Dropbox and the NSA

I’ve written many, many, many, many times that if you are using Dropbox for private information that you don’t want others to have access to you better be encrypting it. And if you’re not, you have only yourself to blame when (not if) if it gets published on the Internet.

Now we learn that the US government is planning to add Dropbox to its Prism providers. As I write this there is some question as to what this means: are the providers willingly giving the NSA access to their users data or is the NSA intercepting the data outside of the providers’ servers. In the end, it doesn’t matter. You should assume that the US government has access to any data you store on Dropbox. If that data is securely encrypted, you are probably secure—at least if your encryption key isn’t passowrd—but if you’re depending on Dropbox to keep your secrets, you’re screwed. DON’T DO THAT!

If there’s anything we can learn from the Prism scandal it’s that you absolutely can’t store sensitive data in the cloud without encrypting it with STRONG crypto. I’m using Dropbox as an exemplar here but the same principals apply to any other cloud storage. Dropbox is probably one of the most reliable providers but even it is not immune to deep packet inspection of its traffic within the Internet nor warrants, no matter how specious.

This entry was posted in General and tagged . Bookmark the permalink.