No, Your Data Isn't Secure in the Cloud

While online data storage services claim your data is encrypted, there are no guarantees. With recent revelations that the federal government taps into Internet search engines, email and cloud service providers, any myth about data "privacy" on the Internet has been busted.

By Lucas Mearian
Tue, August 13, 2013

Computerworld

cloud data security
While online data storage services claim your data is encrypted, there are no guarantees. With recent revelations that the federal government taps into Internet search engines, email and cloud service providers, any myth about data "privacy" on the Internet has been busted.

Experts say there's simply no way to ever be completely sure your data will remain secure once you've moved it to the cloud.

"You have no way of knowing. You can't trust anybody. Everybody is lying to you," Security expert Bruce Schneier said. "How do you know which platform to trust? They could even be lying because the U.S. Government has forced them to."

While providers of email, chat, social network and cloud services often claim -- even in their service agreements -- that the data they store is encrypted and private, most often they hold the keys, not you. That means a rogue employee or any government "legally" requesting encryption keys can decrypt and see your data.

Even when service providers say only customers can generate and maintain their own encryption keys, Schneier said there's no way to be sure others won't be able to gain access.

For example, Apple's SMS/MMS-like communications platform, iMessage, claims both voice and text is encrypted and can't be heard or seen by third parties. "But, since [the] product [is] not open source, there's no way for us to know how it works," said Dan Auerbach, a staff technologist with the Electronic Frontier Foundation (EFF). "It seems because of the way it works on functionality, they do have a way to access it. The same goes for iCloud."

Freedom of Information Act requests by the American Civil Liberties Union (ACLU) revealed earlier this year that the U.S. government claims the right to read personal online data without warrants.

"It is the case everywhere in the world that governments seem to believe that if data is recorded and available, they should be able to access it," said Jay Heiser, an analyst with research firm Gartner. "It's not unique to the U.S., although the United States brags about it to a unique degree."

Besides "metadata" (data that describes your data), that the government has now admitted to collecting on, well, everybody, Google, Microsoft, Yahoo and other Internet giants have been handing over data for years in response to government requests.

Google regularly gets requests from governments and courts around the world to hand over user data. Last year, it said it received 21,389 government requests for information affecting 33,634 user accounts. And, 66% of the time, Google provided at least some data in response.

Continue Reading

Originally published on www.computerworld.com. Click here to read the original story.
Our Commenting Policies