This week the FBI raided a datacentre in Dallas Texas and confiscated the web servers of nearly 50 businesses, including all of their email and data, for an unnamed investigation into one or more of them (the rumour on Slashdot is that it’s about video piracy). The affected companies, most of which are not relevant to the investigation except for their misfortune in using the datacentre, include telephone services and other business-critical services. Dallas is a major location for datacentres and many Canadian companies are reliant on servers there.
The owner of the datacentre stated, “If you run a datacenter, please be aware that in our great country, the FBI can come into your place of business at any time and take whatever they want, with no reason.”
Be aware that any unencrypted data stored in US servers are vulnerable to search and seizure by US government bodies. And in any large datacentre, the chances that at least one company is doing something illegal (like downloading music) is extremely high. This is another reason for ensuring that all online data is encrypted.
It’s unnerving for Canadians to think that their confidential data is subject to seizure by the US government. I used to host my data only on Canadian servers, and then found out that in many cases the data were being backed up to US servers. Even if you ensure that all of the servers are located in Canada when you first sign up, the datacentre may decide to transfer your data to a US server for any number of reasons, and not inform you. For example, your hosting company may be bought out by a US corporation, or it might simply be cheaper for them to use a US datacentre for offsite backup.
Online backup services like Mozy offer the option of using your own secret encryption key for your backups. Jungledisk, which also offers secret encryption keys that protect your data from seizures, is more flexible since it offers automatic backup as well as shared storage and archiving. In all cases, using secret encryption keys is a bit more difficult to set up and use, and if you lose your key you’ve lost your data. That’s why people don’t do it. However, it’s the only way to ensure that your data will stay private.