Last week our team traveled to scenic Denver, CO to sponsor and exhibit at the 10th annual cPanel Conference. The three-day event was full of informative sessions, keynotes, and training courses for hosting providers. In the exhibitor hall, our team had the chance to reconnect with long-time partners and meet several of our newer users. Our friends at SoftLayer held the ever popular Server Challenge II, where players reconstructed a scaled down version of their servers. The fun continued into the evening with networking events that included a raffle at Casino Night, dancing and games at The Viewhouse, and a brewery tour of the Wynkoop Brewing Company.
One of the highlights of the conference was Co-founder and CEO of CloudFlare Matthew Prince's keynote, The Next Crypto Wars: What Every Host Needs to Know. As we head into the second Crypto War, a battle between technologists and policy makers, it’s important for you to understand the history behind the first, how the second will affect you as a hosting provider, and how to adequately prepare your business for all possible scenarios.
The First Crypto War
The release of Phil Zimmerman’s PGP encryption software in 1991 is considered by many to be the spark that set off the first Crypto War. The simple algorithms made it easy for anyone to encrypt messages, preventing law enforcement from intercepting and decoding them. The government took swift action, banning the export of strong cryptography and built something called the “Clipper chip”, a government backed piece of technology designed to give authorities access to encrypted phone calls.
There were two significant issues with the Clipper Chip. For one, many technologists argued that if the government had an access point into the unencrypted data, nothing would stop malicious hackers from finding it. Secondly, upon review, several technical flaws were found in the design of the device.
Technologists fought back, noting that if the government had this access, nothing would stop malicious hackers from finding it. The simplicity of the encryption algorithms made it nearly impossible for the government to regulate, and further review of the Clipper chip revealed several technical flaws in the technology. By the early 2000s, the government fell back and nearly all restrictions on encryption were dropped.
“…we learned that intentionally weakening encryption is a bad idea,”
– Michael Nelson, former Clinton tech policy official
The Second Crypto War Begins
The second Crypto War has arrived after a decade of rapid development of digital telecom, from smartphones and tablets to social media and mobile apps. Along with new forms of communication came new forms of even stronger encryption to protect user data, such as end-to-end encryption, which encrypts data so that only the sender and the recipient can unlock it.
On October 30, 2013, former NSA contractor Edward Snowden released confidential government documents revealing that the United States government had found a point along Google’s internal line of communication where messages were being exchanged unencrypted – and that they were tapping into it. Many declared this the beginning of the second Crypto War.
How It Affects Your Backup System
As a hosting provider, backing up your clients’ data is not only a key responsibility of your business, but for many it’s a feature of your product. Providing encrypted backups allows hosting providers to adhere to industry regulations, free yourselves of the responsibility of handing over customer data to law enforcement during an investigation, and leave clients with the peace of mind that their data is safe and secure in your hands.
With Server Backup Manager’s industry standard AES 256 encryption occurring on the protected server, the passphrase for the encryption key only exists on the protected backup server and is not known by the backup repository. All recovery points are encrypted on protected servers before they are sent over the wire, meaning that your clients’ data is protected from the time it leaves their server. And as an admin, you will not be held responsible for giving law enforcement access to your customer’s data simply because, well, you can’t!
Watch our recent webinar, What Does Your Backup Service Look Like?