(The original article was published in
The Wall Street Journals on 17.07.2014)
Edward
Snowden singled out cloud-storage provider Dropbox for lacking security
measures he says would protect users from government snooping. He then plugged
smaller competitor SpiderOak, which he says does.
In
an interview the former National Security Agency contractor said Dropbox is
“hostile to privacy” because it controls the encryption keys, making it capable
of handing over user data stored on its servers to the government.
He
also fixated on the startup’s hiring of former Secretary of State Condoleezza
Rice as a board member, though it’s not clear she has any role in shaping the
company’s privacy policy.
“Safeguarding
our users’ information is a top priority at Dropbox,” a Dropbox spokeswoman
said in an email. “We’ve made a commitment in our privacy policy to resist
broad government requests, and are fighting to change laws so that fundamental
privacy protections are in place for users around the world.”
But
Snowden said users should instead use SpiderOak, a storage startup which takes
extra security measures such as not storing users’ passwords. That makes it
difficult for the government to access any user data, even with a court order.
More
than a year after he leaked classified documents on the U.S. National Security
Agency’s programs to monitor phone calls, email and other communications,
Snowden is urging tech companies to adopt stronger methods of privacy
protection. Some of the documents he leaked helped sway Internet giants like
Google and Yahoo to encrypt data passing between their servers and sparked a
wave of startup innovation in the field of secure mobile messaging.
In
cloud storage, as with other online services, adding greater privacy requires
tradeoffs that could compromise ease of use or commercial viability for tech
companies focused on making money.
Both
Dropbox and its storage rival Box already encrypt data “in transit” between
servers and while it’s “at rest” on their servers. But neither goes the extra
step of SpiderOak, one of a handful of companies pitching cloud storage that is
“subpoena-proof,” meant as a deterrent against the National Security Agency and
other spy teams.
Here’s
how it works: SpiderOak has users encrypt data on their machines – before they
send it to the company’s servers. The company maintains it keeps no readable
version of users’ passwords or data.
The
plus side: If a government asks SpiderOak for your data, all it can give them
is a scramble of numbers and letters. The down side: If you forget your
password, SpiderOak has no way of resetting it for you. (Users are allowed to
leave hints with the company.)
Both
Box and Dropbox have weighed the option of letting customers control their own
encryption keys. If they do, it’s possible users who take that option would
lose some features, like password reset.
SpiderOak,
based in the Chicago suburbs, is small even by tech startup standards. It is
“just now approaching 1 million” users and counts 42 employees, said chief
executive Ethan Oberman, 38 years old. He declined to say how much money
SpiderOak has raised since it was founded in 2007. Most of its investors are based
in Chicago, he said.
Oberman
said he may seek to change that after Thursday’s Snowden plug. “Our market expanded today,” he said.
“Anytime your market expands you need some additional capital to go out and
reach the market.”
Oberman
said he has never spoken with the NSA leaker and didn’t ask for the endorsement
directly or through intermediaries. He is however connected in privacy-tech
circles and SpiderOak cosponsored an anti-NSA tech conference in San Francisco
this year.
0 comments:
Post a Comment