Does backing up data to the “cloud” actually put it in easier reach for law enforcement?
According to The Wall Street Journal, while encryption helps to keep a user’s data protected, as soon as this data is sent to the cloud, those same protections could quickly be undermined.
“The safest place to keep your data is on a device that you have next to you,” Marc Rotenberg, head of the Electronic Privacy Information Center, told WSJ. “You take a bit of a risk when you back up your device. Once you do, it’s on another server.”
The fact of the matter is that major cloud computing companies typically comply with court orders and search warrants requesting that data be turned over to law enforcement, whereas this data would be much more difficult to obtain if it was only available on a device.
“The movement to the cloud has created new privacy risks for users and businesses,” Rotenberg continued. “Encryption does offer the possibility of restoring those safeguards, but it has to be very strong and it has to be under the control of the user.”
Look no further than Apple’s ongoing battle with the FBI to prevent the agency from forcing it to create “backdoor” access to an iPhone device.
Last week, Apple CEO Tim Cook made it clear the company is prepared to fight the FBI’s request to gain access into the iPhone recovered from one of the shooters in the San Bernardino terrorist attack that took place last year.
In a statement on its website, Cook calls for public discussion and expresses the desire for Apple customers to know what is at stake if the information protected by its encryption is forced to be compromised.
While encryption and cloud computing can be described as two opposing trends, users are still encouraged by the companies running the software on their devices, like Apple and Google, to back up their data to the cloud, essentially making it more accessible when court orders from law enforcement come into play.
“Your phone is an incredibly intricate surveillance device. It knows everyone you talk to, where you are, where you live and where you work,” Bruce Schneier, CTO at cybersecurity firm Resilient Systems, explained to WSJ. “If you were required to carry one by law, you would rebel.”