September 6, 2012

The Marriage & Separation of PRIVACY and SECURITY

by with 3 comments

We’re finding that lot of people aren’t aware of the difference between privacy and security. And for good reason. It can be confusing. They are, after all, so closely linked and equal in importance – you have to have them both.

Think of it like this:

You hope and expect that your bank is SECURE. You expect that no one else can access your account, access your money, and take advantage of your data and assets. It is also critical to the bank’s existence and business that they take the highest security measures to make sure your money and information is safe.

But a bank IS NOT private – they can see your information, how much money is in your account, and can alter information (sans say a Swiss bank account). There is a lot of expectation around trust in this capacity.

PRIVACY is more so the safety deposit box you keep at the bank. Only you have the key. It is not only kept secure, at the bank’s location, through their elaborate measures to give you that assurance, but it is also PRIVATE. You are the only one who can see the contents of the box. (Remember the scene in the Bourne Identity, when Jason Bourne goes to the bank to get his black security box? He gets the key, the box, takes it to a room, closes the curtain, and opens it. Alone, with privacy and security as his allies, he is able to access his gun, passports and money. Look out world!)

Here’s another example: A toilet in a glass room with a bolt lock on it. It is secure. But definitely not private.

One last example: You write in a journal, and hide it in your underwear drawer. It is private, or at least this is your intent, as it holds your own personal thoughts, opinions, or experiences. But it might not be secure. All it takes is a nosy sibling to seek it out, or stumble across it. Like that, your privacy is compromised.

All of this to say, in today’s ever-increasing tech-saturated society, your files, data, and information is more exposed than ever before. We believe it is important that you know what different sites and products you use are doing with your data, or at least have access to that transparency.

Just as you probably desire to use a bathroom NOT in a glass room, know only you can access your safety deposit box at the bank, and that your journal will stay private, so we work to uphold and respect this need. We work to offer you a completely private storage, sync, and share environment. We work to offer you the peace of mind that comes with knowing that only YOU have access to all of your files and data, no one at SpiderOak can see it (we call this our Zero-Knowledge privacy standard). This is our highest priority.

Since the inception of our product, we have worked to marry privacy and security for YOUR complete benefit and peace of mind. The whole reason SpiderOak was created was because there was a need for a private, central repository where we, where you, could safely store all of (y)our data.

“Privacy is not a feature to tack onto a list,” said Ethan Oberman, SpiderOak CEO. “It is very much a part of how you build and structure your product from its inception. We’ve taken this integrated approach in a zero-knowledge environment.”

How would YOU explain the difference between privacy and security? Leave us your analogy in the comments below.

  1. Privacy is the ability to select who you want to have access to what data.

    Security is the technical means you employ to make this ability unalienable.

  2. Heh, in a way strange to think about privacy and security as being so alike when they appear to be more like opposites in the media.

    It depends on what angle you're like at from; from a purely "secure access" perspective, then I would agree, but let's remember security is also about control, prevention of crime and tracing the perpetrators – this is where security and privacy become opposites.

    For example the US governments spying on their citizens via NSA, the German governments creating Trojans to gain back door access (can we please call this anti-anti-security or something) to god knows what end-users/servers/all of the above? And the various data retention laws forced upon ISPs in for example Australia. All in the name of security. And this was just a few mentions, if security and privacy are brothers they're more like Mario and Wario (are they brothers? Probably a distant cousin? Well, you get the point) instead of Mario and Luigi.

  3. This is BS. You, Spideroak, are just like the rest of your customers (who don't know the difference between security and privacy)!!!
    Safety deposit box is NOT private. Govement CAN, DID and DOES look into the contents of the Safey deposit box when need arise. And guess what, the bank has a spare key to it too. Surprise, surprise!
    So you are either playing with words or as dumb as the rest of us.