The security of Mozy

[curious guy]

I am thinking of using the Mozy paid backup service as my primary
backup system. I have some concerns.

What country are the Mozy servers located in? How well are the
privacy right of individuals protected in that country?

Can Mozy employees look at my files? Would it be safe for me to
backup financial and medical information on Mozy without encrypting
it? Does Mozy check to see if I have copyrighted materials in my
backup set?

I have a large number of nude pictures. I think they are all legal
but I am not totally sure. I keep these pictures in TrueCrypt
containers. If I backup my container files to Mozy, will they notify
law enforcement that I have encrypted data?

 

[Arno]

I am thinking of using the Mozy paid backup service as my primary
backup system. I have some concerns.

What country are the Mozy servers located in? How well are the
privacy right of individuals protected in that country?

Can Mozy employees look at my files? Would it be safe for me to
backup financial and medical information on Mozy without encrypting
it? Does Mozy check to see if I have copyrighted materials in my
backup set?

I have a large number of nude pictures. I think they are all legal
but I am not totally sure. I keep these pictures in TrueCrypt
containers. If I backup my container files to Mozy, will they notify
law enforcement that I have encrypted data?

I would say your concerns eleminate the use of any online storage
service without encryption. However (unless you are british), using
encryption is not enough to generate probable cause, especially as
many users will encrypt exactly because of similar concerns.
So encrypt away, by now encryption is not a secret technology
anymore.

A possible larger risk is that you could accidentially backup
something to such a service, while a crypto container is open.

(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of
nighmares.)

Still, best bet is to never use online storage without encryption
if you can help it. Sometimes you cannot. For example I have all
my email comming into rented virtual servers. The admins of the
base machines can look at it. But this would open them up to
personal criminal prosecution, if they do, since looking at
email withouy p[ermission is strictly forbiddent in the country
the servers and companies are located.

Arno

 

[2312]

In comp.sys.ibm.pc.hardware.storage curious guy






I would say your concerns eleminate the use of any online storage
service without encryption. However (unless you are british), using
encryption is not enough to generate probable cause, especially as
many users will encrypt exactly because of similar concerns.
So encrypt away, by now encryption is not a secret technology
anymore.

A possible larger risk is that you could accidentially backup
something to such a service, while a crypto container is open.

(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of nighmares.)

Or he has flagrantly illegal child porn in there and is trying
to find out whether he is likely to get caught if he uses Mozy.

Still, best bet is to never use online storage without encryption
if you can help it. Sometimes you cannot. For example I have all
my email comming into rented virtual servers. The admins of the
base machines can look at it. But this would open them up to
personal criminal prosecution, if they do, since looking at
email withouy p[ermission is strictly forbiddent in the country
the servers and companies are located.

 

[Arno]

Or he has flagrantly illegal child porn in there and is trying
to find out whether he is likely to get caught if he uses Mozy.

Only people with soemthing to hide want/need encryption?
Not true, as is well known to anybody that bothers to find out.

Arno

Still, best bet is to never use online storage without encryption
if you can help it. Sometimes you cannot. For example I have all
my email comming into rented virtual servers. The admins of the
base machines can look at it. But this would open them up to
personal criminal prosecution, if they do, since looking at
email withouy p[ermission is strictly forbiddent in the country
the servers and companies are located.

 

[2312]

Only people with soemthing to hide want/need encryption?

Never ever said anything like that. I JUST said that you
have no idea whether what he has in his is legal or not.

Its just a tad unlikely that any jurisdiction would be using a search warrant
whenever they notice anyone using encryption with a remote backup.

Even the frogs arent THAT gung ho.

Not true, as is well known to anybody that bothers to find out.

Having fun thrashing that straw man ?

Still, best bet is to never use online storage without encryption
if you can help it. Sometimes you cannot. For example I have all
my email comming into rented virtual servers. The admins of the
base machines can look at it. But this would open them up to
personal criminal prosecution, if they do, since looking at
email withouy p[ermission is strictly forbiddent in the country
the servers and companies are located.

