Recently there’s been a lot of buzz about two events on the security/privacy frontier. In the first, researchers Pete Warden and Alasdair Allan discovered that the iPhone maintains a database, consolidated.db, that contains a table of cell sites and WiFi hotspots that the phone has seen. There was a large outcry and the press thought they had a big scandal on their hands: “Apple is secretly tracking their customers” they shouted. Politicians, of course, couldn’t resist a chance to pander and spoke darkly of “inquiries into the matter.”
The thing is, none of this was news. I remember reading about it a year ago and Apple produced an explanation at the time. Fortunately, the adults quickly asserted themselves largely calming everyone down. The aforementioned panderers are still demanding (yet another) explanation from Apple so doubtless we’ll hear more shortly but as things stand now, the whole kerfuffle is a non-event.
The second non-event didn’t get nearly as much press and the press it did get was mainly confined to the geeky corners of the Internet. Dropbox announced that, their privacy standards notwithstanding, they would provide a decrypted copy of your data to law enforcement authorities upon being served a warrant. This certainly isn’t a surprise; after all, one could hardly expect them to do otherwise. Like everyone else they have to obey the law. And really, no one thought they should do anything else. What caused all the fuss was the supposed admission that Dropbox could read your data.
You can sort of understand the consternation because Dropbox has always insisted that your data was encrypted and secure and that not even their employees could read it. But, really, if you’re not my Aunt Millie, what do you make of that statement? Even a moment’s thought tells you that it can’t be literally true. After all, they have to decrypt it to send it to you and the fact that you can read the data from their Web site tells you that they do decrypt it before they send it to you. So, “not even our employees can read it” can only mean that they have procedures in place to prevent unauthorized access to your data. In other words, their security guarantee is something along the lines of, “We encrypt your data so that if someone breaks into our servers they won’t be able to read it, and we have procedures in place to prevent our employees from accessing it.”
For most of us, most of the time, that’s probably good enough. Dropbox is a way of synchronizing computers, after all, and while no one wants their files being read by the world, the majority of what runs through Dropbox probably isn’t sensitive—more likely it’s boring and no one would bother to read it even if they could. Still, there are occasional sensitive documents with information in them that we definitely should protect: Social Security Numbers, bank account information, passwords, proprietary company data and the like. What should we do to protect that data if we’re uncomfortable with the default security from Dropbox?
One nice solution proposed by Russell Ballestrini is to turn your Dropbox into a TrueCrypt volume. Then your data is automatically encrypted and decrypted on your machines so it’s safe in the cloud no matter what Dropbox does. Unfortunately, as the comments to Ballestrini’s post make clear, there are problems with this approach and it probably won’t work for most people. In any event, it’s overkill because, as I said above, we usually aren’t passing around data that anyone but us cares about.
That leaves the occasional sensitive document and for those the answer is easy: simply encrypt them. If you’re using Emacs and deal primarily in text documents, as I do, you can make this basically transparent by using epa (EasyPG) as described here and here. If you use public key encryption and don’t encrypt the key on your computer, the process is absolutely transparent. Of course, not encrypting the key opens up a vulnerability and you would probably want to keep it encrypted at least on any portable computers.
If you regularly deal with non-text documents and the application associated with them doesn’t offer encryption (as OpenOffice, Word, and Pages do, for example) then you can use GnuPG, PGP, or a similar utility. That’s not as convenient of course, but it probably won’t be an everyday occurrence either.
The bottom line is that if you are going to put sensitive documents in the cloud, then it’s up to you to encrypt them. Depending on a third party to do it for you and then raising a fuss when it turns out they aren’t really secure just doesn’t cut it.