One of the great things about having an iPad is being able to carry a device that I can take meeting notes with and be able to transfer those notes back to my machine when I get home. Sure I use pen and paper (fountain pen and Moleskine notebook to be exact) for a lot of things, but I really like jotting notes down on my iPad and saving them for later.
Now, I’m a huge note taking app junkie—>as is obvious from posts I’ve written elsewhere—and one of the leading apps for taking notes for a lot of people (millions I believe) is Evernote. I admit I use Evernote for sharing a public notebook for PrivacyNowRadio, but after reading their Terms of Service and Privacy policy I’m not going to take meeting, client, or personal notes there. Why? Read below:
Data Security
Evernote is committed to protecting the security of your information and takes reasonable precautions to protect it. However, Internet data transmissions, whether wired or wireless, cannot be guaranteed to be 100% secure and as a result we cannot ensure the security of information you transmit to us; accordingly, you acknowledge that you do so at your own risk. Once we receive your data transmission, we make all commercially reasonable efforts to ensure its security on our systems:
> Your Evernote password is protected by encryption and only you have access to it;
> Your personal information and data stored in our systems is protected by various physical, electronic and procedural safeguards. It is housed in a secure facility and Evernote restricts physical and network access to this facility to select trained staff and regularly evaluates its technologies, facilities, procedures and potential risks to maintain the security and privacy of our users’ data. As a rule, Evernote employees do not monitor or view your personal information or content stored in the Evernote service, but it may be viewed if we learn that our Terms of Service may have been violated and confirmation is required, or we otherwise determine that we have an obligation to review it; and
> Certain Evernote services support the use of standard SSL encryption to protect data transmissions. However, this is not a guarantee that such data transmissions cannot be accessed, altered or deleted due to firewall or other security software failures.
> If Evernote learns of a security system breach we may attempt to notify you and provide information on protective steps, if available, through the e-mail address that you supplied during registration or posting a notice on our web site. Depending on where you live, you may have a legal right to receive such notices in writing.
link: Privacy Policy | Evernote Corporation
It sounds all well and good until you realize that Evernote isn’t encrypting your notes on their servers. Yeah, exactly, those sensitive meeting notes about with a client or within your team, those are available for anyone at Evernote to read. Sure they are not supposed to snoop and you can encrypt part of your note, but you can’t encrypt an entire note or notebook.
I think this is a huge deal. I wonder how many very, very sensitive notes are store there? Probably a lot. Probably more than I care to think about. I think that at the very least all note content should be encrypted on the Evernote servers or allow some kind of syncing of devices and Evernote that doesn’t use their cloud storage at all. My to do app of choice does that. When I’m on the same network with my iOS devices and my computer my to-dos (and notes with the to dos) sync up. I don’t need them (or want them) to pass through the cloud.
Here at eCrypt we’re making our FileVault easier to use and more flexible as well. We’ve recently bumped up our maximum file size to 30 MB, so you can loft some pretty hefty files up there. And all your files you store are not just encrypted, but they are encrypted so that you and only you can access them. We can’t read them, know what they are, nothing. It’s frankly none of our business. And given that I’d like to be able to store my meeting notes in a central place with military-grade encryption, you can bet that we’re working on a way for me to go from iPad to FileVault with as few steps as possible. Because it would be great to be able to push a detailed PDF from my iPad right into the FileVault…
In the meantime, maybe you might think about not using Evernote for business or sensitive personal notes.