Most Recent Posts

Index of Older Posts


Privacy and Cloud Storage: The Keys are the Key!

Cloud storage is almost ubiquitous now. Services like Dropbox, Sugar Sync, and Google Drive generally do a good job of keeping files synchronized across computers, iOS, and Android devices. Most services also offer excellent security for your files while they are being transported to and from the cloud storage, but what happens to your flies while they sit on the cloud storage servers?  And do you care?

Let’s use Dropbox as the example, since most of us use them. The connection between your computer and the Dropbox servers uses SSL, and is secure. Once on the drop box servers, they encrypt your data using 256 bit AES (very good). However, who holds the keys, and what they can do with them?

But first, what is a key?  A key is often kept in a small file, or on your “key ring,” and is a string of characters representing, for example, a 256 bit AES key. A bit refers to a single binary unit of information – either 0 or 1; a string of 256 of them is a 256 bit key.  It’s easier to combine the 0 or 1 into alphanumeric characters which makes the string shorter and a little more human-friendly, so 64 hexadecimal characters equals 256 binary characters, or about 43 standard alphanumeric characters (yes, slight liberty taken here). You already have lots of keys on your computer!  They do things like authenticate you when making secure web connections.

Your data is encrypted using the key, and only the key can decrypt your data.  There are lots of variations, including multiple keys, but the basic principle is that if you have the key(s) you can read the data.  By the way, we often talk about keys pleural, as there may be more than one of them in many encryption schemes, but that’s another topic…

Almost every cloud storage provider, including Dropbox, creates and holds the keys. And remember, he/she who holds the keys to your encrypted files is the only one who can read them!  This means that Dropbox can decrypt your files, which is generally good thing, because you want them back.  And they need to decrypt them to do many useful things like share your files with someone else when you create a share or link.

However, it also means that employees at Dropbox are able to decrypt and view your files. They may need to do this, for example, if required by an authorized governmental agency such as the FBI or NSA, or if required by a subpoena for commercial purposes, such as during discovery in a lawsuit.  Dropbox has a reasonably good reputation for attempting to protect your information, and there is no reason to believe that they would share your data except if ordered to do so.  Unless they make a mistake and release it, as they have famously done in the past.  (To be fair, they have significantly upgraded their security since then.) Google does not have such a good reputation with privacy, and until very recently any Google employee could view virtually any email account or any file stored in Google Docs.  They too have improved their security recently, but only following Snowdon's revelations.

So what does this mean, and what would be an alternative?

First, as we noted, in order to provide things like web access to your data, it’s necessary for Dropbox to be able to decrypt your files.  There are some clever (and imperfect) solutions to this problem, but generally it’s much harder to implement sharing, links, and collaboration if the cloud provider doesn’t have your keys.  The whole purpose of services like Dropbox could be seen as sharing and collaboration.  Use of cloud storage while maintaining strict security for sensitive data is really a different business model (and there are, not surprisingly, a whole set of providers whose business is directed to satisfy this need).

Second, what are you storing on Dropbox, and what would happen if someone else got it?  If you are storing your grocery list, you don't care if anyone sees it.  My Dropbox contains many dozens of flying documents, lists of fuel prices, manuals, collections of radiology articles, and other publicly available and generally non-sensitive material.

But what if you are storing your tax return, or perhaps using Dropbox Business or Google Docs to keep your business documents and communication in a way that your employees can collaborate effectively?  Now, your company is hit with a lawsuit, and the other side subpoenas Dropbox or Google to release your files to them.  It happens.  And you and your company may have little control of the process.  Dropbox will be required to follow the appropriate procedures and may or may not notify you, the owner of the data, before releasing it.  Hmmm…. a little less pleasant.

I spoke with a couple of litigators, and they told me that they love when the other side uses email, texts, etc. as it’s a great trail for discovery.  And they hate it when their clients do it.  I’m not sure how many times cloud storage providers have been subpoenaed directly in tort actions, but it’s becoming more and more common.  By the way, if you use Google for your email, then it seems that all your Google Docs come with the “package” that Google releases in response to a court order for either.

Wouldn’t it be better if Dropbox or Google could say:  “Well, we can give you all the encrypted data that we have, but we are unable to decrypt it because we do not have the keys.”  This is why we, as consumers, might not want to have our cloud storage providers hold or have access to our keys. 

But would this be good business for Dropbox or Google?  NO!!  First, they wouldn’t be able to offer the incredibly useful services that they have, and second, your data would be at much greater risk of total, unrecoverable, loss.  This is because if you are the only one who holds the keys and you “loose” them, for whatever reason, then you are out of luck and your data is permanently lost.  Forever.  With no hope for recovery.  The cloud storage provider could not help you.  Really.  This is why being the keeper of the keys is such a big responsibility.  You need to ask yourself: “Am I more concerned with the possibility that my data could be subpoenaed, accidently released, or obtained by the NSA, or am I more concerned with the possibility that I could loose my keys?”  My view: the first rule is protect the data from loss.  Everything else is secondary. 

However, there are probably a few little items for each of us that would be uncomfortable, or worse, if they were to be disclosed.  To anybody.  So, I believe that most of us have need for two different systems or solutions for cloud storage:  one like Dropbox with great features, good security and very little chance of data loss, and a second solution where you, and only you, hold the keys to your cloud data and assume the responsibility for protecting the keys from loss.  Then you have two “shoe boxes” and you, the user, can make a decision based on the sensitivity of the information whether it can go on Dropbox, or needs the bit of extra protection of your “Secure Cloud” solution.

Next post will review the available options that I’ve tried, which ones I have found to work with my Mac-based system, and what my current solution is.  None are perfect.  We will also discuss how to find out who has the keys, and some special situations like those of us working in health care, finance, or law.




PrintView Printer Friendly Version

EmailEmail Article to Friend

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
« iOS Security: Incredibly good! | Main | Have your email and password been compromised? »