Techniques are disclosed for intercepting, by a customer-premises equipment (CPE), a request for a content file. The request may originate from a computing device in a local area network for the CPE and may be destined for a destination device external to the local area network for the CPE. In response to determining that an encrypted content file for the content file is stored by a storage device for the CPE, the CPE may decrypt, using at least one cryptographic key obtained from a Trusted Platform Module (TPM) for the CPE, the encrypted content file to obtain the content file. The CPE may send the content file to the computing device.