So honest question, but how is having your data stored in Switzerland (where Wuala is based) any different than having it in the US? Or is it just the promise of local encryption that makes it safer?
Some purported info about data protection for Switzerland:
The DPA does not permit the disclosure of sensitive data or personality profiles to third parties without lawful justification. The consent of the data subject can constitute a lawful justification. Breach of this prohibition is an offence if knowledge of the sensitive data has been gathered in the course of a professional activity requiring knowledge of such data and can be punished by a fine of up to CHF 10'000.--. If the fine is not paid, it can be replaced by imprisonment for up to 3 months.
Basically, your data is not transmitted to third parties. However, LaCie may release personal data if the law requires it to do so or in the good-faith belief that such action is necessary to comply with any laws or respond to a court order, subpoena, or search warrant or to protect LaCie's rights and interests. Furthermore, you expressly agree that LaCie can disclose personal data to identified third parties (e.g. owners of intellectual property rights) and/or government enforcement bodies in order to enforce the General terms and conditions, particularly in case of founded indications that the laws or the rights of a user or of third parties, particularly copyrights, other industrial property rights or personal rights, have been violated , insofar as such is necessary.
Due to the manner in which data is client-side encrypted (password-based keys, password not stored on their servers), they can hand your (encrypted) data to any government with no ability to decrypt it. Now, depending on the outcome of some cases before US Courts right now, you might be compelled to provide the password to unencrypt the data. It's also worth noting that the password-based asymmetric encryption schemes are less secure than the arbitrary key based ones, but still it's better than nothing. In my case, I'm sold by the fact that they provide more free storage than Dropbox and have a much better Linux client (based on a FUSE plugin, a much nicer architecture in general).
As it's closed source isn't it entirely possible that the client keeps copies of the keys that are accessible on demand from the server end (I guess that counts as a backdoor of sorts).
>LaCie may release personal data if the law requires it [...] or to protect LaCie's rights and interests //
Isn't that one of those entirely vacuous sentences. Basically they have a disclaimer there that so long as it's in their interests to release it they can. So offer some money, "oh yes we're inclined to make money here's the data".
I believe it's out of reach from the NSA letters. If it's encrypted and they don't have the keys it doesn't really matter, but I guess it looks good on a feature matrix.
Some purported info about data protection for Switzerland:
http://www.dataprotection.ch/en/disclosing-personal-data.asp
> Restrictions on disclosure
The DPA does not permit the disclosure of sensitive data or personality profiles to third parties without lawful justification. The consent of the data subject can constitute a lawful justification. Breach of this prohibition is an offence if knowledge of the sensitive data has been gathered in the course of a professional activity requiring knowledge of such data and can be punished by a fine of up to CHF 10'000.--. If the fine is not paid, it can be replaced by imprisonment for up to 3 months.
And Wuala's own policy: http://www.wuala.com/en/about/privacy
> 6. Disclosure to third parties
Basically, your data is not transmitted to third parties. However, LaCie may release personal data if the law requires it to do so or in the good-faith belief that such action is necessary to comply with any laws or respond to a court order, subpoena, or search warrant or to protect LaCie's rights and interests. Furthermore, you expressly agree that LaCie can disclose personal data to identified third parties (e.g. owners of intellectual property rights) and/or government enforcement bodies in order to enforce the General terms and conditions, particularly in case of founded indications that the laws or the rights of a user or of third parties, particularly copyrights, other industrial property rights or personal rights, have been violated , insofar as such is necessary.