Magazine
Statement on Prism and the security of cloud services
![]() Because many providers prefer open cloud systems, you should always encrypt your data before transferring it to the cloud. The largest surveillance program in history has been monitoring user data from US internet companies for over six years. The whistleblower Edward Snowden, a former CIA technician, became a global figure when he revealed the existence of PRISM. PRISM is the most extensive internet surveillance program ever made public. Since 2007, this program has granted US authorities direct, real-time access to all data uploaded or modified by users on US-based social media, cloud, and email services. Alarmingly, American intelligence agencies are reportedly able to intercept even those thoughts that users type into Gmail or Facebook and then delete immediately. Meanwhile, then-US President Barack Obama defended these actions by claiming that US citizens were not being monitored—only everyone else on the planet. This justification leaves a bitter aftertaste, especially when considering the online services provided by Google, Microsoft, Facebook, Amazon, Oracle, Yahoo, and others. Data Is Stored Unencrypted in the CloudWhat many users do not realize is that most current cloud services store data unencrypted on their servers. Initially, I also assumed that established companies such as Microsoft and Google would encrypt documents stored on their online platforms. However, this assumption quickly proved false when I examined the “Fritz Box” network router and its integration with major cloud storage providers. My goal was to determine whether it would be possible to connect our own cloud backup service to the Fritz Box. During my analysis of how other cloud services connect to the Fritz Box, it became clear that user-specific data encryption—meaning encryption based on a password defined by the user—does not occur with today’s mainstream cloud services. While cloud providers may encrypt data, they do so using keys generated and managed by themselves. This means that the provider, its developers, system administrators, and any employees with access to the storage infrastructure can view your data in plain text at any time. This also explains how data can be transmitted live to authorities when requested. In my experience, most cloud providers prioritize interoperability and system compatibility over the data privacy of individual users. As a Swiss company, however, we have always placed the highest priority on user data protection. Because our backup cloud encrypts all data using the user’s own encryption password, we cannot simply link our cloud to the Fritz Box or similar systems. Doing so would require extensive modifications to third-party systems and could potentially compromise the entire data protection model. The advantage of our approach: Service providers using our cloud storage technology only ever see encrypted data—no employee or authority can decrypt this information with current technology. We would like to hear from you: When it comes to cloud storage, do you prefer maximum interoperability or uncompromising data protection? Share your thoughts in the comments below. Tips for Secure Cloud Storage UsageIf you already use Google Drive or OneDrive to back up your data online, do not simply copy and paste your files to the cloud. Instead, use a dedicated backup solution such as Langmeier Backup Business or Langmeier Backup Server, which encrypts your data with your personal password before uploading it. By choosing the Langmeier Backup default setting AES 256-bit as the encryption algorithm, you can be confident that even the most advanced intelligence agencies will not be able to decrypt your data. Look it up further: Cloud backup, Langmeier Backup Related articlesThis is how important data backup is in real lifeFAT32 or NTFS? Which format is better for backups? The importance of image backups and emergency media: your savior in times of need This article covers the topics:Langmeier Backup Software |
|