The Limits of Cloud Encryption

Revelations of National Security Agency snooping on email and other internet traffic has inspired long-overdue concern about privacy and security–and set off a wave of opportunistic announcements of encrypted services. Adding encryption is a good thing, but you have to understand what it can and cannot do. and what the newly announced services definitely cannot do is keep the government’s eyes off your data.

There are two fundamentally different problems: Protecting data in transit and in storage (sometimes called in flight and at rest in technical literature.) These are subject to different technical requirements and different legal protections–in general, data in transit are better protected.

In-transit protection. There’s no excuse for not encrypting all sensitive data in transit. There are standard protocols for it: Secure socket layer (SSL), transport layer security (TLS), and the more secure Perfect Forward Security. Transactions with Web sites involving any sort of personal data should use secure HHTP (HTTPS); if you use a mail client such as Outlook, Mac Mail, or Thunderbird, you should choose encrypted transport under server settings (Microsoft Exchange mail is encrypted by default.) If your mail provider doesn’t support encryptions in transit, seriously, get a new one.

In-transit encryption is what most providers offer. Some also encrypt mail stored on their servers, but there’s a catch. The government–and sometimes private parties in a lawsuit–can demand that the stored mail be decrypted and, with proper authority, the mail service provider has no choice but to comply.

When can the government look? Exactly what sort of authority the federal government needs, a major issue in the NSA revelations, is not entirely clear. Normally, the government would need a court order for mail less than 18 moths old, but a mere administrative subpoena for anything older. (Why the distinction? Because that’s what the 1986 Electronic Communications Privacy Act says.) It was the realization that they could not defy government orders that apparently led Lavabit and SilentCircle to shut down their secure mail services.

It is possible to encrypt email traffic from end to end, but the difficulty makes it seriously impractical. To do it, you have to find a way to get a key to everyone you want to be able to read a message. There are ways to do this using public key encryption, but they are far from easy to implement and far from convenient to use, so almost no one does it. And even if you encrypt message data from end to end, you have to leave header information exposed or the mail system will be unable to deliver your messages–and this metadata can reveal a great deal.

Cloud shortcomings. Automatic encryption of information stored on cloud servers, as recently promoted by Google and Amazon suffers the same shortcoming as encrypting stored mail. The service provider has the keys, and can be forced to give them up. This sort of encryption is still a very good idea; if done properly, it is very effective at protecting your data from intruders or other prying eyes. But it won’t work against an adversary with a court order.

The only way to get complete protection of data stored in the cloud is to encrypt it yourself before sending it to the cloud, and keep the keys in your possession. It’s not the most convenient thing in the world and if you lose the keys you are sunk,  but there are standard software packages that will do the heavy lifting.




Published by

Steve Wildstrom

Steve Wildstrom is veteran technology reporter, writer, and analyst based in the Washington, D.C. area. He created and wrote BusinessWeek’s Technology & You column for 15 years. Since leaving BusinessWeek in the fall of 2009, he has written his own blog, Wildstrom on Tech and has contributed to corporate blogs, including those of Cisco and AMD and also consults for major technology companies.

10 thoughts on “The Limits of Cloud Encryption”

  1. The cloud is great, but I think I’d rather have my own private server/cloud that doesn’t cost me anything to store data, I just store it on my own drives.

  2. The biggest flaw in any system, is not the system itself, rather the one that uses it.

    there is no such thing as the perfect encryption

    Regardless of the type of system you are using, if the government wants to have access to your private data, there is nothing one can do to stop them.

    All the privacy issues that people are talking about these days are a waste of time, the only way to protect yourself on the Internet, is to avoid being on the internet period.

    those who love to complain about privacy are often the first to post anything about their live on Facebook

    I rather a company like Google or Amazon store my data in the cloud rather than creating a private server that any low level Hacker in China can easily decrypt

    1. If you can protect the keys and if the encryption is properly implemented, readily available techniques can keep your data secret from anyone including, to the best knowledge of experts in the field, the government. No successful attack has been discovered against the Advanced Encryption Standard and it would take centuries to brute-force decrypt a single AES-256 message. Is it possible that NSA has either discovered an attack on AES that is orders of magnitude more efficient than brute force or that it has orders of magnitude more computing capability than believed? Yes, but not likely. Even then, content would have to be of very high value to justify the effort of decrypting it.

      So, no, it is not impossible to protect content stored on the internet. It’s not even all that difficult. The big exception is email. The moral: Find another way to communicate, or use end-to-end encryption, for all its difficulties, on truly sensitive mail.

      1. technically speaking, I agree to some extent, but as i said early
        Users are more often than not the biggest flaw of any security system,
        they are often the one who either steal the data locally or provide access to a Hacker without knowing it. hence there is no system in the world that can protect someone from its shortcoming

        1. It’s sadly true that there is no way to make any system foolproof, as the supply of fools always exceeds the defenses against them. It just wanted to make the point that at the technical level, security is possible.

  3. I couldn’t agree with Steve more. Companies are rapidly adopting the cloud but are increasing looking for ways to overcome data privacy, security and regulatory compliance risks. There are number of solutions out there that are providing the ability to encrypt the data before it ever leaves a company’s network while also preserving the usability and functionality of the cloud application. Great interview with Marc Andreessen addressing this trend.

Leave a Reply

Your email address will not be published. Required fields are marked *