Would Cloud Storage Be More Secure if We Held Our Own Encryption Keys?

Future Tense
The Citizen's Guide to the Future
April 3 2014 4:45 PM

Would Cloud Storage Be More Secure if We Held Our Own Encryption Keys?

keys
You would have to keep track of which key unlocked which data.

Photo by Shutterstock.

A company can encrypt customer data at all times, but if served with a subpoena, it still has to hand that info over to the government. In an attempt to address this issue, Aaron Levie, CEO of the popular cloud storage service Box, is mulling the idea of giving encryption keys to Box's customers. That way, Box would have access only to unintelligible data.

Levie talked about the plan on Tuesday at the InformationWeek Conference in Las Vegas. He said:

If you gave the encryption key to your collaborators, you could absolutely encrypt data before it goes to Box and then your collaborator could decrypt that data as they download it. We would then never have the unencrypted data in the process. The challenge, of course, is most average business people and enterprises are not going to go through that experience because our differentiation as a company is to take security and combine it with a very simple user experience around working with information.
Advertisement

Basically, what he's saying is that encrypting and decrypting on the user side would make it trickier to use Box, which is designed for ease of use. For most customers, this trade-off probably wouldn't be worth it. But enterprise customers who prize security might be thrilled to hold their own encryption keys.

This is not a new idea for Levie or the wider data security community, though Box would be implementing it on a particularly large scale. Last September, Levie told Ars Technica, "We are exploring ways that in the future our customer would be responsible for its keys, and that's something we may make available to some of the largest organizations." Back then he didn't want to provide a solid timeframe, but now he is talking about offering such a service by the end of the year.

Similar services include WatchDox, a company similar to Box that has a little-known option for users to control their own encryption keys, and CipherCloud, a third-party service that works with Box to provide encryption options to the user. But even with some competitors out there, Box could still have a major impact on the space—if it hits the right balance of security and usability. The average individual (mom or not) probably won't be able to, or want to, manage their own encryption keys any time soon. But the more the technology is developed on the enterprise scale, the easier it will be to see whether mainstream customers want it.

But honestly, how can you not trust your data to a company whose CEO has a high jump like this?

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Politics

The Irritating Confidante

John Dickerson on Ben Bradlee’s fascinating relationship with John F. Kennedy.

My Father Invented Social Networking at a Girls’ Reform School in the 1930s

Renée Zellweger’s New Face Is Too Real

Sleater-Kinney Was Once America’s Best Rock Band

Can it be again?

The All The President’s Men Scene That Captured Ben Bradlee

Medical Examiner

Is It Better to Be a Hero Like Batman?

Or an altruist like Bruce Wayne?

Technology

Driving in Circles

The autonomous Google car may never actually happen.

The World’s Human Rights Violators Are Signatories on the World’s Human Rights Treaties

How Punctual Are Germans?

  News & Politics
Politics
Oct. 22 2014 12:44 AM We Need More Ben Bradlees His relationship with John F. Kennedy shows what’s missing from today’s Washington journalism.
  Business
Moneybox
Oct. 21 2014 5:57 PM Soda and Fries Have Lost Their Charm for Both Consumers and Investors
  Life
The Vault
Oct. 21 2014 2:23 PM A Data-Packed Map of American Immigration in 1903
  Double X
The XX Factor
Oct. 21 2014 3:03 PM Renée Zellweger’s New Face Is Too Real
  Slate Plus
Behind the Scenes
Oct. 21 2014 1:02 PM Where Are Slate Plus Members From? This Weird Cartogram Explains. A weird-looking cartogram of Slate Plus memberships by state.
  Arts
Brow Beat
Oct. 21 2014 9:42 PM The All The President’s Men Scene That Perfectly Captured Ben Bradlee’s Genius
  Technology
Technology
Oct. 21 2014 11:44 PM Driving in Circles The autonomous Google car may never actually happen.
  Health & Science
Climate Desk
Oct. 21 2014 11:53 AM Taking Research for Granted Texas Republican Lamar Smith continues his crusade against independence in science.
  Sports
Sports Nut
Oct. 20 2014 5:09 PM Keepaway, on Three. Ready—Break! On his record-breaking touchdown pass, Peyton Manning couldn’t even leave the celebration to chance.