Would Cloud Storage Be More Secure if We Held Our Own Encryption Keys?

The Citizen's Guide to the Future
April 3 2014 4:45 PM

Would Cloud Storage Be More Secure if We Held Our Own Encryption Keys?

keys
You would have to keep track of which key unlocked which data.

Photo by Shutterstock.

A company can encrypt customer data at all times, but if served with a subpoena, it still has to hand that info over to the government. In an attempt to address this issue, Aaron Levie, CEO of the popular cloud storage service Box, is mulling the idea of giving encryption keys to Box's customers. That way, Box would have access only to unintelligible data.

Levie talked about the plan on Tuesday at the InformationWeek Conference in Las Vegas. He said:

If you gave the encryption key to your collaborators, you could absolutely encrypt data before it goes to Box and then your collaborator could decrypt that data as they download it. We would then never have the unencrypted data in the process. The challenge, of course, is most average business people and enterprises are not going to go through that experience because our differentiation as a company is to take security and combine it with a very simple user experience around working with information.
Advertisement

Basically, what he's saying is that encrypting and decrypting on the user side would make it trickier to use Box, which is designed for ease of use. For most customers, this trade-off probably wouldn't be worth it. But enterprise customers who prize security might be thrilled to hold their own encryption keys.

This is not a new idea for Levie or the wider data security community, though Box would be implementing it on a particularly large scale. Last September, Levie told Ars Technica, "We are exploring ways that in the future our customer would be responsible for its keys, and that's something we may make available to some of the largest organizations." Back then he didn't want to provide a solid timeframe, but now he is talking about offering such a service by the end of the year.

Similar services include WatchDox, a company similar to Box that has a little-known option for users to control their own encryption keys, and CipherCloud, a third-party service that works with Box to provide encryption options to the user. But even with some competitors out there, Box could still have a major impact on the space—if it hits the right balance of security and usability. The average individual (mom or not) probably won't be able to, or want to, manage their own encryption keys any time soon. But the more the technology is developed on the enterprise scale, the easier it will be to see whether mainstream customers want it.

But honestly, how can you not trust your data to a company whose CEO has a high jump like this?

Future Tense is a partnership of SlateNew America, and Arizona State University.

Lily Hay Newman is lead blogger for Future Tense.

TODAY IN SLATE

Politics

Meet the New Bosses

How the Republicans would run the Senate.

The U.S. Is So, So Far Behind Europe on Clean Energy

The Government Is Giving Millions of Dollars in Electric-Car Subsidies to the Wrong Drivers

The Best Thing About the People’s Climate March in NYC

Friends Was the Last Purely Pleasurable Sitcom

The Eye

This Whimsical Driverless Car Imagines Transportation in 2059

Medical Examiner

Did America Get Fat by Drinking Diet Soda?  

A high-profile study points the finger at artificial sweeteners.

A Woman Who Escaped the Extreme Babymaking Christian Fundamentalism of Quiverfull

John Oliver Debunks the Miss America Pageant’s Claim That It Gives Out $45 Million in Scholarships

Trending News Channel
Sept. 20 2014 11:13 AM Watch Flashes of Lightning Created in a Lab  
  News & Politics
Over There
Sept. 22 2014 1:29 PM “That’s Called Jim Crow” Philip Gourevitch on America’s hypocritical interventions in Africa.
  Business
Moneybox
Sept. 22 2014 1:37 PM Subprime Loans Are Back! And believe it or not, that’s a good thing.
  Life
Lexicon Valley
Sept. 22 2014 1:22 PM Is Arabic Really Just One Language? 
  Double X
The XX Factor
Sept. 22 2014 12:29 PM Escaping the Extreme Christian Fundamentalism of "Quiverfull"
  Slate Plus
Slate Plus
Sept. 22 2014 1:52 PM Tell Us What You Think About Slate Plus Help us improve our new membership program.
  Arts
Television
Sept. 22 2014 2:12 PM Crusader, Sans Cape The superhero trappings of Gotham are just a clever disguise.
  Technology
Future Tense
Sept. 22 2014 12:14 PM Family Court Rules That You Can Serve Someone With Legal Papers Over Facebook
  Health & Science
Science
Sept. 22 2014 12:15 PM The Changing Face of Climate Change Will the leaders of the People’s Climate March now lead the movement?
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.