Carbonite Can Decrypt Your DataOctober 2, 2009 – 11:01 AM
Carbonite encrypts the files that we process before they leave your computer. Carbonite uses SSL or similar Transmission Encryption technology before sending your files to our data centers. Your encrypted backup files transmitted to our servers are stored in facilities with access restricted to authorized personnel only. Carbonite does not encrypt the file names or file type information.
By Using the Carbonite Product that permits you to download your backed up files to any computer that has a connection to the Internet you understand that Carbonite will be decrypting these files before they leave Carbonite’s servers and that once decrypted these files can be reviewed by anyone who may be able to access them.
Carbonite will not decrypt your files unless i) it reasonably believes that it must do so to troubleshoot problems with the Carbonite Products or Services or ii) it reasonably believes it must do so in order to comply with a law, subpoena, warrant, order, or a certification requirement, such as the requirements of 18 U.S.C. § 2703.
However, if you elect to Use Carbonite Products or Services that permit you to access Backup Data from an Internet enabled computer other than by using Carbonite Software on your registered computer, then your Backup Data will be decrypted by Carbonite in its data center and sent to you in a decrypted form via public infrastructure. You election to use such products or services may make the contents of these files to accessible to individuals or entities other than you and those you intend. By using such products and services, you knowingly accept this risk.
Carbonite might still be the best choice for some users for an easy backup solution, but just understand the risks. I never count out disgruntled, or just plain curious, employees that have full access to all of your files.
2 Responses to “Carbonite Can Decrypt Your Data”
I wonder if this applies where a customer chooses their own encryption key.
Now that would be a _real_ worry.
By None on Apr 17, 2010
The same would apply. They need a copy of the key to decrypt the data.
By manunkind on Apr 18, 2010