SpiderOak on Opposing NSA Surveillance

Posted by on Oct 14, 2013

Image from http://www.cato.org

Image from http://www.cato.org

Last week, CATO institute organized a day-long conference on NSA surveillance disclosures and data privacy protection. The conference was titled-“NSA Surveillance: What we know; what to do about it”, and consisted of members of the government, privacy advocates, lawyers, journalists, and technology and security experts.Senator Ron Wyden (D-OR), Rep. Justin Amash (R-MI) and Rep. F. James Sensenbrenner (R-WI) were the keynote speakers of the day. SpiderOak’s David Dahl was a member of the technology panel. There were discussions about the reporting challenges, legal issues, technology and business dimensions, and potential reforms related to NSA surveillance.

Image from http://www.cato.org

Image from http://www.cato.org

In his morning keynote speech, Senator Ron Wyden told that the details about the PRISM revelations should be made clear to the general public. Wyden said he expected a tough legislative battle against the “defenders of the status quo”, whose arguments, he said, had “Alice in Wonderland flavors” that left the public with a distorted view of the NSA’s activities and the effectiveness of oversight. Supporting the comprehensive surveillance reform bill, he went through the potential reform ideas put together by the members of Congress since the latest revelations made by the former NSA contractor, Edward Snowden:

  • Putting an end to collection of the telephone records of law abiding American citizens.
  • Reforming FISA court that oversees the agency’s foreign intelligence programs.
  • Allowing private companies to disclose the requests made by NSA for mass digital data collection and their response to government requests.
  • Close the loopholes or the backdoors that allow the NSA to collect user data without a warrant.

He said that the members of congress are trying to take the best ideas about the important issues and synthesize them down into a comprehensive reform agenda.

The afternoon technology panel featured key members from the technology field, including Karen Reilly of the Tor project, Jim Burrows of Silent Circle, David Dahl of SpiderOak, Matt Blaze of the University of Pennsylvania and the American Civil Liberty Union’s Christopher Soghoian. There were discussions about how NSA collects mass digital information by tapping into telephone call information, accessing Internet traffic of major Internet companies, and discouraging the use of strong encryption standards for secure communication.

Image from http://www.cato.org

Image from http://www.cato.org

The question that was raised was – under these circumstances, where the government is preventing companies to disclose the exact statistics of surveillance requests, and will continue to snoop around user data for national security, what security controls or technologies do we have in the market to protect our data? In response to this question, David Dahl said that SpiderOak does not have any keys or plaintext data that it can hand over to the government. All the data stored in the SpiderOak server is completely encrypted. “All our data is literally garbage,” he said. “With our text and phone we have nothing to give” the government. SpiderOak’s encryption is comprehensive — even with physical access to the storage servers. Christopher Soghoian argued that people choose services like SpiderOak and Silent Circle over Dropbox and Skype because of the extra level of security they provide to their customers. If these companies comply with the government’s PRISM program then the confidence in their user base is lost and their reputation is damaged on the other hand if they do not comply with the government then they face the risk of being shut down. “This growing economic sphere is under threat,” Soghoian said. The U.S. is “a global leader, we should do everything to grow this market, but instead the Department of Justice and the NSA squashes them before they are big enough to fight for themselves.”

The panel also agreed that there is no secure email service in place today, and improvements need to be made in that regard. A suggestion was made to use WebRTC for secure peer-to-peer communication.

Protect your personal data with SpiderOak

Users sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access.

Interested in SpiderOak Products?

SpiderOak carved its niche as the top choice for those most concerned with privacy.

The engineering goal was simple – devise a plan where users’ files, filenames, file types, folders, and/or any other personal information are never exposed to anyone for any reason (even under government subpoena). This describes SpiderOak’s ‘zero-knowledge’ privacy environment.SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. SpiderOak Hive keeps all your files in sync across your computer and mobile devices. Here the end-user has the ownership of data and is the only one with the keys to unlock and look at plaintext data. You can signup for this product at SpiderOak Blue works seamlessly in your enterprise environment. To resolve authentication it deploys a virtual appliance that resides behind your firewall and integrates with Active Directory / LDAP for single sign-on. SpiderOak Blue is compatible in Mac, Windows, Linux, iOS and Android platforms. SpiderOak Blue is now available through a limited release. We have been working with several large enterprises through the beta period and will continue towards general release. If you’re curious about the product, please send an email to blueinfo@spideroak.com and we will get back to you soon.


Leave a Reply