Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] Discuss Digest, Vol 6, Issue 9



> On Fri, Nov 4, 2011 at 1:26 PM,  <markw at mohawksoft.com> wrote:
>> I would say that the law is actually fairly settled, and it is scary. No
>> one seems to be addressing or even knows that your right to privacy in
>> the
>> cloud is non-existent. Once your data is in the hands of someone else,
>> they have no real right to protect it unless they are your legal
>> counsel.
>> The government has the right to access your data without a warrant and
>> the
>> ability to demand that your agent NOT tell you. (read up on NSA letters)
>
> Even if the law is settled, it is still possible to protect data
> owner's interest by setting up some sort of Data Retention Policy,
> particularly tailored to such "outdated" law.

Well, AFAIK we are seeing data retention requirements being enacted via
law. The only "retention" policy that protects you is "delete."

>
>> What's worse is that your "agent" has no legal requirement to use its
>> 4th
>> amendment right to fight for you. In fact, it comes down to cost. If you
>> are a $20/month customer, would your cloud provided spend millions to
>> defend your privacy?
>
> This looks like a good class action case against the agent and the
> government...

Its been done. Once a National Security Letter has been issued. The
constitution no longer matters. Before people get all patriotic and "I'm
not a terrosist"y, NSA letters have been increasingly used for common
criminal investigations.

Remember this famous quote before you say you have nothing to hide or that
you have a boring life:

"If you give me six lines written by the hand of the most honest of men, I
will find something in them which will hang him."
Cardinal Richelieu

>
> ** A couple of technical questions:
>
> 1. Is there a way to encrypt data stored with cloud services (such as
> dropbox) that can be decrypted only by the data owner, not by "agent"?
>  I believe PGP can do a pretty good job, am I correct?

PGP can be broken. AES with a good password encrypted on premises and THEN
sent to dropbox is the only way.

>
> 2. If I send an e-mail (with attachment) from Gmail to Hotmail, would
> both Google and Microsoft keep this e-mail on their respective servers
> forever?  Wouldn't that quickly explode the service provider's storage
> space? Would the ISP also keep a copy of that e-mail?
Yes.

> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org