sb-as logo
Story image

Encryption app to help travellers secure their devices

10 Jan 2019

Two researchers in the United Kingdom have come up with a way to help travellers secure their information and protect it from overzealous border control agents.

As many airports and gateways around the world adopt more assertive means of demanding people’s digital devices as part of the border control process, the issue of privacy has become a major issue.

Researchers at the University of Waterloo are developing an app called ‘Shatter Secrets’, which allows a person to encrypt their device’s password. The app then splits up the password and sends it to people at the chosen destination.

“To get the password, the travelling party has to visit people they chose to have a share of the encrypted password and tap their devices to the secret keepers’ phones.”

While the idea of literally visiting safekeepers to decrypt a password may seem a bit extreme, it does demonstrate the rising concerns about border security and consumer privacy.

Erinn Atwater, research director for the not-for-profit Open Privacy, says that if international border security agents don’t have a warrant or consent, they have no business going through intimate data stored on personal devices.

"Devices often store confidential personal data, such as past conversations, photos and videos, medical information, and passwords for services that contain information on our entire lives. This makes the devices of particular interest to law enforcement officials during even routine searches,” researchers say.

International border crossings are particularly hazardous, particularly as some reports indicate data on these devices is subject to search and seizure without warrants or even suspicion of wrongdoing. 

In some cases, travellers have even been compelled to provide PINs, passwords, encryption keys, and fingerprints to unlock their devices.

"We do not want people to be put in a position where they have to be lying, so one of the things we wanted to ensure is that when you say you cannot get your data, it is true," explains Waterloo Cheriton School of Computer science professor Ian Goldberg.

Atwater adds that the Shatter Secrets app was designed for people such as journalists and activists who hold high-value information and would rather be subjected to government questioning than give up the data they’re trying to protect.

The app uses threshold cryptography to distribute encryption keys into shares, which are then securely transmitted to friends residing at the traveller’s destination. When a traveller is subjected to scrutiny at the border, they are physically unable to comply with requests to decrypt their devices

“By distributing encryption keys amongst trusted friends at the traveller’s destination before travel, the traveller cannot be compelled to provide access to their devices immediately,” Atwater says.

“Even persons who don’t cross borders or don’t think they have much to hide should be glad that there is a technique for journalists and activists to protect themselves,” adds Goldberg. 

“The protection of everybody’s civil rights and the protection of democracy hinges upon a free and open press and activists who are willing to push boundaries and effect social improvement,” Goldberg concludes.

Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More
Story image
Radware launches DDoS protection for online gaming
“Online games are a massive, multi-billion-dollar industry, but they frequently fall victim to powerful and targeted DDoS attacks,"More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More
Story image
CrowdStrike targets Zero Trust blind spot with new offering
CrowdStrike has officially launched CrowdStrike Falcon Zero Trust Assessment (ZTA), designed to aid in overall security posture by delivering continuous real-time assessments across all endpoints in an organisation regardless of the location, network or user. More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More