Story image

Encryption app to help travellers secure their devices

10 Jan 2019

Two researchers in the United Kingdom have come up with a way to help travellers secure their information and protect it from overzealous border control agents.

As many airports and gateways around the world adopt more assertive means of demanding people’s digital devices as part of the border control process, the issue of privacy has become a major issue.

Researchers at the University of Waterloo are developing an app called ‘Shatter Secrets’, which allows a person to encrypt their device’s password. The app then splits up the password and sends it to people at the chosen destination.

“To get the password, the travelling party has to visit people they chose to have a share of the encrypted password and tap their devices to the secret keepers’ phones.”

While the idea of literally visiting safekeepers to decrypt a password may seem a bit extreme, it does demonstrate the rising concerns about border security and consumer privacy.

Erinn Atwater, research director for the not-for-profit Open Privacy, says that if international border security agents don’t have a warrant or consent, they have no business going through intimate data stored on personal devices.

"Devices often store confidential personal data, such as past conversations, photos and videos, medical information, and passwords for services that contain information on our entire lives. This makes the devices of particular interest to law enforcement officials during even routine searches,” researchers say.

International border crossings are particularly hazardous, particularly as some reports indicate data on these devices is subject to search and seizure without warrants or even suspicion of wrongdoing. 

In some cases, travellers have even been compelled to provide PINs, passwords, encryption keys, and fingerprints to unlock their devices.

"We do not want people to be put in a position where they have to be lying, so one of the things we wanted to ensure is that when you say you cannot get your data, it is true," explains Waterloo Cheriton School of Computer science professor Ian Goldberg.

Atwater adds that the Shatter Secrets app was designed for people such as journalists and activists who hold high-value information and would rather be subjected to government questioning than give up the data they’re trying to protect.

The app uses threshold cryptography to distribute encryption keys into shares, which are then securely transmitted to friends residing at the traveller’s destination. When a traveller is subjected to scrutiny at the border, they are physically unable to comply with requests to decrypt their devices

“By distributing encryption keys amongst trusted friends at the traveller’s destination before travel, the traveller cannot be compelled to provide access to their devices immediately,” Atwater says.

“Even persons who don’t cross borders or don’t think they have much to hide should be glad that there is a technique for journalists and activists to protect themselves,” adds Goldberg. 

“The protection of everybody’s civil rights and the protection of democracy hinges upon a free and open press and activists who are willing to push boundaries and effect social improvement,” Goldberg concludes.

Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Mozilla launches Firefox Send, an encrypted file transfer service
Mozille Firefox has launched a free encrypted file transfer service that allows people to securely share files from any web browser – not just Firefox.
Ransomware’s decline equals cryptomining’s rise
ESET’s Security Days Conference recently took place to go over the current threat environment and what to look out for next.
IoT and DDoS attacks: A match made in heaven
A10 Network’s Adrian Taylor uses findings from a number of reports to illustrate his point that advances in technology are facilitating cybercrime.
ForgeRock launches Sandbox-as-a-Service to facilitate compliance
The cloud-based testing environment for APIs enables banks to accelerate compliance with Open Banking and PSD2 deadlines.