Tag Archives: PRISM

Privacy: The Year and the Word

You can imagine how tickled we were yesterday when Dictionary.com named ‘Privacy’ the word of the year. They wrote, “The discussion of privacy – what it is and what it isn’t – embodies the preeminent concerns of 2013.”

Word of the year

Not to toot our own horn but at the beginning of this year, our executives, marketing team and PR firm sat around a table and got very clear on our message. As a result, we released this on January, 28th, calling 2013 The Year of Privacy.

Of course we couldn’t predict the Snowden disclosures about the NSA surveillance, the Google Glass release, all the changes in privacy policies that got users in a tizzy, or the Snapchat snafu, but what we have known for some time now is privacy is the best form of security.

Check out this cool info-graphic on The Year in Privacy.

Privacy in a digital world is not easy and it certainly poses some interesting challenges and contradictions. Look no further than the immediate criticism Dictionary.com received due to naming ‘Privacy’ the word of the year…

“Today, just visiting the homepage of Dictionary.com sets 90 cookies and replicating the method from the Wall Street Journal investigation (including reading the blogpost on ‘privacy’ being the word of the day) yields 198 cookies, according to The Washington Post’s research.” — Click here to read more.

As we look to 2014, it is our mission to continue protecting our users’ privacy, developing more ‘Zero-Knowledge’ cloud technologies, and pushing privacy further and further into the web.

Happy holidays and cheers to privacy!

No Knowing November

No matter where you consume the news, there is no escaping the revelations continually coming out of PRISM and MUSCULAR and their impact around the globe. At its root, it uncovered a dangerous problem – privacy online is indeed threatened at every level.

Since its inception in 2007, SpiderOak has been focused on preserving our users’ privacy through the implementation of ‘Zero-Knowledge’ technologies – the privacy-first orientation that ensures the server never knows what data it is storing. How is this accomplished? By never storing the encryption keys and therefore never having plaintext access to the data. Ultimately, this is the only way to give ownership and control back to the user and – thus – ensure privacy throughout the process.

Back in January – when everyone was talking about the importance of security - we had the foresight to call 2013 the Year of Privacy. As we have seen, security only solves half of the problem. When a company retains the keys to the data, it also maintains the ability to access it. The access can then be used in a number of damaging ways as has been exposed back in June.

SpiderOak, Zero Knowledge, Privacy, No

Help us make this month NO KNOWING NOVEMBER by sharing this critical message on privacy through ‘No Knowing!’

WANT TO SHARE?

  • Promote privacy through #NoKnowing
  • Use any of our ‘No Knowing’ images

Privacy Roundup #6 of 2013

Summer is officially in full swing in the northern hemisphere. For us Americans that means a celebration of fireworks and cookouts and freedom. This year in particular we are thinking a little more about what ‘freedom’ means in the backdrop of PRISM and its impacts on our society.

It is a complicated issue for sure as we all want to live in a safe place – away from harm and terror. However, we also need to be fully aware of the costs and what we are willing to give up to achieve this safety. It is a dialogue that is finally entering the public discourse and one that we hope will continue in the weeks and months ahead.

This edition of the Privacy Roundup serves up a collection of the most interesting, eye opening and informational news pieces and blog posts on the topic of privacy and of course focus on the late breaking news around the growing Snowden/PRISM scandal:

The weekly quote for this roundup may have to be from “Cosmo” the lovable blind hacker from the 1992 movie “Sneakers” – “There’s a war out there, old friend. A world war. And it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think… it’s all about the information!”

As always, we hope you have a productive and private month ahead! Until next time…

Privacy VS. Security in a PRISM: The Important Difference

The events of these last many days certainly raise awareness around the integrity of data and the companies we entrust with it. Many of the articles and posts have poured over the impacts: the good, the bad, the necessity, the importance, the invasive, the threat, the martyr and so on. Given this dearth of commentary, I would like to spend some time writing about a finally emerging concept – privacy. And further – how privacy is substantially differentiated from security.

To begin, let’s review the definitions of these two words (according to Google):

Security – The state of being free from danger or threat

Privacy – The state or condition of being free from being observed or disturbed by other people

Of all the conversations and dialogue about PRISM, none have concentrated on the security measures in place at companies like Google, Facebook, Amazon, Apple, Verizon, and others. Why you might ask? Because this was not a breach of security. No one hacked into their systems. No one confiscated passwords. Rather – according to reports – these companies willingly complied. [Note: It would be appropriate to draw attention to NSA's security breach in light of Eric Snowden's ability to access and confiscate these documents.]

If the world were oriented around privacy, the ability for a 3rd party provider of web-based services (such as Google or Facebook or Dropbox or SpiderOak) to access the plaintext data is removed. In other words, privacy takes away the ability to access the data in a meaningful way such that it cannot be supplied to government agencies or stolen under the threat of hackers.

We are not now nor have we ever suggested that there isn’t a need for security; in fact, security is absolutely critical. And for many implementations of  various services, privacy is not applicable. However – in the world of conversation and creation of personally owned content from photos to chat to calls to spreadsheets to documents – privacy is absolutely a critical component that can be achieved.

My hope is that we – as a society – will now start asking the question: Why? Why do companies have access to my photos and documents and chat conversations? Is it a necessary part of the service they are offering? A convenience for me?If yes, what are these companies doing to keep my data private? And are there alternatives if I do want real privacy? From the NSA? From the company? From anyone?

This dialogue is critical and I am very glad to see the word ‘privacy’ start to weave its way into conversations. Further, that the public is being educated on the important difference between privacy and security and – hopefully – we all can start making choices accordingly.

For more information on this topic, please visit ZeroKnowledgePrivacy.org and/or watch the explainers below on Privacy VS. Security and the important role of the Privacy Policy .

Privacy Roundup: PRISM Special Edition

May has rolled into June and summer is fast approaching. Originally I had planned for this privacy update to be another collection of somewhat random links regarding the world of security and privacy. And then… We had Thursday. And then PRISM. And it seemed only right to gather as much information, opinion and material as possible around PRISM and make it available to our readers.

But what is PRISM?

This far in, all anyone can tell for sure is that PRISM is the name of a data collection model and technology solution that improves speed and simplicity in allowing NSA and possibly other US agencies to access user data from a large number of the worlds most popular online services. (Including Google, Skype, Microsoft, Facebook etc.)

It seems the program in itself actually does not introduce any new laws, or even break any current ones. What it does however is enables a more effective way for the NSA to request and receive private user data. And of course, this makes it ripe for speculation as to what this ‘new’ stream lined procurement process is being used for and how.

One of the most informative posts as to the model, use, and participants ironically enough comes from the NSA themselves (via Washington Post) and can be found here:

NSA slides explain the PRISM data-collection program

If you desire to dig a bit deeper into PRISM, what people are saying / thinking, and what companies may or may not have been directly involved, here are a collection of what we found to be the most informative links on the subject from the last several days:

Though we will be elaborating on the PRISM program in relation to SpiderOak in a separate blog post,  I can say definitively that our users’ data is encrypted client-side, uploaded, and stored in its fully encrypted state which means we  are never able to view plaintext user content under any circumstances. In short, PRISM would be wholly and entirely useless in the SpiderOak context. 

To Note: We also have yet to even be contacted by any agency regarding the program – surely a result of our ‘Zero-Knowledge’ privacy environment. After all, encrypted data is rather useless for conducting data mining activity.

In light of recent news and the topic for this special roundup I think it’s only fitting we sign off with this quote of the week:

He who controls the past controls the future. He who controls the present controls the past.” – George Orwell in 1984