Tag Archives: zkpa

Zero-Knowledge Privacy Advocates

“How can we turn privacy into a tangible?”

In stride with 2013 as ‘The Year of Privacy’, SpiderOak launched a ‘Zero-Knowledge’ Privacy Ambassador (ZKPA) program.

We have nine ZKPAs from around the world who we will introduce you to in the coming weeks. Our ZKPAs will help inform and educate people on the importance of preserving privacy in everyday online life. Please lend them a warm welcome as they lead the change in advocating for privacy…

Meet Rob

Rob Simmons is a SpiderOak ZKPA hailing from St. Louis, MO. He has been working with computers professionally for the past 16 years. His day job includes management of NetApp, EMC, and Oracle disk and tape storage systems. His evenings and weekends include running Wycombe, LLC, (@WycombeLLC) which provides IT consulting solely to small businesses. While serving in the US Air Force he had the distinct honor of being stationed in an English sheep field. After his Honorable Discharge, Rob helped build a small telecom startup and obtained a Bachelor’s of Computer Science with an emphasis on Information Technology in 2009.

Why are you so passionate about privacy?

RS: We are in the ‘Share It All’ age. I think this is horrible. It is not necessary to share every aspect of your life, where you are this very moment, what you’re doing, where you’ve been, or what you plan. There are consequences for sharing it all. Namely, a complete loss of privacy. By sharing everything going on in your life, you give other people (sometimes malicious, sometimes not) the ability to rebroadcast your life any way they please without your permission.

Ensuring privacy is essential in navigating our online lives where every click we perform, every post we make, every picture we upload is replicated hundreds, maybe thousands of times. At that point a person has lost control of their privacy. It also lowers the excitement in meeting a new person, in making friends, or even developing a romantic relationship. The ability to learn something new about someone is eliminated when that person has given up his privacy. I’m passionate about privacy because I want all people to be able to selectively control the way their personal data is released.

What did you find most interesting about SpiderOak?

RS: Honestly, until the spring of 2012 I never heard of SpiderOak. Nor did I have any sort of backup solution for my computer. I got away with “winging it” for all these years. As part of my duties with my employer, I was tasked to research online cloud backup, sync, and recovery companies and their offerings. Among all companies and products I researched, not one came close to offering the critical level of digital security and personal privacy that SpiderOak offers. Others do a good job, but SpiderOak’s security structure is as near bulletproof as you can get. I was truly impressed. So impressed that I signed up for an account. After seeing how well SpiderOak worked for me I signed up my mother, two brothers, grandmother, grandfather, and my wife. My entire family is now a SpiderOak family.

What are some of the biggest challenges you see for advocating privacy?

RS: Privacy is not something that people actively think about. They think about seemingly more pressing items such as finances, car maintenance, home maintenance, work-related tasks, and family issues. These are all tangible items in their life. Things they experience, perform, or feel emotionally. Privacy, and especially online privacy, is an intangible item. How can we turn privacy into a tangible? Something a person can feel, touch, and understand? Once it’s turned into a tangible it will remain at the front of people’s minds along with all their other concerns.

Where do you see the online cloud industry in 5 years?

RS: It’s going to get bigger. Exponentially larger. Data center and data warehouse architects should be quite busy. I see a massive consolidation of disparate online items. Microsoft is going forth in a way I think will be the future. Microsoft is consolidating their desktop, mobile, and gaming platforms into one common system. And it’s all interfacing with Microsoft’s painfully non-private cloud storage: SkyDrive.

But it’s not just desktop, mobile, and gaming I see as part of the consolidation. I can see medical records, academic records, purchase histories, ebooks, music, accounts (online credentials), recorded VoIP calls, and who knows what else to be stored in a personal cloud. You could tell the doctor to just send your medical records to your personal SpiderOak storage. You’ll tell your VoIP service provider to record and send all calls to your SpiderOak storage. Receipts? Send it to storage. Ebook delivery? Not to a particular device, to storage. I think online cloud companies are going to have to look far ahead and see how they can become a person’s “personal storage” company that the user can access from any device, any location, at any time.

