Is Your Cloud Computing Data Protected? Does You Use PIE?

The Recording Industry Association of America (RIAA) has filed legal action against Box.Net, a “cloud” service which allows users to share, manage and access business content online. What got the RIAA excited? They want to investigate some of Box.Net’s users who they believe is using the service to infringe on sound recordings.

One of the concerns today with cloud computing is what happens when the cloud computing company is served legal papers. They would need to turn over the files along with the cloud computing company’s encryption keys for the files making the data viewable.

I have been using cloud computing for a number of years however I don’t want my provider to turn over my data to a 3rd-party for them to read the files. I encrypt all of the files that I store in the cloud before it leaves my PC so only I know the key. If my cloud computing company is compelled to turn over my data, all they will get is unreadable noise. I give the same advice to clients.

Steve Gibson of the wonderful “Security Now” podcast was calling this process “pre-egression encryption” but the acronym needed some work. He now calls this: pre-Internet encryption “PIE” which is a better acronym.