Would Cloud Storage Be More Secure if We Held Our Own Encryption Keys?

The Citizen's Guide to the Future
April 3 2014 4:45 PM

Would Cloud Storage Be More Secure if We Held Our Own Encryption Keys?

keys
You would have to keep track of which key unlocked which data.

Photo by Shutterstock.

A company can encrypt customer data at all times, but if served with a subpoena, it still has to hand that info over to the government. In an attempt to address this issue, Aaron Levie, CEO of the popular cloud storage service Box, is mulling the idea of giving encryption keys to Box's customers. That way, Box would have access only to unintelligible data.

Levie talked about the plan on Tuesday at the InformationWeek Conference in Las Vegas. He said:

If you gave the encryption key to your collaborators, you could absolutely encrypt data before it goes to Box and then your collaborator could decrypt that data as they download it. We would then never have the unencrypted data in the process. The challenge, of course, is most average business people and enterprises are not going to go through that experience because our differentiation as a company is to take security and combine it with a very simple user experience around working with information.
Advertisement

Basically, what he's saying is that encrypting and decrypting on the user side would make it trickier to use Box, which is designed for ease of use. For most customers, this trade-off probably wouldn't be worth it. But enterprise customers who prize security might be thrilled to hold their own encryption keys.

This is not a new idea for Levie or the wider data security community, though Box would be implementing it on a particularly large scale. Last September, Levie told Ars Technica, "We are exploring ways that in the future our customer would be responsible for its keys, and that's something we may make available to some of the largest organizations." Back then he didn't want to provide a solid timeframe, but now he is talking about offering such a service by the end of the year.

Similar services include WatchDox, a company similar to Box that has a little-known option for users to control their own encryption keys, and CipherCloud, a third-party service that works with Box to provide encryption options to the user. But even with some competitors out there, Box could still have a major impact on the space—if it hits the right balance of security and usability. The average individual (mom or not) probably won't be able to, or want to, manage their own encryption keys any time soon. But the more the technology is developed on the enterprise scale, the easier it will be to see whether mainstream customers want it.

But honestly, how can you not trust your data to a company whose CEO has a high jump like this?

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Politics

Blacks Don’t Have a Corporal Punishment Problem

Americans do. But when blacks exhibit the same behaviors as others, it becomes part of a greater black pathology. 

I Bought the Huge iPhone. I’m Already Thinking of Returning It.

Scotland Is Just the Beginning. Expect More Political Earthquakes in Europe.

Lifetime Didn’t Think the Steubenville Rape Case Was Dramatic Enough

So they added a little self-immolation.

Two Damn Good, Very Different Movies About Soldiers Returning From War

Medical Examiner

The Most Terrifying Thing About Ebola 

The disease threatens humanity by preying on humanity.

Students Aren’t Going to College Football Games as Much Anymore, and Schools Are Getting Worried

The Good Wife Is Cynical, Thrilling, and Grown-Up. It’s Also TV’s Best Drama.

  News & Politics
Weigel
Sept. 19 2014 9:15 PM Chris Christie, Better Than Ever
  Business
Moneybox
Sept. 19 2014 6:35 PM Pabst Blue Ribbon is Being Sold to the Russians, Was So Over Anyway
  Life
Inside Higher Ed
Sept. 19 2014 1:34 PM Empty Seats, Fewer Donors? College football isn’t attracting the audience it used to.
  Double X
The XX Factor
Sept. 19 2014 4:58 PM Steubenville Gets the Lifetime Treatment (And a Cheerleader Erupts Into Flames)
  Slate Plus
Slate Picks
Sept. 19 2014 12:00 PM What Happened at Slate This Week? The Slatest editor tells us to read well-informed skepticism, media criticism, and more.
  Arts
Brow Beat
Sept. 19 2014 4:48 PM You Should Be Listening to Sbtrkt
  Technology
Future Tense
Sept. 19 2014 6:31 PM The One Big Problem With the Enormous New iPhone
  Health & Science
Medical Examiner
Sept. 19 2014 5:09 PM Did America Get Fat by Drinking Diet Soda?   A high-profile study points the finger at artificial sweeteners.
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.