Monday, July 15, 2013

So, where do we go from here? The protection of our privacy must be a priority!

Tensions have somewhat subsided since the recent news about PRISM and Tempora rocked the globe. So, what’s next? Where do we go from here? Is this somewhat relaxed state truly a relaxed state? Or is it just the calm before the storm?

As we delve deeper into the labyrinth of data we find out there is a surprisingly large interest in corporate data, an interest level far greater than many would have ever imagined. But tell me, are we really surprised? Are we truly that na├»ve? Truth be told, at some point we all had that burning sensation in our stomachs; we all had that feeling that in some form or fashion we were being ‘observed’. Well, now it’s official! Yep! Right there in black and white! But what does this mean for us and our privacy? Should we throw away all we have worked for, trash years worth of technological developments and head back to the drawing board? I would think not.

The show must go on; the sprockets and the wheels must keep turning. In hindsight we can see where we went wrong; we can see where we put a false sense of hope and security for our privacy in the hands of wrong people; we can see where we did not take the time to be more aware and to better inform ourselves as to how our privacy is actually being protected. Let’s not make the same mistake twice. “Fool me once, shame on you; fool me twice, shame on me.”



Hacker



We like to share everything.

The ease and practicalities of easily sharing data and information with one another is steadily increasing. The main cause of this is because we, as people, like, and sometimes need, to communicate with each other. On the one hand, we are just social beings. On the other hand, we need our communicative skills for use in the world of business to promote the exchange of ideas, information, developments, solutions and to find ways of implementing all of these factors in a timely and efficient manner. This, in-turn, leads to mountains and mountains of data that other parties presumably have interest in and who, as we have now found out, are casually given access. At this point, “We like to share everything”, as described on www.dropboxpartners.com, is as much of a punch line as it is an advertising slogan, especially when it’s written in its terms of use that data will be released to security agencies. As written by the Guardian, “The NSA document indicates that it is planning to add Dropbox as a PRISM provider”. On top of that, why should the user feel safe and feel as if his/her privacy is protected when their data will supposedly be stored in an encrypted form by their provider who, incidentally, has the keys to decrypt their data? So whose data is it really when you don’t even have the keys to access your ‘own’ data? The provider owning the keys to your data interferes with your right to have access to the data at will.

Control is good. Integrated encryption is even better.

Given the current state of our digital privacy, one could also say that an end-user who only relies on an ‘encryption at rest’* approach is betting on the wrong horse. Eventually, the data will leave its storage location and be transmitted in an unencrypted form and without further security measures. Can you say, ‘disaster waiting to happen’? For this sole reason is why all end-users, companies and private users alike, trust and confidently rely on 100% end-to-end encryption. 100% end-to-end encryption provides the level of security needed to allow end-users to communicate and easily and confidently share private data with whomever they choose. This has been confirmed by the results of a recent survey. However, the truth of the matter is that not one single US-based provider can meet this requirement. At the moment, Wuala, from Switzerland, and TeamDrive, are the only companies able to provide this high level of security.

But, what does end-to-end encryption mean exactly? As the name states, the data are encrypted before leaving the user’s device**. This means that the data are transmitted to the server in an encrypted format and also reside on the server in an encrypted format. While the data are being transmitted back to the user’s device they remain in their encrypted state. The data are encrypted during their entire time away from the user’s device. Once the data returns to the user’s device it can only be accessed if the proper encryption keys are available and these reside with the user. Yes. The user is the only person with access keys to their data. There is no master key maintained by the service provider which means there is no way for them to decrypt the user’s data and allow access to them.

Legal space and trust are a key factor

What the above-mentioned survey also reveals is that the location in which the data are stored is of high importance. 92% of voters agree Europe is the safest and most trustworthy region worldwide to store data. America tallies up a measly 2% of the votes and weighs in behind Africa which managed to receive 4% of the votes.

With all that said, it is probably pretty clear which vendor should only come into question today. Right?

* The data is stored physically encrypted.
** With third party tools the data can also be stored in an encrypted form on the user’s device. The best way to ensure 100% security is to encrypt your data locally as well.