September 28, 2010

FBI Wants Your SpiderOak Data; North Korean Hackers Steeple Fingers in Anticipation

by with 22 comments

The FBI is again looking to circumvent cryptography to expand their wiretapping capabilities. They want to require that all service providers (like SpiderOak) give them a back door to encrypted communications. To be clear, we have not, nor will we ever, give third parties access to your private data. It so undermines the very core of what SpiderOak believes in, that we would sooner go to jail than comply with such an odious requirement.

Such a provision would put us on a short list. Several countries currently have laws that require decryption keys to be produced on court order, but I could find only one country that requires plaintext access on demand: Iran[1]. Not even China, a country often cited for its severly restricted freedom of speech, has such a requirement.

Aside from the obvious Orwellian issues, there’s a simple technical argument against crypto backdoors: Any cryptographic system that can be broken, even if it’s only by one person, is not secure. It wholly defeats the point of cryptography. Any backdoor made available to the FBI might be found by people with less noble intent, rendering the encryption moot. A lot of our daily life depends on crypto — would you trust your bank knowing that there was a hole in their security just waiting to be found?

And yes, we have a passionate interest in security because it’s our business. If this becomes law, it will terribly pervert or destroy SpiderOak, but ultimately, this is about you. It’s your data we have here, and we want to protect it. Help us help you by raising awareness and contacting lawmakers to make sure this doesn’t get any further.

[1] Crypto Law Survey

Comments
  1. how about instead of trying to scare people into using tour software, you spend more time fixing it instead.

  2. @undecideable:

    We're not trying to scare anybody into using our software here. The core to our business is that data kept with us is as secure as possible. We're trying to whip up support so that people using our service for the privacy it provides can continue using it with that same expectation of privacy. If the FBI gets their way, our service would either be illegal from noncompliance, or fundamentally, un-fixably broken from compliance.

  3. … and if a federal law demands all providers to open a back door or they (porividers) are forced to close the service?

  4. @ Carlos: If this provision does pass, we will not comply as it does go against the very foundation of SpiderOak. I am not sure what the repercussions might be and it may mean that we have to move to another country as our base of operations. We will of course keep on top of all developments and be sure not to jump to conclusions too early as I don't believe this will materialize into law.

  5. Interesting take. Reminds me of the ISP days of late with Carnivore (I worked with MindSpring when they told the feds to piss off). I'm with you all. As a small business owner, I've already stated to friends, family and customers that I will close my business if certain legislation is not REMOVED from current law due to the Riders on the Health Bill. If I can't protect myself from the government, I won't be able to provide the best possible service to my customers.

  6. Hats off to you guys, after reading this post, you will be a customer for life. I can't stand the over bearing, over zealous gov't disguising all their prying eyes in the name of national security. What a joke. They would say its worth spending 50 Billion dollars to get intel, when the 50 Billion would have better 250 million lives in dollars put to better use in our own lives!

    SEan
    http://www.thejumpstarter.com

  7. I'm confident that my files are secure at your facility. Perhaps a redundant storage area would satisfy customers that want to use your company as their complete backup solution.

  8. I had to laugh at the writer's whimsical inference that there could be a "people with less noble intent" than the FBI anywhere on this planet — if you consider their well-documented history of terrorism, frame-ups and murder against inhabitants of the U$A alone, it seems highly unlikely. Does 'CoIntelPro' ring a bell?

    Anyhow, always keep up the good fight!

  9. Why not just let the end-user optionally create their own key (like Crashplan does) and not worry about any "court order" forcing you to release your decryption keys?

  10. An inevitable eventuality is that to the extent private citizens know the government WANTS to surveil their communication, the citizens must assume the government actually DOES. The question is, can the free community run a test of the government, sort of like the Midway Island water shortage? It is rule by fear. After all, Droid DOES.

  11. @LD spideroak client already does make the encryption key on the client machine, you lose the password etc there is no way to access your data.

  12. Someone mention NSA man ! If goverments wants a backdoor then I would also like to have a backdoor to the Nsa servers !

  13. Every body admits that today's life seems to be very expensive, however some people need cash for different things and not every man earns enough money. Therefore to receive some personal loans or consolidation loans will be a correct way out.

  14. Really this behavior annoys me, why do government deps are always trying to poke their noses into everything, haven't they got enough shit to mess around? I am a professional and a user to SpiderOak, use it for professional porpoise, leave us alone, stop this form of the so called Terrorism let us IT Pro's alone, and leave the service providers alone, people like SpiderOak who cant b controlled are always a threat to these and other shitheads.
    Keep up the good work SpiderOak Team.

  15. Let me know how SWCS Systems can help. We are firm believers of SpiderOak. Keep us posted: admin[at]siliconwolves[dot]net.