Make your cloud backups NSA proof.

Make your cloud backups NSA proof.

Data privacy is of the utmost importance when it comes to securing our user’s data. In the light of the recent revelations of NSA snooping on all types of digital media and communication, we thought it made sense to explore ElephantDrive’s strongest measures for keeping your data in the cloud secure from prying eyes.

First, the basics…

When you backup to the ElephantDrive cloud, ElephantDrive always encrypts your data locally before it gets uploaded to our servers. Any data being uploaded to ElephantDrive is transformed with the Advanced Encryption Standard, also known as AES, using a 256-bit key locally on your device (PC, MAC, server, etc.). By default, this secure encryption key is provided by ElephantDrive. Once the data is encrypted, it is then transferred over to the ElephantDrive servers over a 128-bit secure SSL channel, a second layer of security to prevent anyone trying to intercept the data while in transfer. You can read more about the default security methods we employ to keep your data secure.

These methods will keep your data secure from almost everyone, but what if ElephantDrive is legally forced to hand over your data to the government. In other words, “how do we make it NSA proof?”

In order to make your data NSA proof, ElephantDrive gives you the option to use a “personal encryption key”, which replaces the default encryption key provided by ElephantDrive. This option allows you to use encryption keys that even ElephantDrive doesn’t know or have access to. When you select the “personal encryption key” option, instead of using the default keys provided by ElephantDrive, the keys are derived from your password. Since ElephantDrive doesn’t keep your password in plain text, which is required to obtain any personal encryption keys, it is impossible for us to decrypt your data.

What this means is that in a case ElephantDrive is required by a valid court order to hand over your data to a government agency, such as NSA; we only have your encrypted data to provide to them. As ElephantDrive doesn’t have the keys that were used to encrypt the data, there is nothing further we have that we can provide. This ensures that unless you provide your password to someone, which holds the encryption keys, your data will remain securely encrypted. Even from the NSA!

The feature was originally implemented as an increased security and privacy option for users who wanted to make sure that even if the disks were stolen right out of the secure, locked, video monitored data center, their data would still be totally inaccessible by the bad guys.  But it also works on the “good guys.”  Or the “good bad guys.”  Or however you classify the analysts as No Such Agency.

While this option provides a powerful method of keeping your data secure from others, you do have to make sure that you do not forget your password. If you forget your password, even ElephantDrive will not be able to help recover your data because ElephantDrive doesn’t know your password either (we only know a hash that is generated by your password that we use to verify your account).

You can read more detailed breakdown of how “Personal Encryption Keys” work to encrypt data.