SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Encryption app to help travellers secure their devices
Thu, 10th Jan 2019
FYI, this story is more than a year old

Two researchers in the United Kingdom have come up with a way to help travellers secure their information and protect it from overzealous border control agents.

As many airports and gateways around the world adopt more assertive means of demanding people's digital devices as part of the border control process, the issue of privacy has become a major issue.

Researchers at the University of Waterloo are developing an app called ‘Shatter Secrets', which allows a person to encrypt their device's password. The app then splits up the password and sends it to people at the chosen destination.

“To get the password, the travelling party has to visit people they chose to have a share of the encrypted password and tap their devices to the secret keepers' phones.

While the idea of literally visiting safekeepers to decrypt a password may seem a bit extreme, it does demonstrate the rising concerns about border security and consumer privacy.

Erinn Atwater, research director for the not-for-profit Open Privacy, says that if international border security agents don't have a warrant or consent, they have no business going through intimate data stored on personal devices.

"Devices often store confidential personal data, such as past conversations, photos and videos, medical information, and passwords for services that contain information on our entire lives. This makes the devices of particular interest to law enforcement officials during even routine searches,” researchers say.

International border crossings are particularly hazardous, particularly as some reports indicate data on these devices is subject to search and seizure without warrants or even suspicion of wrongdoing.

In some cases, travellers have even been compelled to provide PINs, passwords, encryption keys, and fingerprints to unlock their devices.

"We do not want people to be put in a position where they have to be lying, so one of the things we wanted to ensure is that when you say you cannot get your data, it is true," explains Waterloo Cheriton School of Computer science professor Ian Goldberg.

Atwater adds that the Shatter Secrets app was designed for people such as journalists and activists who hold high-value information and would rather be subjected to government questioning than give up the data they're trying to protect.

The app uses threshold cryptography to distribute encryption keys into shares, which are then securely transmitted to friends residing at the traveller's destination. When a traveller is subjected to scrutiny at the border, they are physically unable to comply with requests to decrypt their devices

“By distributing encryption keys amongst trusted friends at the traveller's destination before travel, the traveller cannot be compelled to provide access to their devices immediately,” Atwater says.

“Even persons who don't cross borders or don't think they have much to hide should be glad that there is a technique for journalists and activists to protect themselves,” adds Goldberg.

“The protection of everybody's civil rights and the protection of democracy hinges upon a free and open press and activists who are willing to push boundaries and effect social improvement,” Goldberg concludes.