Snowden Advocates Customer Data Encryption
Edward Snowden shared his views on the security shortcomings of consumer file sync and share and the cloud during an interview with The Guardian.
22 July 2014
Last week, Whistleblower Edward Snowden singled out Dropbox’s file sync and share (FSS) service as being inadequate to protect its customers from warrentless government snooping.
Snowden, 31, made the statement during a wide-ranging interview with the U.K.-based newspaper The Guardian. Given Dropbox is primarily a consumer FSS provider, Snowden’s assertion may not exactly come as a shock to some of us. But Snowden went a bit over the top, claiming (without concrete evidence) Dropbox was downright “hostile to privacy.”
Dropbox doesn’t exactly concur. “Safeguarding our users’ information is a top priority at Dropbox,” a company representative stated to the Wall Street Journal, via email.
(For those you who are interested, Snowden’s comments on the cloud and Dropbox can be viewed on the video clip embedded on the page carrying the interview — he starts at about the 7:20 mark. An edited transcript is available here.)
“Zero Knowledge” System Crucial for Cloud
Snowden covered plenty of topics of varying interest. Let’s say upfront that Mr. Snowden is a Rorschach test: civil liberties advocates see him as a patriot; others consider him a reckless criminal who has endangered national security. But whatever one thinks about Snowden, he raises some strong points about the cloud.
He noted that “unencrypted communications on the Internet are no longer safe. Any communications should be encrypted by default.” But despite all his assertions about governmental spying, the cloud market isn’t dead, he admits. However, for cloud vendors to be trusted and “truly successful,” they must offer a “zero knowledge” system. In such a solution, the vendors host and process the content for the customer — “but they don’t actually know what it [the information] is.”
Snowden discusses a system where clients encrypt their content and data — and then gives them to the cloud vendor for safekeeping. This makes the data “subpoena-proof,” said the WSJ. Snowden says in such a system, the only way law enforcement could obtain the client information is to ask a judge to issue a warrant — and force the customer to turn over its data encryption keys. Only in this zero-knowledge way can vendors prove to the customers that they can be trusted with their information, says Snowden.
Customer Managed Keys Offer Extra Data Protection
It just so happens Intralinks believes customers should have the ultimate say in who gets to look at their data and information — on the cloud and elsewhere. To support this goal, Intralinks announced it will be providing customer managed keys (CMKs).
Want to read more about Intralinks’ CMKs strategy? Then please click here.
Marc Songini has worked in the information technology field for more than 16 years. His roles have included those of journalist, analyst, and marketing communications specialist. He admits that when he started out as a cub high tech reporter, Netscape was still rocking the industry with a wondrous new user interface called a “browser.” During his 10 years with International Data Group (IDG), Marc wrote for NetworkWorld and Computerworld, both award-winning magazines. Marc specializes in cloud, enterprise apps, and figuring out the meaning of being human in an automated world.