I stumbled upon this comment on Arstechnica where someone neatly points out the great need for MaidSafe’s self-authentication system without him knowing that it actually exists. Reading it put a big smile on my face:
"Encryption isn’t magic pixie dust that thwarts all unauthorized access. The only way that law enforcement can’t eventually access the cloud data via demands of the provider is if the encryption/decryption is done entirely client side with keys that the cloud provider cannot in any way infer. (this is a simplistic statement, but what things boil down to)
It is incredibly hard to do this in a manner that is easily portable from one machine to another, and the entire point of storing data in the cloud is for that portability. I lose my phone, get a new phone, how do I get the key onto it? It is possible to do (hook it to your computer, manually type in a printed out code, etc.) but all of these options are pretty clunky across a population of millions of users. It also basically means NO website access to that data, which is not a super popular option.
So in practice nobody does user specific client side only encryption/decryption because the user population isn’t willing to suffer the inconvenience - and rightly so, because that form of encryption eliminates almost all of the reasons to use cloud services in the first place. If I can only access the files on one machine because of key management issues, why not only keep those files on one machine?
And all of this ignores that if the cloud provider can update the client code (and they should be able to push security updates automatically - that’s a good thing) a LEO order can order that the provider update a particular client’s code to access the data. The technical fix for that is far worse than the disease."
Edit: MaidSafe’s self-authentication explained: