot access and subsequently is unable to turnover to the government (or courts?) - but this seems like an “optics” play to me. One possible intention here being to restore user confidence in a post-Prism environment. If true, Google would be following the lead of services like SpiderOak and encrypting the files they store. According to CNET, Google may be experimenting with the encryption of files stored within its Drive service. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |