Today’s Cyber Reality Raises Questions; Is It Safe Yet?
The statements shown below came today in email from an online digital storage service called Dropbox which I have used only to an extremely small degree. I found the terms interesting for what they do not say and for the aspirations expressly stated, more than what they say on the surface. On balance the Dropbox statements leave me wondering about many questions. For example, what are the laws (North American, Euro, Asian, South American, African, etc.) that provide for privacy and how might they be improved?
Do you wonder as I do about privacy, government intrusion with or without legal authority, and protection of innocent users? What might you and I do to act more defensively or wisely in today’s cyber reality? Or am I foolishly worried about nothing?
Dropbox’s Government Data Requests Principles
We understand that when you entrust us with your digital life, you expect us to keep your stuff safe. Like most online services, we sometimes receive requests from governments seeking information about our users. These principles describe how we deal with the requests we receive and how we’ll work to try to change the laws to make them more protective of your privacy.
Be transparent: Online services should be allowed to report the exact number of government data requests received, the number of accounts affected by those requests, and the laws used to justify the requests. We’ll continue to advocate for the right to provide this important information. Learn more.
Fight blanket requests: Government data requests should be limited to specific people and investigations. We’ll resist requests directed to large groups of people or that seek information unrelated to a specific investigation. Learn more.
Protect all users: Laws authorizing governments to request user data from online services shouldn’t treat people differently based on their citizenship or where they live. We’ll work hard to reform these laws. Learn more.
Provide trusted services: Governments should never install backdoors into online services or compromise infrastructure to obtain user data. We’ll continue to work to protect our systems and to change laws to make it clear that this type of activity is illegal. Learn more.
You can make it safe all by yourself: Encrypt the data locally with the strongest encryption you can install, may be based on elliptic curve cryptography, put it into a protected archive and upload that. As long as nobody gets your private key the effort it takes to crack the encryption of the data should be high enough.
Of course in the end nothing is really safe because [url=http://xkcd.com/538/]this special “decryption” method[/url] works in almost 100% of all cases …
Just a thought, QuHno, but wouldn’t encrypting your data for cloud storage raise flags? That is… if you’re going to the effort of “hiding” your “stuff”, does that make your stuff more desirable? I’m asking because frankly, I don’t know the answer.
Maybe it would, may be not. There is more to create a signature than just watching if someone saves his data encrypted in an online storage. The encrypted data alone is only one of many factors, some others might be posting in suspicious blogs and forums that are not under the same jurisdiction than that of those who do the profiling, like e.g. Iceland (:D) or making phone calls or trips to certain countries, move suspicious amounts of money from A to B etc. pp. or something like posting “We are going to destroy the USA during our vacation” on Twitter (It happened. Some British teenagers, or early twens, don’t know exactly, posted that and were promptly denied entry to the USA for life. British English is not American English, the correct translation would have been: “We are going to party that hard that Spring-Break in Florida will look like a church meeting”. While this case was funny for outsiders who read about it in the news, non-intelligent profiling can lead to asinine and sometimes even life threatening results. )
On the other hand encrypting the data could also indicate that someone just wants to prevent the real threat of data theft by cyber-criminals (which of course would always be my official reason for doing so if someone should ask me. Evil hackers who want to steal my holiday photos are lurking behind every corner, you know 😉 )
Another point here, if you do not encrypt your holiday photos, recipes, notes to self, to-do lists, you will surely put thousands out of work at the TLAs.
On am ore serious note Dropbox was alresdy compromised… so I’m not sure it’s a service I’d be willing to use.
I have been considering [b]wuala[/b] (http://www.wuala.com/) but have not decided. I am also considering just building my own file server.