Some international corporations say they can't have data stored in the US or by any US cloud provider, under any
circumstances, because of the USA Patriot Act. The fact that the law gives some agencies, such as the FBI (through National Security Letters) the authority to compel companies to hand over data without judicial control is unacceptable for companies handling regulated data or with concerns about intellectual property or industrial secrets.
But individuals are also concerned. Last year, it was reported that the FBI had paid developers for years to place back doors and
side-channel key leaking mechanisms into the OpenBSD cryptographic framework. Since the revelation, most open-source code has been revised to purge those back doors, and it is supposed to be secure. The FBI has set up a special
unit to "develop new electronic surveillance technologies, including intercepting Internet, wireless, and VoIP communications." It has also requested legislation that would require encryption system providers to have back doors for law enforcement agencies. Thankfully, the FBI doesn't have jurisdiction outside the United States.
In a blog post last year, I mentioned that Skype uses 256-bit AES encryption between users, which makes it impossible to access communication by others, unless you have back-door access. The system is integrated into Skype's protocol and is completely transparent to users. The company uses central servers to store call logs and (presumably) the key used to encrypt communication. But now that Skype is under Microsoft's umbrella, there is no reason to believe it will resist NSLs asking it to hand over the key, instant messages, or call logs.
A new concept is starting to appear in encryption
services for data and messaging: zero knowledge. Providers of such
services claim that they do not know who you are, and that they never store the encryption key anywhere outside of your device. One such service from FoxyFone of Switzerland (a country famous for bank security and secrecy) is now available on the Apple App Store for the iPhone, iPod Touch, and iPad. The app, Foxygram, lets the user encrypt data on the device, including contacts, email, pictures, and video, with 256-bit AES security.
FoxyFone has no servers, and there is no user registration for the app. Basically, the company doesn't know its users. It never
stores the key anywhere, and it is helpless in recovering information for anyone (including the user) if the key goes missing. Users who want to keep informed about updates need to visit the company's Website or Like its Facebook page.
The application allows you to sync data with Apple's iCloud, but the data is encrypted on the device and can be unlocked only on that device or other authorized systems. This basic functionality is included on the free version, but a premium version for $4.99 gives you some special features, including different access codes.
Some cool features are the "cover up" and "nuke" access codes. Users who are forced to open the app against their will can use the cover up code, so that only items previously marked as displayable will be shown, and confidential information will be hidden. With the nuke code, all encrypted data will be destroyed on the device, and no one -- not even the user -- will be able to retrieve it.
The app allows users to send an encrypted message to anyone, but the recipient must install Foxygram to open the message. After that, they can communicate via email or text messaging (using standard email and texting applications) with complete security. FoxyFone says an Android version is in the works and will be available soon.
Messages sent with Foxygram are owned by the sender; the recipient can't copy or forward them without taking a picture of the screen. The app allows remote deleting of one or all messages sent to a contact. It is also possible to establish a time limit and a specific location for reading a message. If you send a message to someone who is supposed to be in Paris, no one with the device and the key could open the message from anywhere else.
In addition to being serverless, Foxygram has no user registration. This is to ensure the company cannot identify its users. The only way to know if someone is using Foxygram is by reading the log from the Apple store that shows a certain device has downloaded the app. But key generation is done at the device and is never shared. Markus Kristian Kangas, founder and CFO of FoxyFone, told me how its service differs from others, like SpiderOak Blue:
One has to blindly trust the claim that the private keys are generated on the local device only and not accessible by the company. Foxygram has no user registration. This means you can never be tracked or have your personal information shared by FoxyFone with an external agency. With Foxygram, the sender retains full control of shared media, and the recipient cannot copy or forward the data. The sender can even remotely delete the already sent media at any time. In case there was a legal investigation against someone who uses Foxygram, we would be willing to help in a case-by-case basis [if there were] reasonable and legal grounds. However, we would be very limited in what we could do.
One of the reasons to use the iPhone and iPad is that both devices perform encryption internally. Also, Apple says in a security whitepaper that the basic 256-bit key is unique to each device and is not recorded by Apple or any of its suppliers. In this way, it is possible for Foxygram to identify the device uniquely, adding an extra layer of security.
There are limits to using Foxygram. For starters, you need an iPhone or iPad, and the company isn't planning a desktop version. "There is no way to uniquely identify a PC unless it has a dongle," the company says. At this moment, for serious enterprise security, Foxygram is limited due to the type of devices it supports, but similar services offering zero-knowledge privacy should be used by executives traveling with extremely sensitive data.
I can understand the concern that law enforcement agencies may not be able to access some communications, but I also believe in
the right of people and corporations to protect their privacy. I believe companies have the right to full control of confidential data. As we've discussed before, some governments have been paying for confidential data to chase down tax evaders, and they've been encouraging
employees to steal extremely confidential information.
Also, the US cloud providers doing business in Europe -- Amazon, Apple, Google, Microsoft, and others -- should start considering a
zero-knowledge approach and local servers for their European customers.
Finally, as Marcus Kangas said by email, "The only way to 100 percent know your private key and identity remains safe is open-source software or serverless design as used in Foxygram."