I’ve got nothing to hide…

Ever since the Edward Snowden revelations, a debate has been raging about whether privacy is at odds with security. I tend to fall on the side of favoring individual privacy.

We must have privacy from our own government

I do not accept the premise that total acceptance of an omniscient surveillance state should be the price of security for citizens of modern open societies. I believe that any state empowered with the means to eavesdrop and catalog the ubiquitous digital communications of all of its citizens will abuse that power and I believe that innocent people will suffer the consequences of that abuse.

I do not accept the premise of a refrain I’ve often heard and will paraphrase: “If you’ve got nothing to hide, you’ve got nothing to worry about”.

The problem with this idea is that you think you have nothing to hide until you realize that you do. And if you do decide you want to hide something, there are fewer and fewer places to hide it.

Whether or not one “has something to hide” depends entirely on the motivations of the person or organization seeking access to that which one considers private.

I believe that what we don’t explicitly desire to share, we must be able to hide from anyone.

Our privacy cannot be protected by organizations with a vested interest in violating it

It has become increasingly clear that privacy is not just important as it relates to revelations about governments spying on their own citizens. Little by little we are seeing just how precious the security of personal data is as it is stolen piece by piece by a thousand different players: domestic and foreign governments, corporations, hackers, organized crime syndicates, and advertisers. Together, the threat posed by all of these players to our personal freedom and security is greater than the sum of the parts.

I believe that if we insist on keeping the door open for those we trust to protect us, the door is open. Period. We have relinquished the power to protect ourselves.

Privacy has become a necessity and a responsibility that we must take seriously on both an individual and policy level.

Privacy is our right.

I believe that secure encryption of our personal data and communication must be a right every citizen of a free society. Many arguing against this have good intentions. But I believe they endanger us more than they protect us.

Sync: alternative to Dropbox and Google Drive for the privacy conscious

There is no question that cloud services have become essential tools in our professional and personal lives. I have found Dropbox and Google Drive to be indispensable for a variety of reasons. However, I have always been ambivalent at a minimum about using them for the storage of sensitive data. I’ve just never been comfortable with the fact that these huge companies’ employees could have access to my sensitive personal financial and health related documents.

I’ve wanted a service that combined the convenience of file synchronization across devices with encryption that I control personally. I don’t want the company to hold the encryption keys. Why is this important? Because every single employee at the company in question who has the ability to access the encryption keys is at risk of social engineering. If there’s going to be a weak human link in the security chain, I’d prefer there be only one: me.

I appear to have found an alternative that meets my requirements after following up on ProPublica senior reporter Julia Angwin’s article on tips for foiling hackers.

Sync

Sync.com* appears to have nearly all of the features of Dropbox coupled with privacy enhancements and pricing that is in some cases better than DropBox (depending on your needs). I’m starting with the free 5GB account to give it a good test drive.

Now keep in mind, in order to achieve greater data privacy, you need to take on some risk. If the company does not have your encryption password, they will not be able to recover it for you if you lose it. Your data will be unrecoverable. But then—that’s kind of the point.

* This seems to be a case where I actually need to include “dot-com” without irony to disambiguate the service