Lock Before You Load

[This originally appeared at Law Technology News, December 20, 2013]

Cloud computing is getting a bit of a buffeting with the disclosures about how government agencies are attacking encrypted services. It’s not that we didn’t know they were probably poking around but it’s unsettling to see the specifics.  Law firms and individual lawyers may want to take a second look at the variety of pre-encryption tools that are available.

These aren’t a new breed although they continue to appear in the market, which suggests that there’s some settling to do yet. Pre-encryption involves applying encryption to your files before you load them up to the Internet, whether to a file storage service such as Dropbox or Box.  It’s the belt to go with those suspenders you have already, the encryption that your service should already be using when you transmit and store information on their service.

What’s the point? Who controls the keys is the point. It is a tension in cloud environments, because you often cede control of the decryption keys to the service. This is reminiscent of the situation raised in the 1990s when the FBI wanted to hold keys in escrow. Some of the bigger cloud services, like Amazon Web Service, seem to be trying to enable private keys to be held only by the customer. It’s the difference between your hotel desk clerk keeping your room key when you go out for dinner and you keeping the key in your pocket.

Security is often a balancing act with convenience.  Fortunately, many of the pre-encryption tools that are out there—including BoxCryptor, Cloudfogger, PKWare’s Viivo,and the recently unveiled Tresori—make this as easy as saving a file to your hard drive. Like the venerable—in cloud terms, anyway—SpiderOak, they watch your local drive and, when a file is placed in the appropriate folder, encrypt it before uploading it to your file service.

The most obvious differentiator is the specific services each one supports, so your cloud file sync service may limit your options.  Another is that two of the companies—Cloudfogger and Tresorit—are European companies. This may make them easier or harder for you to use, depending on your location.

The first three services mentioned above all work with consumer storage services, typically Google Drive, Microsoft Corp.’s Skydrive, and Dropbox, and Box. Tresorit and Spideroak are both the pre-encryption tool and the storage location. Just as we saw with the storage services, which have all developed enterprise or at least SMB storage options beyond their individual plans, there is a shift in the pre-encyption market to. Spideroak and Tresorit both offer enterprise plans, similar in concept to Box for Enterprise and Dropbox for Business.

The ability to pre-encrypt may be one of those horizon technologies which many of us have not bothered with so far, relying on the encryption applied during transmission and at the other end, or not sending the information at all. However, the growth in pre-encryption choices may be offer an opportunity to control the keys in a way that has been missing with cloud file storage.

David Whelan is manager of legal information for the Law Society of Upper Canada.  Twitter:  @davidpwhelan

Leave a Reply

Your email address will not be published. Required fields are marked *