Box says it will never install a backdoor for the government

Box security head Justin Somaini says the enterprise-focused file-storage company will never give the government backdoor access to your data.

In fact, he believes the idea of any company giving the government one of these backdoors is “beyond outlandish.”

“I’d be shocked if anybody put a backdoor in their software. I’ve never heard about it. I don’t know if I necessarily believe it,” said Somaini in an interview Monday with VentureBeat. “No. No, we would not do that.”

Last week, the New York Times and the U.K.’s Guardian received further documents from former NSA contractor Edward Snowden indicating that the U.S. government is able to crack most encryption that’s in use today. Furthermore, the reports said that while the government can actually crack or hack the encryption itself, it will sometimes go directly to companies requesting the installation of a backdoor for access to data.

Somaini echoed this idea while speaking with David Baker, the chief security officer of Okta, and Jeff MacMillan, the chief executive of Dark Matter Labs at VentureBeat’s CloudBeat conference this week. All three expressed that backdoors would be very difficult to install and are otherwise obvious to the company’s employees.

“If Google was building a back door, do you know how many developers are on each of their products? This stuff would be coming out. It would be very blatant. To build stuff in your code requires participation by groups,” said MacMillan during the talk.

“Saying that the U.S. government is actively working with vendors in the industry installing backdoors doesn’t make sense,” said Baker in the same talk. “I don’t think that’s happening at all.”

However, reports in July suggest that Microsoft may already have this kind of close relationship with the U.S. Documents provided by Snowden to the Guardian at the time show that Microsoft gave the NSA a way to circumvent encryption used in its e-mail client Outlook.

While this might not be a backdoor to people’s data, it certainly supports reports that companies work directly with the government to decrypt and grab information before it’s encrypted.