 

[curious guy]

However (unless you are british), using
encryption is not enough to generate probable cause, especially as
many users will encrypt exactly because of similar concerns.

Does it matter how many gigs one has? If someone has more than X gigs
would courts grant search warrants? If so, what is the value of X?

 

[curious guy]

(Incidentially your pictures are likely not really a concern,
I have talked to law-enforcement expets and the pictures they
are concerned with are something no sane person could ever
find apealing or even look at without a serious risk of
nighmares.)

Can you give some more details about what pictures are illegal? I
once heard a female US senator say that she wanted to eliminate all
child porn even if it was just European children playing nude on the
beach.

I get the impression that many law enforcement people think that any
nude picture of someone who MIGHT be under 18 is child porn. I saw an
episode of "Law and Order: Special Victims" in which they called a
picture of a boy in a bathing suit, child porn.

 

[Arno]

Never ever said anything like that. I JUST said that you
have no idea whether what he has in his is legal or not.

And why should I make sure? Any (sane please) reason?
Crypto is out there and anybody can use it. Somebody
asking for help is far likely to actually have something
illegal than others.

Its just a tad unlikely that any jurisdiction would be using a
search warrant whenever they notice anyone using encryption with a
remote backup.

In civilized countries they actually do not get a warrant on
that reason alone and even with a warrant cannot force
disclosure of the keys.

Even the frogs arent THAT gung ho.

The french do not worry me, they are all bluster. I am really
concerned about the brits though. They are heading fast in
a very, very dangerous direction. And thay can lock you up
if the _think_ you have something encrypted that they want
to see. Even if they are wring (which you have absolutely
no chance proving in many cases).

Arno

 

[Arno]

Does it matter how many gigs one has? If someone has more than X gigs
would courts grant search warrants? If so, what is the value of X?

Depends on about every detail for the situation, e.g. which country,
which judge, ...

Arno

 

[Rod Speed]

curious guy wrote

Can you give some more details about what pictures are illegal?

Essentially just child porn and stuff like snuff movies etc.

I once heard a female US senator say that she wanted to eliminate all
child porn even if it was just European children playing nude on the beach.

Yeah, there are a few loons that are that bad, but there
isnt even a single legal jurisdiction thats as bad as that.

There are however some who are into child porn that exploit that 'loophole'

There's also real legal grey areas like
http://www.google.com.au/search?q="Bill+Henson"+controversy&meta=cr=countryAU

You can also get the police executing a search warrant about something like
that youtube video where someone in eastern europe is swinging around a
baby very dramatically indeed in a crazy type of exercise routine, even tho the
video has appeared on the national news etc. Cant find a link to that currently.

I get the impression that many law enforcement people think that
any nude picture of someone who MIGHT be under 18 is child porn.

Its much more complicated than that, most obviously with nudist colonys etc.

 

[Rod Speed]

curious guy wrote

Does it matter how many gigs one has?

To some extent. Clearly the authoritys are more likely to
be suspicious of the larger amounts, just because they
would normally be video, not just your banking details etc.

If someone has more than X gigs would courts grant search warrants?

Its never that black and white.

If so, what is the value of X?

They would never be stupid enough to announce the value if there was one.

 

[2312]

And why should I make sure?

Never ever said you should.

Any (sane please) reason? Crypto is out there and anybody can use it. Somebody
asking for help is far likely to actually have something illegal than others.

Mindlessly silly.

In civilized countries they actually do not get a warrant on that reason alone

What I said in different words.

and even with a warrant cannot force disclosure of the keys.

That varys with the jurisdiction.

Even you should have noticed what the US has got up to in Abu
Grabe etc, let alone with rendition in egyptian jails etc etc etc.

The french do not worry me, they are all bluster. I am really
concerned about the brits though. They are heading fast in a
very, very dangerous direction. And thay can lock you up if the
_think_ you have something encrypted that they want to see.

Not for very long.

Even if they are wring (which you have absolutely no chance proving in many cases).

Yes, terrorism has produced some real legal downsides.

 

[2312]

That's comforting. Not.

If you don't like that, you're always free to never ever go anywhere near that soggy little island.