
RIAA Wants To Start Peeking Into Files You Store In The Cloud - ygreek
http://www.techdirt.com/articles/20110520/03411314352/riaa-wants-to-start-peeking-into-files-you-store-cloud.shtml
======
cookiecaper
Encrypt, encrypt, encrypt. If possible, use ecryptfs or TrueCrypt or some
other _non-transparent_ encryption mechanism on files that you back up to
remote sites so that you know they are always safely encrypted and don't have
to think about it (just copy the lower-level, encrypted container). Both
ecryptfs (with filename encryption) and TrueCrypt can back up encrypted
versions of your files without even giving away filenames, so RIAA can't go
acking for MP3s. Of course, manually using gpg and specifying an unrelated
output filename works too.

If you're uploading anything remotely important to a third-party service, you
should encrypt all of it beforehand. As we see time and time again, it can be
really surprising how easy it is for an insider, a random script kiddie, or in
this case, a company with a posse of anxious lawyers to grab your data. You
need to encrypt that data before it ever leaves your disk for persistent
storage on someone else's infrastructure. Encrypt encrypt encrypt.

~~~
nextparadigms
All file locker services should offer a check-box or something by default,
before you upload your files, to encrypt them with your own key. That should
cover a lot more people than it would if everyone had to do everything by
themselves.

~~~
orijing
Let's take Dropbox for example.

They save a lot of costs by deduplicating copies of files, and it makes file
renames/moves/shares really easy for them. Therefore, they wouldn't have the
incentive to destroy that advantage: That's one of the major scale advantages
they get for covering so many users.

With that said, they could offer that "by default" to premium users who
already pay for the service to simplify their lives and keep their more
profitable customers happy.

What are everyone's views on that, from Dropbox's perspective?

~~~
bdhe
_They save a lot of costs by deduplicating copies of files, and it makes file
renames/moves/shares really easy for them. Therefore, they wouldn't have the
incentive to destroy that advantage: That's one of the major scale advantages
they get for covering so many users._

I posted this elsewhere in the thread: That's not true. As is, in a lot of
crypto problems, there are powerful workarounds that require a lot of work.
See here for one idea: <http://news.ycombinator.com/item?id=2461713>

Please also see the further discussions. Crypto gives us powerful tools to
mitigate several attacks with minimal compromise on functionality.
Unfortunately there are legal ways that are more powerful.

~~~
SamReidHughes
That idea doesn't work. It doesn't stop a third-party from seeing who has
copies of a file.

------
waterlesscloud
Why is the RIAA special? I produce copyrighted material all the time.

I demand the right to start looking at everyone's cloud files too.

~~~
salemh
For a specific example. <http://news.cnet.com/8301-13578_3-10133425-38.html>

------
cabalamat
I'm sure if the MAFIAA thought they could get away with it they'd lobby for
mandatory snooping software on everyone's PC so they could check for illegal
copies.

Because, y'know, human rights and the rule of law are far less important than
preserving the music industry's business model for a few more years.

~~~
ygreek
This idea is actually not as crazy as it may seem. Copyright lobby is usually
just one step behind the Chinese policies of restricting access to the illegal
content, with the only difference in definition of illegal. Chinese have
developed such tool, [1], and were planning to install it on every new
computer sold in China. But later scaled down it's use.

[1] <http://en.wikipedia.org/wiki/Green_Dam_Youth_Escort>

------
cks
Why don't the cloud storage service providers encrypt/store all user content
in such a way that it can only be read by the user? I doubt there are any
ethical benefits in storing the data in such a way that they (the service
providers) can read it. Even if there is I doubt that users would agree to
such usage.

~~~
brown9-2
I think some storage providers might not be comfortable with the situation
where they'd have to tell a paying customer that they can't help them at all
when the customer loses the key - they choose simplicity as a feature over
appealing to the security-conscious.

As for Dropbox, they need to be able to read the files to serve it to you from
their website.

~~~
nkassis
Can't they implement client side encryption? A javascript based encryption
mechanism could be interesting.

~~~
lukeschlather
And completely unusable for the average consumer (needing them to keep track
of their key, and somehow secure their key, and somehow pass their key to
every browser they use.)

------
RexRollman
The RIAA really has become a disturbing entity.

~~~
code_duck
The politicians who are willing to accept and act on their greased palm offers
are the real problem. In a normal, non-corrupt system, the RIAA would never
come anywhere near receiving such powers, anymore than Jim McJones down the
street.

------
joelthelion
The RIAA is about to discover client-side encryption by default :)

------
yason
I welcome thee, dear MAFIAA, to bring out your inspective forces upon the
encrypted bits of my tarsnap.com archives.

I hereby promise they positively do contain copyrighted materials indeed, and
I thus encourage your troops to spend considerable time trying to decipher
whatever it is that I've stored in these clouds of the 2010's internet.

------
Chrono
I guess it is time to start encrypting the files I got in the cloud. None of
which are copyright'ed or especially secret but better safe than sorry.

