data.day
encryption / sovereignty / risk management / privacy

Encrypted at Rest Is Not Privacy. It Is Rent.

Why standard cloud encryption does not protect you from subpoenas or vendor curiosity, and the mathematical reality of true data sovereignty.

Lars Parse Lars Parse

The Landlord Has a Master Key

The cloud storage industry relies on a fundamental misunderstanding of physics. They sell you a “secure vault” for your documents. They promise that the walls are thick, the steel is hardened, and the lock is complex. They call this “Encryption at Rest.” It sounds technical. It sounds safe.

However, they omit the critical component of this transaction: The Key.

When you store data with a standard cloud provider, they encrypt the data. This is true. But they also store the key next to the data. Therefore, the encryption is not a barrier to them; it is only a barrier to an outsider who steals the hard drive physically.

This architecture creates a specific, dangerous vulnerability. If a regulator, a litigant, or a rogue employee demands access to your data, the vendor has the mathematical ability to comply. They can unlock the door because they manufactured the lock.

[Image of a bank vault where the bank manager is holding a copy of the customer’s key]

The False Security: Relying on Vendor promises.

The Machine does not care about promises. The Machine cares about capabilities. If a system can decrypt data, it eventually will decrypt data.

Consider a physical letter. You place a sensitive contract inside an envelope. You lick the seal. You hand it to a courier. This is the state of most cloud data. The courier promises not to steam open the envelope. perhaps they are honest. Perhaps they are not. But the capability exists.

“Encrypted at Rest” in most SaaS platforms is equivalent to the courier carrying a locked briefcase, but the courier also knows the combination. If the police stop the courier, the courier can open the case. If the courier gets curious, they can open the case.

Do not mistake a policy for a control. A policy is a piece of paper that says “We will not look.” A control is a mathematical reality that says “We cannot look.”

The Mathematical Reality: Encryption must happen before the upload.

To achieve actual privacy—what I call Sovereignty—we must change the order of operations. We must not give the courier the combination. We must place the document in a steel box, lock it with a key that never leaves our pocket, and then hand the locked box to the courier.

This is called Client-Side Encryption.

In this scenario, the cloud vendor is no longer a custodian of your secrets. They are merely a landlord of hard drive space. They store “noise.” If you look at the files on their servers, they look like static.

If a government agency subpoenas the vendor, the vendor can honestly say: “We have the files, but they are mathematical gibberish. We do not possess the key.”

This shifts the liability. It protects the vendor from overreach, and it protects you from the vendor.

The Trade-off of Certainty

Business owners often recoil at this architecture because it breaks “features.” If the vendor cannot read the file, the vendor cannot index the file. You cannot search for the phrase “Q3 Financials” inside a document if the vendor sees only static.

This is the cost of sovereignty. You must choose.

Option A: You utilize the vendor’s search tools, their AI summaries, and their convenience. In exchange, you grant them—and anyone who compels them—access to your secrets.

Option B: You accept that the server is blind. You maintain a local index. You accept that “The Machine” in the cloud is dumb storage. In exchange, you gain total immunity from vendor-side breaches or subpoenas.

For a law firm holding client discovery, or a family office holding asset lists, Option A is negligence. Option B is duty.

We must stop paying rent for privacy we do not own. If you do not control the keys, you do not control the data. You are merely a tenant in a glass house.

FAQs

Does 'Bank Grade Security' mean my data is safe?

It means the connection is safe, not the storage. It prevents a thief from stealing the data while it travels, but it allows the bank to read the data once it arrives. This is insufficient for secrets.

Why does the vendor need the key?

They claim it is for features like search and indexing. Strictly speaking, it is for convenience. Convenience is the enemy of security.

If I hold the key, what happens if I lose it?

The data is lost forever. This is the price of mathematical certainty. If the data can be recovered without the key, it was never truly secure.