While online data storage services claim your data is encrypted, there
are no guarantees. With recent revelations that the federal government
taps into the files of Internet search engines, email and cloud service
providers, any myth about data "privacy" on the Internet has been
busted.
Experts say there's simply no way to ever be completely sure your data will remain secure once you've moved it to the cloud.
"You have no way of knowing. You can't trust anybody. Everybody is lying to you," said security expert Bruce Schneier. "How do you know which platform to trust? They could even be lying because the U.S. government has forced them to."
While providers of email, chat, social network and cloud services often claim -- even in their service agreements -- that the data they store is encrypted and private, most often they -- not you -- are the ones who hold the keys. That means a rogue employee or any government "legally" requesting encryption keys can decrypt and see your data.
Even when service providers say only customers can generate and maintain their own encryption keys, Schneier said there's no way to be sure others won't be able to gain access.
For example, Apple's SMS/MMS-like communications platform, iMessage, claims both voice and text are encrypted and can't be heard or seen by third parties. But because the product isn't open source, "there's no way for us to know how it works," said Dan Auerbach, a staff technologist with the Electronic Frontier Foundation (EFF). "It seems because of the way it works on functionality, they do have a way to access it. The same goes for iCloud."
Note EU-Digest: The Cloud services are also offered to European Internet users. Given that the storage data banks of Google, and Apple for Cloud and other similar systems are kept in the US by American companies, and consequently fall under US jurisdiction, it probably would not be a good idea for EU citizens and businesses to store sensitive material on these data bank services.
Read more: No, your data isn't secure in the cloud | Computerworld
Experts say there's simply no way to ever be completely sure your data will remain secure once you've moved it to the cloud.
"You have no way of knowing. You can't trust anybody. Everybody is lying to you," said security expert Bruce Schneier. "How do you know which platform to trust? They could even be lying because the U.S. government has forced them to."
While providers of email, chat, social network and cloud services often claim -- even in their service agreements -- that the data they store is encrypted and private, most often they -- not you -- are the ones who hold the keys. That means a rogue employee or any government "legally" requesting encryption keys can decrypt and see your data.
Even when service providers say only customers can generate and maintain their own encryption keys, Schneier said there's no way to be sure others won't be able to gain access.
For example, Apple's SMS/MMS-like communications platform, iMessage, claims both voice and text are encrypted and can't be heard or seen by third parties. But because the product isn't open source, "there's no way for us to know how it works," said Dan Auerbach, a staff technologist with the Electronic Frontier Foundation (EFF). "It seems because of the way it works on functionality, they do have a way to access it. The same goes for iCloud."
Note EU-Digest: The Cloud services are also offered to European Internet users. Given that the storage data banks of Google, and Apple for Cloud and other similar systems are kept in the US by American companies, and consequently fall under US jurisdiction, it probably would not be a good idea for EU citizens and businesses to store sensitive material on these data bank services.
Read more: No, your data isn't secure in the cloud | Computerworld
No comments:
Post a Comment