Atlantic Computing Services believes very strongly in the promotion and use of strong encryption by our end users. This allows for privacy in communications, it keeps users from being commoditized as easily by large corporations, and it prevents legislative overreach and supressive instincts by governments. As such, we attempt to ensure data security as much as is possible. We will not sell any information concerning our customers without their permission, and we will make sure that data which traverses our system will be read only by the expressly intended recipient, to the best of our ability.
However, because of the nature of data systems, and the methods of surveillance that exist, it is difficult to guarantee these things. As well, the United States Government is engaged in efforts to weaken privacy and data security, such as the current EARN-IT Act. As such, we wish to present the current situation with regard to data security -- what we can and can't guarantee, and what you can do to protect yourself.
Atlantic's systems are hosted in two separate locations: locally, at our offices in Columbia, and remotely at GreenGeeks, a hosting company in California. (The forums hosted on this website are in the latter.) GreenGeeks has what we consider very good security. We have no reason to believe that any information is compromised. However, GreenGeeks is an American company and is subject to American laws. The U.S. Government, in the past, has legally demanded user information from a data company, together with a gag order preventing the company in question (Lavabit) from informing that user. Thus, it is possible that your data may be intercepted by the U.S. government, from GreenGeeks or from us directly, without your knowledge, and without either company being able to legally notify you.
Therefore, if you have data which must remain private -- as we recommend for any sensitive data -- you should take steps to encrypt it independently.
Here are some suggestions, including other services, which you may wish to explore to secure your data:
- Protonmail is an email service located in Switzerland which places a high priority on data security. Its servers are out of the jurisdiction of U.S. authorities, and any mail within their system (from one Protonmail user to another) is automatically encrypted end-to-end. (Mail to other users may be secured with a password.) It is otherwise the same as any email program or service.
- Signal is a text messaging app which utilizes strong encryption. Again, it functions the same as any other text message app; no special knowledge of encryption is needed.
- Symmetric keys
- This uses random key information to encrypt the actual text; the same key is used to decrypt it. The key, therefore, must be shared in some way -- in person, by secure phone, or through one of the services listed above. This is exceptionally secure -- but you need to have knowledge of how to create and use the cipher, which is somewhat specialized. It is also [i]extremely[/i] important to keep the key secure.
- Asymmetric keys.
- These are systems such as PGP. They consist of a two-part random key: one part is private, the other is public. You can use your recipient's public key to encode a message to them; only they can decrypt it, using the private portion. This is a very secure method, but is very difficult for an untrained user to manage.
Feel free to contact Atlantic specialists for specific suggestions on how to keep your data safe and secure.