Recently, American and British government leaders have made statements about the need to access encrypted information in order to hunt down criminals and prevent future terrorist attacks.
UK Prime Minister David Cameron has gone so far as threatening to ban encrypted messaging applications, such as as WhatsApp and SnapChat if they don’t provide a mechanism for law enforcement to trawl through communications.
This, of course, has raised a justifiable obstreperous outcry by security and privacy advocates to the point where the American government has, at least for now, softened its stance and stood back from demanding encryption keys from service providers or the creation of separate “backdoor keys” to enable decryption by the government.
There is ample room for the continued privacy debate on the subject. However, there is a facet of the debate that seems to be absent, and it relates to our new reliance and embrace of cloud computing. This is particularly important for small businesses.
When you put your information in the cloud it remains there for as long as the cloud provider wants to keep it. (As we all have learned, if you are using a free cloud-based service, you have no expectation of ownership to any of the information that you share, no matter how declarative your statements.)
If, however, you are a small business owner and you are paying for cloud storage, how can you be sure that if you terminate that agreement the data will actually be destroyed?
Sure, the contract between you and the Cloud Service Provider says that they will delete your data, but what if a simple oversight lets your data slip through the contractual crack?
Since you cannot wipe the cloud storage, nor can you go to the cloud provider to physically destroy the hard drive on which your data resides – and this is where encryption comes to the rescue.
The only way to absolutely guarantee that your data is never accessible is by encrypting it. If you ever change cloud providers, you should first transfer the encrypted data to your new provider and issue new encryption keys for the new location. Once you have tested that everything is working correctly at the new provider, it is time to destroy the old encryption keys.
Destroying the encryption keys guarantees that your old data is inaccessible.
It is perfectly understandable that our governments are concerned about their ability to catch those who wish us harm; that is what our governments are supposed to do.
However, for the majority of law abiding citizens, there is no need for anyone to access our data, especially when we are done with the facility that stores it for us. Shredding the encryption keys locks the door on that data forever.