Pro­tect­ing pri­vacy

Shat­ter Se­crets app en­crypts a phone or lap­top and trans­mits the password abroad to se­cure the de­vice

Waterloo Region Record - - Front Page - JAMES JACK­SON jjack­[email protected]­

Ex­perts at UW have de­vel­oped a way for jour­nal­ists, ac­tivists to en­crypt their de­vices

WATER­LOO — Pri­vacy ex­perts at the Univer­sity of Water­loo have de­vel­oped a new way for jour­nal­ists and ac­tivists to en­crypt their dig­i­tal de­vices to pro­tect any im­por­tant in­for­ma­tion they’re car­ry­ing be­fore they cross the bor­der.

Shat­ter Se­crets is an app that en­crypts the elec­tronic de­vice’s password or fin­ger­print lock, dig­i­tally splits it, then trans­mits the pieces (or “shares”) to friends or as­so­ciates at the fi­nal desti­na­tion.

The de­vel­op­ers say it makes it vir­tu­ally im­pos­si­ble for some­one to com­ply with a bor­der guard’s re­quest to un­lock the de­vice for in­spec­tion.

It was de­signed for peo­ple who may be car­ry­ing sen­si­tive ma­te­rial across bor­ders, such as the mil­lions of doc­u­ments known as the Panama Pa­pers that were leaked in 2015 and have de­tails on hun­dreds of thou­sands of off­shore fi­nan­cial ac­counts.

“We made this app with ac­tivists and jour­nal­ists in high-risk sit­u­a­tions in mind. It’s not in­tended for pro­tect­ing a cou­ple va­ca­tion pho­tos,” said Erinn At­wa­ter, a PhD can­di­date at UW who de­vel­oped the ap­pli­ca­tion with Prof. Ian Gold­berg, a fac­ulty mem­ber in the Cryp­tog­ra­phy, Se­cu­rity and Pri­vacy group at the univer­sity.

“It’s aimed at peo­ple who would rather be de­tained and make a big in­ter­na­tional fuss rather than be com­pelled through tor­ture to give up their password.”

The idea came to At­wa­ter and Gold­berg when they started see­ing re­ports of bor­der agents ask­ing for de­vice or so­cial me­dia pass­words as part of their rou­tine in­spec­tions, pri­mar­ily in the United States.

In their jour­nal ar­ti­cle de­scrib­ing Shat­ter Se­crets, At­wa­ter and Gold­berg found that the U.S. Cus­toms and Bor­der Pro­tec­tion agency searched ap­prox­i­mately 30,000 con­sumer elec­tron­ics de­vices in 2017 — more than triple the num­ber of searches per­formed in 2015 — lead­ing to 250 com­plaints about war­rant­less searches.

Ac­cord­ing to the Of­fice of the Pri­vacy Com­mis­sioner of Canada, Cana­dian courts have not yet ruled on whether a bor­der of­fi­cer can com­pel a per­son to turn over their password, or on what grounds. How­ever, a Cana­dian Bor­der Ser­vices Agency pol­icy states that such searches “may be con­ducted only if there are grounds or in­di­ca­tions that ev­i­dence of con­tra­ven­tions may be found on the dig­i­tal de­vice or me­dia.”

If some­one re­fuses to pro­vide their password to Cana­dian bor­der agents, the de­vice may be held for fur­ther in­spec­tion. Of­fi­cers may only ex­am­ine what is phys­i­cally stored within a de­vice, in­clud­ing pho­tos, files, down­loaded emails and other me­dia.

U.S. bor­der agents, how­ever, have much broader in­spec­tion pow­ers that can in­clude re­quest­ing pass­words to a lap­top, tablet or mo­bile phone with­out any ev­i­dence of wrong­do­ing.

At­wa­ter said she’s not wor­ried about crim­i­nals or ter­ror­ists po­ten­tially us­ing her sys­tem to cir­cum­vent law en­force­ment, since most al­ready have ac­cess to sim­i­lar tools.

“The bad guys al­ready have ac­cess to strong en­cryp­tion,” said At­wa­ter. “They have their own pro­gram­mers, ac­cess to free soft­ware and other pow­er­ful se­cu­rity tools. We’re bring­ing this same level of se­cu­rity to the good guys — the jour­nal­ists and ac­tivists that are fight­ing gov­ern­ment cor­rup­tion.”

Shat­ter Se­crets is free and open-sourced soft­ware, and is al­ready in the pro­to­type phase for An­droid op­er­at­ing sys­tems, al­though At­wa­ter is dis­cour­ag­ing any­one from ac­tu­ally us­ing it to pro­tect sen­si­tive in­for­ma­tion un­til they can do a full se­cu­rity au­dit and en­sure it works as in­tended. She’s launched a non­profit agency, Open Pri­vacy, to help fund that work.

The sys­tem en­crypts the password and sends it to any num­ber of peo­ple at the fi­nal desti­na­tion through end-to-end en­cryp­tion, mean­ing it can’t be in­ter­cepted. The de­vice is then locked and can­not be opened un­til it makes phys­i­cal con­tact with the de­vices that were sent the password.

This so-called near-field com­mu­ni­ca­tion tap tech­nol­ogy is sim­i­lar to the tap method used for credit or debit cards, and it elim­i­nates the threat of a bor­der agent im­per­son­at­ing a de­tained in­di­vid­ual to re­quest the password shares re­motely.

“If it can be (un­locked) re­motely, then there’s a chance you can be com­pelled to (un­lock) it re­motely,” said At­wa­ter.

Users can also set a min­i­mum thresh­old of peo­ple needed to un­lock their de­vice, mean­ing that if they send the in­for­ma­tion to 10 peo­ple they can set it so only four of them need to tap their de­vices to re­trieve the com­plete password.


Univer­sity of Water­loo PhD can­di­date Erinn At­wa­ter has de­vel­oped an en­cryp­tion pro­gram called Shat­ter Se­crets that splits your password and sends it to ac­quain­tances abroad, mak­ing it im­pos­si­ble for you to un­lock your de­vice at the re­quest of a bor­der guard.

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.