Privacy by technical or legal means? Both!

One evening in the mid-2000s some friends asked my advice on tax preparation software. Their question wasn't whether to use TurboTax or H&R Block. They'd already made that choice, I forget which one they picked, and that's beside the point. What they really wanted to know was whether to use the conventional, locally-installed version of the software or the (then-new) cloud-based version.

Instead of offering my opinion I played the role of non-directive therapist, and mostly just listened as they worked through the analysis. First they ticked off the conveniences of the cloud version: no installation, no software upgrades, automatic offsite backup, ease of sharing with their accountant. Then they considered the downsides: privacy and security.

I knew the future of cloud computing was bright when they came to the following conclusions on their own:

Today that choice would seem less stark, in part because the boundaries between local and remote computing are blurring. Data routinely synchronizes among our various devices and cloud repositories. It's getting harder to define what's stored under my roof and what's kept elsewhere. Our personal clouds are networks of storage and computation.

There is, however, one key difference between local and remote storage. The U.S. government needs a search warrant to enter your home and spelunk your computer. Your cloud storage doesn't enjoy the same protection. But Senator Patrick Leahy's amendment to the 1986 Electronic Communication Privacy Act aims to change that. At least, I think it does. There was a kerfuffle back in November, when CNET's Declan McCullagh worried that the wrong product was going to emerge from the legislative sausage factory. Leahy's office disputed that charge, then Forbes and HuffPo weighted in with support for Leahy's position, and finally McCullagh shot back: "Sen. Leahy responded to public criticism."

What's actually in the amendment? If you can parse the differences between the current version of 18 USC 2703 - Required disclosure of customer communications or records and the proposed version, and filter them through an understanding of the politics of law enforcement and privacy advocacy, you can judge for yourself. As best as I can tell, the amendment is a step in the right direction, and I hope it'll pass this year.

You can, of course, take matters into your own hands. One of the voices applauding the Leahy amendment was that of SpiderOak Systems, a company whose online backup service implements a "zero-knowledge" privacy policy:

SpiderOak's encryption is comprehensive -- even with physical access to the storage servers, SpiderOak staff cannot know even the names of your files and folders. On the server side, all that SpiderOak staff can see, are sequentially numbered containers of encrypted data.

This is, in other words, a kind of translucent database. In The Translucent Cloud: Balancing Privacy, Convenience I discussed other examples of systems in which data is available to its owner, and optionally to selected collaborators, but not to the operator of the service that hosts and stores the data.

With all such systems there's a caveat. Everything depends on your passwords and the encryption keys derived from them. If you lose those, your data's gone and nobody can help you get it back. That's a scary proposition, which is why I use zero-knowledge/translucent systems selectively.

As with most things, this isn't an either/or choice. We need strong privacy that doesn't depend on laws. We also need the right laws. We can have both, and I hope we will.