Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lockbox Aims To NSA-Proof the Cloud

Posted by Soulskill on from the but-can-you-NSA-proof-yourself dept.

Daniel_Stuckey writes "Lockbox, a tech startup founded in 2008, just received $2.5 million in seed funding for its end-to-end encryption cloud service, Client Portal. So, how does end-to-end cloud encryption work? Lockbox encrypts and compresses files before they are uploaded to the cloud. Only a person in possession of the corresponding key can unlock, or decrypt, the files. This means that the NSA, malicious hackers, business competitors, and even crazy girlfriends and boyfriends won't be be able to peer into users' most sensitive and private files."

8 of 292 comments (clear)

  1. I like the idea by bondsbw · · Score: 5, Insightful

    But I prefer that my encryption tool and my cloud storage service be completely separate. (How do I know Lockbox isn't sending the keys to the NSA, or whoever?)

    --
    All my liberal friends think I'm a conservative, all my conservative friends think I'm a liberal.
    1. Re:I like the idea by Garridan · · Score: 5, Insightful

      Yup. It's only secure as your OS, and the NSA pwns that. Always airgap your private key, or it's theirs.

    2. Re:I like the idea by mysidia · · Score: 5, Insightful

      It would defeat the point. You can probably safely assume they are not sending them right now.

      The problem is: in the future, when more than 2 people start using their service --- the chance gets higher and higher over time, that NSA agents will descend upon them, and provide a legal order requiring they insert backdoors into their service, or protocol, or otherwise: provide the NSA with the resources required to get at the content, AND requiring they tell nobody.

      In other words : No US-based cloud service can really fight the NSA; unless they are prepared to shutter the service and go to jail for the cause, which is not likely.

      An overseas service is even better for the NSA getting a better chance at capturing the data -- because the things that are legal for them to do expand; gathering intelligence on overseas communications falls within their government mandate; and the techniques they employ could espionage, infiltration into the organization providing the service; and include compromise of computer systems and implanting malware bugs.

    3. Re:I like the idea by 0111+1110 · · Score: 5, Insightful

      I don't think an overseas service is better for the NSA. They don't have to even pretend to have ethical or legal constraints, but they are limited by international politics. They are stuck asking for cooperation. Or trying to bribe the right people. Within the US they have the full force of the US government behind them and can simply put uncooperative people in jail.

      Nevertheless things have reached a point where you might get idealogically motivated people starting anti-NSA encryption systems and there isn't much the NSA can do against someone willing to risk prison or flee the country or shut down their entire company rather than deal with the devil. The NSA and the government in general are used to dealing with people who are easily controlled with nothing more than money.

      But, yeah, the NSA can at least shut down pretty much any US based centralized system intended to fight them. Outside of North America and Western Europe it's a different story though. They don't have any legal power to shut down anything over there.

      --
      Quite an experience to live in fear, isn't it? That's what it is to be a slave.
    4. Re:I like the idea by Andtalath · · Score: 5, Insightful

      Tpb was raided due to a threat from USA regarding an embargo towards Sweden.

      So, well, if bloody Hollywood can put that type of pressure on a country, I believe a branch of the government can as well.

    5. Re:I like the idea by Anonymous Coward · · Score: 5, Interesting

      Tarsnap should also be mentioned in this context. It's a business started by Colin Percival, noted cryptographer and BSD developer. The client is 100% open source and runs on your machine. When Colin developed Tarsnap he found existing key derivation functions lacking, so he developed his own memory hard scrypt, which has found wide applications in other areas.

      The major problem with "encrypted cloud" solutions is that encryption severely limits what can be done in the cloud. You can basically do encrypted file storage. You can't run virus or spam filters on your data, you can't index it and search it etc. So all the useful features we have in a Gmail session need to awkwardly and inefficiently be re-implemented on the client side.

      The providers have very little incentive to do this and transform ad supported free services into paid ones (since data mining no longer works, ad revenue drops dramatically). While I would love encrypted email for everyone, it just won't happen for economic reasons. The NSA affair will be quickly forgotten and people will return to business as usual.

    6. Re:I like the idea by TheRaven64 · · Score: 5, Interesting

      Full homomorphic encryption is really hard. Homomorphic encryption allows you to encrypt your data, do some computation on the result, and then perform some operation on the output to get the same result as doing the operation on the unencrypted data. Current solutions are at least a factor of 1000 slower than doing it on unencrypted data, but that's only for general case. There are ways of encrypting data that preserve certain properties so you can, for example, perform simple database operations on it in the encrypted form and only interpret the results if you hold the keys. The down side of these approaches is that they increase the size (effectively doubling it for every primitive operation that you want to support), but with storage becoming cheap they may become interesting...

      --
      I am TheRaven on Soylent News
    7. Re:I like the idea by Zimluura · · Score: 5, Funny

      tinfoil hats used to be a fashion choice. now they're a necessity.