Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
> On Fri, Nov 4, 2011 at 1:26 PM, <markw at mohawksoft.com> wrote: >> I would say that the law is actually fairly settled, and it is scary. No >> one seems to be addressing or even knows that your right to privacy in >> the >> cloud is non-existent. Once your data is in the hands of someone else, >> they have no real right to protect it unless they are your legal >> counsel. >> The government has the right to access your data without a warrant and >> the >> ability to demand that your agent NOT tell you. (read up on NSA letters) > > Even if the law is settled, it is still possible to protect data > owner's interest by setting up some sort of Data Retention Policy, > particularly tailored to such "outdated" law. Well, AFAIK we are seeing data retention requirements being enacted via law. The only "retention" policy that protects you is "delete." > >> What's worse is that your "agent" has no legal requirement to use its >> 4th >> amendment right to fight for you. In fact, it comes down to cost. If you >> are a $20/month customer, would your cloud provided spend millions to >> defend your privacy? > > This looks like a good class action case against the agent and the > government... Its been done. Once a National Security Letter has been issued. The constitution no longer matters. Before people get all patriotic and "I'm not a terrosist"y, NSA letters have been increasingly used for common criminal investigations. Remember this famous quote before you say you have nothing to hide or that you have a boring life: "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." Cardinal Richelieu > > ** A couple of technical questions: > > 1. Is there a way to encrypt data stored with cloud services (such as > dropbox) that can be decrypted only by the data owner, not by "agent"? > I believe PGP can do a pretty good job, am I correct? PGP can be broken. AES with a good password encrypted on premises and THEN sent to dropbox is the only way. > > 2. If I send an e-mail (with attachment) from Gmail to Hotmail, would > both Google and Microsoft keep this e-mail on their respective servers > forever? Wouldn't that quickly explode the service provider's storage > space? Would the ISP also keep a copy of that e-mail? Yes. > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/listinfo/discuss >
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |