Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lockbox Aims To NSA-Proof the Cloud

Posted by Soulskill on from the but-can-you-NSA-proof-yourself dept.

Daniel_Stuckey writes "Lockbox, a tech startup founded in 2008, just received $2.5 million in seed funding for its end-to-end encryption cloud service, Client Portal. So, how does end-to-end cloud encryption work? Lockbox encrypts and compresses files before they are uploaded to the cloud. Only a person in possession of the corresponding key can unlock, or decrypt, the files. This means that the NSA, malicious hackers, business competitors, and even crazy girlfriends and boyfriends won't be be able to peer into users' most sensitive and private files."

16 of 292 comments (clear)

  1. I like the idea by bondsbw · · Score: 5, Insightful

    But I prefer that my encryption tool and my cloud storage service be completely separate. (How do I know Lockbox isn't sending the keys to the NSA, or whoever?)

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    1. Re:I like the idea by Garridan · · Score: 5, Insightful

      Yup. It's only secure as your OS, and the NSA pwns that. Always airgap your private key, or it's theirs.

    2. Re:I like the idea by JWSmythe · · Score: 4, Insightful

      A friend of mine offered that kind of service quite a few years ago.

      It was a backup service. The user had the key. It was encrypted on the user's site, and only encrypted data sent up to the server.

      It's not novel. It's a slashvertisment. {sigh}

      --
      Serious? Seriousness is well above my pay grade.
    3. Re:I like the idea by mysidia · · Score: 5, Insightful

      It would defeat the point. You can probably safely assume they are not sending them right now.

      The problem is: in the future, when more than 2 people start using their service --- the chance gets higher and higher over time, that NSA agents will descend upon them, and provide a legal order requiring they insert backdoors into their service, or protocol, or otherwise: provide the NSA with the resources required to get at the content, AND requiring they tell nobody.

      In other words : No US-based cloud service can really fight the NSA; unless they are prepared to shutter the service and go to jail for the cause, which is not likely.

      An overseas service is even better for the NSA getting a better chance at capturing the data -- because the things that are legal for them to do expand; gathering intelligence on overseas communications falls within their government mandate; and the techniques they employ could espionage, infiltration into the organization providing the service; and include compromise of computer systems and implanting malware bugs.

    4. Re:I like the idea by 0111+1110 · · Score: 5, Insightful

      I don't think an overseas service is better for the NSA. They don't have to even pretend to have ethical or legal constraints, but they are limited by international politics. They are stuck asking for cooperation. Or trying to bribe the right people. Within the US they have the full force of the US government behind them and can simply put uncooperative people in jail.

      Nevertheless things have reached a point where you might get idealogically motivated people starting anti-NSA encryption systems and there isn't much the NSA can do against someone willing to risk prison or flee the country or shut down their entire company rather than deal with the devil. The NSA and the government in general are used to dealing with people who are easily controlled with nothing more than money.

      But, yeah, the NSA can at least shut down pretty much any US based centralized system intended to fight them. Outside of North America and Western Europe it's a different story though. They don't have any legal power to shut down anything over there.

      --
      Quite an experience to live in fear, isn't it? That's what it is to be a slave.
    5. Re:I like the idea by Zemran · · Score: 3, Insightful

      If you go outside of North America and Western Europe, the NSA have big wallets and a bribe is more likely to work. You may think that somewhere like Venezuela hates the US enough to allow a business like this but I guarantee that the average sys admin in Venezuela could be bought for a few hundred. I would opt for a European country with more a sensible legal system like Switzerland. It will take years for the NSA to get in and the fight would be public. I know that they got into the banks but we all knew about it long before they got there. There are still other option with more effective privacy options and zero corruption but outside of Europe you know they are easily bought.

      --
      I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
    6. Re:I like the idea by vux984 · · Score: 4, Insightful

      In other words : No US-based cloud service can really fight the NSA;

      The key to fighting the NSA is to provide a completely transparent API.

      And then rely on 3rd parties to deliver software that uses the API.

      Even if the NSA knows that I have account with the cloud service, they don't know what client I use, (and even if i do, the client is on my equipment not "service based" there is no easy target to send a gag order too.

      Essentially, dropbox, skydrive etc are all perfectly suitable cloud services.

      What we need is them to do isopen them up wide open to 3rd party client development.

    7. Re:I like the idea by Andtalath · · Score: 5, Insightful

      Tpb was raided due to a threat from USA regarding an embargo towards Sweden.

      So, well, if bloody Hollywood can put that type of pressure on a country, I believe a branch of the government can as well.

    8. Re:I like the idea by Joce640k · · Score: 4, Insightful

      What's to stop me encrypting my files then putting them on normal dropbox?

      --
      No sig today...
    9. Re:I like the idea by Zontar+The+Mindless · · Score: 4, Insightful

      Thank goodness most of those chips are made in China!

      --
      Il n'y a pas de Planet B.
    10. Re:I like the idea by Luckyo · · Score: 4, Insightful

      You misunderstand. Hollywood is the propaganda arm of US government. As a result, while it does enjoy significant protection of US government as to enable it to perform its task (financially self-sustainable domestic and international propaganda), it most certainly does not command US government beyond its ability to influence the puppets, otherwise known as politicians in the same way that other similar agencies can influence the same puppets.

      It still has to combat all the other agencies, and in that game agencies like NSA and CIA hold much stronger cards as they have blackmail material on everyone, as well as ability to simply remove people they do not want.

    11. Re:I like the idea by RespekMyAthorati · · Score: 4, Insightful

      How about having a separate computer, not on the internet, that does the encryption?

  2. Great idea but... by Zemran · · Score: 3, Insightful

    ...based in California - cannot trust the security... ...UK - what is security? ...Australia - the FBI asked us nicely...

    --
    I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
  3. If only the hardware wasn't already compromised by ReallyEvilCanine · · Score: 4, Insightful

    Without known-secure hardware and and OS to run it, all the fucking encryption in the world don't mean squat. And before the fanbois scream, "Lunix is Teh Shiznit Seckyoor!" remember that you have to know the compiler is safe as well (*cough*Ken*Thompson*cough*).

  4. Re:Obligatory 5 dollar wrench. by jamesh · · Score: 3, Insightful

    With the recent "revelations" (they're not), it would be obvious that xkcd was pretty far off the mark here. The NSA is engaging in a far-reaching fishing expedition that is not practical to conduct with wrenches.

    But on the other hand if their "far-reaching fishing expedition" doesn't give them the information they want, and they want it badly enough, a wrench always works.

  5. Need to close their US office by bradley13 · · Score: 4, Insightful

    Seriously. If they want to be taken seriously as offering a service proof against the NSA, they need to not be an American company and to not have any physical US operations. Otherwise a secret FISA order (e.g., issue a client update that sends the encryption keys along with the next batch of data), and their customers are screwed.

    No cloud service (or any other service) in the US can be trusted.

    --
    Enjoy life! This is not a dress rehearsal.