Story image

Encryption app to help travellers secure their devices

10 Jan 2019

Two researchers in the United Kingdom have come up with a way to help travellers secure their information and protect it from overzealous border control agents.

As many airports and gateways around the world adopt more assertive means of demanding people’s digital devices as part of the border control process, the issue of privacy has become a major issue.

Researchers at the University of Waterloo are developing an app called ‘Shatter Secrets’, which allows a person to encrypt their device’s password. The app then splits up the password and sends it to people at the chosen destination.

“To get the password, the travelling party has to visit people they chose to have a share of the encrypted password and tap their devices to the secret keepers’ phones.”

While the idea of literally visiting safekeepers to decrypt a password may seem a bit extreme, it does demonstrate the rising concerns about border security and consumer privacy.

Erinn Atwater, research director for the not-for-profit Open Privacy, says that if international border security agents don’t have a warrant or consent, they have no business going through intimate data stored on personal devices.

"Devices often store confidential personal data, such as past conversations, photos and videos, medical information, and passwords for services that contain information on our entire lives. This makes the devices of particular interest to law enforcement officials during even routine searches,” researchers say.

International border crossings are particularly hazardous, particularly as some reports indicate data on these devices is subject to search and seizure without warrants or even suspicion of wrongdoing. 

In some cases, travellers have even been compelled to provide PINs, passwords, encryption keys, and fingerprints to unlock their devices.

"We do not want people to be put in a position where they have to be lying, so one of the things we wanted to ensure is that when you say you cannot get your data, it is true," explains Waterloo Cheriton School of Computer science professor Ian Goldberg.

Atwater adds that the Shatter Secrets app was designed for people such as journalists and activists who hold high-value information and would rather be subjected to government questioning than give up the data they’re trying to protect.

The app uses threshold cryptography to distribute encryption keys into shares, which are then securely transmitted to friends residing at the traveller’s destination. When a traveller is subjected to scrutiny at the border, they are physically unable to comply with requests to decrypt their devices

“By distributing encryption keys amongst trusted friends at the traveller’s destination before travel, the traveller cannot be compelled to provide access to their devices immediately,” Atwater says.

“Even persons who don’t cross borders or don’t think they have much to hide should be glad that there is a technique for journalists and activists to protect themselves,” adds Goldberg. 

“The protection of everybody’s civil rights and the protection of democracy hinges upon a free and open press and activists who are willing to push boundaries and effect social improvement,” Goldberg concludes.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Why cybersecurity remains a top business priority
One in two Australian businesses estimated that they will receive fines for being in breach of new legislation.