Why we should not know our own passwords...
‘Ignorance’ best option when immigration officials want travellers data
Since 2009, the US Customs and Border Protection agents have been allowed to search electronic devices carried by citizens or non-citizens as they cross the border into the US from other countries.
More recently, Homeland Security secretary John Kelly suggested this digital vetting should also include harvesting social media passwords. Mr Kelly’s proposal prompted legal and technology experts to respond with an open letter expressing deep concern about any policy that demands that individuals violate the “first rule of online security”: Do not share your passwords.
Travellers themselves responded, too, looking for ways to avoid surrendering their device passwords to federal agents. One approach — what might be called the “nothing to see here” method — tries to make a device unsearchable by erasing the hard drive before travelling, uninstalling social media apps, letting the device’s battery charge run out or even wiping the device if an emergency or “duress” password was entered.
This method is dangerous because it puts an already stressed traveller in the position of defying law enforcement at the border.
But it’s tempting to wonder: Could computer scientists and software designers create a better password system? Can we make “I’d love to comply, but I can’t” the only possible answer for every traveller?
Developing unknowable passwords is an active area of security research. In 2012, a team from Stanford University, Northwestern University and the SRI research centre developed a scheme for using a computer game to train the subconscious brain to learn a series of keystrokes. When a musician memorises how to play a piece of music, she doesn’t need to think about each note or sequence.
It becomes an ingrained, trained reaction usable as a password but nearly impossible even for the musician to spell out note by note, or for the user to disclose letter by letter.
In addition, the system is designed so that even if the password is discovered, the attacker is unable to enter the keystrokes with the same fluidity as the trained user. The combination of keystrokes and ease of performance uniquely ties the password to the user, while freeing the user from having to remember anything consciously.
In 2015, Google announced Project Abacus, another solution to the “I’d love to comply, but I can’t” problem. It replaces the traditional password with a “trust score,” a proprietary cocktail of characteristics that Google has determined can identify you.
The score includes biometric factors like your typing patterns, walking speed, voice patterns and facial expressions. And it can include your location and other unspecified elements.
If the trust score falls below a certain threshold, say by observing a strange typing pattern or an unfamiliar location, the system will require the user to enter additional authentication credentials.
None of these technological solutions to the password problem is perfect, and none of them is commercially available today. Until research, industry and innovation come up with better ones, what’s a digital age traveller to do?