Why you should encrypt your cloud files

A quick primer on how files are encrypted

When encrypting files, an ‘encryption key’ is created which is used to lock and unlock your data. The encryption key is just like your house key, you use it to lock and unlock your property so only those with the key can enter. The same is true with your encrypted files, those that have a copy of the encryption key can read all your data, and those that don’t, cannot.

In the case of most cloud backup providers, they automatically create and store your encryption keys so when you want to read or edit a file, your cloud provider will use the stored encryption key to unlock it before you open the file for reading or editing.

The privacy of your cloud files

So now we know your cloud provider has the keys to your data and you do not. Question is, Is that a problem for me and my privacy and if so, why? First, let me share a small section from Drobox terms of service:

3) to enforce our Terms of Service and Acceptable Use Policy. Access to users’ file content is limited to a small number of people. We have strict policy and technical access controls that prohibit access to file content except in these rare circumstances.

If it isn’t immediately obvious why this is a problem, let me share an example of a Google reading customer files, then banning the customer based on the content of their files.

A Dad Took Photos of His Naked Toddler for the Doctor. Google Flagged Him as a Criminal.

As a dad myself, I can tell you I have loads of pictures of the kids in the bath, playing in the paddling pool during those rare hot days and just having fun. The thought of losing access to those files and my digital world based on an algorithm is a scary prospect. To be clear, the fight against any exploitation is laudable and I fully support that fight, but there is a balance which right now is not being met.

So, to answer the question above, yes, you absolutely should be concerned about the privacy and the safety of your files.

It’s not just images that are causing customers to lose access to their files, some other examples include copyright infringement, political preferences, confidential information, hate speech and many other restrictions. All of which are defined and decided upon by your cloud provider who are both the judge and jury and will ban you if you’re on the wrong end of these policies.

But wait, there’s more. Governments around the world really dislike encryption and often push companies to put in backdoors for surveillance and law enforcement. Proof in point:

Like most major online services, Dropbox personnel will, on rare occasions, need to access users’ file content (1) when legally required to do so.

So, there’s that to consider too.

Taking control of your cloud data

What if you own the key to your data?

When you own the encryption key, it’s impossible for your cloud provider to scan, read or analyse your files because they’re encrypted with your key, and they don’t have a copy. When you know the encryption key and your cloud provider does not, it’s known as zero-knowledge encryption.

In simple terms, zero-knowledge encryption means only you can access your files, everyone else, including your cloud provider, is blocked. So, on those rare occasions when your cloud provider attempts to peek inside your files, access will be denied.

How do you gain the key to your cloud files?

Simple. Use client-side encryption, or in other words, you encrypt your files locally before they ever reach the cloud. When using client-side encryption, you provide the password (encryption key) which is used to encrypt your files, your encrypted files are then safely uploaded to your cloud provider where they have zero-knowledge of the encryption key and blocked from peeking inside your files.

Sounds complicated, right?

Not at all. There’s plenty client-side encryption Apps out there which can encrypt your cloud data seamlessly and efficiently. They come in all shapes and sizes from free to paid, so there’s something out there for you.