What do you hope to accomplish as a ZKPA?

RS: I’d like to get computer users to begin to think critically about their privacy and security of their personal files.

I’m sure many folks will brush off privacy with the statement they have nothing to hide. Well, truth be told, I don’t either. If you’ve nothing to hide, why close your drapes in the evening, why drop your blinds, and why close your outside door? People instinctively like their privacy even if they don’t know it. It just feels better knowing others aren’t looking in on you. Personal privacy is a natural thing for humans to enjoy. I want computer users to realize they should treat their files the same way. Make them private and share them only if they choose to do so. By stressing the ability users will have in selecting who has access to their files, I’ll be strengthening their freedom of choice. People would much rather be able to choose among a set of choices than none at all.

We are proud to have Rob aboard! If you have any questions for Rob, please feel free to write in the comments or find him on Twitter.

Next week, we’ll introduce another ZKPA…

Introducing ZKPAs: Privacy is a part of security

Most of you have probably caught on by now that 2013 is ‘The Year of Privacy’. One of many reasons is we’ve just launched our ‘Zero-Knowledge Privacy Ambassador’ (ZKPA) program.

We now have nine impressive ZKPAs from around the world who we want to introduce you to in the coming weeks. You will find these ZKPAs online and offline, specifically advocating for the virtues upon which we built SpiderOak and educating others on zero-knowledge privacy. They will help us dream and expand the program in order to make ‘zero-knowledge’ a household term.

Allow me to introduce to you one of these new ZKPAs, Ryan D. Lang. Ryan graduated magna cum laude from Drexel University this past summer, 2012, with a degree in Computing and Security Technology. While employed at the Camden County Library System, he aided patrons as in-person technical support. He is currently employed in the IT Support department at LT Security.

In his spare time, he works on a book that attempts to adapt corporate best practices to average users. The goal is to convince others of the importance of good security. Earlier writings can be found at Ghacks.net. “I just want to do a little good in this world.”

Ryan wrote the following post:

Privacy is a part of security

It came up in the meeting that several members of SpiderOak felt that privacy and security were separate. I politely objected to no avail, but rather than argue, I elected to compose a concise, persuasive essay.

Security is often described as being composed of the CIA: Confidentiality, Integrity, and Availability. “Confidential” can literally be defined as “private” or “secret.” * Thus, privacy is a subcomponent of security. To attain privacy/confidentiality industry uses technology, policies, and physical controls.

Consider VPNs: Virtual Private Networks. They are designed to keep communications private over a public network. They employ the technology of encryption to achieve this. Another technology employed is user privileges. They can control/restrict access to information, keeping it secret from those who do not need access. SpiderOak takes this a step further by removing access from employees completely.

Policies are rules of conduct that a company sets for its employees. They can be used to define what should be kept private and create ramifications for sharing secrets. While this often relies on background checks and the honor system, the procedures defined by policies can make breaking them harder (e.g. requiring two signatures or a notary on critical documents).

Locks and keys have long been used to secure property. Physical security is as important as digital security. This should include old fashioned locked doors to protect private data (&c.) not only from outside access, but from unauthorized internal access as well. Key files placed on a physical USB drive can be used with TrueCrypt and KeePass, secret keeping programs, to compliment or replace passwords.

These are examples of old and new methods used to protect privacy. Together they form critical parts of industry security best practices. Without privacy, data is insecure.

*http://www.m-w.com/dictionary/confidential (see definition #2)

Personal Note

I find “confidential” to be an interesting word. To me it means: “giving with trust of keeping a secret.” A prime example of this is when you confide in a friend. Another example is when talking to a doctor or lawyer; arguably a better example since there is legal backing. Those professionals have to keep your secrets (within statutes) or they will be fined or even lose their license to practice. I do not think that the majority companies consider the depth of the word “confidential” when forming policies or choosing controls (though they may consider “due diligence”).