In this day and age of “big data,” where many companies are trying to collect more and more data about their customers so they can analyze it to serve them better or sell them more stuff, some Silicon Valley companies are trying the opposite tactic: Jettisoning as much customer data as possible.
While some companies have done this before because they want to protect themselves from revealing incriminating details in the event of electronic discovery in a legal case, these Silicon Valley companies are going even further. They don’t want to possess any of their customers’ data in case the federal government comes looking for it.
Instead, the companies are decoupling encryption from the services they provide to their customers while having the customers encrypt their own data. Though this can reduce the performance of the companies’ products and make it harder for them to support their customers, it also means that they can’t be forced to surrender their customers’ data, because they won’t have it to give.
‘Radicalized Engineers,’ Oh My
This is all according to a recent article in the Washington Post that is drawing a lot of attention, with some people calling these companies traitors with “radicalized engineers” who are protecting terrorists. Others say they companies are responding logically to government efforts such as the Edward Snowden revelations and the more recent attempts to force Apple to make it easier for the FBI to break into an encrypted iPhone.
“The trend is a striking reversal of a long-standing article of faith in the data-hungry tech industry, where companies including Google and the latest start-ups have predicated success on the ability to hoover up as much information as possible about consumers,” writes Elizabeth Dwoskin. “Now, some large tech firms are increasingly offering services to consumers that rely far less on collecting data.”
It’s not just the government – the companies also don’t want to become targets for hackers by possessing a lot of valuable data – but it’s the government aspect that’s attracting the most attention, especially as the FBI and Congress continue to press for legislation to force companies to include “back doors” in their encryption products.
While such a back door might be intended for governmental agencies or law enforcement, a door is a door, and as such is a risk, contend security experts such as Bruce Schneier. Consequently, an increasing number of high-profile companies are following the lead of Apple and Google, which in 2014 turned on encryption by default, meaning they couldn’t decrypt their customers’ products even if they wanted to.
‘So Secure Even We Can’t Read It’
The upside of this decision is customers of these companies can feel pretty sure that their data is secure, since even their own vendor can’t get at it. The downside is that if their customer loses their encryption key or something, they’re hosed, because not even the vendor can help them out.
But for a number of users, that’s a risk they’re willing to take. While originally, customers wanting to hold their own encryption keys were large, sophisticated financial services companies, such as Goldman Sachs and Blackstone, a wide variety of other companies, including media and automotive firms and small banks, are now making these requests to hold their own encryption keys, Dwoskin writes.
Critics claim that such actions help protect terrorists, while the companies say it forces law enforcement agencies to focus their attention where it belongs: On the suspect. “If you have an issue with my customer, go talk to my customer, don’t talk to me,” a representative from one vendor tells Dwoskin. “I’m just a tech guy, and I don’t want to be in the middle of these things.”
The post Fearing Government Warrants, Firms Ditching Client Data appeared first on Yottabytes: Storage and Disaster Recovery.