Story image

Encryption app to help travellers secure their devices

10 Jan 2019

Two researchers in the United Kingdom have come up with a way to help travellers secure their information and protect it from overzealous border control agents.

As many airports and gateways around the world adopt more assertive means of demanding people’s digital devices as part of the border control process, the issue of privacy has become a major issue.

Researchers at the University of Waterloo are developing an app called ‘Shatter Secrets’, which allows a person to encrypt their device’s password. The app then splits up the password and sends it to people at the chosen destination.

“To get the password, the travelling party has to visit people they chose to have a share of the encrypted password and tap their devices to the secret keepers’ phones.”

While the idea of literally visiting safekeepers to decrypt a password may seem a bit extreme, it does demonstrate the rising concerns about border security and consumer privacy.

Erinn Atwater, research director for the not-for-profit Open Privacy, says that if international border security agents don’t have a warrant or consent, they have no business going through intimate data stored on personal devices.

"Devices often store confidential personal data, such as past conversations, photos and videos, medical information, and passwords for services that contain information on our entire lives. This makes the devices of particular interest to law enforcement officials during even routine searches,” researchers say.

International border crossings are particularly hazardous, particularly as some reports indicate data on these devices is subject to search and seizure without warrants or even suspicion of wrongdoing. 

In some cases, travellers have even been compelled to provide PINs, passwords, encryption keys, and fingerprints to unlock their devices.

"We do not want people to be put in a position where they have to be lying, so one of the things we wanted to ensure is that when you say you cannot get your data, it is true," explains Waterloo Cheriton School of Computer science professor Ian Goldberg.

Atwater adds that the Shatter Secrets app was designed for people such as journalists and activists who hold high-value information and would rather be subjected to government questioning than give up the data they’re trying to protect.

The app uses threshold cryptography to distribute encryption keys into shares, which are then securely transmitted to friends residing at the traveller’s destination. When a traveller is subjected to scrutiny at the border, they are physically unable to comply with requests to decrypt their devices

“By distributing encryption keys amongst trusted friends at the traveller’s destination before travel, the traveller cannot be compelled to provide access to their devices immediately,” Atwater says.

“Even persons who don’t cross borders or don’t think they have much to hide should be glad that there is a technique for journalists and activists to protect themselves,” adds Goldberg. 

“The protection of everybody’s civil rights and the protection of democracy hinges upon a free and open press and activists who are willing to push boundaries and effect social improvement,” Goldberg concludes.

Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Ensign and IronNet partner to create cyber analytics capabilities
The Singapore-based joint venture will form a Cyber Analytics Center for Excellence focused on securing regional enterprises from sophisticated cyber threats.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.