[Discuss] Backups

Rich Braun richb at pioneer.ci.net
Wed Dec 18 02:14:05 EST 2019


Rich Pieri asked:

> Does your backup protect you in the case of the FBI and DoJ seizing
> entire data centers because there's a warrant for someone else or
> their data?

Few of us feel the need for it, but a lot of the backup tools provide AES encryption. If you’re paranoid, some of them (like CrashPlan or Duplicati) allow you to keep retain sole copies of the keys (others escrow the keys on cloud servers).

AES is darned-good but, I suppose, if your online activities attract the attention of sufficiently powerful state actors, they’ll take extra steps to break the encryption, trick you into leaking the keys, or figure out a way to breach your personal network security. Few of us have the knowledge and tools to throw off a determined, sophisticated network intruder directly targeting our data.

I was party to a case filed in the 9th Circuit regarding subpoenas for online activities by people using the same online service I was. Back then (2003) I won. These days you wouldn’t find out about it until you’ve already lost. The phrase “I have nothing to hide” spoken by so many regarding privacy has finally become passé, as so many of us have figured out that what others know about you can and often is used in ways you wouldn’t approve of.

Subpoenas can be issued by ordinary corporate lawyers, not just law enforcement agencies, and do not require review or authorization by a court, as I learned in 2003. Most online providers comply with them.

That said, a broad seizure of data that catches your unencrypted cloud backup and somehow leaks the info would be a low-probability scenario.

-rich



More information about the Discuss mailing list